Practical Risk Management for the CIO
Autor Mark Scherlingen Limba Engleză Paperback – 27 sep 2018
Detailing procedures to help your team perform better risk assessments and aggregate results into more meaningful metrics, Practical Risk Management for the CIO approaches information risk management through improvements to information management and information security. It provides easy-to-follow guidance on how to effectively manage the flow of information and incorporate both service delivery and reliability.
- Explains why every CIO should be managing his or her information differently
- Provides time-tested risk ranking strategies
- Considers information security strategy standards such as NIST, FISMA, PCI, SP 800, & ISO 17799
- Supplies steps for managing: information flow, classification, controlled vocabularies, life cycle, and data leakage
- Describes how to put it all together into a complete information risk management framework
Preț: 319.91 lei
Preț vechi: 457.63 lei
-30% Nou
Puncte Express: 480
Preț estimativ în valută:
61.23€ • 63.68$ • 51.31£
61.23€ • 63.68$ • 51.31£
Carte tipărită la comandă
Livrare economică 13-27 martie
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9781138374492
ISBN-10: 1138374490
Pagini: 400
Ilustrații: 34
Dimensiuni: 156 x 234 mm
Greutate: 0.74 kg
Ediția:1
Editura: CRC Press
Colecția Auerbach Publications
ISBN-10: 1138374490
Pagini: 400
Ilustrații: 34
Dimensiuni: 156 x 234 mm
Greutate: 0.74 kg
Ediția:1
Editura: CRC Press
Colecția Auerbach Publications
V-ar putea interesa
-
On the Foundations of ComputingGiuseppe Primiero-27%Preț: 337.41 lei463.55 lei -
Algorithms Are Not EnoughHerbert L. Roitblat-20%Preț: 215.82 lei269.77 lei -
Cyber Strategy: Risk-Driven Security and ResiliencyCarol A. Siegel-20%Preț: 760.66 lei950.83 lei -
Community Policing and PeacekeepingPeter GraboskyPreț: 436.14 lei -
Policing Organized Crime: Intelligence Strategy ImplementationPetter Gottschalk-12%Preț: 312.43 lei356.63 lei -
Preț: 448.29 lei -
Practical Handbook for Professional InvestigatorsRory J. McMahon, CLI, CFEPreț: 452.53 lei -
Police and Society in BrazilVicente Riccio-12%Preț: 312.43 lei356.63 lei -
Blockchain Chicken FarmXiaowei WangPreț: 93.22 lei -
Possible Minds: Twenty-Five Ways of Looking at AIJohn Brockman-34%Preț: 75.23 lei113.68 lei -
Algorithms Illuminated (Part 2)Tim Roughgarden-20%Preț: 92.70 lei115.88 lei -
Advanced API Security: OAuth 2.0 and BeyondPrabath Siriwardena-20%Preț: 231.16 lei288.95 lei -
Secrets of a Cyber Security ArchitectBrook S. E. Schoenfield-20%Preț: 449.31 lei561.63 lei -
Developer's Guide to Web Application SecurityMichael Cross-20%Preț: 376.01 lei470.00 lei -
tmux 2Brian P. Hogan-20%Preț: 93.09 lei116.36 lei -
The Revolutionary PhenotypeJean-François GariépyPreț: 117.92 lei -
AdventureJamie LendinoPreț: 122.60 lei -
Configuring NetScreen FirewallsRob Cameron-17%Preț: 212.33 lei256.66 lei
Public țintă
Academic and Professional Practice & DevelopmentCuprins
Introduction: Why Risk Management? Liability. Service Delivery. PRINCIPLES AND CONCEPTS. Overview. Basic Concepts, Principles, and Practices. Risk Assessment, Analysis, and Procedures. Metrics. Best Practices. SERVICE DELIVERY. Product Management. Process Management. Project Management. IT Service Management. Reporting on Service Delivery. LIABILITIES MANAGEMENT. Information Management. Information Protection. E-Discovery. Privacy. Policies and Procedures. Planning for Big Failures or Business Continuity. PUTTING IT ALL TOGETHER. Designing a Risk Management Strategy. Forward-Looking Risk Management. Preparing for a "Black Swan". APPENDICES: OECD Privacy Principles. Project Profiling Risk Assessment. Risk Impact Scales. Classification Schema.
