skip to content
Practical risk management for the CIO Preview this item
ClosePreview this item

Practical risk management for the CIO

Author: Mark Scherling
Publisher: Boca Raton : CRC Press/Auerbach Book, ©2011.
Edition/Format:   eBook : Document : EnglishView all editions and formats

(not yet rated) 0 with reviews - Be the first.

More like this


Find a copy online

Links to this item

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...


Genre/Form: Electronic books
Additional Physical Format: Print version:
Scherling, Mark.
Practical risk management for the CIO.
Boca Raton : Auerbach Publications, 2011
(DLC) 2011017505
Material Type: Document, Internet resource
Document Type: Internet Resource, Computer File
All Authors / Contributors: Mark Scherling
ISBN: 9781439856543 1439856540
OCLC Number: 725921846
Description: 1 online resource (xiv, 370 pages) : illustrations
Contents: Introduction: Why Risk Management? Liability Personal Data Disclosed or Stolen Intellectual Property Lost or Stolen Wrong Decisions Made Liability Risks Service Delivery Transaction Centric Information Centric Risks to Service Delivery Risks to the CIO PRINCIPLES AND CONCEPTS Overview Market Risks Budget Risks People Risks Technology Risks Operational Risks Information Risks Control Risks Detection Risks Risk Treatment Basic Concepts, Principles, and Practices Concepts Risk IT Framework Principles ISO 31000 Risk Management Principles Other Risk Management Principles Summary: Risk Management and Risk IT Principles Information Security Principles Accountability Principle Awareness Principle Ethics Principle Multidisciplinary Principle Proportionality Principle Integration Principle Timeliness Principle Assessment Principle Equity Principle Information Management Principles Value Life Cycle Reuse Proliferates Quickly Dependencies Principles Risk Assessment, Analysis, and Procedures Making Decisions: Fact or Fiction? How Do You Decide? Confidence Ranking Process Facts Calculations Estimations Guesses Risk Management Starts with the Individual Managing Risky People Risk Management Profiling and Risk Culture Measuring Risks or Uncertainty How to Measure Risks Identify the Risk Consensus of the Risk Analysis of Risk Mitigate the Risk Monitor the Risk Reassess the Risk Performing a Risk Assessment Team or Committee Selection Step 1: Define Parameters Taxonomy of Risk Types Scope, Time Frame, Complexity, and Stakeholders Step 2: Identify Risks and Impacts Step 3: Consensus of Risks and Impacts Step 4 Risks and Impacts Analysis Step 5: Prioritize Risks and Impacts Step 6: Review Existing Controls Step 7: Risks and Impacts Mitigation Analysis Step 8: Costing, Prioritization, and Decisions Step 9: Implementation Step 10: Review Metrics User Experienced Metrics Best Practices Principles and Concepts: Section Summary Part II: SERVICE DELIVERY Product Management Products You Deliver as a CIO Information Delivery: How Information Flows in Your Organization Organizing IT for Information Delivery, Management, and Protection Process Management Project Management Projects Risk Ranking Vulnerability Scanning Reporting IT Service Management Opportunity Capacity Reporting on Service Delivery Service Delivery: Section Summary LIABILITIES MANAGEMENT Information Management The Value of Information Classify Your Information: Value and Categories Value/Sensitivity of Information Categories of Information Controlled Vocabulary, Taxonomies, Keywords, and Search Controlled Vocabularies Summary Identify Information Assets Information Has a Life Cycle Database Information Life Cycle Information Flows Information Flow Analysis Information Management Strategy Designing Information Management across Large Organizations Steps to Better Information Management Information Protection Security Controls Essential Controls Personnel (Includes Management and Operations) Technology Information Ingress Egress Database Security and Monitoring Defense in Depth Audit and Compliance Documentation Information Security Architecture Reporting on Information Security FISMA, NIST, and FIPS Why What Specifications for Minimum Security Requirements How Payment Card Industry Data Security Standard Analysis of Good Information Security Practices Employee, Hacker, Insider, or Outsider Insiders Employees Partners Contractors Outsourced Insider Threats Insider Controls Outsiders General Public Hackers Customers, Clients, Others Outsider Threats Outsider Controls Data Loss Prevention/Information Knowledge Leakage Database Solutions Network and End-Point Solutions Portable Device Control Defining the Risk Deploying DLP Solutions Paper: Print, Keep, Shred E-Discovery Rules and Obligations Standard of Proof E-Discovery Process Information Management Collection and Preservation Production Presentation Summary of E-Discovery Privacy Policies and Procedures Writing Good Policies Communicating Policy Enforcing Policy Writing Good Procedures Following Procedures Next-Generation Policies and Procedures Planning for Big Failures or Business Continuity Business Resilience and Redundancy Business Continuity Management Liabilities Management: Section Summary PUTTING IT ALL TOGETHER Designing a Risk Management Strategy External Factors Organization Structure Identify Assets Compliance Requirements Risk Management Profiles Risk Culture Governance Risk Management Strategy for Service Delivery Risk Management Strategy for Liabilities Consolidated Risk Management Strategy Risk Management Framework: Outline Maintain Risk Management Program Resourcing a Risk Management Program Forward-Looking Risk Management Preparing for a "Black Swan" Conclusion Appendices: OECD Privacy Principles Project Profiling Risk Assessment Risk Impact Scales Classification Schema Bibliography Index
Responsibility: Mark Scherling.
More information:


