O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Mapping Security: The Corporate Security Sourcebook For Today's Global Economy

Book Description

Praise for Tom Patterson's Mapping Security

"Tom Patterson captures a compelling and practical view of security in a multinational environment. Your CSO needs to read this book!"

—Dr. Vint Cerf, senior vice president of Technology Strategy at MCI and founder of Internet Protocol (IP)

"The power of the Internet is that it's a global network, seamlessly crossing borders. But it also brings security risks that can cross borders just as easily. Patterson has more than a decade of first-hand experience in defending against such risks and it shows. He uses real-world examples and stories, many from his own career, and offers clear, action-oriented descriptions of the different threats and how to deal with them. This book avoids security jargon and speaks directly to businesspeople around the globe."

—Chris Anderson, Editor in Chief, Wired Magazine

Whether consumers or global giants, we all need to be spending a greater share of our budgets on security. The threats are greater than ever and increasing daily, and yet there is a challenge as to how to justify the expenditure. Mapping Security offers business-oriented and in-depth thinking on how and why to build security into the fabric of the organization. After reading Tom Patterson's book, you will want to make changes with a sense of urgency.

—John R Patrick, president of Attitude LLC and former vice president ofInternet Technology at IBM Corporation

As companies of all sizes go global in their search for profit and growth, they will need to understand how to use security as a tool for success in different markets, and Mapping Security shows them how.

—Dr. Craig Fields, former director of Advanced Research Projects Agency(ARPA) for the U.S. Government

The Definitive Guide to Effective Security in Complex Global Markets

Companies are global today and have complex security supply chains, out-sourced operations, and customer relationships that span the world. Today, more than ever, companies must protect themselves against unprecedented threats, understand and adhere to a global mosaic of regulations, and leverage security to enable today's business realities. In Mapping Security, global security expert Tom Patterson shows how to meet these challenges by presenting security best practices, rules, and customs for virtually every country where you do business.

Writing for executives, business managers, security professionals, and consultants, Patterson offers an exceptionally thorough and authoritative briefing on today's global security realities. Using real-world examples, he shows how to change your approach to security as you move more deeply into global markets: how to resolve contradictions among the complex rules and customs you'll have to follow and how to customize security solutions for every market. Along the way, he introduces the Mapping Security Index (MSI), a powerful new metric for rapidly quantifying security risk associated with 30 key markets. Coverage includes

  • How technology, mass globalization, and stricter accountability are forcing security to the core of the enterprise

  • Six proven keys to defining and implementing global security strategies that work within today's budget realities

  • Detailed country-by-country drill downs on security in Europe, the Middle East and Africa, the Americas, and the Asia-Pacific region

  • Practical advice on what to do when laws collide

  • Quantifying the security posture and associated risks of potential cross-border partners

  • "On-the-ground" help: Indispensable local security resources

Visit www.MappingSecurity.com for Tom Patterson's latest updates and analysis, including the latest changes to the MSI country scores, and to participate in the Mapping Security Reader Forum.

© Copyright Pearson Education. All rights reserved.

