Archive

Archive for the ‘Reviews’ Category

Review: Into the Breach

October 9th, 2008 admin View Comments
Into the Breach Picture

Into the Breach Picture

I received a preview copy of Michael Santarcangelo (AKA Catalyst) book, Into the Breach, a few weeks ago and finally made my way around to read it on my recent trip to Texas. My reaction to the book, WOW! No other book that I have read in the past few years (even my chemistry ones) have sparked so many thoughts of how I can use the information I was reading in my everyday work.

In the Introduction and even on the back of the book there is a quote that hits home:

People have been unintentionally and systematically disconnected from the consequences of their actions for so long, they are no longer held accountable or take responsibility

This quote seems to be one of the things I deal with all the time. People either have too many other things to do or are “too important” to deal with the consequences of their actions.  Even more so, these same people are hardly every held accountable or take responsibility when something does happen.  Michael explains how to change thinking from just throwing technology at the problem to engaging people and involving them in the process of securing the data with a Strategy to Protect Information.

A phrase is mentioned throughout the book and even has its own chapter is “People just want to do their jobs“.  He uses a spot on example of a confusing password policy and how users react to “pain” caused by it.  In this case, the pain is how these items (like confusing password policies) hinder the users from doing their jobs.  As a natural response to the pain, users will find a way to deal it, such as writing down their complex password on a post-it and sticking it on their monitor.  Later in the book he explains an approach that supports people and engages them in the process of protecting information.  I sometimes think that we (as IT professionals) get hung up in the policy and forget about the person actually doing their jobs.  I have heard many times at my job, this is policy, that is policy.  However, nothing is done to help the users comply with the policy and still get their jobs done in an easy and manageable manner.

This is just a small sample of what is in this book.  I think that this book is a must read by anyone dealing with information, from the highest tier professional (CIO/CISO) to the part-time helpdesk technician.  Into the Breach takes an unique and interesting approach showing how everyone can be involved in protecting his or her business.

Categories: Reviews, Security Tags: , , , , , ,