Managing Risk and Information Security Protect to Enable 2nd edition by Malcolm Harkins ISBN 1484214560 978-1484214565

Managing Risk and Information Security Protect to Enable 2nd edition by Malcolm Harkins  – Ebook PDF Instant Download/Delivery. 1484214560 978-1484214565
Full download Managing Risk and Information Security Protect to Enable 2nd edition after payment

Product details:

ISBN 10: 1484214560
ISBN 13: 978-1484214565
Author:  Malcolm Harkins 

Examine the evolving enterprise security landscape and discover how to manage and survive risk. While based primarily on the author’s experience and insights at major companies where he has served as CISO and CSPO, the book also includes many examples from other well-known companies and provides guidance for a management-level audience.

Managing Risk and Information Security provides thought leadership in the increasingly important area of enterprise information risk and security. It describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology not only for internal operations but increasing as a part of product or service creation, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk.

This edition discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities and offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies―such as social media and the huge proliferation of Internet-enabled devices―while minimizing risk.

What You’ll Learn

• Review how people perceive risk and the effects it has on information security
  
• See why different perceptions of risk within an organization matters
• Understand and reconcile these differing risk views
• Gain insights into how to safely enable the use of new technologies
  

Who This Book Is For

The primary audience is CIOs and other IT leaders, CISOs and other information security leaders, IT auditors, and other leaders of corporate governance and risk functions. The secondary audience is CEOs, board members, privacy professionals, and less senior-level information security and risk professionals.

“Harkins’ logical, methodical approach as a CISO to solving the most complex cybersecurity problems is reflected in the lucid style of this book. His enlightened approach to intelligence-based security infrastructure and risk mitigation is our best path forward if we are ever to realize the vast potential of the innovative digital world we are creating while reducing the threats to manageable levels. The author shines a light on that path in a comprehensive yet very readable way.” ―Art Coviello, Former CEO and Executive Chairman, RSA

Managing Risk and Information Security Protect to Enable 2nd Table of contents:

Part I: Risk and Information Security Fundamentals

Chapter 1: Introduction to Risk Management and Information Security

• What is Risk Management?

• Information Security Defined

• The Relationship Between Risk and Security

• The Risk Management Lifecycle

• Why Risk Management is Critical for Businesses

Chapter 2: The Evolution of Risk and Security

• Historical Overview of Risk and Information Security

• Key Drivers of Change

• Emerging Threats and New Technologies

• The Growing Role of Information Security

Chapter 3: The Principles of Risk Management

• Risk Management Frameworks

• Identifying, Assessing, and Mitigating Risks

• The Risk Management Process

• Risk Appetite and Risk Tolerance

• Balancing Risk and Business Objectives

---

Part II: Risk Assessment and Mitigation Strategies

Chapter 4: Conducting a Risk Assessment

• Risk Identification

• Risk Assessment Methods

• Qualitative vs. Quantitative Risk Assessment

• Understanding Threats, Vulnerabilities, and Impacts

• Assessing the Likelihood and Impact of Risks

Chapter 5: Information Security Risk Mitigation

• Risk Response Strategies

• Developing Security Controls

• The Role of Security Policies and Procedures

• Risk Treatment and Transfer

• Using Technology to Mitigate Risk

Chapter 6: Business Continuity and Disaster Recovery

• Planning for Business Continuity

• Understanding Disaster Recovery

• Developing Effective Recovery Plans

• Testing and Maintaining Business Continuity Plans

• Ensuring Resilience

---

Part III: Enabling Business and Information Security Alignment

Chapter 7: Aligning Security with Business Objectives

• The Importance of Business and Security Alignment

• Identifying Business Needs and Risks

• Security as an Enabler of Business Success

• Communicating Security in Business Terms

Chapter 8: Information Security Governance

• Principles of Governance in Security

• Structuring a Governance Framework

• Key Governance Roles and Responsibilities

• Compliance with Laws and Regulations

• Measuring and Reporting on Security

Chapter 9: Security Culture and Risk Awareness

• Building a Security-Aware Culture

• Training and Educating Employees

• Engaging Stakeholders and Leadership

• Creating Effective Security Awareness Programs

---

Part IV: Threats, Technologies, and Security Solutions

Chapter 10: Understanding the Threat Landscape

• Cyber Threats: Types and Trends

• Attack Vectors and Exploits

• The Role of Hackers and Cybercriminals

• Case Studies of Major Security Incidents

Chapter 11: Key Security Technologies

• Firewalls, Antivirus, and Anti-malware

• Intrusion Detection and Prevention Systems (IDS/IPS)

• Encryption and Data Protection

• Security Information and Event Management (SIEM)

• Emerging Security Technologies (AI, Blockchain, etc.)

Chapter 12: Managing Cybersecurity Threats

• Threat Intelligence and Analysis

• The Role of Threat Hunting

• Incident Response and Handling

• Building a Security Operations Center (SOC)

• Red Teaming and Penetration Testing

---

Part V: Integrating Risk and Security Across the Organization

Chapter 13: Risk Management in the Supply Chain

• Supply Chain Security Risks

• Assessing and Managing Supplier Risk

• Vendor Risk Management Programs

• Third-Party Risk Assessment

Chapter 14: Security in the Cloud

• Cloud Computing Risks and Benefits

• Managing Cloud Security Risks

• Cloud Service Models (SaaS, PaaS, IaaS)

• Security in Multi-cloud and Hybrid Cloud Environments

Chapter 15: Privacy and Data Protection

• The Importance of Data Privacy

• Regulatory Compliance (GDPR, CCPA, etc.)

• Securing Personal Data

• Privacy Risk Management

---

Part VI: Advanced Risk Management and Security Strategy

Chapter 16: Security and Risk Management Strategy

• Creating a Risk Management Strategy

• Aligning Security Strategy with Business Strategy

• Strategic Planning for Information Security

• Measuring Security Effectiveness

Chapter 17: Emerging Trends and Future of Risk Management

• Future Threats and Risks

• Innovations in Risk Management and Security

• The Role of Artificial Intelligence and Automation

• The Changing Landscape of Cybersecurity

Chapter 18: Conclusion: A Proactive Approach to Risk Management

• Continuous Improvement in Risk and Security Management

• Building a Risk-Resilient Organization

• The Ongoing Challenge of Securing Information

• Final Thoughts on Protecting and Enabling the Business

---

Appendices

• A. Glossary of Key Terms

• B. Risk Management Frameworks and Models

• C. Information Security Standards and Regulations

• D. Further Reading and Resources

Index

People also search for Managing Risk and Information Security Protect to Enable 2nd:

managing risk in information systems 2nd edition

managing risk in information systems 2nd edition pdf

managing risk in information systems 3rd edition pdf

managing risk in information systems 3rd edition

managing risk in information systems