Table of Contents

  1. Copyright
    1. Dedication
  2. Praise for Tom Patterson’s Mapping Security
  3. Acknowledgments
  4. About the Author
  5. Foreword
  6. The Five Ws of Mapping Security
    1. Why Mapping Security
    2. If Not Now, When?
    3. What Makes This Book Different?
    4. Who Would Write a Book Like This?
    5. Where in the World Are We?
  7. 1. The Historian and the Security Guy
    1. 1920 Becomes 1990
  8. 1. Charting a Course
    1. 2. Why You Picked Up This Book
      1. The Business Shift and the New Global Security Equation
      2. The Shift and Technology
      3. The Shift and Globalization
      4. The Shift and Accountability/Regulatory Compliance
      5. Charting a Course: Freedom from Reactive Corporate Security
    2. 3. Establishing Your Coordinates
      1. The CSO As a New Global Constant
      2. You Are Where?
      3. You Are Here: Three Degrees of Separation
        1. The First Degree: Outsourcing
        2. The Second Degree: The Supply Chain
        3. The Third Degree: Customers
      4. Correlating Degrees to Standards
        1. What Applies to You
        2. Horizontal Standards
      5. Vertical Standards
        1. Don’t Try This at Home
      6. Pinpointing Your Business Requirements
      7. Creating Your Risk Profile
      8. Charting Your Course
    3. 4. Building the Base
      1. The Rule of 3
      2. The Base
        1. Maximum Base-Worthy ROSI
          1. Unified Training Is Base-Worthy
          2. Patch Management Is Base-Worthy
          3. Identity Management Is Base-Worthy
          4. Intrusion Detection and Protection Are Base-Worthy
        2. Medium Base-Worthy ROSI
          1. Business Continuity
          2. Monitoring
        3. Privacy
        4. Minimum Base-Worthy ROSI
          1. Application Integrity
        5. Information Asset Baseline
      3. Go Forth and Secure
    4. 5. Enabling Business and Enhancing Process
      1. Not Either/Or: It Is Both
      2. Business Enablement
        1. Human Resources
        2. Supply Chain
        3. Financials
        4. Customer Relationship Management
      3. Process Enhancement
        1. Systems Development
        2. The Help Desk
        3. Regulatory and Audit Compliance
        4. Network Operations
      4. Enabling and Enhancing Pay Off
    5. 6. Developing Radar
      1. Kofi Annan Wants a Green Light
      2. Why It’s Rare
      3. Developing Radar Is Like, Well, Developing Radar
        1. First Things Are First
          1. Step One: Know Your Environment In Depth
          2. Step Two: Understand How It All Works
          3. Step Three: Only Apply Monitoring to Necessary Systems
          4. Step Four: Make Sure an Effective Filter Is in Place
      4. Taking Monitoring Outside
      5. External Monitoring Counterpoint
      6. Intrusion Detection Versus Intrusion Deflection
      7. ROSI and Monitoring
      8. Monitoring at Work
      9. Developing Radar in Review
    6. 7. Constant Vigilance
      1. Not Anymore, Continued
      2. Threats
      3. Known Vulnerabilities and Known Exploits
      4. Targeted Threats
      5. Critical Systems and Threats
      6. Countermeasures
      7. Regulatory Issues
      8. Technology
      9. A Word About the Long Term: IPv6
      10. The Organizational Security Posture
      11. What Parts of Constant Vigilance Should I Outsource?
      12. What to Keep
      13. Who to Seek
      14. You Have Just Charted a Course: Let’s Set Sail
  9. 2. Reality, Illusion, and the Souk
    1. 8. Wells and the Security Guy Travel the Globe
      1. “Those” Americans
      2. The Lessons of the Souk
      3. Traversing Your Map: What to Remember
      4. The Mapping Security Index: MSI
    2. 9. Europe
      1. Europe: Cannon, Queens, and Customs
      2. On the Ground in Europe
      3. Corporate Governance, Security, and the EU
      4. Germany, France, and the United Kingdom
      5. Germany/Deutschland (.DE)
        1. On the Ground
        2. Key Regulations
        3. Best Practices
        4. Final German Thoughts
      6. France (.FR)
        1. On the Ground
        2. Key Regulations
        3. Best Practices
        4. French Final Thoughts
      7. The United Kingdom (.UK)
        1. On the Ground
        2. Key Regulations
        3. Best Practices
        4. The British Final Thoughts
      8. The North
      9. Ireland (.IE)
        1. On the Ground
        2. Regulations
        3. Best Practices
        4. Irish Final Thoughts
      10. Belgium (.BE)
        1. On the Ground
        2. Key Regulations
        3. Best Practices
        4. Belgian Final Thoughts
      11. Nordic Focus: Denmark, Norway, Sweden (.DK, .NO, .SE)
        1. On the Ground
        2. Regulations
        3. Denmark
        4. Norway
        5. Sweden
        6. Best Practices
        7. Nordic Final Thoughts
      12. The Netherlands/Nederland (.NE)
        1. On the Ground
        2. Regulations
        3. Best Practices
        4. Final Dutch Thoughts
      13. Switzerland, Spain, and Italy
