Managing Risk and Information Security: Protect to Enable, an
ApressOpen title, describes the changing risk environment and why a
fresh approach to information security is needed. Because almost
every aspect of an enterprise is now dependent on technology, the
focus of IT security must shift from locking down assets to
enabling the business while managing and surviving risk. This
compact book discusses business risk from a broader perspective,
including privacy and regulatory considerations. It describes the
increasing number of threats and vulnerabilities, but also offers
strategies for developing solutions. These include discussions of
how enterprises can take advantage of new and emerging
technologies-such as social media and the huge proliferation of
Internet-enabled devices-while minimizing risk. With ApressOpen,
content is freely available through multiple online distribution
channels and electronic formats with the goal of disseminating
professionally edited and technically reviewed content to the
worldwide community. Here are some of the responses from reviewers
of this exceptional work: "Managing Risk and Information Security
is a perceptive, balanced, and often thought-provoking exploration
of evolving information risk and security challenges within a
business context. Harkins clearly connects the needed, but
often-overlooked linkage and dialog between the business and
technical worlds and offers actionable strategies. The book
contains eye-opening security insights that are easily understood,
even by the curious layman." Fred Wettling, Bechtel Fellow,
IS&T Ethics & Compliance Officer, Bechtel "As disruptive
technology innovations and escalating cyber threats continue to
create enormous information security challenges, Managing Risk and
Information Security: Protect to Enable provides a much-needed
perspective. This book compels information security professionals
to think differently about concepts of risk management in order to
be more effective. The specific and practical guidance offers a
fast-track formula for developing information security strategies
which are lock-step with business priorities." Laura Robinson,
Principal, Robinson Insight Chair, Security for Business Innovation
Council (SBIC) Program Director, Executive Security Action Forum
(ESAF) "The mandate of the information security function is being
completely rewritten. Unfortunately most heads of security haven't
picked up on the change, impeding their companies' agility and
ability to innovate. This book makes the case for why security
needs to change, and shows how to get started. It will be regarded
as marking the turning point in information security for years to
come." Dr. Jeremy Bergsman, Practice Manager, CEB "The world we are
responsible to protect is changing dramatically and at an
accelerating pace. Technology is pervasive in virtually every
aspect of our lives. Clouds, virtualization and mobile are
redefining computing - and they are just the beginning of what is
to come. Your security perimeter is defined by wherever your
information and people happen to be. We are attacked by
professional adversaries who are better funded than we will ever
be. We in the information security profession must change as
dramatically as the environment we protect. We need new skills and
new strategies to do our jobs effectively. We literally need to
change the way we think. Written by one of the best in the
business, Managing Risk and Information Security challenges
traditional security theory with clear examples of the need for
change. It also provides expert advice on how to dramatically
increase the success of your security strategy and methods - from
dealing with the misperception of risk to how to become a Z-shaped
CISO. Managing Risk and Information Security is the ultimate
treatise on how to deliver effective security to the world we live
in for the next 10 years. It is absolute must reading for anyone in
our profession - and should be on the desk of every CISO in the
world." Dave Cullinane, CISSP CEO Security Starfish, LLC "In this
overview, Malcolm Harkins delivers an insightful survey of the
trends, threats, and tactics shaping information risk and security.
From regulatory compliance to psychology to the changing threat
context, this work provides a compelling introduction to an
important topic and trains helpful attention on the effects of
changing technology and management practices." Dr.
Mariano-Florentino Cuellar Professor, Stanford Law School
Co-Director, Stanford Center for International Security and
Cooperation (CISAC), Stanford University "Malcolm Harkins gets it.
In his new book Malcolm outlines the major forces changing the
information security risk landscape from a big picture perspective,
and then goes on to offer effective methods of managing that risk
from a practitioner's viewpoint. The combination makes this book
unique and a must read for anyone interested in IT risk." Dennis
Devlin AVP, Information Security and Compliance, The George
Washington University "Managing Risk and Information Security is
the first-to-read, must-read book on information security for
C-Suite executives. It is accessible, understandable and
actionable. No sky-is-falling scare tactics, no techno-babble -
just straight talk about a critically important subject. There is
no better primer on the economics, ergonomics and
psycho-behaviourals of security than this." Thornton May, Futurist,
Executive Director & Dean, IT Leadership Academy "Managing Risk
and Information Security is a wake-up call for information security
executives and a ray of light for business leaders. It equips
organizations with the knowledge required to transform their
security programs from a "culture of no" to one focused on agility,
value and competitiveness. Unlike other publications, Malcolm
provides clear and immediately applicable solutions to optimally
balance the frequently opposing needs of risk reduction and
business growth. This book should be required reading for anyone
currently serving in, or seeking to achieve, the role of Chief
Information Security Officer." Jamil Farshchi, Senior Business
Leader of Strategic Planning and Initiatives, VISA "For too many
years, business and security - either real or imagined - were at
odds. In Managing Risk and Information Security: Protect to Enable,
you get what you expect - real life practical ways to break
logjams, have security actually enable business, and marries
security architecture and business architecture. Why this book?
It's written by a practitioner, and not just any practitioner, one
of the leading minds in Security today." John Stewart, Chief
Security Officer, Cisco "This book is an invaluable guide to help
security professionals address risk in new ways in this alarmingly
fast changing environment. Packed with examples which makes it a
pleasure to read, the book captures practical ways a forward
thinking CISO can turn information security into a competitive
advantage for their business. This book provides a new framework
for managing risk in an entertaining and thought provoking way.
This will change the way security professionals work with their
business leaders, and help get products to market faster. The 6
irrefutable laws of information security should be on a stone
plaque on the desk of every security professional." Steven Proctor,
VP, Audit & Risk Management, Flextronics
General
Is the information for this product incomplete, wrong or inappropriate?
Let us know about it.
Does this product have an incorrect or missing image?
Send us a new image.
Is this product missing categories?
Add more categories.
Review This Product
No reviews yet - be the first to create one!