Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Into the Breach: Protect Your Business By Managing People, Information, and Risk Hardcover – August 1, 2008
|New from||Used from|
ITPro.TV Video Training
Take advantage of IT courses online anywhere, anytime with ITPro.TV. Learn more.
About the Author
If you buy a new print edition of this book (or purchased one in the past), you can buy the Kindle edition for only $0.99 (Save 67%). Print edition purchase must be sold by Amazon. Learn more.
For thousands of qualifying books, your past, present, and future print-edition purchases now lets you buy the Kindle edition for $2.99 or less. (Textbooks available for $9.99 or less.)
Top Customer Reviews
The book is aimed at executives and other decision makers and not at technical information security professionals themselves. That is not to say that there isn't value in here for the technically minded as long as they remember that they are not the targeted audience. There are a few things in here that might actually cause the technically focused some anguish but if they are honest with themselves and take a step back they should admit that what Michael says is true.
Into the Breach is the book that I wanted to write. I share Michael's perspective on many of the topics discussed and have come to the same conclusions, although independently. We attack the problem from different angles but we share so much in common that I'm left to wonder if the differences are merely trivial. As I read the book I heard my own thoughts being echoed back to me more than a few times. I found new and interesting perspectives on issues that I have worked hard to solve and I even learned a few things (which means that it was time well spent.)
The book is broken up into three parts. The first part explains the human factors at play in any environment and seeks to provide a understanding of the human factors as they relate to protecting information. I really couldn't find fault with anything I read in this section.Read more ›
I've spent the rest of my career in business, and out here it's a different story. It's generally ineffective to "order" anyone to adhere to policy, and there are countless good reasons why people won't do it at any given time. I've seen millions of dollars wasted on the latest silver bullet technologies to fix what is fundamentally a human problem. Of course the problem remains, and now we're throwing good money after bad to support the new tools.
Michael's book is the first to call a spade a spade and address the human problem with a human solution. By taking away the intermediaries that cause end-users to feel disengaged from their responsibilities, he transforms the problem itself (end-users) into the solution. It's not rocket science, it doesn't cost millions of dollars, there's nothing to support for eternity, and best of all, it works!
So many of the other books in this genre (and I've read many of them) take a technologists approach to solving problems. To be sure - there is a time and place for that. But if you want to get at the root of your issues, if you really want to understand the problems, and if you really want to get the most powerful leverage you can get to create an effective program you *must* read this book.
The subtitle of the book is "Protect Your Business by Managing People, Information, and Risk." Seems pretty straight forward, doesn't it? However, those of us in the information security profession are painfully aware that actually doing what that simple statement says is often far from straight forward.
Michael wants to help us with the issue and puts forth a process that can greatly increase our ability to satisfy that statement in a manner that brings engagement from all parts of the organization. At its root, Micahel's strategy makes protecting the data of our organizations everybody's job, not just information technologies job, but it does so in a way that re-energized everybody by giving them a voice in what is important and what is not.
He starts out the book by introducing and addressing three common myths that crop up when we start talking about protecting our organization's data from unauthorized access or "breach":
1. "Outsiders pose the biggest threat to information."
2. "Information protection needs a technology solution."
3. "Protecting information costs too much."
Throughout the rest of the book, he walks us through a process that is simple in its execution, but profound in what it provides to those who participate in it. I'm not going to steal Michael's thunder. I am going to suggest that you pick up a copy of his book and read it...twice...at least. If you do and implement the strategies contained in it, you will be much better equipped to "Protect Your Business by Managing People, Information, and Risk" and reducing the chances that your data will go "Into the Breach."
Most Recent Customer Reviews
Excellent book and the author is right on the money regarding the necessity to focus on the people rather than the technology. Read morePublished 10 months ago by Mark A. Lester
Lots of good ideas in this book. Most center around uncommon sense and communication. I would like to have seen a couple of examples of the implementation process. Read morePublished on March 9, 2013 by W. Grayson Palmer
It is no secret that information is among the most valuable and vulnerable assets in business today. Read morePublished on April 22, 2011 by C. Campbell
I first read Michael's book in 2009, since then I've been regularly recommending the book to people who are concerned or looking for an explanation on why data breaches occur or... Read morePublished on April 18, 2011 by Chris Gates
I am not inclined towards book reviews, and my thoughts on user education tend to be somewhat fatalistic (I'm a big fan of Robert Heinlein's quote: "Never try to teach a pig to... Read morePublished on April 17, 2011 by Jack Daniel
As someone with a background in social work and psychology, it always amazes me how little the "people factor" is taken into account in the area of information security. Read morePublished on April 14, 2011 by Trish Smith
If you do, you may find you'll come out with a more effective security strategy.
Michael Santarcangelo shows why he's known as a "human catalyst" with his... Read more
Security by "because I said so" simply does not work, and all of the policy-based training modules and email blasts warning of the phishing attempt of the week are never going to... Read morePublished on April 13, 2011 by Justin Bovee
"Into the breach" by Michael Santarcangelo is actually a fun read; it seems to be a useful book on security for management. Read morePublished on October 15, 2009 by Dr Anton Chuvakin