Managing risk and information security : : protect to enable / / Malcolm W Harkins.
Saved in:
VerfasserIn: | |
---|---|
Place / Publishing House: | [Place of publication not identified] : : Apress Open,, [2016] New York, NY : : Distributed to the book trade worldwide by Springer Science+Business Media New York ©2016 |
Year of Publication: | 2016 |
Edition: | Second edition. |
Language: | English |
Physical Description: | 1 online resource (1 volume) :; illustrations |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
LEADER | 06723nam a2200433Ia 4500 | ||
---|---|---|---|
001 | 993602791104498 | ||
005 | 20220204050450.0 | ||
006 | m o d | ||
007 | cr#unu|||||||| | ||
008 | 160921s2016 xx a ob 001 0 eng d | ||
020 | |a 1-4842-1456-0 | ||
035 | |a (CKB)4340000000014851 | ||
035 | |a (Safari)9781484214558 | ||
035 | |a (OCoLC)958879520 | ||
035 | |a (MiAaPQ)EBC5575803 | ||
035 | |a (Au-PeEL)EBL5575803 | ||
035 | |a (OCoLC)1066183556 | ||
035 | |a (MiAaPQ)EBC6422848 | ||
035 | |a (EXLCZ)994340000000014851 | ||
040 | |a UMI |b eng |e rda |e pn |c UMI | ||
050 | 4 | |a QA76.9.A25 | |
082 | 0 | 0 | |a 005.8 |2 23 |
100 | 1 | |a Harkins, Malcolm, |e author. | |
245 | 1 | 0 | |a Managing risk and information security : |b protect to enable / |c Malcolm W Harkins. |
250 | |a Second edition. | ||
264 | 1 | |a [Place of publication not identified] : |b Apress Open, |c [2016] | |
264 | 2 | |a New York, NY : |b Distributed to the book trade worldwide by Springer Science+Business Media New York | |
264 | 4 | |c ©2016 | |
300 | |a 1 online resource (1 volume) : |b illustrations | ||
336 | |a text |b txt |2 rdacontent | ||
337 | |a computer |b c |2 rdamedia | ||
338 | |a online resource |b cr |2 rdacarrier | ||
588 | |a Description based on online resource; title from cover (Safari, viewed September 19, 2016). | ||
504 | |a Includes bibliographical references and index. | ||
505 | 0 | |a Intro -- Contents at a Glance -- Contents -- Foreword -- Praise for the second edition of Managing Risk and Information Security -- About the Author -- Acknowledgments -- Preface -- Chapter 1: Introduction -- Protect to Enable® -- Building Trust -- Keeping the Company Legal: The Regulatory Flood -- Privacy: Protecting Personal Information -- Personalization vs. Privacy -- Financial Regulations -- E-Discovery -- Expanding Scope of Regulation -- The Rapid Proliferation of Information, Devices, and Things -- The Changing Threat Landscape -- Stealthy Malware -- Nine Irrefutable Laws of Information Risk -- A New Approach to Managing Risk -- Chapter 2: The Misperception of Risk -- The Subjectivity of Risk Perception -- How Employees Misperceive Risk -- The Lure of the Shiny Bauble -- How Security Professionals Misperceive Risk -- Security and Privacy -- How Decision Makers Misperceive Risk -- How to Mitigate the Misperception of Risk -- Uncovering New Perspectives During Risk Assessments -- Communication Is Essential -- Building Credibility -- Chapter 3: Governance and Internal Partnerships: How to Sense, Interpret, and Act on Risk -- Information Risk Governance -- Finding the Right Governance Structure -- Building Internal Partnerships -- Legal -- Privacy -- Litigation -- Intellectual Property -- Contracts -- Financial Compliance -- Legal Specialists Within Business Groups -- Human Resources -- Setting Employee Expectations in Security Policies -- Employee Communications -- Investigations -- Finance -- Sarbanes-Oxley Compliance -- Working with Business Groups -- Internal Audit -- Corporate Risk Management -- Privacy -- Corporate Security -- Business Group Managers -- Conclusion -- Chapter 4: External Partnerships: The Power of Sharing Information -- The Value of External Partnerships -- External Partnerships: Types and Tiers -- 1:1 Partnerships. | |
