IT Security Management book

IT Security Management
How to set up an IT Security function

After long months and long hours of research, writing and editorial work, there is a new book I recommend on the topic of IT Security Management and how to create, grow and develop an IT security team while providing business value.

There is an extensive bibliography delving into the field of IT Security, from very technical aspects to information governance. However, there are not so many titles with both a technical and a human vision on how to create an IT security team, a team of IT Securiteers.

It is published by Springer within their Lecture Notes in Electrical Engineering series. This book is a key component to build the syllabus of a Masters Degree in Information Security or IT Security Engineering.

Its title is "IT Securiteers: How to set up an IT Security function".

You can find it, together with a brief intro, in the publisher's site - Springer - and in Amazon, among other sites.

Happy reading!
(Certainly, any comment on the content, feel free to drop a comment here!)

You can also "follow the book" in twitter @itsecuriteer.

The following words come from the publisher's site:

IT securiteers - The human and technical dimension working for the organisation Current corporate governance regulations and international standards lead many organisations, big and small, to the creation of an information technology (IT) security function in their organisational chart or to the acquisition of services from the IT security industry. More often than desired, these teams are only useful for companies’ executives to tick the corresponding box in a certification process, be it ISO, ITIL, PCI, etc. Many IT security teams do not provide business value to their company. They fail to really protect the organisation from the increasing number of threats targeting its information systems. IT Security Management provides an insight into how to create and grow a team of passionate IT security professionals. We will call them “securiteers” . They will add value to the business, improving the information security stance of organisations.

Social engineering lecture by Kevin Hogan

The episode number 9 of the Social Engineer podcast features an interview with the author and body language expert Kevin Hogan. Among other books, he has written "the psychology of persuasion". This is a post with learning points extracted from his words on persuasion. Here you are (most of them are close to literal, or slightly summarised, statements from Mr. Hogan):

Minute 17: Let's try to use the right words. Emotions are attached to words. The listening of some words (e.g. terrorist, malware) triggers, unconsciously, the release of cortisol and adrenaline in our brains.

Minute 22: "When people smile too much ...[]... we put a question mark".

Minute 23: Keep yourself a handshake's distance away in face to face communications (for liking and acceptance). A smaller distance calls for a negative answer from our counterpart. People tend to have an affinity for mirroring (e.g. same first name, same voice, same clothes): "The reason why I know he is a genius is because he thinks like I do" (min 25).

Minute 24: "Women really pay attention to shoes ...[]... women are really discriminative about men in general".

Minute 25: Identifying badges. If you want to pass unnoticed, leave all necklaces and unique accessories at home. And the opposite, if you want to be remembered, show that unique tattoo you have.

... for right-handed people... (for lefties, the sides mentioned will be the opposite)

Minute 26: Right-hand handshakes. In general, when you look up to the right, the left brain hemisphere is more active. And this side is more logical and sequential.

Minute 27: The right part of our brain is mostly biographical (and unconscious), full of unpleasant memories. Not recommendable to be highly active when we first know someone.

Minute 29: If you want to cause a right impression, sit close to the tidiest side of the desktop, which, in right-handed people, is usually the right side. Avoid the chaotic side of the table.

Minute 33: Sit down at ease and look with your eyes to the right. No problem! Look now to your left. Do you feel like ending with that look? And do you notice fear, sadness, anger?

Minute 36: Left and right. Generic statement: If you put your earphone on your left ear, you will have a more emotional conversation than if you place it on your right ear.

Minute 39: Microexpressions. Do not force a smile, they will all discover it. A phony smile creates discomfort (min 42).

Minute 42: Human beings look for simetry. "Simetry is easy to fake... by keeping your lips slightly apart". Keep this posture in photographs.

Minute 46: A look of curiosity opens more doors that a smile.

Minute 50: "Men are territorial". If a man sits close to a woman for longer than 5 minutes, he becomes her protector.

Minute 55-57: Access any facility appearing that you belong to it. "When trying to enter any facility, a cleaning man with a mop and a bucket is never stopped ...[]... or carrying the internal magazine ...[]... or carrying a company box ...[]... or asking for John".

Minute 57: "If you look angry, nobody would stop you [at the entrance]".

Minute 60-61: "Most people are in auto-pilot within their role". Keep them in auto-pilot within their role and your social engineer compromise would work. Do not raise any flag.

Minute 64: Most of the people would like to keep on being comfortable in their roles.

Minute 65: Reading an email. 50% of the content of any email you send is already on the mind of the reader. Emoticons could create a nice initial context.

Minute 67: "People are terrible at understanding risks".

Minute 69: If you need to obtain information, better than asking how are you, ask what are you up to?

Minute 72: The more real something looks, the more tangible and credible something seems e.g. a testimonial with a real name says much more than an anonymous testimonial.

Thanks to Mr. Hogan and to the crew again!