Managing Risk and Information Security: Protect to Enable an ApressOpen title describes the
changing risk environment and why a fresh approach to information security is needed. Because
almost every aspect of an enterprise is now dependent on technology the focus of IT security
must shift from locking down assets to enabling the business while managing and surviving risk.
This compact book discusses business risk from a broader perspective including privacy and
regulatory considerations. It describes the increasing number of threats and vulnerabilities
but also offers strategies for developing solutions. These include discussions of how
enterprises can take advantage of new and emerging technologies-such as social media and the
huge proliferation of Internet-enabled devices-while minimizing risk. With ApressOpen content
is freely available through multiple online distribution channels and electronic formats with
the goal of disseminating professionally edited andtechnically reviewed content to the
worldwide community. Here are some of the responses from reviewers of this exceptional work:
Managing Risk and Information Security is a perceptive balanced and often thought-provoking
exploration of evolving information risk and security challenges within a business context.
Harkins clearly connects the needed but often-overlooked linkage and dialog between the
business and technical worlds and offers actionable strategies. The book contains eye-opening
security insights that are easily understood even by the curious layman. Fred Wettling
Bechtel Fellow IS&T Ethics & Compliance Officer Bechtel As disruptive technology innovations
and escalating cyber threats continue to create enormous information security challenges
Managing Risk and Information Security: Protect to Enable provides a much-needed perspective.
This book compels information security professionals to think differently about concepts of
risk management in order to be more effective. The specific and practical guidance offers a
fast-track formula for developing information security strategies which are lock-step with
business priorities. Laura Robinson Principal Robinson Insight Chair Security for Business
Innovation Council (SBIC) Program Director Executive Security Action Forum (ESAF) The mandate
of the information security function is being completely rewritten. Unfortunately most heads of
security haven't picked up on the change impeding their companies' agility and ability to
innovate. This book makes the case for why security needs to change and shows how to get
started. It will be regarded as marking the turning point in information security for years to
come. Dr. Jeremy Bergsman Practice Manager CEB The world we are responsible to protect is
changing dramatically and at an accelerating pace. Technology is pervasive in virtually every
aspect of our lives. Clouds virtualization and mobile are redefining computing - and they are
just the beginning of what is to come. Your security perimeter is defined by wherever your
information and people happen to be. We are attacked by professional adversaries who are better
funded than we will ever be. We in the information security profession must change as
dramatically as the environment we protect. We need new skills and new strategies to do our
jobs effectively. We literally need to change the way we think. Written by one of the best in
the business Managing Risk and Information Security challenges traditional security theory
with clear examples of the need for change. It also provides expert advice on how to
dramatically increase the success of your security strategy and methods - from dealing with the
misperception of risk to how to become a Z-shaped CISO. Managing Risk and Information Security
is the ult