Notă biografică
Mark Scherling, CISSP, CRM, has been working in IT for over 30 years. For the past four years, he has been managing information security and privacy for the Justice Sector in the Government of British Columbia (Canada). Prior to the Justice Sector, he managed the Information Security Investigations Unit for the entire BC government.
He has designed and implemented public key infrastructure (PKI) and security solutions for numerous clients. He is considered a Subject Matter Expert in Risk Management and Information Security by the Information Systems Audit and Control Association (ISACA). He contributed to the Risk IT Framework and Certification in Risk and Information Systems (CRISC), a new ISACA Certification. He is viewed as a Security and Risk Management Expert by many people within and associated with the Government of British Columbia.
His background includes sales, marketing, and information management. In the mid-1990s, he was instrumental in developing and implementing the Canadian Department of National Defence Intranet or the DIN. He has significant experience in information and knowledge management. He combines this expertise with information protection to create an information risk management strategy for Chief Information Officers (CIOs).
He has been part of the evolution of information technology (IT) from Digital Equipment’s Vaxes and PDP11s to mobile computing, the Internet, and cloud computing. The interconnected world we now live in holds exciting promise to link people, computers, applications, and information. There are risks when we link everything together and share information. Organizations are always trying to reduce costs and improve customer relations. Mark has been involved in information security for over 13 years and has oriented his approach from simple information security to risk management strategies. As the Internet continues to evolve, so evolves information security and risk management.
The reality is that we need better ways of managing risks to our information and services. His approach takes a more holistic approach to risks, considering not just liabilities but also service delivery because information is one of our most important assets.
He has designed and implemented public key infrastructure (PKI) and security solutions for numerous clients. He is considered a Subject Matter Expert in Risk Management and Information Security by the Information Systems Audit and Control Association (ISACA). He contributed to the Risk IT Framework and Certification in Risk and Information Systems (CRISC), a new ISACA Certification. He is viewed as a Security and Risk Management Expert by many people within and associated with the Government of British Columbia.
His background includes sales, marketing, and information management. In the mid-1990s, he was instrumental in developing and implementing the Canadian Department of National Defence Intranet or the DIN. He has significant experience in information and knowledge management. He combines this expertise with information protection to create an information risk management strategy for Chief Information Officers (CIOs).
He has been part of the evolution of information technology (IT) from Digital Equipment’s Vaxes and PDP11s to mobile computing, the Internet, and cloud computing. The interconnected world we now live in holds exciting promise to link people, computers, applications, and information. There are risks when we link everything together and share information. Organizations are always trying to reduce costs and improve customer relations. Mark has been involved in information security for over 13 years and has oriented his approach from simple information security to risk management strategies. As the Internet continues to evolve, so evolves information security and risk management.
The reality is that we need better ways of managing risks to our information and services. His approach takes a more holistic approach to risks, considering not just liabilities but also service delivery because information is one of our most important assets.
Recenzii
This is an exceptionally well-written primer for anyone responsible for corporate information risk management. … It's obvious that the author has regularly encountered and solved the problems he describes in the course of his three decades in Canadian government and justice IT, and he has an appealing no-nonsense approach. …the true greatest strength of this book is its holistic viewpoint - all too rare and much appreciated - that demonstrates how all the disparate aspects of information management actually fit together to create a robust business asset base. I can unhesitatingly recommend it, not only to CIOs but also to anyone tasked with protecting corporate information assets, whatever the level of their role. It imparts understanding, which is vastly more useful than mere facts. An excellent holistic primer on corporate information management. The author's credentials are fully justified by the clear, concise and informative text. A must-have for CIOs and anyone else managing business information assets.
—Michael Barwise, BSc, CEng, CITP, MBCS, in InfoSec Reviews, September 2011
—Michael Barwise, BSc, CEng, CITP, MBCS, in InfoSec Reviews, September 2011
Descriere
Detailing procedures that will help your team perform better risk assessments and aggregate results into more meaningful metrics, Practical Risk Management for the CIO approaches information risk management through improvements to information management and information security. It provides easy-to-follow guidance on how to effectively manage the flow of information and incorporate both service delivery and reliability. Clarifying common misunderstandings about the risks in cyberspace, this book provides the foundation required to make more informed decisions and effectively manage, protect, and deliver information to your organization and its constituents.