Find a copy in the library
Find it in libraries globally
|Additional Physical Format:||Print version:
Practical risk management for the CIO.
Boca Raton : Auerbach Publications, 2011
|Material Type:||Document, Internet resource|
|Document Type:||Internet Resource, Computer File|
|All Authors / Contributors:||
|Description:||1 online resource (xiv, 370 pages) : illustrations|
|Contents:||Introduction: Why Risk Management? Liability Personal Data Disclosed or Stolen Intellectual Property Lost or Stolen Wrong Decisions Made Liability Risks Service Delivery Transaction Centric Information Centric Risks to Service Delivery Risks to the CIO PRINCIPLES AND CONCEPTS Overview Market Risks Budget Risks People Risks Technology Risks Operational Risks Information Risks Control Risks Detection Risks Risk Treatment Basic Concepts, Principles, and Practices Concepts Risk IT Framework Principles ISO 31000 Risk Management Principles Other Risk Management Principles Summary: Risk Management and Risk IT Principles Information Security Principles Accountability Principle Awareness Principle Ethics Principle Multidisciplinary Principle Proportionality Principle Integration Principle Timeliness Principle Assessment Principle Equity Principle Information Management Principles Value Life Cycle Reuse Proliferates Quickly Dependencies Principles Risk Assessment, Analysis, and Procedures Making Decisions: Fact or Fiction? How Do You Decide? Confidence Ranking Process Facts Calculations Estimations Guesses Risk Management Starts with the Individual Managing Risky People Risk Management Profiling and Risk Culture Measuring Risks or Uncertainty How to Measure Risks Identify the Risk Consensus of the Risk Analysis of Risk Mitigate the Risk Monitor the Risk Reassess the Risk Performing a Risk Assessment Team or Committee Selection Step 1: Define Parameters Taxonomy of Risk Types Scope, Time Frame, Complexity, and Stakeholders Step 2: Identify Risks and Impacts Step 3: Consensus of Risks and Impacts Step 4 Risks and Impacts Analysis Step 5: Prioritize Risks and Impacts Step 6: Review Existing Controls Step 7: Risks and Impacts Mitigation Analysis Step 8: Costing, Prioritization, and Decisions Step 9: Implementation Step 10: Review Metrics User Experienced Metrics Best Practices Principles and Concepts: Section Summary Part II: SERVICE DELIVERY Product Management Products You Deliver as a CIO Information Delivery: How Information Flows in Your Organization Organizing IT for Information Delivery, Management, and Protection Process Management Project Management Projects Risk Ranking Vulnerability Scanning Reporting IT Service Management Opportunity Capacity Reporting on Service Delivery Service Delivery: Section Summary LIABILITIES MANAGEMENT Information Management The Value of Information Classify Your Information: Value and Categories Value/Sensitivity of Information Categories of Information Controlled Vocabulary, Taxonomies, Keywords, and Search Controlled Vocabularies Summary Identify Information Assets Information Has a Life Cycle Database Information Life Cycle Information Flows Information Flow Analysis Information Management Strategy Designing Information Management across Large Organizations Steps to Better Information Management Information Protection Security Controls Essential Controls Personnel (Includes Management and Operations) Technology Information Ingress Egress Database Security and Monitoring Defense in Depth Audit and Compliance Documentation Information Security Architecture Reporting on Information Security FISMA, NIST, and FIPS Why What Specifications for Minimum Security Requirements How Payment Card Industry Data Security Standard Analysis of Good Information Security Practices Employee, Hacker, Insider, or Outsider Insiders Employees Partners Contractors Outsourced Insider Threats Insider Controls Outsiders General Public Hackers Customers, Clients, Others Outsider Threats Outsider Controls Data Loss Prevention/Information Knowledge Leakage Database Solutions Network and End-Point Solutions Portable Device Control Defining the Risk Deploying DLP Solutions Paper: Print, Keep, Shred E-Discovery Rules and Obligations Standard of Proof E-Discovery Process Information Management Collection and Preservation Production Presentation Summary of E-Discovery Privacy Policies and Procedures Writing Good Policies Communicating Policy Enforcing Policy Writing Good Procedures Following Procedures Next-Generation Policies and Procedures Planning for Big Failures or Business Continuity Business Resilience and Redundancy Business Continuity Management Liabilities Management: Section Summary PUTTING IT ALL TOGETHER Designing a Risk Management Strategy External Factors Organization Structure Identify Assets Compliance Requirements Risk Management Profiles Risk Culture Governance Risk Management Strategy for Service Delivery Risk Management Strategy for Liabilities Consolidated Risk Management Strategy Risk Management Framework: Outline Maintain Risk Management Program Resourcing a Risk Management Program Forward-Looking Risk Management Preparing for a "Black Swan" Conclusion Appendices: OECD Privacy Principles Project Profiling Risk Assessment Risk Impact Scales Classification Schema Bibliography Index|
This is an exceptionally well-written primer for anyone responsible for corporate information risk management. ... It's obvious that the author has regularly encountered and solved the problems he
- Data protection.
- Risk management.
- Information technology -- Security measures.
- Computer networks -- Security measures.
- Chief information officers.
- BUSINESS & ECONOMICS -- Workplace Culture.
- BUSINESS & ECONOMICS -- Corporate Governance.
- BUSINESS & ECONOMICS -- Leadership.
- BUSINESS & ECONOMICS -- Organizational Development.