Managing Risk and Information Security: Protect to Enable

By Malcolm Harkins

Handling possibility and knowledge safety: defend to permit, an ApressOpen name, describes the altering chance atmosphere and why a clean method of details safeguard is required. simply because virtually each point of an firm is now depending on know-how, the point of interest of IT protection needs to shift from locking down resources to permitting the enterprise whereas dealing with and surviving probability. This compact booklet discusses company danger from a broader point of view, together with privateness and regulatory concerns. It describes the expanding variety of threats and vulnerabilities, but additionally bargains techniques for constructing suggestions. those comprise discussions of ways firms can benefit from new and rising technologies—such as social media and the large proliferation of Internet-enabled devices—while minimizing risk.

With ApressOpen, content material is freely to be had via a number of on-line distribution channels and digital codecs with the objective of disseminating professionally edited and technically reviewed content material to the global community.

Here are a number of the responses from reviewers of this remarkable work:

“Managing hazard and knowledge safeguard is a perceptive, balanced, and sometimes thought-provoking exploration of evolving details danger and safety demanding situations inside a enterprise context. Harkins in actual fact connects the wanted, yet often-overlooked linkage and conversation among the enterprise and technical worlds and provides actionable innovations. The ebook comprises eye-opening defense insights which are simply understood, even through the curious layman.”

Fred Wettling, Bechtel Fellow, IS&T Ethics & Compliance Officer, Bechtel

“As disruptive know-how strategies and escalating cyber threats proceed to create huge, immense details safeguard demanding situations, handling threat and knowledge safeguard: safeguard to let offers a much-needed standpoint. This booklet compels info safeguard execs to imagine another way approximately suggestions of chance administration as a way to be more desirable. the explicit and functional counsel bargains a fast-track formulation for constructing info safety innovations that are lock-step with company priorities.”

Laura Robinson, valuable, Robinson Insight

Chair, safety for enterprise Innovation Council (SBIC)

Program Director, govt defense motion discussion board (ESAF)

“The mandate of the knowledge protection functionality is being thoroughly rewritten. regrettably such a lot heads of safeguard haven’t picked up at the swap, impeding their companies’ agility and talent to innovate. This e-book makes the case for why safety must switch, and exhibits find out how to start. it is going to be considered as marking the turning element in info defense for years to come.”

Dr. Jeremy Bergsman, perform supervisor, CEB

“The global we're liable to guard is altering dramatically and at an accelerating velocity. expertise is pervasive in almost each point of our lives. Clouds, virtualization and cellular are redefining computing – and they're only the start of what's to come back. Your defense perimeter is outlined by means of at any place your details and other people take place to be. we're attacked via specialist adversaries who're greater funded than we'll ever be. We within the details safety occupation needs to switch as dramatically because the atmosphere we shield. we'd like new talents and new techniques to do our jobs successfully. We actually have to swap the way in which we think.

Written via the best within the company, handling threat and knowledge protection demanding situations conventional defense concept with transparent examples of the necessity for swap. It additionally offers specialist recommendation on find out how to dramatically elevate the good fortune of your safety procedure and strategies – from facing the misunderstanding of danger to the best way to turn into a Z-shaped CISO.

Managing probability and data safeguard is the last word treatise on find out how to carry powerful protection to the realm we are living in for the following 10 years. it really is absolute needs to studying for someone in our career – and may be at the table of each CISO within the world.”

Dave Cullinane, CISSP

CEO safeguard Starfish, LLC

“In this evaluate, Malcolm Harkins promises an insightful survey of the tendencies, threats, and strategies shaping info hazard and defense. From regulatory compliance to psychology to the altering hazard context, this paintings offers a compelling advent to a huge subject and trains worthy realization at the results of fixing expertise and administration practices.”

Dr. Mariano-Florentino Cuéllar Professor, Stanford legislations School

Co-Director, Stanford heart for foreign defense and Cooperation (CISAC), Stanford University

“Malcolm Harkins will get it. In his new ebook Malcolm outlines the key forces altering the knowledge defense possibility panorama from a tremendous photo point of view, after which is going directly to provide powerful equipment of handling that hazard from a practitioner's point of view. the combo makes this publication targeted and a needs to learn for an individual attracted to IT risk."

Dennis Devlin AVP, info protection and Compliance, The George Washington University

“Managing possibility and knowledge safeguard is the first-to-read, must-read e-book on info defense for C-Suite executives. it really is obtainable, comprehensible and actionable. No sky-is-falling scare strategies, no techno-babble – simply instantly speak about a seriously vital topic. there isn't any higher primer at the economics, ergonomics and psycho-behaviourals of safety than this.”

Thornton may possibly, Futurist, government Director & Dean, IT management Academy

“Managing danger and knowledge defense is a warning call for info safeguard executives and a ray of sunshine for enterprise leaders. It equips corporations with the information required to rework their safeguard courses from a “culture of no” to at least one excited by agility, worth and competitiveness. in contrast to different courses, Malcolm offers transparent and instantly acceptable ideas to optimally stability the often opposing wishes of hazard relief and company progress. This ebook can be required interpreting for a person at the moment serving in, or trying to in achieving, the function of leader details safety Officer.”

Jamil Farshchi, Senior company chief of Strategic making plans and projects, VISA

“For too a long time, enterprise and safety – both actual or imagined – have been at odds. In coping with hazard and data defense: defend to let, you get what you are expecting – actual lifestyles sensible how one can holiday logjams, have protection truly allow enterprise, and marries protection structure and company structure. Why this booklet? It's written by way of a practitioner, and never simply any practitioner, one of many major minds in safety today.”

