Mapping Security: The Corporate Security Sourcebook for Today's Global Economy Paperback – Dec 14 2004
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.
To get the free app, enter your mobile phone number.
From the Inside Flap
Mapping SecurityPrefaceThe 5 W's of Mapping Security
Why Mapping Security
I have written Mapping Security in response to questions I have fielded from corporate executives, businessmen and -women, corporate security officers, and people seated next to me on airplanes. The queries usually fall along the same lines, as follows:
How much should my company be spending on security?
What do these new security and privacy rules really mean to my organization?
What are my peers doing about security?
Now that I have gone global, what else do I have to do? (perhaps the most frequently asked question)
Importantly, I wrote this book because I have found that many of the answers to questions about security are the same around the world, andcriticallymany of the answers are different, depending on where in the world your are working. This realitylinked closely to country-by-country nuancesis reinforced as you read on.
Even though I have now already used the word security six times the first two paragraphs alone, guess what. Mapping Security is not a run-of-the-mill, technically written volume like the vast majority of its predecessors. This book does not show you how to write a security plan or write an encryption algorithm. It is really a business book that is enabled by a business understanding of what is important in managing your corporate risk. It is written for business people around the world, and it is written with today's global economy in mind.If Not Now, When?
Okay, so that's the reason why I wrote this book. When is a function of today's global economy and the risks from our increased reliance on technology. Because of supply chains, customer bases, outsourcing, and just traditional growth, more organizations than ever before are crossing borders. Therefore they are now doing business in different countries and having to change the way they look at security for the first time. Combine this global nature of business today with our great reliance on computers and communications, and we have the highest levels of threats to integral business infrastructure in history.
It is time security moves to the front and center of the corporate psyche. To do that, we need a security map that spells out the realities of security, embraces all aspects of a global business, demystifies it with straight talk, and makes it accessible to entire organizations. Everyone today needs to be well armed with an understanding of the facts.
Security has traditionally hidden behind esoteric discussions of cryptographic key lengths, seemingly unfathomable rules and regulations, a hacker mystique, and, often, deliberate doublespeak. Now, with technology poised to deliver the cost savings and growth needed to survive and thrive in today's global economy, it is the right time to cultivate corporate-wide understanding that leads to embracing security as the business enabler that it can be. Because companies are now working across foreign bordersand must understand foreign security rules, regulations, best practices, and the local security culturesI have pulled together dozens of experts from different locales around the world, all of whom help to explain "their side" of the security equations you must deploy. Today is when we need solutions that both protect us and enable our growth.What Makes This Book Different?
The what of Mapping Security is straightforward and comprises three simple parts. Part 1, "Charting a Course," will help people in any organization, anywhere in the world, reduce their risks and maximize their rewards. It outlines and illustrates six business "insider" tips for dealing with the realities of a global security planrealities such as shrinking budgets/staff; old-security thinking that holds back the use of new technologies; and the growing maze of rules, regulations, and standards that apply. It shows you how to correlate your security to appropriate rules, stretch your security budget, increase buy-in from all business units of your organization, keep an eye on what is happening in terms that make sense, and finally, incorporating constant vigilance over the evolving threats, countermeasures, technology and regulations. The chapters of Part 1 address these business tips as follows:
Establishing Your Coordinates
Building The Base
Enabling The Businesses
Part 2, "Reality, Illusion, and the Souk," takes a tour of more than 30 countries/regions around the world, taking an honest (sometimes painfully so) look at how security is practiced in each country. Although every organization in the world can benefit from the lessons learned from the Part 1, Part 2 offers a discussion of the important local security rules, information from local security and business experts and stories that help illustrate the sometimes difficult cultural issues that are of most significant concern for a global security rollout. Filled with quotes and anecdotes from the frontlines of local environments, and it will give you a good global understanding of the differences between various countries. Of course, its description of the local laws and regulations is designed to be heavily dog eared as a reference section to help you navigate the future, but there's another reason to turn back to it again and againthe Mapping Security Index (MSI).
