内容简介
ManagingRiskandInformationSecurity:ProtecttoEnable,anApressOpentitle,describesthechangingriskenvironmentandwhyafreshapproachtoinformationsecurityisneeded.Becausealmosteveryaspectofanenterpriseisnowdependentontechnology,thefocusofITsecuritymustshiftfromlockingdownassetstoenablingthebusinesswhilemanagingandsurvivingrisk.Thiscompactbookdiscussesbusinessriskfromabroaderperspective,includingprivacyandregulatoryconsiderations.Itdescribestheincreasingnumberofthreatsandvulnerabilities,butalsooffersstrategiesfordevelopingsolutions.TheseincludediscussionsofhowenterprisescantakeadvantageofnewandemergingtechnologiessuchassocialmediaandthehugeproliferationofInternet-enableddeviceswhileminimizingrisk.WithApressOpen,contentisfreelyavailablethroughmultipleonlinedistributionchannelsandelectronicformatswiththegoalofdisseminatingprofessionallyeditedandtechnicallyreviewedcontenttotheworldwidecommunity.Herearesomeoftheresponsesfromreviewersofthisexceptionalwork:ManagingRiskandInformationSecurityisaperceptive,balanced,andoftenthought-provokingexplorationofevolvinginformationriskandsecuritychallengeswithinabusinesscontext.Harkinsclearlyconnectstheneeded,butoften-overlookedlinkageanddialogbetweenthebusinessandtechnicalworldsandoffersactionablestrategies.Thebookcontainseye-openingsecurityinsightsthatareeasilyunderstood,evenbythecuriouslayman.FredWettling,BechtelFellow,IS&TEthics&ComplianceOfficer,BechtelAsdisruptivetechnologyinnovationsandescalatingcyberthreatscontinuetocreateenormousinformationsecuritychallenges,ManagingRiskandInformationSecurity:ProtecttoEnableprovidesamuch-neededperspective.Thisbookcompelsinformationsecurityprofessionalstothinkdifferentlyaboutconceptsofriskmanagementinordertobemoreeffective.Thespecificandpracticalguidanceoffersafast-trackformulafordevelopinginformationsecuritystrategieswhicharelock-stepwithbusinesspriorities.LauraRobinson,Principal,RobinsonInsightChair,SecurityforBusinessInnovationCouncil(SBIC)ProgramDirector,ExecutiveSecurityActionForum(ESAF)Themandateoftheinformationsecurityfunctionisbeingcompletelyrewritten.Unfortunatelymostheadsofsecurityhaventpickeduponthechange,impedingtheircompaniesagilityandabilitytoinnovate.Thisbookmakesthecaseforwhysecurityneedstochange,andshowshowtogetstarted.Itwillberegardedasmarkingtheturningpointininformationsecurityforyearstocome.Dr.JeremyBergsman,PracticeManager,CEBTheworldweareresponsibletoprotectischangingdramaticallyandatanacceleratingpace.Technologyispervasiveinvirtuallyeveryaspectofourlives.Clouds,virtualizationandmobileareredefiningcomputingandtheyarejustthebeginningofwhatistocome.Yoursecurityperimeterisdefinedbywhereveryourinformationandpeoplehappentobe.Weareattackedbyprofessionaladversarieswhoarebetterfundedthanwewilleverbe.Weintheinformationsecurityprofessionmustchangeasdramaticallyastheenvironmentweprotect.Weneednewskillsandnewstrategiestodoourjobseffectively.Weliterallyneedtochangethewaywethink.Writtenbyoneofthebestinthebusiness,ManagingRiskandInformationSecuritychallengestraditionalsecuritytheorywithclearexamplesoftheneedforchange.ItalsoprovidesexpertadviceonhowtodramaticallyincreasethesuccessofyoursecuritystrategyandmethodsfromdealingwiththemisperceptionofrisktohowtobecomeaZ-shapedCISO.ManagingRiskandInformationSecurityistheultimatetreatiseonhowtodelivereffectivesecuritytotheworldweliveinforthenext10years.ItisabsolutemustreadingforanyoneinourprofessionandshouldbeonthedeskofeveryCISOintheworld.DaveCullinane,CISSPCEOSecurityStarfish,LLCInthisoverview,MalcolmHarkinsdeliversaninsightfulsurveyofthetrends,threats,andtacticsshapinginformationriskandsecurity.Fromregulatorycompliancetopsychologytothechangingthreatcontext,thisworkprovidesacompellingintroductiontoanimportanttopicandtrainshelpfulattentionontheeffectsofchangingtechnologyandmanagementpractices.Dr.Mariano-FlorentinoCuéllarProfessor,StanfordLawSchoolCo-Director,StanfordCenterforInternationalSecurityandCooperation(CISAC),StanfordUniversityMalcolmHarkinsgetsit.InhisnewbookMalcolmoutlinesthemajorforceschangingtheinformationsecurityrisklandscapefromabigpictureperspective,andthengoesontooffereffectivemethodsofmanagingthatriskfromapractitioner'sviewpoint.ThecombinationmakesthisbookuniqueandamustreadforanyoneinterestedinITrisk."DennisDevlinAVP,InformationSecurityandCompliance,TheGeorgeWashingtonUniversityManagingRiskandInformationSecurityisthefirst-to-read,must-readbookoninformationsecurityforC-Suiteexecutives.Itisaccessible,understandableandactionable.Nosky-is-fallingscaretactics,notechno-babblejuststraighttalkaboutacriticallyimportantsubject.Thereisnobetterprimerontheeconomics,ergonomicsandpsycho-behaviouralsofsecuritythanthis.ThorntonMay,Futurist,ExecutiveDirector&Dean,ITLeadershipAcademyManagingRiskandInformationSecurityisawake-upcallforinformationsecurityexecutivesandarayoflightforbusinessleaders.Itequipsorganizationswiththeknowledgerequiredtotransformtheirsecurityprogramsfromacultureofnotoonefocusedonagility,valueandcompetitiveness.Unlikeotherpublications,Malcolmprovidesclearandimmediatelyapplicablesolutionstooptimallybalancethefrequentlyopposingneedsofriskreductionandbusinessgrowth.Thisbookshouldberequiredreadingforanyonecurrentlyservingin,orseekingtoachieve,theroleofChiefInformationSecurityOfficer.JamilFarshchi,SeniorBusinessLeaderofStrategicPlanningandInitiatives,VISAFortoomanyyears,businessandsecurityeitherrealorimaginedwereatodds.InManagingRiskandInformationSecurity:ProtecttoEnable,yougetwhatyouexpectreallifepracticalwaystobreaklogjams,havesecurityactuallyenablebusiness,andmarriessecurityarchitectureandbusinessarchitecture.Whythisbook?It'swrittenbyapractitioner,andnotjustanypractitioner,oneoftheleadingmindsinSecuritytoday.JohnStewart,ChiefSecurityOfficer,CiscoThisbookisaninvaluableguidetohelpsecurityprofessionalsaddressriskinnewwaysinthisalarminglyfastchangingenvironment.Packedwithexampleswhichmakesitapleasuretoread,thebookcapturespracticalwaysaforwardthinkingCISOcanturninformationsecurityintoacompetitiveadvantagefortheirbusiness.Thisbookprovidesanewframeworkformanagingriskinanentertainingandthoughtprovokingway.Thiswillchangethewaysecurityprofessionalsworkwiththeirbusinessleaders,andhelpgetproductstomarketfaster.The6irrefutablelawsofinformationsecurityshouldbeonastoneplaqueonthedeskofeverysecurityprofessional.StevenProctor,VP,Audit&RiskManagement,Flextronics