By Malcolm W. Harkins

This up to date model describes, at a excessive point, the evolving company defense panorama and offers assistance for a management-level viewers approximately tips to deal with and continue to exist danger. whereas established totally on the author’s event and insights at significant businesses the place he has served as CISO and CSPO, the e-book additionally comprises many examples from different recognized companies.

Managing chance and knowledge Security presents notion management within the more and more vital zone of firm info danger and protection. It describes the altering hazard surroundings and why a clean method of details defense is required. simply because nearly each element of an firm is now depending on expertise not just for inner operations yet expanding as part of services or products production, the focal point of IT defense needs to shift from locking down resources to allowing the enterprise whereas coping with and surviving risk.

This variation discusses company hazard from a broader viewpoint, together with privateness and regulatory issues. It describes the expanding variety of threats and vulnerabilities and provides ideas for constructing suggestions. those contain discussions of the way organisations can make the most of new and rising technologies—such as social media and the massive proliferation of Internet-enabled devices—while minimizing risk.

What you will Learn

  • Learn how company chance and safety specifications are altering, and why a brand new method of threat and defense administration is needed
  • Learn how humans understand possibility and the consequences it has on info security
  • Learn why assorted perceptions of chance inside a company issues, and why it can be crucial to appreciate and reconcile those views
  • Learn the rules of firm details safeguard governance and decision-making, and the opposite teams they should have to paintings with
  • Learn the effect of recent applied sciences on details defense, and achieve insights into find out how to competently let using new technologies

Who This e-book Is For

The basic viewers is CIOs and different IT leaders, CISOs and different details safeguard leaders, IT auditors, and different leaders of company governance and possibility services. The secondary viewers is CEOs, board contributors, privateness pros, and no more senior-level info safeguard and threat professionals.

"Harkins’ logical, methodical technique as a CISO to fixing the main complicated cybersecurity difficulties is mirrored within the lucid form of this ebook. His enlightened method of intelligence-based safety infrastructure and hazard mitigation is our greatest course ahead if we're ever to achieve the giant strength of the leading edge electronic global we're growing whereas lowering the threats to possible degrees. the writer shines a mild on that course in a complete but very readable way." —Art Coviello, Former CEO and government Chairman, RSA

Show description

Read or Download Managing Risk and Information Security: Protect to Enable PDF

Best security & encryption books

Internet and Wireless Security

Many agencies are remodeling their companies during the improvement of knowledge and communications applied sciences. the protection of this e-commerce is now a key enabler for companies and this publication offers an summary of present and destiny infrastructures for e-business together with XML protection mechanisms and subsequent new release Public Key Infrastructures (PKI), in addition to electronic archiving and instant protection that's set to be an important development zone with the complete rollout of 3G cellular networks.

CompTIA Security+ SYO-201 Cert Guide

CompTIA® protection+ SY0-201 Cert advisor   David L. Prowse   DVD positive factors whole perform examination   grasp each subject on CompTIA’s new protection+ SY0-201 examination. verify your wisdom and concentration your studying. Get the sensible office wisdom you would like!   Start-to-finish safety+ SY0-201 guidance from computing device safety advisor, safety+ coach, and writer David L.

PKI Uncovered: Certificate-Based Security Solutions for Next-Generation Networks (Networking Technology: Security)

The one whole advisor to designing, imposing, and assisting cutting-edge certificate-based id ideas with PKI   Layered technique is designed to aid readers with broadly different backgrounds speedy research what they should recognize Covers the full PKI venture lifecycle, making complicated PKI architectures basic to appreciate and set up Brings jointly concept and perform, together with on-the-ground implementers' wisdom, insights, top practices, layout offerings, and troubleshooting information    PKI exposed brings jointly the entire recommendations IT and safety pros have to practice PKI in any atmosphere, irrespective of how advanced or refined.

CompTIA Cybersecurity Analyst (CSA+) Study Guide: Exam CS0-001

Arrange your self for the latest CompTIA certification The CompTIA Cybersecurity Analyst+ (CSA+) learn advisor presents a hundred% assurance of all examination ambitions for the recent CSA+ certification. The CSA+ certification validates a candidate's abilities to configure and use possibility detection instruments, practice info research, determine vulnerabilities with a objective of securing and maintaining businesses structures.

Extra info for Managing Risk and Information Security: Protect to Enable

Example text

Security and Privacy As I explained earlier in the book, security professionals, and the broader security industry, can sometimes be tone-deaf when it comes to privacy concerns. In their zeal to collect data for security purposes, they may create risks that the data could be used in a way that may violate people’s privacy, or at least their expectations of privacy. The challenge of balancing privacy and security concerns in the enterprise bears many similarities to the broader issue of balancing security and privacy in society, an area that has been extensively explored by privacy legal expert Daniel J.

As technology becomes embedded into the fabric of our lives, exploits that take advantage of technology vulnerabilities may increasingly impact the well-being of almost everyone in society. So it is particularly important that we apply the right ethical values to shape the way we design, develop, and implement these technologies. As I explain in Chapter 9, security and privacy should now be considered a corporate social responsibility. A New Approach to Managing Risk Given the ever-broadening role of technology and the resulting information-related business risk, we need a new approach to information security built on the concept of protecting to enable.

For a few years after this, I thought of information risk and security as a balancing act. I felt that we needed to try to find the right balance between providing open access to technology and information to enable the business and locking down assets. Providing open access allows greater business agility. The business can move more quickly with fewer restrictions. Employees can work more freely, and the faster flow of information allows the company to grow and transform. But as my responsibilities grew to encompass security and privacy not only for internal systems but also for all aspects of products and services, I realized that a balancing act was the wrong analogy.

Download PDF sample

Rated 4.76 of 5 – based on 21 votes