The MSI will help you speed decision making, improve cross-border understanding, and aid in quantifying a highly qualitative process. It is my exclusive formula for making accessible the risks and benefits of moving security into a new country. I created it by combining four scores that make up some of the aspects of understanding good security:
Based on actual historical numbers, expert rankings, and a subjective Cross-Border Index (CBI), the MSI score has been tabulated for each country. Incidentally, whereas most people who have reviewed my work believe that "their" country score is too low, they tend to think all the others are just about right. Nonetheless, and at the risk of causing passionate debates in blogs and forums around the world, I have included an MSI score for each of the countries that I covered, to help give you an instant snapshot of the local security scene.
Part 3, "Whose Law Do I Break?" ties the book together by showcasing some old (sorry guys) sages from the worlds of business and security to help solve some of the conflicts that will arise when you put what you have learned from Parts 1 and 2 into global practice. Understanding what to do when laws collide, leveraging technology even on a low budget, and solving important cultural issues are explored. Part 3 helps ties it all together, with plain talk from very experienced folks who have been doing cross-border security for a long time.
Following the book's three-part design is a thorough appendix, organized by country, with descriptions and pointers to the best local information that I have been able to find both in my career, and, specifically, in researching this book. I have always wanted a list like this, and now I (and you) have got one.Who Would Write a Book Like This?
As for who, I have been a consumer of security services while living in the Middle East, a maker of security products, and a consultant of security services to governments and companies around the world, and I have used my understanding of security to enable three separate businesses that each transacted more than $500 million online. I have been in the trenches, run large businesses, and sat on boards of directors. I have spent the past two decades explaining security to business leaders around the word, and I recently completed a two-year tour, living and working overseas, focused exclusively on cross-border security. Living much of my adult life both working in the security world and working outside of the United States, I have developed a good appreciation for what this world has to offer and have honed strategies for overcoming its associative risks.
The who also includes Scott Gleeson Blue, a talented writer and interviewer, whose tireless efforts to get the stories straight and help write them clearly are a big reason the book has turned out as it has. Scott is a Philadelphia-based author/journalist and an instructor at Neumann College (Aston, Pennsylvania). In addition to collaborating with me on security publications in the past, Scott has covered technology, consumer and popular culture, marketing, sports, and the performing arts for various publications in Europe and America. This breadth of background has lent important insight into the expert stories that we used to explain cultural differences around the world.
Finally, the who would not be complete without recognizing the dozens of security and business experts who agreed to be interviewed for this book, Howard Schmidt for lending his considerable insight for the Foreword, and the Mapping Security volunteer army of researchers. As always, their wisdom and wit are greatly appreciated, and any errors are most certainly my translations, and not their thoughts.Where in the World Are We?
Oh, and that leaves where. Notice that in this book's title, map is used as a verb. This book is active and organic, and it was written for businesses that work somewhere on this planet. It was written from 30 different countries, with local voices and local opinions. The Foreword was written by Howard on several airplane trips between Shanghai and Beijing, the opening letter in Part 2 was written among the ancients in Luxor, and the quotes and interviews came from each of the individual countries listed. One quote came from an expert just back from a country where he lamented that the local security folks all have their own body armor, and he had to rent! So you see, this book was written in the same where that you are now doing business: everywhere.
So that's the who, what, where, when, and why of the book. Straightforward, demystifying (and at the same time a new and unique sourcebook for whatever and wherever you are looking for security). I hope it helps.© Copyright Pearson Education. All rights reserved.
From the Back Cover
Praise for Tom Patterson's Mapping Security
"Tom Patterson captures a compelling and practical view of security in a multinational environment. Your CSO needs to read this book!"
Dr. Vint Cerf, senior vice president of Technology Strategy at MCI and founder of Internet Protocol (IP)
"The power of the Internet is that it's a global network, seamlessly crossing borders. But it also brings security risks that can cross borders just as easily. Patterson has more than a decade of first-hand experience in defending against such risks and it shows. He uses real-world examples and stories, many from his own career, and offers clear, action-oriented descriptions of the different threats and how to deal with them. This book avoids security jargon and speaks directly to businesspeople around the globe."