505 | 8 | |a Communities -- Community Characteristics -- Community Goals -- Sharing Information about Threats and Vulnerabilities -- Sharing Best Practices and Benchmarking -- Influencing Regulations and Standards -- Corporate Citizenship -- Conclusion -- Chapter 5: People Are the Perimeter -- The Shifting Perimeter -- Compliance or Commitment? -- Examining the Risks -- Adjusting Behavior -- A Model for Improving Security Awareness -- Broadening the Awareness Model -- The Security Benefits of Personal Use -- Roundabouts and Stop Signs -- The Technology Professional -- Insider Threats -- Deter -- Detect -- Discipline -- Finding the Balance -- Chapter 6: Emerging Threats and Vulnerabilities: Reality and Rhetoric -- Structured Methods for Identifying Threat Trends -- The Product Life Cycle Model -- Understanding Threat Agents -- Playing War Games -- Trends That Span the Threat Landscape -- Trust Is an Attack Surface -- Barriers to Entry Are Crumbling -- The Rise of Edge Case Insecurity -- The Enemy Knows the System -- Key Threat Activity Areas -- The Industry of Malware -- The Web Expands to the Internet of Things -- Smartphones -- Web Applications -- Conclusion -- Chapter 7: A New Security Architecture to Improve Business Agility -- The 9 Box of Controls, Business Trends, and Architecture Requirements -- 9 Box of Controls -- IT Consumerization -- New Business Needs -- Cloud Computing -- Changing Threat Landscape -- Privacy and Regulatory Requirements -- New Architecture -- Trust Calculation -- Source Score -- Destination Score -- Available Controls -- Calculating Trust -- Security Zones -- Untrusted Zones -- Selective Zones -- Trusted Zones -- Balanced Controls -- Users, Data, and the Internet of Things: The New Perimeters -- Data Perimeter -- User Perimeter -- Internet of Things -- Conclusion -- Chapter 8: Looking to the Future: Emerging Security Capabilities. | |
505 | 8 | |a Internet of Things -- Consistent User Experience Across Devices -- Cloud Computing -- Big Data Analytics -- Artificial Intelligence -- Business Benefits and Risks -- New Security Capabilities -- Baseline Security -- Protected Environments -- Encryption -- Hardware Acceleration -- Enhanced Recovery -- AI-Based Security and Automation -- Context-Aware Security -- Cloud Security and Context Awareness -- Security Analytics and Data Protection -- Conclusion -- Chapter 9: Corporate Social Responsibility: The Ethics of Managing Information Risk -- The Expanding Scope of Corporate Social Responsibility -- The Evolution of Technology and Its Impact -- Maintaining Society's Trust -- The Ethics of Managing Information Risk -- Conclusion -- Chapter 10: The 21st Century CISO -- Chief Trust Officer -- The Z-Shaped Individual -- Foundational Skills -- Becoming a Storyteller -- Fear Is Junk Food -- Accentuating the Positive -- Demonstrating the Reality of Risk -- The CISO's Sixth Sense -- Taking Action at the Speed of Trust -- The CISO as a Leader -- Learning from Other Business Leaders -- Voicing Our Values -- Discussing Information Risk at Board Level -- Conclusion -- Chapter 11: Performance Coaching -- How to Use the Tables -- Independence and Initiative -- Efficiency and Effectiveness -- Commitment -- Professionalism -- Discipline -- Teamwork -- Problem-Solving -- Communication -- Listening -- Style -- Clarity -- Goal-Setting -- Conclusion -- Appendix A -- Index. | |
650 | 0 | |a Computer security. | |
650 | 0 | |a Electronic information resources |x Access control. | |
906 | |a BOOK | ||
ADM | |b 2023-06-09 01:04:01 Europe/Vienna |f System |c marc21 |a 2016-11-05 18:53:58 Europe/Vienna |g false | ||
AVE | |i DOAB Directory of Open Access Books |P DOAB Directory of Open Access Books |x https://eu02.alma.exlibrisgroup.com/view/uresolver/43ACC_OEAW/openurl?u.ignore_date_coverage=true&portfolio_pid=5345705940004498&Force_direct=true |Z 5345705940004498 |b Available |8 5345705940004498 |