Foreword
Throughout my career in government and private industry, I have seen many approaches to securing information systems and managing risks. One question I get asked repeatedly is, “How do I know when I have enough people, process, or technology to manage risk effectively?” In government and regulated sectors, the response to this question is driven by a complex assortment of standards, mandates, and laws pushing to compliance. In private industry, we often see businesses conforming to “best practices” or “industry standards” as a baseline. While conforming to regulatory or legal requirements is a good start, it really is just the bare minimum if an organization wants to excel and mature in risk management. For years I have said, “One can ...
Get Information Assurance Handbook: Effective Computer Security and Risk Management Strategies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
