I love to read. Unfortunately I don't get to read as much as I'd like to (blogs are the exception) and when I do get to read it's usually in short segments so reading a book can take a while. I used to spend lots of money on Technology books but realized that they usually just adorned my shelves and never were fully read so I quit buying them for the most part. Every now and then a really good book comes along that meets a need that you have and is enjoyable to read. One such book was Mike Rothman's "The Pragmatic CSO". It was short and didn't have a lot of fluff in it and it has proved to be very valuable to me over the last 18 or so months since I read it.
A few weeks ago my friend Michael Santarcangelo sent me a preview copy of his book "Into The Breach" to read. I liked it immediately because it's less than 100 pages long. :) I started reading it and new immediately that this was good stuff. I read about 25 pages and set it down. It then got buried under other things and I couldn't find it. I had another copy but had no idea what I had done with it either. Finally about 2 weeks later I found it and started reading it again. Unfortunately I'd only get to read about 5 pages in a sitting and then something else would demand my time. It took me a good 6 weeks to finally finish it. It should have taken me 2 to 3 hours to read it from cover to cover.
This book is quick and easy to read. It makes sense. Isn't filled with fluff and unnecessary stuff just to bloat the size and price. Michael lays out a solid plan for implementing processes that can literally change the way you protect information. He puts lots of emphasis on common sense, out of the box thinking and working with your users. The last part is key. Our users are the ones that primarily make put information at risk because they don't understand the whys and where for's of protecting data. Michael lays out a plan for engaging them and helping them understand why they need to do things differently.
This is a book that all of us need to read and take to heart. If you are serious about making a difference in your company then this book is for you. If you want to have your old fashioned assumptions challenged then "Into The Breach" will do just that.
I gave a copy of it to my CIO about a month ago to read. He told me that he would read it and let me know what he thought. He has now requested more copies because he wants all of his Directors and Managers to read it. We were on a call with Gartner this morning and he told our Gartner Rep about it and said that it was a book that he needed to read. You don't know my CIO (most of you anyway) but coming from him that is saying a lot. He is a man of few words and those he says he means.
Security's Everyman
Friday, October 03, 2008
Book Review - Into The Breach
Posted by Andy, ITGuy at 12:42 PM
Labels: Andy ITGuy, information security, Into The Breach, Michael Santarcangelo
Book Review - Into The Breach
2008-10-03T12:42:00-04:00
Andy, ITGuy
Andy ITGuy|information security|Into The Breach|Michael Santarcangelo|