Mapping Security: The Corporate Security Sourcebook For Today's Global Economy

Mapping Security: The Corporate Security Sourcebook For Today's Global Economy

by Tom Patterson, Scott Gleeson Blue
Released December 2004
Publisher(s): Addison-Wesley Professional
ISBN: None

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Praise for Tom Patterson's Mapping Security

"Tom Patterson captures a compelling and practical view of security in a multinational environment. Your CSO needs to read this book!"

—Dr. Vint Cerf, senior vice president of Technology Strategy at MCI and founder of Internet Protocol (IP)

"The power of the Internet is that it's a global network, seamlessly crossing borders. But it also brings security risks that can cross borders just as easily. Patterson has more than a decade of first-hand experience in defending against such risks and it shows. He uses real-world examples and stories, many from his own career, and offers clear, action-oriented descriptions of the different threats and how to deal with them. This book avoids security jargon and speaks directly to businesspeople around the globe."

—Chris Anderson, Editor in Chief, Wired Magazine

Whether consumers or global giants, we all need to be spending a greater share of our budgets on security. The threats are greater than ever and increasing daily, and yet there is a challenge as to how to justify the expenditure. Mapping Security offers business-oriented and in-depth thinking on how and why to build security into the fabric of the organization. After reading Tom Patterson's book, you will want to make changes with a sense of urgency.

—John R Patrick, president of Attitude LLC and former vice president ofInternet Technology at IBM Corporation

As companies of all sizes go global in their search for profit and growth, they will need to understand how to use security as a tool for success in different markets, and Mapping Security shows them how.

—Dr. Craig Fields, former director of Advanced Research Projects Agency(ARPA) for the U.S. Government

The Definitive Guide to Effective Security in Complex Global Markets

Companies are global today and have complex security supply chains, out-sourced operations, and customer relationships that span the world. Today, more than ever, companies must protect themselves against unprecedented threats, understand and adhere to a global mosaic of regulations, and leverage security to enable today's business realities. In Mapping Security, global security expert Tom Patterson shows how to meet these challenges by presenting security best practices, rules, and customs for virtually every country where you do business.

Writing for executives, business managers, security professionals, and consultants, Patterson offers an exceptionally thorough and authoritative briefing on today's global security realities. Using real-world examples, he shows how to change your approach to security as you move more deeply into global markets: how to resolve contradictions among the complex rules and customs you'll have to follow and how to customize security solutions for every market. Along the way, he introduces the Mapping Security Index (MSI), a powerful new metric for rapidly quantifying security risk associated with 30 key markets. Coverage includes

  • How technology, mass globalization, and stricter accountability are forcing security to the core of the enterprise

  • Six proven keys to defining and implementing global security strategies that work within today's budget realities

  • Detailed country-by-country drill downs on security in Europe, the Middle East and Africa, the Americas, and the Asia-Pacific region

  • Practical advice on what to do when laws collide

  • Quantifying the security posture and associated risks of potential cross-border partners

  • "On-the-ground" help: Indispensable local security resources

    • Visit www.MappingSecurity.com for Tom Patterson's latest updates and analysis, including the latest changes to the MSI country scores, and to participate in the Mapping Security Reader Forum.

    © Copyright Pearson Education. All rights reserved.

