Customer Reviews

Mapping Security: The Corporate Security Sourcebook for Today's Global Economy

5 star:		(11)
4 star:		(4)
3 star:		(1)
2 star:		(0)
1 star:		(0)

 

 

Creating an effective information security infrastructure for a large multi-national company is a challenge. Above and beyond the technology, the software, and the hardware, there are non-tangibles, specificially the cultures and laws where the security solutions, people, and technology will be deployed. Deploying technology without considering the local environment and culture is a sure-fire way to undermine a project.

Today's technology infrastructure is getting more and more complex. Companies are more global with more porous borders. Outsourcing is increasing dramatically, creating an additional need to understand the cultures in the remote locations.

Given all that, Mapping Security: The Corporate Security Sourcebook for Today's Global Economy is a valuable guidebook to deploying information security outside of the United States. Author Tom Patterson is a former Big 4 Information Security partner whose job responsibilities saw him living abroad for much of his adult life. The book is not so much a network security title, but rather a guide to performing the business of security across various cultural and physical borders. Mapping Security is management-level source book for companies and organizations that do - or plan to do - business outside of the United States. Patterson takes his years of living abroad, his successes and his failures, his war stories, and his challenges, and maps them into a usable framework so the reader can better deploy an information security program.

In the book, Patterson details the various opportunities and challenges in each geographic sector across the globe and provides security best practices, rules, and customs for 30 countries. Patterson does a good job of explaining how and where Americans are often perceived to be arrogant by having a overly U.S.-centric view of things.

The book is divided in three parts. Part 1 details the manner in which an effective information security infrastructure can be developed. Chapters 1 through 7 show the necessary steps to building an effective security culture. The book, especially Part 1, is focused not so much on specific technology but rather the processes in which to develop such a security infrastructure.

The heart of the book is in Part 2 where Patterson details his Mapping Security Index (MSI). The function of the MSI is to provide the reader with a metric to determine how an organization can perform security functions in a different country. The book has an MSI for 30 countries, but it does not detail every country, only those where U.S.organizations are likely to do business.

Peterson's expertise comes from living abroad extensively and bringing to the table how business should be done in whatever country you are dealing with. Two of the countries with the highest MSI are Netherlands (90) and Canada (93), with Russia (26) and Saudi Arabia (32) at the bottom. The main advantages of the Netherlands and Canada are that they both have a safe, stable, and effective infrastructure in which to build an information security organization.

Russia, on the other hand, while having a strong technical outsourcing potential has a legal and technical infrastructure that is significantly lacking. Additionally, most other business services are not yet on par with the rest of the region. As to Saudi Arabia, Patterson notes that while it provides a growing domestic marketing, it is an extremely difficult security partner to deal with and has very little cross-border activity. There is extremely little opportunity for women when it comes to the region. He notes that it is practically impossible for women to do business there and observes that "surrendering gender equity is simply the cost of doing business in Saudi Arabia".

Part 3 of the book deals with that challenge of mapping various laws and regulations from different countries. Part of the challenge and headache is dealing with laws from different countries that are contradictory. For example, one country might require an organization to capture and report customer information, while another country forbids it. The question becomes whose law do you break? That is not an easy question to answer, but it is one that needs to be considered.

The author notes that security standards and regulations are the biggest drivers for security around the world and a misstep in dealing with regulations can create the scenario where one could face business impairments, fines, or even prison.

Overall, Mapping Security: The Corporate Security Sourcebook for Today's Global Economy is a very valuable reference guide for anyone who needs to deal with information security in different countries and cultures. By relating security to the international community, the book enables the reader to avoid making those mistakes that can sink a security project.

Patterson has a keen business insight, and the book provides many of his war stories (from illegal barbeques in Germany to an innocuous racial fax paus in South Africa). The book is not overly technical in nature and is both entertaining and informative. For anyone that plans to deploy security outside of the United States Mapping Security should be required reading.

I'm really impressed by this book. It's a summarization of a lot of valuable research that you can find nowhere else. Which to me is the definition of a great book. The authors take us on a world tour and give us background on the security concerns in all of the different countries. It's fascinating, insightful and even funny at times. A must have for anyone doing applications business globally.

From business executives who want and need to understand the complexities of securing global ecommerce, to consultants and sales people who support global companies, to analysts who evaluate these companies, this is a must read source book. While vast today, electronic commerce is growing very rapidly, and for many if not most companies, electronic commerce will determine success or failure. This book will not only help companies protect their investments in ecommerce, product, market and customer data, but it will also help map strategies for security as they expand to new markets.

I have read this book twice, it was different than anything I have ever seen before. The author uses security generically, blending physical security and information security. Most people do not do that, but I think Patterson is simply a year or two ahead of his time.

The first 1/3 of the book was a bit of a waste for me, sort of a know thyself without little exercises. Then you hit the good stuff.

All Americans should read page 105 at least twice. This is also where the value of this book becomes apparent, I will read this section at least one more time. I don't know how much credence I would put in the Mapping Security Index (MSI), where the author tries to quantify the ROSI of doing business in a particular part of the world or another, but the annecdotal bits are great. I have a much better understanding of why my own company has had such an odd experience doing business in Europe.

If you are an American and you have an IT security position with a company doing business in the wider world ( and who doesn't) then I recommend this book. I also recommend a movie called the Coca Cola Kid. It is a bit off color, but it can really help explain why we make the mistakes we make.

