"Missing: 25 million child benefit records..."
"South Korean police on Sunday arrested four people over the theft of data on 11 million customers of a local oil refiner in what is being called the country's largest-ever data leak..."
Data Loss Headlines like these are enough to leave many consumers dumbfounded. Now, imagine being the director of the team tasked with protecting the data.
The industry has responded to breach threats with Data Loss Prevention suites that disable external media and ports on computers, Network Access Control schemes that ensure only authorized computers can get on the network, and network content analysis tools.
None of these can protect all of the data all of the time. It's not because technology fails. It's because humans and business processes fail. Throwing more technology at this problem is not the only answer. Santarcangelo asserts that technology is best used to support information security in an environment where people think and act responsibly and are held accountable for information under their care.
Into The Breach's sub-title is Protect your business by managing people, information and risk and that's exactly what's covered. From understanding peoples' justification for their behavior patterns and implementing The Strategy and beyond, the end result is a surprisingly concise angle on covering your ass while maximizing the effectiveness of your security budget... After all, your money goes a lot further with awareness than it does with six- and seven-figure software suites that will only serve to further mask the symptoms of a much larger systemic problem in your organization...
I got my hands on a pre-release copy of this book directly from Catalyst himself at DefCon. I'd like to personally thank him for handing over a few copies for me to pass around to colleagues and giving me a chance to get an advance peek at his work. I'm looking forward to flipping through the finished product, which likely has a little more information than the copy I've got in my hands right now.
The electronic edition of the final version is already available for the Kindle with the hardcover book hitting shelves (and Amazon) soon.