People, process an technology keep the hackers out

It seems as though high-technology literature ebbs and flows like the sea. Hot topic today, gone tomorrow. And the hot topic these days is security. Not a day goes by when the news wires don’t have some mention of a security breach or a security solution.

Recently McGraw-Hill released Security Transformation: digital defence strategies to protect your company’s reputation and market share. The book was co-authored by Mary Pat McCarthy, global chair of the information, communications and entertainment practices at KPMG, and Stuart Campbell, leader of KPMG’s information risk management practices in the U.S.

The book starts off with a fictional story (one I am surprised has not been lengthened into a movie script) about how the world’s powers are blackmailed by a hacker/saboteur whose technology is capable of bringing down the world’s air traffic control systems. A little over the top and too reminiscent of Y2K, but an attention grabber none the less.

McCarthy and Campbell’s writing style uses analogies to drive home a point. Though they could have limited their use, it does help non-techie grasps some of the more difficult security concepts.

They treat security as an enabler but are also quick to point out public trust is a key issue for most e-commerce success. A bank gets robbed and no one stops banking but a site gets hacked and the public stays away.

The solution to viable corporate security is multifaceted and the authors espouse the people, process and technology mantra. Their anecdote about employees being the weakest link, though over used, is to the point. It never ceases to amaze me how readily some people will give up their user name and password to an apparent authority figure.

The two most informative chapters are the ones which address prevention, detection and response, and assessing security risk.

They embrace the use of intrusion detection systems, something many companies lack, and also having a proper response system in place.

If you are a security specialist, the book probably won’t give you much new information or insight but can certainly help in other ways. Get a copy and put it on your CEO’s desk. This well written and easy-to-read book will certainly get his or her mind thinking about security issues.

– Reviewed By Chris Conrath