Examine the evolving enterprise security landscape and discover how to manage and survive risk. While based primarily on the author's experience and insights at major companies where he has served as CISO and CSPO, the book also includes many examples from other well-known companies and provides guidance for a management-level audience.
Managing Risk and Information Security provides thought leadership in the increasingly important area of enterprise information risk and security. It describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology not only for internal operations but increasing as a part of product or service creation, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk.
This edition discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities and offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies - such as social media and the huge proliferation of Internet-enabled devices - while minimizing risk.
What You'll Learn: Review how people perceive risk and the effects it has on information security; See why different perceptions of risk within an organization matters; Understand and reconcile these differing risk views; Gain insights into how to safely enable the use of new technologies.
This open book is licensed under a Creative Commons License (CC BY). You can download Managing Risk and Information Security ebook for free in PDF format (11.5 MB).
Table of Contents
The Misperception of Risk
Governance and Internal Partnerships: How to Sense, Interpret, and Act on Risk
External Partnerships: The Power of Sharing Information
People Are the Perimeter
Emerging Threats and Vulnerabilities: Reality and Rhetoric
A New Security Architecture to Improve Business Agility
Looking to the Future: Emerging Security Capabilities
Corporate Social Responsibility: The Ethics of Managing Information Risk
The 21st Century CISO