Into the Breach and over one million other books are available for Amazon Kindle. Learn more
CDN$ 15.80
  • List Price: CDN$ 19.75
  • You Save: CDN$ 3.95 (20%)
FREE Shipping on orders over CDN$ 25.
Usually ships within 3 to 5 weeks.
Ships from and sold by Amazon.ca.
Gift-wrap available.
Quantity:1
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Into the Breach: Protect Your Business By Managing People, Information, and Risk Hardcover – Aug 1 2008


See all 2 formats and editions Hide other formats and editions
Amazon Price New from Used from
Kindle Edition
"Please retry"
Hardcover
"Please retry"
CDN$ 15.80
CDN$ 9.38 CDN$ 1.76

2014 Books Gift Guide
Yes Please, the eagerly anticipated first book from Amy Poehler, the Golden Globe winning star of Parks and Recreation, is featured in our 2014 Books Gift Guide. More gift ideas


Product Details

  • Hardcover: 110 pages
  • Publisher: Catalyst Media (Aug. 1 2008)
  • Language: English
  • ISBN-10: 0981636306
  • ISBN-13: 978-0981636306
  • Product Dimensions: 23 x 1.8 x 15.5 cm
  • Shipping Weight: 340 g
  • Average Customer Review: 5.0 out of 5 stars  See all reviews (1 customer review)
  • Amazon Bestsellers Rank: #2,143,620 in Books (See Top 100 in Books)

Product Description

About the Author

Michael Santarcangelo is a human catalyst. As an expert who speaks on information protection, including compliance, privacy and awareness, Michael energizes and inspires his audiences to change how they protect information. His passion and approach gets results that change behaviors. As a full member of the National Speakers Association, Michael is known for delivering substantial content in a way that is energetic and entertaining. Michael connects with those he works with, and helps them engage in natural and comfortable ways - he literally makes security relevant and simple to understand! Michael pioneers new ways to engage others in the process of information protection. He has created the Security Salon to facilitate the exchange of ideas in a way that allows people to learn and apply their knowledge for immediate results and program success. In 2007, Michael was named one of the 59 Top Influencers in IT Security and was selected to serve on the Symantec Advisory Council. He actively supports various industry associations and remains a secure member of the FBI InfraGard program. Michael is a graduate of Cornell University.

Customer Reviews

5.0 out of 5 stars
5 star
1
4 star
0
3 star
0
2 star
0
1 star
0
See the customer review
Share your thoughts with other customers

Most helpful customer reviews

Format: Hardcover
This book is worth much more than its cover price. It approaches information security from a new point of view - from that of a non-technical manager.

The approach used in this book lays the groundwork and game-plan for real change, driven by the people whose jobs it will affect most - the employees.

I expect that anyone who allows their team to participate in a project based on this methodology will see improvements, not only through reduction of risky employee actions, but through higher productivity and morale.

"Into the Breach" is easy to read and shows that the author knows what he's talking about. I plan to give copies to several of my clients.

Scott Wright
Information Security Coach and Consultant
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: 19 reviews
5 of 5 people found the following review helpful
A must read for executive management/business decision makers. Feb. 23 2009
By G. McKee - Published on Amazon.com
Format: Hardcover
I just finished a book by Michael Santarcangelo entitled Into the Breach: Protect your Business by Managing People, Information, and Risk. I am ashamed to admit that I hadn't run across this book sooner and didn't know about it until after I was a guest on Michael's Podcast a few weeks back. At 110 pages the book is a quick read but don't let that fool you - there is a lot of information in here.

The book is aimed at executives and other decision makers and not at technical information security professionals themselves. That is not to say that there isn't value in here for the technically minded as long as they remember that they are not the targeted audience. There are a few things in here that might actually cause the technically focused some anguish but if they are honest with themselves and take a step back they should admit that what Michael says is true.

Into the Breach is the book that I wanted to write. I share Michael's perspective on many of the topics discussed and have come to the same conclusions, although independently. We attack the problem from different angles but we share so much in common that I'm left to wonder if the differences are merely trivial. As I read the book I heard my own thoughts being echoed back to me more than a few times. I found new and interesting perspectives on issues that I have worked hard to solve and I even learned a few things (which means that it was time well spent.)

