IT Governance Publishing (ITGP), the publishing arm of information security consultants IT Governance, is bringing the principles of Sun Tzu’s classic text, The Art of War, to the fight against cyber-crime.
ITGP’s latest book, Assessing Information Security: Strategies, Tactics, Logic and Framework, argues that the art of war, and the art of information security, are more closely aligned than one might expect. Technical skills and procedural knowledge are not enough; these qualities need to be deployed strategically to control the cyber-crime battlefield.
The book, written by Dr Andrew Vladimirov, Konstantin Gavrilenko and Andriej Michajlowski, demonstrates that businesses need clear objectives and strategies, just like a military campaign, to implement information security effectively. The book explains, for example, that:
* Self-defence is important; you must assess your position thoroughly and have the proper safeguards in place to protect your business information;
* But you must also be able to fight back; the genuine threat of prosecution can be a very effective deterrent against embittered or corrupt employees, for example, who might otherwise see your company’s data as a ‘soft target’;
* You need to invest wisely; expensive technology is not necessarily the right technology to protect your business information;
* There are no fixed and fortified limits as to when and where your business data could be vulnerable;
* You must be able to adapt or perish, because every threat you repel today will evolve into a new threat tomorrow.
Alan Calder, Chief Executive of IT Governance, says: “Information security, like warfare, is not simply a question of ticking boxes on a checklist. A comprehensive plan and the latest technologies, although essential, do not in themselves guarantee success. Information security is ultimately a human problem. And, while human error is a factor, of course, the biggest threat is the criminal, deliberately and maliciously seeking to exploit your weaknesses.”
Nonetheless, as Assessing Information Security: Strategies, Tactics, Logic and Framework says, cyber-criminals have weaknesses, too. They must be considered like military adversaries and confronted accordingly by learning from military strategies. The result will see expert information security deployed with an understanding of human conflict.
Calder continues: “Even when discussing the cutting-edge technologies of 2010, and technologies yet to emerge, the ancient wisdom of Sun Tzu’s The Art of War has a role to play. Business is an intensely competitive environment, which is why executives enjoy the insights of expert military strategists, such as Sun Tzu and Carl von Clausewitz [the early 19th-century Prussian soldier and author of On War]. Andrew, Konstantin and Andriej apply the work of these men to the operations of a 21st-century company. If you want to take active steps to deter the cybercriminal, you need to read this book.”
Dr Vladimirov says: “An information security professional is engaged in a form of continuous warfare which, by its very nature, is defensive. The aim of this ‘combat’ is not to give an inch of the protected ‘territory’ – whether data, systems or resources – to the adversaries.”
Assessing Information Security: Strategies, Tactics, Logic and Framework (ISBN: 9781849280358) is available in softcover and e-book format. The book can be ordered online for £49.95 at:
http://www.itgovernance.co.uk/products/2827