Chris Anderson, Editor in Chief, Wired Magazine
Whether consumers or global giants, we all need to be spending a greater share of our budgets on security. The threats are greater than ever and increasing daily, and yet there is a challenge as to how to justify the expenditure. Mapping Security offers business-oriented and in-depth thinking on how and why to build security into the fabric of the organization. After reading Tom Patterson's book, you will want to make changes with a sense of urgency.
John R Patrick, president of Attitude LLC and former vice president of Internet Technology at IBM Corporation
As companies of all sizes go global in their search for profit and growth, they will need to understand how to use security as a tool for success in different markets, and Mapping Security shows them how.
Dr. Craig Fields, former director of Advanced Research Projects Agency (ARPA) for the U.S. GovernmentThe Definitive Guide to Effective Security in Complex Global Markets
Companies are global today and have complex security supply chains, out-sourced operations, and customer relationships that span the world. Today, more than ever, companies must protect themselves against unprecedented threats, understand and adhere to a global mosaic of regulations, and leverage security to enable today's business realities. In Mapping Security, global security expert Tom Patterson shows how to meet these challenges by presenting security best practices, rules, and customs for virtually every country where you do business.
Writing for executives, business managers, security professionals, and consultants, Patterson offers an exceptionally thorough and authoritative briefing on today's global security realities. Using real-world examples, he shows how to change your approach to security as you move more deeply into global markets: how to resolve contradictions among the complex rules and customs you'll have to follow and how to customize security solutions for every market. Along the way, he introduces the Mapping Security Index (MSI), a powerful new metric for rapidly quantifying security risk associated with 30 key markets. Coverage includes
How technology, mass globalization, and stricter accountability are forcing security to the core of the enterprise
Six proven keys to defining and implementing global security strategies that work within today's budget realities
Detailed country-by-country drill downs on security in Europe, the Middle East and Africa, the Americas, and the Asia-Pacific region
Practical advice on what to do when laws collide
Quantifying the security posture and associated risks of potential cross-border partners
"On-the-ground" help: Indispensable local security resources
Visit www.MappingSecurity.com for Tom Patterson's latest updates and analysis, including the latest changes to the MSI country scores, and to participate in the Mapping Security Reader Forum.
© Copyright Pearson Education. All rights reserved.See all Product Description
Most Helpful Customer Reviews on Amazon.com (beta)
Today's technology infrastructure is getting more and more complex. Companies are more global with more porous borders. Outsourcing is increasing dramatically, creating an additional need to understand the cultures in the remote locations.
Given all that, Mapping Security: The Corporate Security Sourcebook for Today's Global Economy is a valuable guidebook to deploying information security outside of the United States. Author Tom Patterson is a former Big 4 Information Security partner whose job responsibilities saw him living abroad for much of his adult life. The book is not so much a network security title, but rather a guide to performing the business of security across various cultural and physical borders. Mapping Security is management-level source book for companies and organizations that do - or plan to do - business outside of the United States. Patterson takes his years of living abroad, his successes and his failures, his war stories, and his challenges, and maps them into a usable framework so the reader can better deploy an information security program.
In the book, Patterson details the various opportunities and challenges in each geographic sector across the globe and provides security best practices, rules, and customs for 30 countries. Patterson does a good job of explaining how and where Americans are often perceived to be arrogant by having a overly U.S.-centric view of things.
The book is divided in three parts. Part 1 details the manner in which an effective information security infrastructure can be developed. Chapters 1 through 7 show the necessary steps to building an effective security culture. The book, especially Part 1, is focused not so much on specific technology but rather the processes in which to develop such a security infrastructure.
The heart of the book is in Part 2 where Patterson details his Mapping Security Index (MSI). The function of the MSI is to provide the reader with a metric to determine how an organization can perform security functions in a different country. The book has an MSI for 30 countries, but it does not detail every country, only those where U.S.organizations are likely to do business.
