Mapping SecurityPrefaceThe 5 W's of Mapping Security
Why Mapping Security
I have written Mapping Security in response to questions I have fielded from corporate executives, businessmen and -women, corporate security officers, and people seated next to me on airplanes. The queries usually fall along the same lines, as follows:
How much should my company be spending on security?
Now that I have gone global, what else do I have to do? (perhaps the most frequently asked question)
Importantly, I wrote this book because I have found that many of the answers to questions about security are the same around the world, andcriticallymany of the answers are different, depending on where in the world your are working. This realitylinked closely to country-by-country nuancesis reinforced as you read on.
Even though I have now already used the word security six times the first two paragraphs alone, guess what. Mapping Security is not a run-of-the-mill, technically written volume like the vast majority of its predecessors. This book does not show you how to write a security plan or write an encryption algorithm. It is really a business book that is enabled by a business understanding of what is important in managing your corporate risk. It is written for business people around the world, and it is written with today's global economy in mind.
If Not Now, When?
Okay, so that's the reason why I wrote this book. When is a function of today's global economy and the risks from our increased reliance on technology. Because of supply chains, customer bases, outsourcing, and just traditional growth, more organizations than ever before are crossing borders. Therefore they are now doing business in different countries and having to change the way they look at security for the first time. Combine this global nature of business today with our great reliance on computers and communications, and we have the highest levels of threats to integral business infrastructure in history.
It is time security moves to the front and center of the corporate psyche. To do that, we need a security map that spells out the realities of security, embraces all aspects of a global business, demystifies it with straight talk, and makes it accessible to entire organizations. Everyone today needs to be well armed with an understanding of the facts.
Security has traditionally hidden behind esoteric discussions of cryptographic key lengths, seemingly unfathomable rules and regulations, a hacker mystique, and, often, deliberate doublespeak. Now, with technology poised to deliver the cost savings and growth needed to survive and thrive in today's global economy, it is the right time to cultivate corporate-wide understanding that leads to embracing security as the business enabler that it can be. Because companies are now working across foreign bordersand must understand foreign security rules, regulations, best practices, and the local security culturesI have pulled together dozens of experts from different locales around the world, all of whom help to explain "their side" of the security equations you must deploy. Today is when we need solutions that both protect us and enable our growth.
What Makes This Book Different?
The what of Mapping Security is straightforward and comprises three simple parts. Part 1, "Charting a Course," will help people in any organization, anywhere in the world, reduce their risks and maximize their rewards. It outlines and illustrates six business "insider" tips for dealing with the realities of a global security planrealities such as shrinking budgets/staff; old-security thinking that holds back the use of new technologies; and the growing maze of rules, regulations, and standards that apply. It shows you how to correlate your security to appropriate rules, stretch your security budget, increase buy-in from all business units of your organization, keep an eye on what is happening in terms that make sense, and finally, incorporating constant vigilance over the evolving threats, countermeasures, technology and regulations. The chapters of Part 1 address these business tips as follows:
Establishing Your Coordinates
Building The Base
Enabling The Businesses
Part 2, "Reality, Illusion, and the Souk," takes a tour of more than 30 countries/regions around the world, taking an honest (sometimes painfully so) look at how security is practiced in each country. Although every organization in the world can benefit from the lessons learned from the Part 1, Part 2 offers a discussion of the important local security rules, information from local security and business experts and stories that help illustrate the sometimes difficult cultural issues that are of most significant concern for a global security rollout. Filled with quotes and anecdotes from the frontlines of local environments, and it will give you a good global understanding of the differences between various countries. Of course, its description of the local laws and regulations is designed to be heavily dog eared as a reference section to help you navigate the future, but there's another reason to turn back to it again and againthe Mapping Security Index (MSI).
The MSI will help you speed decision making, improve cross-border understanding, and aid in quantifying a highly qualitative process. It is my exclusive formula for making accessible the risks and benefits of moving security into a new country. I created it by combining four scores that make up some of the aspects of understanding good security:
Based on actual historical numbers, expert rankings, and a subjective Cross-Border Index (CBI), the MSI score has been tabulated for each country. Incidentally, whereas most people who have reviewed my work believe that "their" country score is too low, they tend to think all the others are just about right. Nonetheless, and at the risk of causing passionate debates in blogs and forums around the world, I have included an MSI score for each of the countries that I covered, to help give you an instant snapshot of the local security scene.
Part 3, "Whose Law Do I Break?" ties the book together by showcasing some old (sorry guys) sages from the worlds of business and security to help solve some of the conflicts that will arise when you put what you have learned from Parts 1 and 2 into global practice. Understanding what to do when laws collide, leveraging technology even on a low budget, and solving important cultural issues are explored. Part 3 helps ties it all together, with plain talk from very experienced folks who have been doing cross-border security for a long time.
Following the book's three-part design is a thorough appendix, organized by country, with descriptions and pointers to the best local information that I have been able to find both in my career, and, specifically, in researching this book. I have always wanted a list like this, and now I (and you) have got one.
Who Would Write a Book Like This?
