Book description
Examine the evolving enterprise security landscape and discover how to manage and survive risk. While based primarily on the author's experience and insights at major companies where he has served as CISO and CSPO, the book also includes many examples from other well-known companies and provides guidance for a management-level audience.
Managing Risk and Information Security provides thought leadership in the increasingly important area of enterprise information risk and security. It describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology not only for internal operations but increasing as a part of product or service creation, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk.
This edition discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities and offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies—such as social media and the huge proliferation of Internet-enabled devices—while minimizing risk.
What You'll Learn
- Review how people perceive risk and the effects it has on information security
- See why different perceptions of risk within an organization matters
- Understand and reconcile these differing risk views
- Gain insights into how to safely enable the use of new technologies
Who This Book Is For
The primary audience is CIOs and other IT leaders, CISOs and other information security leaders, IT auditors, and other leaders of corporate governance and risk functions. The secondary audience is CEOs, board members, privacy professionals, and less senior-level information security and risk professionals.
"Harkins' logical, methodical approach as a CISO to solving the most complex cybersecurity problems is reflected in the lucid style of this book. His enlightened approach to intelligence-based security infrastructure and risk mitigation is our best path forward if we are ever to realize the vast potential of the innovative digital world we are creating while reducing the threats to manageable levels. The author shines a light on that path in a comprehensive yet very readable way." —Art Coviello, Former CEO and Executive Chairman, RSA
Table of contents
- Cover
- Frontmatter
- 1. Introduction
- 2. The Misperception of Risk
- 3. Governance and Internal Partnerships: How to Sense, Interpret, and Act on Risk
- 4. External Partnerships: The Power of Sharing Information
- 5. People Are the Perimeter
- 6. Emerging Threats and Vulnerabilities: Reality and Rhetoric
- 7. A New Security Architecture to Improve Business Agility
- 8. Looking to the Future: Emerging Security Capabilities
- 9. Corporate Social Responsibility: The Ethics of Managing Information Risk
- 10. The 21st Century CISO
- 11. Performance Coaching
- Backmatter
Product information
- Title: Managing Risk and Information Security: Protect to Enable, Second Edition
- Author(s):
- Release date: August 2016
- Publisher(s): Apress
- ISBN: 9781484214558
You might also like
book
Managing Risk and Information Security: Protect to Enable
Managing Risk and Information Security: Protect to Enable, an ApressOpen title, describes the changing risk environment …
book
Guide: Reporting on an Entity's Cybersecurity Risk Management Program and Controls
Created by the AICPA, this authoritative guide provides interpretative guidance to enable accountants to examine and …
book
Information Security A Practical Guide: Bridging the Gap between IT and Management
Information Security A Practical Guide - Bridging the gap between IT and management “One of the …
book
The Complete Guide to Cybersecurity Risks and Controls
This book presents the fundamental concepts of information and communication technology (ICT) governance and control. Readers …