John Stewart, leader safety Officer, Cisco

“This e-book is a useful consultant to aid defense execs deal with probability in new methods during this alarmingly quick altering atmosphere. jam-packed with examples which makes it a excitement to learn, the publication captures useful methods a ahead pondering CISO can flip info protection right into a aggressive virtue for his or her business.

This ebook presents a brand new framework for dealing with threat in an interesting and concept frightening method. this can switch the way in which safeguard pros paintings with their enterprise leaders, and aid get items to industry faster.

The 6 irrefutable legislation of data defense could be on a stone plaque at the table of each defense professional.”

Steven Proctor, vice president, Audit & probability administration, Flextronics

What you’ll learn

The booklet describes, at a administration point, the evolving firm protection landscape
It offers suggestions for a management-level viewers approximately find out how to deal with and continue to exist risk
Who this booklet is for

The target market is made from CIOs and different IT leaders, CISOs and different details defense leaders, IT auditors, and different leaders of company governance and danger features. even if, it bargains broad attract these within the danger administration and safeguard industries.

Show description

Preview of Managing Risk and Information Security: Protect to Enable PDF

Similar Technology books

Effective Ruby: 48 Specific Ways to Write Better Ruby (Effective Software Development Series)

If you’re an skilled Ruby programmer, potent Ruby might help you harness Ruby’s complete strength to put in writing extra powerful, effective, maintainable, and well-performing code. Drawing on approximately a decade of Ruby event, Peter J. Jones brings jointly forty eight Ruby top practices, professional information, and shortcuts—all supported by means of life like code examples.

The Singularity Is Near: When Humans Transcend Biology

For over 3 many years, Ray Kurzweil has been the most revered and provocative advocates of the position of expertise in our destiny. In his vintage The Age of non secular Machines, he argued that desktops could quickly rival the entire variety of human intelligence at its top. Now he examines the next move during this inexorable evolutionary strategy: the union of human and computer, during which the information and abilities embedded in our brains may be mixed with the tremendously larger ability, pace, and knowledge-sharing skill of our creations.

Return From the Stars

Hal Bregg is an astronaut who returns from an area venture during which purely 10 organic years have handed for him, whereas 127 years have elapsed in the world. He reveals that the Earth has replaced past attractiveness, jam-packed with people who've been medically neutralized. How does an astronaut subscribe to a civilization that shuns chance?

The Shock of the Old: Technology and Global History since 1900

From the books of H. G. Wells to the click releases of NASA, we're awash in clichéd claims approximately excessive technology's skill to alter the process background. Now, within the surprise of the previous, David Edgerton deals a startling new and clean frame of mind in regards to the background of know-how, considerably revising our rules concerning the interplay of expertise and society some time past and within the current.

Additional resources for Managing Risk and Information Security: Protect to Enable

Show sample text content

By way of rigorously utilizing relied on partnerships that align with our safety pursuits, we will raise the organization’s skill to feel, interpret, and act on hazard. bankruptcy five everyone is the fringe many years in the past, one in every of our senior managers all started bringing his company computing device into the cafeteria at lunchtime. ordinarily, he’d locate an empty desk, set down the machine, after which stroll out of sight to get his lunch. As he perused the salads and major classes, made decisions, and paid for his nutrition, his desktop sat unattended in undeniable view of enormous quantities of individuals utilizing the big cafeteria. My safeguard group spotted the ignored machine and pointed it out to me. i mentioned the difficulty with the chief once or twice, yet he persevered leaving the computer unattended. So finally, i started taking the desktop and leaving my company card instead. now not unusually, the executive grew to become just a little pissed off. “Nobody’s going to scouse borrow the computer simply because there are a lot of these humans around,” he stated. “Okay,” I replied. “I’ll by no means take your computing device or whinge back on one situation. for those who particularly belief every person the following, you’ll take off your marriage ceremony ring and depart it on best of the desktop. should you do this, you’ll by no means pay attention from me back. ” He thought of this for it slow. Then he acknowledged, “You made your aspect. ” And he by no means back left the computer unattended. The transferring Perimeter This incident helped crystallize in my brain a brand new point of view approximately how we should always technique details safety. It happened quickly once we transitioned from computing device to computing device pcs inside Intel, and it validated how every one person’s day-by-day judgements can have an effect on the danger dynamics of the corporate total. the conventional firm safety paradigm, frequently expressed in castle-and-drawbridge phrases, defined a wall of expertise that remoted and entirely secure the staff at the back of it. to guard our humans and knowledge resources, we targeted our efforts on fortifying the community perimeter and the actual perimeter of our constructions. this day, in spite of the fact that, progressively more person interactions with the surface global skip the actual and community perimeters and the protection controls those perimeters provide. They happen on exterior websites and social networks, on laptops in espresso outlets and houses, and on own units corresponding to smartphones. The desktop left unattended within the cafeteria used to be truly contained in the actual perimeter, however the company details it contained used to be nonetheless most likely in danger end result of the manager’s activities. This altering setting doesn’t suggest the protection perimeter has vanished. as an alternative, it has shifted to the person. humans became a part of the fringe. on a daily basis, clients make judgements that could have as a lot influence on safety because the technical controls we use. Do I go away my machine unattended or no longer? Do I publish this knowledge on-line or now not? Do I set up this software program on my gadget? Do I record this suspicious-looking electronic mail? whilst I’m in a espresso store, do I connect with the company infrastructure through a safe digital deepest community, or do I have interaction at once over the web?

Download PDF sample

Rated 4.60 of 5 – based on 8 votes