As for who, I have been a consumer of security services while living in the Middle East, a maker of security products, and a consultant of security services to governments and companies around the world, and I have used my understanding of security to enable three separate businesses that each transacted more than $500 million online. I have been in the trenches, run large businesses, and sat on boards of directors. I have spent the past two decades explaining security to business leaders around the word, and I recently completed a two-year tour, living and working overseas, focused exclusively on cross-border security. Living much of my adult life both working in the security world and working outside of the United States, I have developed a good appreciation for what this world has to offer and have honed strategies for overcoming its associative risks.
The who also includes Scott Gleeson Blue, a talented writer and interviewer, whose tireless efforts to get the stories straight and help write them clearly are a big reason the book has turned out as it has. Scott is a Philadelphia-based author/journalist and an instructor at Neumann College (Aston, Pennsylvania). In addition to collaborating with me on security publications in the past, Scott has covered technology, consumer and popular culture, marketing, sports, and the performing arts for various publications in Europe and America. This breadth of background has lent important insight into the expert stories that we used to explain cultural differences around the world.
Finally, the who would not be complete without recognizing the dozens of security and business experts who agreed to be interviewed for this book, Howard Schmidt for lending his considerable insight for the Foreword, and the Mapping Security volunteer army of researchers. As always, their wisdom and wit are greatly appreciated, and any errors are most certainly my translations, and not their thoughts.
Where in the World Are We?
Oh, and that leaves where. Notice that in this book's title, map is used as a verb. This book is active and organic, and it was written for businesses that work somewhere on this planet. It was written from 30 different countries, with local voices and local opinions. The Foreword was written by Howard on several airplane trips between Shanghai and Beijing, the opening letter in Part 2 was written among the ancients in Luxor, and the quotes and interviews came from each of the individual countries listed. One quote came from an expert just back from a country where he lamented that the local security folks all have their own body armor, and he had to rent! So you see, this book was written in the same where that you are now doing business: everywhere.
So that's the who, what, where, when, and why of the book. Straightforward, demystifying (and at the same time a new and unique sourcebook for whatever and wherever you are looking for security). I hope it helps.
© Copyright Pearson Education. All rights reserved.
Praise for Tom Patterson's Mapping Security
"Tom Patterson captures a compelling and practical view of security in a multinational environment. Your CSO needs to read this book!"
Dr. Vint Cerf, senior vice president of Technology Strategy at MCI and founder of Internet Protocol (IP)
"The power of the Internet is that it's a global network, seamlessly crossing borders. But it also brings security risks that can cross borders just as easily. Patterson has more than a decade of first-hand experience in defending against such risks and it shows. He uses real-world examples and stories, many from his own career, and offers clear, action-oriented descriptions of the different threats and how to deal with them. This book avoids security jargon and speaks directly to businesspeople around the globe."
Chris Anderson, Editor in Chief, Wired Magazine
Whether consumers or global giants, we all need to be spending a greater share of our budgets on security. The threats are greater than ever and increasing daily, and yet there is a challenge as to how to justify the expenditure. Mapping Security offers business-oriented and in-depth thinking on how and why to build security into the fabric of the organization. After reading Tom Patterson's book, you will want to make changes with a sense of urgency.
John R Patrick, president of Attitude LLC and former vice president of Internet Technology at IBM Corporation
As companies of all sizes go global in their search for profit and growth, they will need to understand how to use security as a tool for success in different markets, and Mapping Security shows them how.
Dr. Craig Fields, former director of Advanced Research Projects Agency (ARPA) for the U.S. Government The Definitive Guide to Effective Security in Complex Global Markets
Companies are global today and have complex security supply chains, out-sourced operations, and customer relationships that span the world. Today, more than ever, companies must protect themselves against unprecedented threats, understand and adhere to a global mosaic of regulations, and leverage security to enable today's business realities. In Mapping Security, global security expert Tom Patterson shows how to meet these challenges by presenting security best practices, rules, and customs for virtually every country where you do business.
Writing for executives, business managers, security professionals, and consultants, Patterson offers an exceptionally thorough and authoritative briefing on today's global security realities. Using real-world examples, he shows how to change your approach to security as you move more deeply into global markets: how to resolve contradictions among the complex rules and customs you'll have to follow and how to customize security solutions for every market. Along the way, he introduces the Mapping Security Index (MSI), a powerful new metric for rapidly quantifying security risk associated with 30 key markets. Coverage includes
How technology, mass globalization, and stricter accountability are forcing security to the core of the enterprise
Six proven keys to defining and implementing global security strategies that work within today's budget realities
Detailed country-by-country drill downs on security in Europe, the Middle East and Africa, the Americas, and the Asia-Pacific region
Practical advice on what to do when laws collide
Quantifying the security posture and associated risks of potential cross-border partners
"On-the-ground" help: Indispensable local security resources
Visit www.MappingSecurity.com for Tom Patterson's latest updates and analysis, including the latest changes to the MSI country scores, and to participate in the Mapping Security Reader Forum.
© Copyright Pearson Education. All rights reserved.