John Quarterman’s book Risk Management Solutions for Sarbanes-Oxley Section 404 IT Compliance is unique, as far as I know, as a very timely analysis on technical issues and their impact on risk management. The combined forces of technology, increased integration, business reliance on networks and systems, and the market/legal/regulatory forces set the context for this book.Gunnar mentions much of the content, and a useful context point:All About Early 21st Century Risk Gunnar Peterson, 1 Raindrop, 22 June 2006
For a book with Sarbanes in its title, there is not a ton of information on compliance. This is not a big a problem for me, since I, like this book, view compliance as a subset of risk management.And he adds an interesting anecdote:
There is a section on the modern military’s reliance on the web, which reminded me of a story I heard from Thomas Barnett about how soldiers in Iraq were going into chat rooms to teach other about counterinsurgency. The officers instructed them to stop because Al Qaeda would listen in, the soldier’s response:”Al Qaeda already knows this. We are the ones with the knowledge gap.” Now the training manuals are being updated.That seems worth remembering every time somebody says we have to keep any given information secret because terrorists will get it. Terrorists break into things as a mission, and probably already know whatever we’re trying to hide.
-jsq