IT GOVERNANCE brings ‘THE ART OF WAR’
TO the fight against cybercrime
Ely, England, 3 March, 2010 – IT Governance Publishing (ITGP), the specialist publishing arm of information security experts IT Governance, is bringing the principles of Sun Tzu’s classic text, The Art of War, to the fight against cybercrime.
ITGP’s latest book, Assessing Information Security: Strategies, Tactics, Logic and Framework, argues that the art of war, and the art of information security, are more closely aligned than one might expect. Technical skills and procedural knowledge are not enough; these qualities need to be deployed strategically to control the cybercrime battlefield.
The book, written by Dr Andrew Vladimirov, Konstantin Gavrilenko and Andriej Michajlowski, demonstrates that businesses need clear objectives and strategies, just like a military campaign, to implement information security effectively. The book explains, for example, that:
- Self-defence is important; you must assess your position thoroughly and have the proper safeguards in place to protect your business information;
- But you must also be able to fight back; the genuine threat of prosecution can be a very effective deterrent against embittered or corrupt employees, for example, who might otherwise see your company’s data as a ‘soft target’;
- You need to invest wisely; expensive technology is not necessarily the right technology to protect your business information;
- There are no fixed and fortified limits as to when and where your business data could be vulnerable;
- You must be able to adapt or perish, because every threat you repel today will evolve into a new threat tomorrow.
Alan Calder, Chief Executive of IT Governance, says: “Information security, like warfare, is not simply a question of ticking boxes on a checklist. A comprehensive plan and the latest technologies, although essential, do not in themselves guarantee success. Information security is ultimately a human problem. And, while human error is a factor, of course, the biggest threat is the criminal, deliberately and maliciously seeking to exploit your weaknesses.”
Nonetheless, as Assessing Information Security: Strategies, Tactics, Logic and Framework explains, cybercriminals have weaknesses, too. They must be considered like military adversaries and confronted accordingly by learning from military strategies. The result will see expert information security deployed with an understanding of human conflict.
Calder continues: “Even when discussing the cutting-edge technologies of 2010, and technologies yet to emerge, the ancient wisdom of Sun Tzu’s The Art of War has a role to play. Business is an intensely competitive environment, which is why executives enjoy the insights of expert military strategists, such as Sun Tzu and Carl von Clausewitz [the early 19th-century Prussian soldier and author of On War]. Andrew, Konstantin and Andriej apply the work of these
men to the operations of a 21st-century company. If you want to take active steps to deter the cybercriminal, you need to read this book.”
Dr Vladimirov says: “An information security professional is engaged in a form of continuous warfare which, by its very nature, is defensive. The aim of this ‘combat’ is not to give an inch of the protected ‘territory’ – whether data, systems or resources – to the adversaries.”
Assessing Information Security: Strategies, Tactics, Logic and Framework (ISBN: 9781849280358) is available in softcover and e-book format. The book can be ordered online for £49.95 at: http://www.itgovernance.co.uk/products/2827 (UK) or for $49.95 at: http://www.itgovernanceusa.com/product/243.aspx (US).
- Ends -
FOR FURTHER INFORMATION:
+44 (0)20 7664 6310
NOTES TO EDITORS:
IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for governance, risk management and compliance. The company is a leading authority on data security and IT governance for business and the public sector. IT Governance is ‘non-geek’, approaching IT issues from a non-technology background and talking to management in its own language. The company’s customer base spans Europe, the Americas, the Middle East and Asia. More information is available at: www.itgovernance.co.uk.
Dr Andrew Vladimirov is a security researcher whose fields of expertise include network security and applied cryptography. He has extensive experience of performing information security assessments. He and his fellow authors are the founders of the information security consultancy Arhont.
Konstantin Gavrilenko has over 15 years of experience in IT and security, with a particular interest in wireless security. He holds a BSc in Management Science from De Montfort University (Leicester, UK) and an MSc in Management from Lancaster University (UK).
Andriej Michajlowski is an expert on network security, whose research interests include user and device authentication mechanisms and wireless networking security. He has extensive experience of carrying out internal and external information security assessments. He is a graduate of the University of Kent (UK).