Michael J. Santarcangelo, II has written a little book titled Into the Breach. The preview copy I have has 91 pages of content, but I want to make something very clear, the ideas in this little book are big, very big.
The subtitle of the book is "Protect Your Business by Managing People, Information, and Risk." Seems pretty straight forward, doesn't it? However, those of us in the information security profession are painfully aware that actually doing what that simple statement says is often far from straight forward.
Michael wants to help us with the issue and puts forth a process that can greatly increase our ability to satisfy that statement in a manner that brings engagement from all parts of the organization. At its root, Micahel's strategy makes protecting the data of our organizations everybody's job, not just information technologies job, but it does so in a way that re-energized everybody by giving them a voice in what is important and what is not.
He starts out the book by introducing and addressing three common myths that crop up when we start talking about protecting our organization's data from unauthorized access or "breach":
1. "Outsiders pose the biggest threat to information."
2. "Information protection needs a technology solution."
3. "Protecting information costs too much."
Throughout the rest of the book, he walks us through a process that is simple in its execution, but profound in what it provides to those who participate in it. I'm not going to steal Michael's thunder. I am going to suggest that you pick up a copy of his book and read it...twice...at least. If you do and implement the strategies contained in it, you will be much better equipped to "Protect Your Business by Managing People, Information, and Risk" and reducing the chances that your data will go "Into the Breach."