Cover Image

Managing Risk and Information Security : Protect to Enable.

Bibliographic Details
Main Author: Harkins, Malcolm.
Format: eBook
Language:English
Published: Berkeley, CA : Apress L. P., 2012.
Edition:1st ed.
Subjects:
Electronic books.
Online Access:Click to View
Table of Contents:
  • Intro
  • Contents at a Glance
  • About ApressOpen
  • Foreword
  • Contents
  • About the Author
  • Preface
  • Acknowledgments
  • Chapter 1: Introduction
  • Protect to Enable
  • Keeping the Company Legal: The Regulatory Flood
  • Privacy: Protecting Personal Information
  • Personalization versus Privacy
  • Financial Regulations
  • e-Discovery
  • Expanding Scope of Regulation
  • The Rapid Proliferation of Information and Devices
  • The Changing Threat Landscape
  • Stealthy Malware
  • Compromise Is Inevitable
  • A New Approach to Managing Risk
  • Chapter 2: The Misperception of Risk
  • The Subjectivity of Risk Perception
  • How Employees Misperceive Risk
  • How Security Professionals Misperceive Risk
  • How Decision Makers Misperceive Risk
  • How to Mitigate the Misperception of Risk
  • Uncovering New Perspectives During Risk Assessments
  • Communication Is Essential
  • Building Credibility
  • Chapter 3: Governance and Internal Partnerships
  • Information Risk Governance
  • Finding the Right Governance Structure
  • Intel's Information Risk Governance
  • Building Internal Partnerships
  • Legal
  • Privacy
  • Litigation
  • Intellectual Property and Data Classification
  • Contracts
  • Financial Compliance
  • Legal Specialists Within Business Groups
  • Human Resources
  • Setting Employee Expectations in Security Policies
  • Employee Communications
  • Investigations
  • Finance
  • Sarbanes-Oxley Compliance
  • Working with Business Groups
  • Internal Audit
  • Corporate Risk Management
  • Privacy
  • Corporate Security
  • Business Group Managers
  • Conclusion
  • Chapter 4: External Partnerships
  • The Value of External Partnerships
  • External Partnerships: Types and Tiers
  • 1:1 Partnerships
  • Communities
  • Community Characteristics
  • Community Goals
  • Sharing Information About Threats and Vulnerabilities
  • Sharing Best Practices and Benchmarking.
  • Influencing Regulations and Standards
  • Corporate Citizenship
  • Conclusion
  • Chapter 5: People Are the Perimeter
  • The Shifting Perimeter
  • Examining the Risks
  • Adjusting Behavior
  • The Payoff
  • Roundabouts and Stop Signs
  • The Security Benefits of Personal Use
  • Sealing the Gaps
  • The IT Professional
  • Insider Threats
  • Finding the Balance
  • Chapter 6: Emerging Threats and Vulnerabilities
  • Structured Methods for Identifying Threat Trends
  • The Product Life Cycle Model
  • Understanding Threat Agents
  • Playing War Games
  • Trends That Span the Threat Landscape
  • Trust Is an Attack Surface
  • Barriers to Entry Are Crumbling
  • The Rise of Edge Case Insecurity
  • The Enemy Knows the System
  • Key Threat Activity Areas
  • The Industry of Malware
  • The Web As an Attack Surface
  • Smartphones
  • Web Applications
  • Conclusion
  • Chapter 7: A New Security Architecture to Improve Business Agility
  • Business Trends and Architecture Requirements
  • IT Consumerization
  • New Business Needs
  • Cloud Computing
  • Changing Threat Landscape
  • Privacy and Regulatory Requirements
  • New Architecture
  • Trust Calculation
  • Source Score
  • Destination Score
  • Available Controls
  • Calculating Trust
  • Security Zones
  • Untrusted Zones
  • Selective Zones
  • Trusted Zones
  • Balanced Controls
  • Users and Data: The New Perimeters
  • Data Perimeter
  • User Perimeter
  • Conclusion
  • Chapter 8: Looking to the Future
  • Internet of Things
  • Compute Continuum
  • Cloud Computing
  • Business Intelligence and Big Data
  • Business Benefits and Risks
  • New Security Capabilities
  • Baseline Security
  • Protected Environments
  • Encryption
  • Hardware Acceleration
  • Enhanced Recovery
  • Integration with Security Software and Other Applications
  • Context-Aware Security
  • Cloud Security and Context Awareness
  • Business Intelligence and Data Protection.
  • Conclusion: The Implications for CISOs
  • Chapter 9: The 21st Century CISO
  • Chief Information Risk Officer
  • The Z-Shaped Individual
  • Foundational Skills
  • Becoming a Storyteller
  • Fear Is Junk Food
  • Accentuating the Positive
  • Demonstrating the Reality of Risk
  • The CISO's Sixth Sense
  • Taking Action at the Speed of Trust
  • The CISO As a Leader
  • Learning from Other Business Leaders
  • Looking to the Future
  • Chapter 10: References
  • Index.

Similar Items