    Table of contents

    1. Copyright
      1. Dedication
    2. Praise for Tom Patterson’s Mapping Security
    3. Acknowledgments
    4. About the Author
    5. Foreword
    6. The Five Ws of Mapping Security
      1. Why Mapping Security
      2. If Not Now, When?
      3. What Makes This Book Different?
      4. Who Would Write a Book Like This?
      5. Where in the World Are We?
    7. 1. The Historian and the Security Guy
      1. 1920 Becomes 1990
    8. 1. Charting a Course
      1. 2. Why You Picked Up This Book
        1. The Business Shift and the New Global Security Equation
        2. The Shift and Technology
        3. The Shift and Globalization
        4. The Shift and Accountability/Regulatory Compliance
        5. Charting a Course: Freedom from Reactive Corporate Security
      2. 3. Establishing Your Coordinates
        1. The CSO As a New Global Constant
        2. You Are Where?
        3. You Are Here: Three Degrees of Separation
          1. The First Degree: Outsourcing
          2. The Second Degree: The Supply Chain
          3. The Third Degree: Customers
        4. Correlating Degrees to Standards
          1. What Applies to You
          2. Horizontal Standards
        5. Vertical Standards
          1. Don’t Try This at Home
        6. Pinpointing Your Business Requirements
        7. Creating Your Risk Profile
        8. Charting Your Course
      3. 4. Building the Base
        1. The Rule of 3
        2. The Base
          1. Maximum Base-Worthy ROSI
            1. Unified Training Is Base-Worthy
            2. Patch Management Is Base-Worthy
            3. Identity Management Is Base-Worthy
            4. Intrusion Detection and Protection Are Base-Worthy
          2. Medium Base-Worthy ROSI
            1. Business Continuity
            2. Monitoring
          3. Privacy
          4. Minimum Base-Worthy ROSI
            1. Application Integrity
          5. Information Asset Baseline
        3. Go Forth and Secure
      4. 5. Enabling Business and Enhancing Process
        1. Not Either/Or: It Is Both
        2. Business Enablement
          1. Human Resources
          2. Supply Chain
          3. Financials
          4. Customer Relationship Management
        3. Process Enhancement
          1. Systems Development
          2. The Help Desk
          3. Regulatory and Audit Compliance
          4. Network Operations
        4. Enabling and Enhancing Pay Off
      5. 6. Developing Radar
        1. Kofi Annan Wants a Green Light
        2. Why It’s Rare
        3. Developing Radar Is Like, Well, Developing Radar
          1. First Things Are First
            1. Step One: Know Your Environment In Depth
            2. Step Two: Understand How It All Works
            3. Step Three: Only Apply Monitoring to Necessary Systems
            4. Step Four: Make Sure an Effective Filter Is in Place
        4. Taking Monitoring Outside
        5. External Monitoring Counterpoint
        6. Intrusion Detection Versus Intrusion Deflection
        7. ROSI and Monitoring
        8. Monitoring at Work
        9. Developing Radar in Review
      6. 7. Constant Vigilance
        1. Not Anymore, Continued
        2. Threats
        3. Known Vulnerabilities and Known Exploits
        4. Targeted Threats
        5. Critical Systems and Threats
        6. Countermeasures
        7. Regulatory Issues
        8. Technology
        9. A Word About the Long Term: IPv6
        10. The Organizational Security Posture
        11. What Parts of Constant Vigilance Should I Outsource?
        12. What to Keep
        13. Who to Seek
        14. You Have Just Charted a Course: Let’s Set Sail
    9. 2. Reality, Illusion, and the Souk
      1. 8. Wells and the Security Guy Travel the Globe
        1. “Those” Americans
        2. The Lessons of the Souk
        3. Traversing Your Map: What to Remember
        4. The Mapping Security Index: MSI
      2. 9. Europe
        1. Europe: Cannon, Queens, and Customs
        2. On the Ground in Europe
        3. Corporate Governance, Security, and the EU
        4. Germany, France, and the United Kingdom
        5. Germany/Deutschland (.DE)
          1. On the Ground
          2. Key Regulations
          3. Best Practices
          4. Final German Thoughts
        6. France (.FR)
          1. On the Ground
          2. Key Regulations
          3. Best Practices
          4. French Final Thoughts
        7. The United Kingdom (.UK)
          1. On the Ground
          2. Key Regulations
          3. Best Practices
          4. The British Final Thoughts
        8. The North
        9. Ireland (.IE)
          1. On the Ground
          2. Regulations
          3. Best Practices
          4. Irish Final Thoughts
        10. Belgium (.BE)
          1. On the Ground
          2. Key Regulations
          3. Best Practices
          4. Belgian Final Thoughts
        11. Nordic Focus: Denmark, Norway, Sweden (.DK, .NO, .SE)
          1. On the Ground
          2. Regulations
          3. Denmark
          4. Norway
          5. Sweden
          6. Best Practices
          7. Nordic Final Thoughts
        12. The Netherlands/Nederland (.NE)
          1. On the Ground
          2. Regulations
          3. Best Practices
          4. Final Dutch Thoughts
        13. Switzerland, Spain, and Italy
        14. Switzerland/Suisse (.CH)
          1. On the Ground
          2. Regulations
          3. Best Practices
          4. Final Swiss Thoughts
          5. Spain and Italy
        15. Spain/Espania (.ES)