This weird little book turned out to be a real gem! While good books on security for senior executives have been popping up in recent times, this one gives a unique prospective on security, tying it to the international nature of modern security landscape. Security is international not only because attackers might be camping anywhere on the globe, but also because of transnational nature of large companies, foreign customers or partners, outsourcing and other matters.

The first, relatively brief part of the book gives a very nice high-level overview of security. Again, while it might sound boring to some, it is actually written in an enjoyable style with lots of examples and fun quotes from various CSOs. My favorite section here is called "Developing Radar'. It covers the process of building awareness of your security environment, through monitoring and auditing of system and user activity. Of course, the book is full of regulatory compliance as well as various ROI (ROSI) scenarios.

The remainder of the book goes country by country and talks about various elements of security and regulatory environment as well as computes an overall score (MSI) for each country. The info is highlighted by various examples of doing business in those countries.

Overall, while the book is definitely for a senior crown, many security professional will benefit from it but getting author's unique prospective on cross-border security. I did enjoy the book without being a CEO...

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior" and a contributor to "Know Your Enemy II". In his spare time, he maintains his security portal info-secure.org

This book is not really a network security book. In reality, it is barely about computers or technology at all. This book is essentially a guide to doing business across cultural and physical borders.

Patterson does a pretty good job of explaining why a book like this is needed or how it can provide value to companies today. I have lived in different places throughout the world and I can attest to the fact that citizens of the United States look at the world through very 'USA-centric' glasses and this arrogance coupled with ignorance gives a bad impression to the citizens of other nations.

This is no secret or revelation per se, but Patterson helps bring it into the context of doing business and helping the reader understand how to cope with legal, ethical, cultural and societal differences while trying to do business in a global economy.

A good percentage of the book is dedicated to country-by-country breakdowns; providing pros and cons for doing business in each country and quantifying each with his MSI (Mapping Security Index) to enable a comparison of one country to the next.

Corporate executives and those responsible for negotiating international business should definitely read this book and keep it handy as a reference.

(...)

Every IT services firm and corporate IT department is looking how to deploy IT solutions globally that are secure and consistent with both business and technology policies. With a worldwide eye, Patterson's "mapping security" breaks the security tasks down into its logical parts.

Mapping Security does a singularly effective job at bridging technology and business, and creates a compelling case that the two are inexorably intertwined. Patterson's wealth of knowledge and experience in international commerce is breathtaking, and he is adroit at maneuvering between arcane, widesweeping regulations and personal anecdotes. In reading a pre-release copy, I was reminded of those print ads on the London Underground, consisting of three frames, each with a photo of a cricket: Depending on the country, the cricket is a pest, a pet, or a snack.

Patterson brushes aside the typical rah-rah platitudes of high-level business books, and recognizes that the real world is not always a tidy place, and that laws are complex and often contradictory. Expanding on the idea that without security, eCommerce is a non-starter, Patterson approaches security issues from both technological and legal/cultural perspectives. His insight is keen, his examples are topical, and his "war stories" are entertaining as well as informative.

In an era where the multinational company model is becoming the norm, and where American businesspeople are being treated with increasing disdain overseas, no C-level manager should ever board an international flight without having read "Mapping Security."

Every businesss owner or executive who does business to some degree outside of their home country should keep this book close at hand. The use of electronic means of communicating financial, product and customer data is growing exponentially around the world, and this book is a sourcebook for how to keep that data secure as it flows around the world. THIS is NOT an area of business that owners/execs/officers/directors can afford to stay in the dark about.

If you're doing business internationally, IT security might be more of a nightmare than you know. This book does an excellent job of helping you through the mine fields... Mapping Security - The Corporate Security Sourcebook For Today's Global Economy by Tom Patterson.

Chapter List:

Part 1 - Charting A Course: Why You Picked Up This Book; Establishing Your Coordinates; Building The Base; Enabling Business And Enhancing Process; Developing Radar; Constant Vigilance

Part 2 - Reality, Illusion, And The Souk: Europe; The Middle East And Africa; The Americas; Asia Pacific; Outsourcing And Your Map

Part 3 - Whose Law Do I Break?: Mapping Solutions; Mapping Law; Mapping Technology; Mapping Culture; Mapping Your Future; Local Security Resources By Country; Index

Patterson takes an approach to global technology security that I've never seen before. He talks about how differing countries, laws, and cultures can all conspire against you when it comes to maintaining (legally!) security for a global organization. Conceptually you probably know that not all laws are the same as the ones in the United States, but you may not know or understand just how different they are. For example, if you have a server in France running an HR or a payroll system and you back up the data to a server outside of the country, guess what? You're in violation of French data security laws. It's that easy...

Part 2 of the book was very interesting. He takes some of more significant countries in terms of global and cross-border commerce and scores them with an index value that takes a number of security issues into consideration. You'll learn that every country, no matter how cheap or technologically adept they are, have significant hindrances that could make or break your business if you're not prepared to deal with them. Language is a major issue, as well as nationality. Even though you may be opening up shop in a country that speaks English, you can usually count on the fact that sending an American over to tell them how to run the security is a bad idea. You need to be able to partner with a local firm or find someone from the country to handle the day-to-day issues in order to make sure all is running well. Patterson covers this and a lot more in the book, and it's actually interesting reading, too. He keeps the conversation with the reader moving along at a decent pace, along with interspersing little sidebars on cross-cultural issues that you may never have considered.

IT security professionals who work for global organizations or who have outsourced operations will do well to pick up a copy of this book to make sure they are abiding by all the laws that could affect them. The book's far cheaper than fines that could be levied by the country whose laws you break.