The book is broken up into three parts. The first part explains the human factors at play in any environment and seeks to provide a understanding of the human factors as they relate to protecting information. I really couldn't find fault with anything I read in this section.

The second part lays out Michael's Strategy to Protect Information and its implementation. Michael's approach to the problem is different from mine but in no way does that make it any less valid. He does a good job explaining not only how something needs to be done but why it needs to be done which is the key to mastering anything. That said I have some constructive criticism to provide with regard to a few things that were mentioned.

The first being that Michael talks about how a management team can learn and deploy his strategy by just reading his book. The concepts that he lays forth are simple and well explained however I can say that I have facilitated groups through similar processes and it is not as easy as Michael makes it sound. The greatest fear that I would have by someone reading Michaels book is that they will try to implement his program without guidance then in failure believe that this approach is just a load of crap and go back to the way they have been doing things. Processes like this need to have someone with experience facilitate their adoption in order to steer teams around pitfalls and ultimately achieve success.

The second criticism is that near the end of Part Two, Michael talks about metrics and how to measure the success of the program. This is indeed an important point however his examples did little to illustrate his point and may have in fact made his argument weaker. He talks about the blending of quantative and qualitative measures (a concept that I'm wholly in favor of) but gives his executive/decision maker reader little to take back that is actionable.

The third part addresses considerations for extending and enhancing the strategy laid out in Part Two. Michael talks about how his strategy can help protect the bottom line and help reduce the cost of compliance. I agree that it will but again the topic was treated so quickly that a reader may be left to conclude that this is all that there is to the argument. They couldn't be more wrong however would someone in the targeted audience know this - perhaps it would; perhaps it wouldn't.

Please dear readers, don't construe my criticisms as a damning critique of this book. At 110 pages it is nearly impossible to cover the topics that Michael has attempted. This book is exactly where it needs to be in terms of detail when considering the intended audience. I applaud Michael for writing the book. It is a book that has been needed out there for a very hard time. I highly recommend it. I would even go so far to say that you should buy several copies and give them out to senior executives in your organizations. But only do so if you intend to follow up with several conversations about how to apply these principles in your environment. Use this book as a basis upon which to build conversations on how you can improve security within your organization and environment.

(From Ascension Blog - [...])
5 of 5 people found the following review helpful
The evolution of information security... July 6 2009
By archimedes1 - Published on Amazon.com
Format: Hardcover
I began my information security career in 1998 as a consultant. My first client was a military organization. In the military, getting people to adhere to infosec policies is easy - everyone is required to follow the rules, and there are clear and unequivocal consequences for those who choose not to.

I've spent the rest of my career in business, and out here it's a different story. It's generally ineffective to "order" anyone to adhere to policy, and there are countless good reasons why people won't do it at any given time. I've seen millions of dollars wasted on the latest silver bullet technologies to fix what is fundamentally a human problem. Of course the problem remains, and now we're throwing good money after bad to support the new tools.

Michael's book is the first to call a spade a spade and address the human problem with a human solution. By taking away the intermediaries that cause end-users to feel disengaged from their responsibilities, he transforms the problem itself (end-users) into the solution. It's not rocket science, it doesn't cost millions of dollars, there's nothing to support for eternity, and best of all, it works!
4 of 4 people found the following review helpful
Once more unto the breach.. Oct. 9 2008
By Kevin W. Riggins - Published on Amazon.com
Format: Hardcover
Michael J. Santarcangelo, II has written a little book titled Into the Breach. The preview copy I have has 91 pages of content, but I want to make something very clear, the ideas in this little book are big, very big.

The subtitle of the book is "Protect Your Business by Managing People, Information, and Risk." Seems pretty straight forward, doesn't it? However, those of us in the information security profession are painfully aware that actually doing what that simple statement says is often far from straight forward.

Michael wants to help us with the issue and puts forth a process that can greatly increase our ability to satisfy that statement in a manner that brings engagement from all parts of the organization. At its root, Micahel's strategy makes protecting the data of our organizations everybody's job, not just information technologies job, but it does so in a way that re-energized everybody by giving them a voice in what is important and what is not.

