Rating:
Author: Malcolm Harkins
ISBN : B00ACC6BZE
New from $0.00
Format: PDF, EPUB
Free download Free Managing Risk and Information Security: Protect to Enable for everyone book mediafire, rapishare, and mirror link
Managing Risk and Information Security: Protect to Enable, an ApressOpen title, describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This compact book discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies—such as social media and the huge proliferation of Internet-enabled devices—while minimizing risk.
With ApressOpen, content is freely available through multiple online distribution channels and electronic formats with the goal of disseminating professionally edited and technically reviewed content to the worldwide community.
Here are some of the responses from reviewers of this exceptional work:
“Managing Risk and Information Security is a perceptive, balanced, and often thought-provoking exploration of evolving information risk and security challenges within a business context. Harkins clearly connects the needed, but often-overlooked linkage and dialog between the business and technical worlds and offers actionable strategies. The book contains eye-opening security insights that are easily understood, even by the curious layman.”
Fred Wettling, Bechtel Fellow, IS&T Ethics & Compliance Officer, Bechtel
“As disruptive technology innovations and escalating cyber threats continue to create enormous information security challenges, Managing Risk and Information Security: Protect to Enable provides a much-needed perspective. This book compels information security professionals to think differently about concepts of risk management in order to be more effective. The specific and practical guidance offers a fast-track formula for developing information security strategies which are lock-step with business priorities.”
Laura Robinson, Principal, Robinson Insight
Chair, Security for Business Innovation Council (SBIC)
Program Director, Executive Security Action Forum (ESAF)
“The mandate of the information security function is being completely rewritten. Unfortunately most heads of security haven’t picked up on the change, impeding their companies’ agility and ability to innovate. This book makes the case for why security needs to change, and shows how to get started. It will be regarded as marking the turning point in information security for years to come.”
Dr. Jeremy Bergsman, Practice Manager, CEB
“The world we are responsible to protect is changing dramatically and at an accelerating pace. Technology is pervasive in virtually every aspect of our lives. Clouds, virtualization and mobile are redefining computing – and they are just the beginning of what is to come. Your security perimeter is defined by wherever your information and people happen to be. We are attacked by professional adversaries who are better funded than we will ever be. We in the information security profession must change as dramatically as the environment we protect. We need new skills and new strategies to do our jobs effectively. We literally need to change the way we think.
Written by one of the best in the business, Managing Risk and Information Security challenges traditional security theory with clear examples of the need for change. It also provides expert advice on how to dramatically increase the success of your security strategy and methods – from dealing with the misperception of risk to how to become a Z-shaped CISO.
Managing Risk and Information Security is the ultimate treatise on how to deliver effective security to the world we live in for the next 10 years. It is absolute must reading for anyone in our profession – and should be on the desk of every CISO in the world.”
Direct download links available for Free Managing Risk and Information Security: Protect to Enable
- File Size: 1328 KB
- Print Length: 152 pages
- Publisher: Apress; 1 edition (December 17, 2012)
- Sold by: Amazon Digital Services, Inc.
- Language: English
- ASIN: B00ACC6BZE
- Text-to-Speech: Enabled
X-Ray:
- Lending: Enabled
- Amazon Best Sellers Rank: #5,732 Free in Kindle Store (See Top 100 Free in Kindle Store)
- #46
in Kindle Store > Kindle eBooks > Computers & Technology
- #46
in Kindle Store > Kindle eBooks > Computers & Technology
Free Managing Risk and Information Security: Protect to Enable
Risk management in the real world is not an easy endeavor. On one side, people use toilet seat covers thinking they do something, on the other side, millions of people smoke cigarettes, ignoring the empirical evidence of their danger.
In Managing Risk and Information Security: Protect to Enable, author Malcolm Harkins deals with the inherent tension of information security - that between limitations and enablement.
Harkins, in his role as CISO at Intel, argues that a new and fresh approach to information security is called for and he outlines it in the book.
At under 150 pages, the book provides a good introduction and high-level overview of the fundamentals of information security risk and details numerous risk management strategies.
One of the books key points is that information security often has a disconnect to the underlying business needs that it is expect to secure. Harkins accurately notes that the only way to create an effective risk mitigation strategy is to ensure that the business and technical groups communicate.
As to Harkins new approach to managing risk; he writes that given the increasing role of technology and the resulting information-related business risk, a new approach to information security built on the concept of protecting to enable is needed. Because compromise is inevitable, managing risk and surviving compromise are the key elements of this strategy.
The author has provided an accurate point-in-time perspective of risk and information security summarized as "Protect to Enable". The traditional paradigm of usability vs security still holds true but the objective of the book is not to regurgitate more of the same locked decision point - which is often enough to frustrate most CISO/CIOs, but rather to challenge traditional organization leadership to find new ways to solve this problem. The pendulum has swung towards the consumerization of technology and this will leave many organizations behind if they hold to traditional "command and control" cultures.
The unusual perspective is to develop a culture that can accept more risk, however, this is not a blanket statement obviously. The challenge is to accept the responsibility of changing organizational culture to at the very least evolve the scope of risk beyond the boundaries of information systems to adapt to the massively changing threat landscape in the business as it now exists in a global market.
There are cited examples of personalization vs privacy mostly from abroad, but what is interesting to note that here in Canada, there is a reflection of a progressive approach by the Privacy by Design Centre of Excellence. The very popular paper, Privacy by Design, Dr. Ann Cavoukian starts privacy early on in the design of any organization, change, key initiatives - this is a massive shift that enables an IT organization's ability to help protect assets but not as an afterthought or bolt-on, thereby making risk management more seamless. Surprisingly, the term "user experience" shows up here. Who would have thought that good design incorporating governance right up front would lead to an improved user experience, but it does.