          1. On the Ground
          2. Regulations
          3. Best Practices
          4. Spanish Final Thoughts
        16. Italy/Italia (.IT)
          1. On the Ground
          2. Regulations
          3. Best Practices
          4. Final Italian Thoughts
        17. Central and Eastern Europe
        18. Russia (.RU)
          1. On the Ground
          2. Regulations
          3. Best Practices
          4. Final Russian Thoughts
        19. Czech Republic (.CZ)
          1. On the Ground
          2. Regulations
          3. Best Practices
          4. Final Czech Thoughts
      3. 10. The Middle East and Africa
        1. Southwest Asia
        2. India (.IN)
          1. On the Ground
          2. Regulations
          3. Best Practices
          4. Final Indian Thoughts
        3. The Gulf States
        4. Dubai (.AE)
        5. Israel (.IL)
          1. On the Ground
          2. Regulations
          3. Best Practices
          4. Final Israeli Thoughts
        6. North Africa, the Eastern Mediterranean, and Saudi Arabia
        7. Saudi Arabia (.SA)
        8. South Africa (.ZA)
          1. On the Ground
          2. Regulations
          3. Best Practices
          4. Final South African Thoughts
      4. 11. The Americas
        1. Canada (.CA)
          1. On the Ground
          2. Key Regulations
          3. Best Practices
          4. Final Canadian Thoughts
        2. United States (.US)
          1. Global Perception of the United States
          2. On the Ground
          3. Key Regulations
          4. Public Agencies
          5. Pre 9-11 Regulations
          6. Homeland Security-Driven Regulation
          7. Accountability Regulations
          8. Best Practices
          9. Final United States Thoughts
          10. Latin America
        3. Mexico (.MX)
          1. On the Ground
          2. Key Regulations
          3. Best Practices and Final Mexican Thoughts
        4. Central America
        5. South America: Brazil, Argentina, Columbia, Chile
        6. Brazil (.BR)
          1. Brazilian Overview
        7. Columbia (.CO)
          1. Columbian Overview
        8. Argentina (.AR)
          1. On the Ground
          2. Key Regulations
          3. Final Argentine Thoughts
        9. Chile (.CL)
          1. On the Ground and Best Practices
          2. Key Regulations
          3. Final Chilean Thoughts
      5. 12. Asia Pacific
        1. China (.CN)
          1. On the Ground
          2. Key Regulations
          3. Best Practices
          4. Final Chinese Thoughts
        2. Singapore (.SG)
        3. Australia (.AU)
          1. Key Regulations
          2. Best Practices
          3. Final Australian Thoughts
        4. Japan (.JP)
          1. Key Regulations
          2. Best Practices
          3. Final Japanese Thoughts
      6. 13. Outsourcing and Your Map
        1. India: Outsourcing’s Poster Child
        2. Catalyzing of an Outsource Haven
          1. Perils of Outsourcing: Indian Focus
          2. The Promise of Outsourcing Through Mapping Security
    10. 3. Who’s Law Do I Break?
      1. 14. Mapping Solutions
      2. 15. Mapping Law
        1. Solution 1: Find a Local Partner
        2. Solution 2: Compromise Counts
          1. Conclusions
      3. 16. Mapping Technology
        1. Solution 1: Adapt and Localize Your Technology and Security Policies
        2. Solution 2: Granularity
        3. Conclusions
      4. 17. Mapping Culture
        1. Solution 1: Listen to Local Culture
        2. Solution 2: Listen Well, Communicate with Care
        3. Conclusions
      5. 18. Mapping Your Future
        1. Mapping Security
    11. Local Security Resources by Country
      1. Albania
      2. Africa
      3. Argentina
      4. Australia
      5. Austria
      6. Bangladesh
      7. Belgium
      8. Bhutan
      9. Bosnia-Hertzegovina
      10. Botswana
      11. Brazil
      12. Bulgaria
      13. Canada
      14. Channel Islands
      15. Chile
      16. China
      17. Croatia
      18. Cyprus
      19. Czech Republic
      20. Denmark
      21. Egypt
      22. Estonia
      23. Ethiopia
      24. Europe
      25. Finland
      26. France
      27. Germany
      28. Ghana
      29. Greece
      30. Iceland
      31. India
      32. Indonesia
      33. International
      34. Ireland
      35. Israel
      36. Italy
      37. Japan
      38. Jordan
      39. Kenya
      40. Korea
      41. Kyrgyzstan
      42. Luxembourg
      43. Macedonia
      44. Malaysia
      45. Malta
      46. Mauritius
      47. Mexico
      48. Nepal
      49. Netherlands
      50. New Zealand
      51. Norway
      52. Oman
      53. Pakistan
      54. Papua New Guinea
      55. Poland
      56. Portugal
      57. Romania
      58. Russia
      59. Saudi Arabia
      60. Serbia
      61. Seychelles
      62. Singapore
      63. Slovakia
      64. Slovenia
      65. Solomon Islands
      66. South Africa
      67. South Korea
      68. Spain
      69. Sri Lanka
      70. Sudan
      71. Sweden
      72. Switzerland
      73. Taiwan
      74. Thailand
      75. Trinidad
      76. Turkey
      77. Uganda
      78. United Kingdom
      79. United States of America
      80. Vietnam
      81. Zambia
      82. Zimbabwe

    Product information

    • Title: Mapping Security: The Corporate Security Sourcebook For Today's Global Economy
    • Author(s): Tom Patterson, Scott Gleeson Blue
    • Release date: December 2004
    • Publisher(s): Addison-Wesley Professional
    • ISBN: None