Editorial reviews

Publisher Synopsis

This is an exceptionally well-written primer for anyone responsible for corporate information risk management. ... It's obvious that the author has regularly encountered and solved the problems he Read more...

User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...


Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Linked Data

Primary Entity

<> # Practical risk management for the CIO
    a schema:MediaObject, schema:CreativeWork, schema:Book ;
    library:oclcnum "725921846" ;
    library:placeOfPublication <> ;
    library:placeOfPublication <> ; # Boca Raton
    schema:about <> ; # Risk management
    schema:about <> ; # BUSINESS & ECONOMICS--Organizational Development
    schema:about <> ; # Chief information officers
    schema:about <> ; # Information technology--Security measures
    schema:about <> ; # BUSINESS & ECONOMICS--Corporate Governance
    schema:about <> ; # Information technology--Security measures
    schema:about <> ; # Computer networks--Security measures
    schema:about <> ; # BUSINESS & ECONOMICS--Workplace Culture
    schema:about <> ; # Computer networks--Security measures
    schema:about <> ;
    schema:about <> ; # BUSINESS & ECONOMICS--Leadership
    schema:about <> ; # Data protection
    schema:bookFormat schema:EBook ;
    schema:copyrightYear "2011" ;
    schema:creator <> ; # Mark Scherling
    schema:datePublished "2011" ;
    schema:exampleOfWork <> ;
    schema:genre "Electronic books"@en ;
    schema:inLanguage "en" ;
    schema:isSimilarTo <> ;
    schema:name "Practical risk management for the CIO"@en ;
    schema:productID "725921846" ;
    schema:publication <> ;
    schema:publisher <> ; # CRC Press/Auerbach Book
    schema:url <> ;
    schema:url <> ;
    schema:url <> ;
    schema:url <> ;
    schema:url <> ;
    schema:workExample <> ;
    wdrs:describedby <> ;

Related Entities

<> # CRC Press/Auerbach Book
    a bgn:Agent ;
    schema:name "CRC Press/Auerbach Book" ;

<> # BUSINESS & ECONOMICS--Corporate Governance
    a schema:Intangible ;
    schema:name "BUSINESS & ECONOMICS--Corporate Governance"@en ;

<> # BUSINESS & ECONOMICS--Leadership
    a schema:Intangible ;
    schema:name "BUSINESS & ECONOMICS--Leadership"@en ;

<> # BUSINESS & ECONOMICS--Organizational Development
    a schema:Intangible ;
    schema:name "BUSINESS & ECONOMICS--Organizational Development"@en ;

<> # BUSINESS & ECONOMICS--Workplace Culture
    a schema:Intangible ;
    schema:name "BUSINESS & ECONOMICS--Workplace Culture"@en ;

<> # Chief information officers
    a schema:Intangible ;
    schema:name "Chief information officers"@en ;

<> # Computer networks--Security measures
    a schema:Intangible ;
    schema:name "Computer networks--Security measures"@en ;

<> # Information technology--Security measures
    a schema:Intangible ;
    schema:name "Information technology--Security measures"@en ;

<> # Information technology--Security measures
    a schema:Intangible ;
    schema:name "Information technology--Security measures"@en ;

<> # Computer networks--Security measures
    a schema:Intangible ;
    schema:name "Computer networks--Security measures"@en ;

<> # Mark Scherling
    a schema:Person ;
    schema:familyName "Scherling" ;
    schema:givenName "Mark" ;
    schema:name "Mark Scherling" ;

    a schema:ProductModel ;
    schema:isbn "1439856540" ;
    schema:isbn "9781439856543" ;

    a schema:CreativeWork ;
    rdfs:label "Practical risk management for the CIO." ;
    schema:description "Print version:" ;
    schema:isSimilarTo <> ; # Practical risk management for the CIO

Content-negotiable representations

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.