Managing Risk and Information Security: Protect

ManagingRiskandInformationSecurity：ProtecttoEnable，anApressOpentitle，describesthechangingriskenvironmentandwhyafreshapproachtoinformationsecurityisneeded.Becausealmosteveryaspectofanenterpriseisnowdependentontechnology，thefocusofITsecuritymustshiftfromlockingdownassetstoenablingthebusinesswhilemanagingandsurvivingrisk.Thiscompactbookdiscussesbusinessriskfromabroaderperspective，includingprivacyandregulatoryconsiderations.Itdescribestheincreasingnumberofthreatsandvulnerabilities，butalsooffersstrategiesfordevelopingsolutions.Theseincludediscussionsofhowenterprisescantakeadvantageofnewandemergingtechnologies—suchassocialmediaandthehugeproliferationofInternet-enableddevices—whileminimizingrisk.WithApressOpen，contentisfreelyavailablethroughmultipleonlinedistributionchannelsandelectronicformatswiththegoalofdisseminatingprofessionallyeditedandtechnicallyreviewedcontenttotheworldwidecommunity.Herearesomeoftheresponsesfromreviewersofthisexceptionalwork：“ManagingRiskandInformationSecurityisaperceptive，balanced，andoftenthought-provokingexplorationofevolvinginformationriskandsecuritychallengeswithinabusinesscontext.Harkinsclearlyconnectstheneeded，butoften-overlookedlinkageanddialogbetweenthebusinessandtechnicalworldsandoffersactionablestrategies.Thebookcontainseye-openingsecurityinsightsthatareeasilyunderstood，evenbythecuriouslayman.”FredWettling，BechtelFellow，IS&TEthics&ComplianceOfficer，Bechtel“Asdisruptivetechnologyinnovationsandescalatingcyberthreatscontinuetocreateenormousinformationsecuritychallenges，ManagingRiskandInformationSecurity：ProtecttoEnableprovidesamuch-neededperspective.Thisbookcompelsinformationsecurityprofessionalstothinkdifferentlyaboutconceptsofriskmanagementinordertobemoreeffective.Thespecificandpracticalguidanceoffersafast-trackformulafordevelopinginformationsecuritystrategieswhicharelock-stepwithbusinesspriorities.”LauraRobinson，Principal，RobinsonInsightChair，SecurityforBusinessInnovationCouncil(SBIC)ProgramDirector，ExecutiveSecurityActionForum(ESAF)“Themandateoftheinformationsecurityfunctionisbeingcompletelyrewritten.Unfortunatelymostheadsofsecurityhaven’tpickeduponthechange，impedingtheircompanies’agilityandabilitytoinnovate.Thisbookmakesthecaseforwhysecurityneedstochange，andshowshowtogetstarted.Itwillberegardedasmarkingtheturningpointininformationsecurityforyearstocome.”Dr.JeremyBergsman，PracticeManager，CEB“Theworldweareresponsibletoprotectischangingdramaticallyandatanacceleratingpace.Technologyispervasiveinvirtuallyeveryaspectofourlives.Clouds，virtualizationandmobileareredefiningcomputing–andtheyarejustthebeginningofwhatistocome.Yoursecurityperimeterisdefinedbywhereveryourinformationandpeoplehappentobe.Weareattackedbyprofessionaladversarieswhoarebetterfundedthanwewilleverbe.Weintheinformationsecurityprofessionmustchangeasdramaticallyastheenvironmentweprotect.Weneednewskillsandnewstrategiestodoourjobseffectively.Weliterallyneedtochangethewaywethink.Writtenbyoneofthebestinthebusiness，ManagingRiskandInformationSecuritychallengestraditionalsecuritytheorywithclearexamplesoftheneedforchange.Italsoprovidesexpertadviceonhowtodramaticallyincreasethesuccessofyoursecuritystrategyandmethods–fromdealingwiththemisperceptionofrisktohowtobecomeaZ-shapedCISO.ManagingRiskandInformationSecurityistheultimatetreatiseonhowtodelivereffectivesecuritytotheworldweliveinforthenext10years.Itisabsolutemustreadingforanyoneinourprofession–andshouldbeonthedeskofeveryCISOintheworld.”DaveCullinane，CISSPCEOSecurityStarfish，LLC“Inthisoverview，MalcolmHarkinsdeliversaninsightfulsurveyofthetrends，threats，andtacticsshapinginformationriskandsecurity.Fromregulatorycompliancetopsychologytothechangingthreatcontext，thisworkprovidesacompellingintroductiontoanimportanttopicandtrainshelpfulattentionontheeffectsofchangingtechnologyandmanagementpractices.”Dr.Mariano-FlorentinoCuéllarProfessor，StanfordLawSchoolCo-Director，StanfordCenterforInternationalSecurityandCooperation(CISAC)，StanfordUniversity“MalcolmHarkinsgetsit.InhisnewbookMalcolmoutlinesthemajorforceschangingtheinformationsecurityrisklandscapefromabigpictureperspective，andthengoesontooffereffectivemethodsofmanagingthatriskfromapractitioner'sviewpoint.ThecombinationmakesthisbookuniqueandamustreadforanyoneinterestedinITrisk."DennisDevlinAVP，InformationSecurityandCompliance，TheGeorgeWashingtonUniversity“ManagingRiskandInformationSecurityisthefirst-to-read，must-readbookoninformationsecurityforC-Suiteexecutives.Itisaccessible，understandableandactionable.Nosky-is-fallingscaretactics，notechno-babble–juststraighttalkaboutacriticallyimportantsubject.Thereisnobetterprimerontheeconomics，ergonomicsandpsycho-behaviouralsofsecuritythanthis.”ThorntonMay，Futurist，ExecutiveDirector&Dean，ITLeadershipAcademy“ManagingRiskandInformationSecurityisawake-upcallforinformationsecurityexecutivesandarayoflightforbusinessleaders.Itequipsorganizationswiththeknowledgerequiredtotransformtheirsecurityprogramsfroma“cultureofno”toonefocusedonagility，valueandcompetitiveness.Unlikeotherpublications，Malcolmprovidesclearandimmediatelyapplicablesolutionstooptimallybalancethefrequentlyopposingneedsofriskreductionandbusinessgrowth.Thisbookshouldberequiredreadingforanyonecurrentlyservingin，orseekingtoachieve，theroleofChiefInformationSecurityOfficer.”JamilFarshchi，SeniorBusinessLeaderofStrategicPlanningandInitiatives，VISA“Fortoomanyyears，businessandsecurity–eitherrealorimagined–wereatodds.InManagingRiskandInformationSecurity：ProtecttoEnable，yougetwhatyouexpect–reallifepracticalwaystobreaklogjams，havesecurityactuallyenablebusiness，andmarriessecurityarchitectureandbusinessarchitecture.Whythisbook?It'swrittenbyapractitioner，andnotjustanypractitioner，oneoftheleadingmindsinSecuritytoday.”JohnStewart，ChiefSecurityOfficer，Cisco“Thisbookisaninvaluableguidetohelpsecurityprofessionalsaddressriskinnewwaysinthisalarminglyfastchangingenvironment.Packedwithexampleswhichmakesitapleasuretoread，thebookcapturespracticalwaysaforwardthinkingCISOcanturninformationsecurityintoacompetitiveadvantagefortheirbusiness.Thisbookprovidesanewframeworkformanagingriskinanentertainingandthoughtprovokingway.Thiswillchangethewaysecurityprofessionalsworkwiththeirbusinessleaders，andhelpgetproductstomarketfaster.The6irrefutablelawsofinformationsecurityshouldbeonastoneplaqueonthedeskofeverysecurityprofessional.”StevenProctor，VP，Audit&RiskManagement，Flextronics