He starts out the book by introducing and addressing three common myths that crop up when we start talking about protecting our organization's data from unauthorized access or "breach":

1. "Outsiders pose the biggest threat to information."
2. "Information protection needs a technology solution."
3. "Protecting information costs too much."

Throughout the rest of the book, he walks us through a process that is simple in its execution, but profound in what it provides to those who participate in it. I'm not going to steal Michael's thunder. I am going to suggest that you pick up a copy of his book and read it...twice...at least. If you do and implement the strategies contained in it, you will be much better equipped to "Protect Your Business by Managing People, Information, and Risk" and reducing the chances that your data will go "Into the Breach."

Kevin
4 of 4 people found the following review helpful
Big ideas to create an effective security program April 14 2011
By Martin Fisher - Published on Amazon.com
Format: Kindle Edition
Michael does an amazing job in setting out a new way of thinking through information security and compliance issues. His simple, intuitive, and (to be quite honest) very overlooked ideas that "people want to do the right thing at their jobs" married up with "how to effectively communicate the security and compliance needs and concerns" has been critical for me in my CISO role. Turning the people that we've traditionally seen as "the Problem" into our allies and friends is *crucial* in today's reality of compressed/non-existent budgets, reduced staffing, and ever evolving compliance requirements. Michael shows, in steps that are based in reality and experience, how to make that change.

So many of the other books in this genre (and I've read many of them) take a technologists approach to solving problems. To be sure - there is a time and place for that. But if you want to get at the root of your issues, if you really want to understand the problems, and if you really want to get the most powerful leverage you can get to create an effective program you *must* read this book.
2 of 2 people found the following review helpful
Why You Must Dive Into the Breach April 14 2011
By Lori MacVittie - Published on Amazon.com
Format: Hardcover
If you do, you may find you'll come out with a more effective security strategy.

Michael Santarcangelo shows why he's known as a "human catalyst" with his strategy-focused effort to change the way we deal with security, Into the Breach.

Michael's basic premise is that a breach is a symptom of a larger problem and not the actual problem itself. Unlike most security-focused discussions today he tackles not the issue of electronic data and disclosure but the larger, more often ignored problem of low-tech breaches caused (often unintentionally) by people.

Soylent security. It's people, people. We've known that for a while, right? After all, aren't we always talking about those "miscreants" against whose attacks we must be ever vigilant?

Michael very quickly explains it's not the people who want to breach security that are the problem, but the people just trying to do their jobs that do not recognize - for many reasons - the ramifications and potential consequences of bringing home sensitive data, using USB keys to carry around employee information, or walking away from a laptop for "just a minute". People are the problem, alright, but they don't even know it. And it's hard to argue with this conclusion as Michael lays out the data, naked and blinding, for all to see.

But this isn't another doom and gloom exercise, or even one that ends with a particular technical solution. What Michael ultimately provides is a strategy for addressing the problem that is intended to lead folks toward a more conscientious handling of information without requiring security professionals to brandish digital whips in their general direction. And then he walks us through the implementation, including how to quantify success.

In his 100 page exploration of a new kind of security strategy (it requires learning to trust users which is something that will surely be difficult for many of us), Michael doesn't waste a lot of time with unnecessary discussion. He includes relevant data that supports his premise and uses the examples to show explain why a shift in thinking is necessary to better address security concerns. He gets to the point with alacrity and uses language that's designed to clearly communicate why and then how, as if he's following his own advice.

Michael isn't dismissing technological solutions nor is he ignoring the very real threat of external attacks. He's simply focusing on a much larger problem that organizations can impact without a huge investment in technology because ultimately there really isn't one and the risk of a breach caused by internal factors is much higher than we like to admit.

Easy to read, easy to follow, Into the Breach is an honest, open discussion of why we do what we do and how to effectively implement a strategy with a focus on the real problem, instead of just the symptoms.

It's a good read, and a great eye opener if you're responsible for security in your organization - at any level. Which essentially, according to Michael, should be everyone. So give it a read, it's definitely worth the time.


Feedback