Peterson's expertise comes from living abroad extensively and bringing to the table how business should be done in whatever country you are dealing with. Two of the countries with the highest MSI are Netherlands (90) and Canada (93), with Russia (26) and Saudi Arabia (32) at the bottom. The main advantages of the Netherlands and Canada are that they both have a safe, stable, and effective infrastructure in which to build an information security organization.
Russia, on the other hand, while having a strong technical outsourcing potential has a legal and technical infrastructure that is significantly lacking. Additionally, most other business services are not yet on par with the rest of the region. As to Saudi Arabia, Patterson notes that while it provides a growing domestic marketing, it is an extremely difficult security partner to deal with and has very little cross-border activity. There is extremely little opportunity for women when it comes to the region. He notes that it is practically impossible for women to do business there and observes that "surrendering gender equity is simply the cost of doing business in Saudi Arabia".
Part 3 of the book deals with that challenge of mapping various laws and regulations from different countries. Part of the challenge and headache is dealing with laws from different countries that are contradictory. For example, one country might require an organization to capture and report customer information, while another country forbids it. The question becomes whose law do you break? That is not an easy question to answer, but it is one that needs to be considered.
The author notes that security standards and regulations are the biggest drivers for security around the world and a misstep in dealing with regulations can create the scenario where one could face business impairments, fines, or even prison.
Overall, Mapping Security: The Corporate Security Sourcebook for Today's Global Economy is a very valuable reference guide for anyone who needs to deal with information security in different countries and cultures. By relating security to the international community, the book enables the reader to avoid making those mistakes that can sink a security project.
Patterson has a keen business insight, and the book provides many of his war stories (from illegal barbeques in Germany to an innocuous racial fax paus in South Africa). The book is not overly technical in nature and is both entertaining and informative. For anyone that plans to deploy security outside of the United States Mapping Security should be required reading.
The first, relatively brief part of the book gives a very nice high-level overview of security. Again, while it might sound boring to some, it is actually written in an enjoyable style with lots of examples and fun quotes from various CSOs. My favorite section here is called "Developing Radar'. It covers the process of building awareness of your security environment, through monitoring and auditing of system and user activity. Of course, the book is full of regulatory compliance as well as various ROI (ROSI) scenarios.
The remainder of the book goes country by country and talks about various elements of security and regulatory environment as well as computes an overall score (MSI) for each country. The info is highlighted by various examples of doing business in those countries.
Overall, while the book is definitely for a senior crown, many security professional will benefit from it but getting author's unique prospective on cross-border security. I did enjoy the book without being a CEO...
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior" and a contributor to "Know Your Enemy II". In his spare time, he maintains his security portal info-secure.org
Patterson brushes aside the typical rah-rah platitudes of high-level business books, and recognizes that the real world is not always a tidy place, and that laws are complex and often contradictory. Expanding on the idea that without security, eCommerce is a non-starter, Patterson approaches security issues from both technological and legal/cultural perspectives. His insight is keen, his examples are topical, and his "war stories" are entertaining as well as informative.
In an era where the multinational company model is becoming the norm, and where American businesspeople are being treated with increasing disdain overseas, no C-level manager should ever board an international flight without having read "Mapping Security."
Look for similar items by category
- Books > Business & Investing > Industries & Professions > E-commerce
- Books > Business & Investing > International
- Books > Computers & Technology > Certification Central > Exams > Security+
- Books > Computers & Technology > History & Culture > Privacy
- Books > Computers & Technology > Networking & Cloud Computing > Network Administration
- Books > Computers & Technology > Networking & Cloud Computing > Network Security
- Books > Computers & Technology > Networking & Cloud Computing > Networks, Protocols & APIs
- Books > Computers & Technology > Programming
- Books > Computers & Technology > Web Development > Security & Encryption > Encryption
- Books > Qualifying Textbooks - Fall 2007 > Business & Investing
- Books > Qualifying Textbooks - Fall 2007 > Computers & Internet
- Books > Textbooks > Business & Finance > International Business
- Books > Textbooks > Computer Science & Information Systems > Networking