Managing Risk and Information Security
This updated version describes, at a high level, the evolving enterprise security landscape and provides guidance for a management-level audience about how to manage and survive risk While based primarily on the author’s experience and insights at major companies where he has served as CISO and CSPO, the book also includes many examples from other well-known companies
Managing Risk and Information Security provides thought leadership in the increasingly important area of enterprise information risk and security It describes the changing risk environment and why a fresh approach to information security is needed Because almost every aspect of an enterprise is now dependent on technology not only for internal operations but increasing as a part of product or service creation, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk
This edition discusses business risk from a broader perspective, including privacy and regulatory considerations It describes the increasing number of threats and vulnerabilities and offers strategies for developing solutions These include discussions of how enterprises can take advantage of new and emerging technologies-such as social media and the huge proliferation of Internet-enabled devices-while minimizing risk
What You’ll Learn
Learn how enterprise risk and security requirements are changing, and why a new approach to risk and security management is needed
Learn how people perceive risk and the effects it has on information security
Learn why different perceptions of risk within an organization matters, and why it is necessary to understand and reconcile these views
Learn the principles of enterprise information security governance and decision-making, and the other groups they need to need to work with
Learn the impact of new technologies on information security, and gain insights into how to safely enable the use of new technologies
Who This Book Is For
The primary audience is CIOs and other IT leaders, CISOs and other information security leaders, IT auditors, and other leaders of corporate governance and risk functions The secondary audience is CEOs, board members, privacy professionals, and less senior-level information security and risk professionals
“Harkins’ logical, methodical approach as a CISO to solving the most complex cybersecurity problems is reflected in the lucid style of this book His enlightened approach to intelligence-based security infrastructure and risk mitigation is our best path forward if we are ever to realize the vast potential of the innovative digital world we are creating while reducing the threats to manageable levels The author shines a light on that path in a comprehensive yet very readable way ” -Art Coviello, Former CEO and Executive Chairman, RSA
1 / 1
Managing_Risk_and_Information_Security.pdfWe do not store files and block access to them upon the first request from copyright holders.
All content posted on the site represents material that is freely available for viewing and downloading on the Internet. The collection of materials available on the Internet and their placement in the catalog is done automatically. In this case, the site administration does not exercise control over the added content.
The site administration also does not engage in activities related to the publication of unlicensed content, illegally stolen, and protected by copyright holders. The automated system only publishes links to material freely available from open sources.
The resource is always open to cooperation with copyright holders. If your exclusive rights to copyrighted objects are violated in any way using this resource (posting copyright-protected information), the administration is ready to assist you and remove/block the appropriate materials from the site.