The Intersection of human Factors, Acidents, Security and BusinessSpafford Global Consulting - A Technology Business Consultancy Focusing on Human Factors, Accidents and Security
People are the key to success!

Books and Papers

These are authored, or co-authored, by George Spafford

Visible Ops Series

The Visible Ops Handbook: Implementing ITIL in 4 Practical and Auditable Steps

"Since 2000, we have met with hundreds of IT organizations and identified eight high-performing IT groups with the highest service levels, best security and best efficiencies. What was most amazing about them was that they shared the following attributes: a culture of change management, a culture of causality and a culture that fundamentally valued effective and auditable controls, promoting fact-based management. Visible Ops reflects the lessons learned about how these organizations work and describes a control-based entry point into the world of ITIL that others can leverage to springboard their own process improvement efforts."

  • If you are tired of ‘management by hair on fire,’ read this book and consider it carefully. --Stephen Northcutt, Director of Training and Certification, The SANS Institute, May 2004
  • The easy mapping between the Visible Ops phases and any maturity model validates the compelling logic of the book. --Jan Vromant, ITSM Consultant, May 2004
  • Visible Ops creates a logical starting point and details the key ‘issues and indicators’. --Henry E. Wojcik, Network Data Systems, May 2004

Order it or post reviews on Amazon at by clicking here.

June 19, 2008 - It's been a humbling experience to see the popularity of this book, meet and talk with readers. It was launched June of 2004 and has now sold over 100,000 copies. My deepest thanks to all the readers out there who have reached out and told me their stories.

Visible Ops Security: Achieving Common Security and IT Operations Objectives in 4 Practical Steps

"Visible Ops Security builds upon the methodology presented in the original Visible Ops Handbook. It guides information security professionals in strengthening relationships with IT operations and development groups to advance IT objectives and business goals. It addresses the people side of IT, empowering security to work with operations teams to achieve closely aligned objectives and with development and release teams to integrate security requirements into preproduction work. The Visible Ops Security methodology helps IT organizations move beyond a focus on technology to address the core operational aspects of security. It complements publications that focus on securing the network, access, and data, including COBIT (Control Objectives for Information and related Technology), ISO 27001:2005 (International Standards Organization), and ITIL® (IT Infrastructure Library) manuals. It promotes effective teamwork, which helps security professionals ensure that security is built into key development and production processes. This effort positions the IT organization to meet business needs by delivering highly available, cost-effective, and secure services."

  • This is an excellent guide to building a successful IT infrastructure from a security perspective. The authors have masterfully articulated the methodologies used successfully by many of us in security and risk management and I can personally validate their findings. The four phases outlined here provide the framework to stabilize, secure, manage, and improve the security of your IT infrastructure. --Peter Perfetti, Director, IT Security and Risk Management
  • The book examines what IT security organizations do well and their common struggles. A must read for those in security and audit who seek improvement, but also important and informative for those who work closely with security in business processes, accounting, auditing, development, and operations. The authors understand the problems that keep many IT security organizations from reaching effectiveness or potential, and disarm perceptions that hold these organizations back by offering clear steps to move out of the trenches to the top of their games. --James Bohem, CISSP, Enterprise Security Solutions Architect, MIS Systems Integrators
  • As an auditor and an IT practitioner, I have repeatedly seen solution-oriented behaviors transform technologists into business partners. Visible Ops Security provides a realistic approach to converting information security from a technical function into a business function. --A.J. Schwab, Senior IT Audit Manager

Order it or post reviews on Amazon by clicking here.

Other Books and Papers

Change Management IT Audit Checklist

Authored for the IT Compliance Institute
http://www.itcinstitute.com/wp/logWprequest.aspx?productId=187

Operational Excellence: Linking Your Business, Compliance, Operations and Security

The book has chapters authored by Paul Reymann, George Spafford, Dan Swanson, Barak Engel and Susan Orr. The book provides insights into Compliance, Information Security, IT Governance and Operations. George's chapter is on IT Operations issues. Free copies can be requested from Tripwire.
http://www.tripwire.com/guide/index.cfm

Risk Mitigation Considerations for Backup and Restoration Processes

"Many organizations, both large and small, rely on their information technology systems to the extent that their loss can be devastating. To alleviate risks, many have invested in data backup systems in the hope that by simply performing backups their data is safe. Unfortunately, as many groups have painfully learned, the truth can be that they have little to no protection at all due to an inability to recover as planned. The purpose of this executive briefing is to set forth strategies for mitigating the risks surround the backup and restoration of data."

http://www.spaffordconsulting.com/Risk Mitigation Considerations for Data Backup Processes_gs_050606_v1d.pdf

 

Google
Web spaffordconsulting.com



Copyright (C) Spafford Global Consulting, 2004-2008. All Rights Reserved.