      14. Switzerland/Suisse (.CH)
        1. On the Ground
        2. Regulations
        3. Best Practices
        4. Final Swiss Thoughts
        5. Spain and Italy
      15. Spain/Espania (.ES)
        1. On the Ground
        2. Regulations
        3. Best Practices
        4. Spanish Final Thoughts
      16. Italy/Italia (.IT)
        1. On the Ground
        2. Regulations
        3. Best Practices
        4. Final Italian Thoughts
      17. Central and Eastern Europe
      18. Russia (.RU)
        1. On the Ground
        2. Regulations
        3. Best Practices
        4. Final Russian Thoughts
      19. Czech Republic (.CZ)
        1. On the Ground
        2. Regulations
        3. Best Practices
        4. Final Czech Thoughts
    3. 10. The Middle East and Africa
      1. Southwest Asia
      2. India (.IN)
        1. On the Ground
        2. Regulations
        3. Best Practices
        4. Final Indian Thoughts
      3. The Gulf States
      4. Dubai (.AE)
      5. Israel (.IL)
        1. On the Ground
        2. Regulations
        3. Best Practices
        4. Final Israeli Thoughts
      6. North Africa, the Eastern Mediterranean, and Saudi Arabia
      7. Saudi Arabia (.SA)
      8. South Africa (.ZA)
        1. On the Ground
        2. Regulations
        3. Best Practices
        4. Final South African Thoughts
    4. 11. The Americas
      1. Canada (.CA)
        1. On the Ground
        2. Key Regulations
        3. Best Practices
        4. Final Canadian Thoughts
      2. United States (.US)
        1. Global Perception of the United States
        2. On the Ground
        3. Key Regulations
        4. Public Agencies
        5. Pre 9-11 Regulations
        6. Homeland Security-Driven Regulation
        7. Accountability Regulations
        8. Best Practices
        9. Final United States Thoughts
        10. Latin America
      3. Mexico (.MX)
        1. On the Ground
        2. Key Regulations
        3. Best Practices and Final Mexican Thoughts
      4. Central America
      5. South America: Brazil, Argentina, Columbia, Chile
      6. Brazil (.BR)
        1. Brazilian Overview
      7. Columbia (.CO)
        1. Columbian Overview
      8. Argentina (.AR)
        1. On the Ground
        2. Key Regulations
        3. Final Argentine Thoughts
      9. Chile (.CL)
        1. On the Ground and Best Practices
        2. Key Regulations
        3. Final Chilean Thoughts
    5. 12. Asia Pacific
      1. China (.CN)
        1. On the Ground
        2. Key Regulations
        3. Best Practices
        4. Final Chinese Thoughts
      2. Singapore (.SG)
      3. Australia (.AU)
        1. Key Regulations
        2. Best Practices
        3. Final Australian Thoughts
      4. Japan (.JP)
        1. Key Regulations
        2. Best Practices
        3. Final Japanese Thoughts
    6. 13. Outsourcing and Your Map
      1. India: Outsourcing’s Poster Child
      2. Catalyzing of an Outsource Haven
        1. Perils of Outsourcing: Indian Focus
        2. The Promise of Outsourcing Through Mapping Security
  10. 3. Who’s Law Do I Break?
    1. 14. Mapping Solutions
    2. 15. Mapping Law
      1. Solution 1: Find a Local Partner
      2. Solution 2: Compromise Counts
        1. Conclusions
    3. 16. Mapping Technology
      1. Solution 1: Adapt and Localize Your Technology and Security Policies
      2. Solution 2: Granularity
      3. Conclusions
    4. 17. Mapping Culture
      1. Solution 1: Listen to Local Culture
      2. Solution 2: Listen Well, Communicate with Care
      3. Conclusions
    5. 18. Mapping Your Future
      1. Mapping Security
  11. Local Security Resources by Country
    1. Albania
    2. Africa
    3. Argentina
    4. Australia
    5. Austria
    6. Bangladesh
    7. Belgium
    8. Bhutan
    9. Bosnia-Hertzegovina
    10. Botswana
    11. Brazil
    12. Bulgaria
    13. Canada
    14. Channel Islands
    15. Chile
    16. China
    17. Croatia
    18. Cyprus
    19. Czech Republic
    20. Denmark
    21. Egypt
    22. Estonia
    23. Ethiopia
    24. Europe
    25. Finland
    26. France
    27. Germany
    28. Ghana
    29. Greece
    30. Iceland
    31. India
    32. Indonesia
    33. International
    34. Ireland
    35. Israel
    36. Italy
    37. Japan
    38. Jordan
    39. Kenya
    40. Korea
    41. Kyrgyzstan
    42. Luxembourg
    43. Macedonia
    44. Malaysia
    45. Malta
    46. Mauritius
    47. Mexico
    48. Nepal
    49. Netherlands
    50. New Zealand
    51. Norway
    52. Oman
    53. Pakistan
    54. Papua New Guinea
    55. Poland
    56. Portugal
    57. Romania
    58. Russia
    59. Saudi Arabia
    60. Serbia
    61. Seychelles
    62. Singapore
    63. Slovakia
    64. Slovenia
    65. Solomon Islands
    66. South Africa
    67. South Korea
    68. Spain
    69. Sri Lanka
    70. Sudan
    71. Sweden
    72. Switzerland
    73. Taiwan
    74. Thailand
    75. Trinidad
    76. Turkey
    77. Uganda
    78. United Kingdom
    79. United States of America
    80. Vietnam
    81. Zambia
    82. Zimbabwe