skip to content
Practical risk management for the CIO Preview this item
ClosePreview this item

Practical risk management for the CIO

Author: Mark Scherling
Publisher: Boca Raton : CRC Press/Auerbach Book, ©2011.
Edition/Format:   eBook : Document : EnglishView all editions and formats
Database:WorldCat
Getting this item's online copy... Getting this item's online copy...

Find a copy in the library

Getting this item's location and availability... Getting this item's location and availability...

WorldCat

Find it in libraries globally
Worldwide libraries own this item

Details

Genre/Form: Electronic books
Additional Physical Format: Print version:
Scherling, Mark.
Practical risk management for the CIO.
Boca Raton : Auerbach Publications, 2011
(DLC) 2011017505
(OCoLC)659750473
Material Type: Document, Internet resource
Document Type: Internet Resource, Computer File
All Authors / Contributors: Mark Scherling
ISBN: 9781439856543 1439856540
OCLC Number: 725921846
Description: 1 online resource (xiv, 370 pages) : illustrations
Contents: Introduction: Why Risk Management? Liability Personal Data Disclosed or Stolen Intellectual Property Lost or Stolen Wrong Decisions Made Liability Risks Service Delivery Transaction Centric Information Centric Risks to Service Delivery Risks to the CIO PRINCIPLES AND CONCEPTS Overview Market Risks Budget Risks People Risks Technology Risks Operational Risks Information Risks Control Risks Detection Risks Risk Treatment Basic Concepts, Principles, and Practices Concepts Risk IT Framework Principles ISO 31000 Risk Management Principles Other Risk Management Principles Summary: Risk Management and Risk IT Principles Information Security Principles Accountability Principle Awareness Principle Ethics Principle Multidisciplinary Principle Proportionality Principle Integration Principle Timeliness Principle Assessment Principle Equity Principle Information Management Principles Value Life Cycle Reuse Proliferates Quickly Dependencies Principles Risk Assessment, Analysis, and Procedures Making Decisions: Fact or Fiction? How Do You Decide? Confidence Ranking Process Facts Calculations Estimations Guesses Risk Management Starts with the Individual Managing Risky People Risk Management Profiling and Risk Culture Measuring Risks or Uncertainty How to Measure Risks Identify the Risk Consensus of the Risk Analysis of Risk Mitigate the Risk Monitor the Risk Reassess the Risk Performing a Risk Assessment Team or Committee Selection Step 1: Define Parameters Taxonomy of Risk Types Scope, Time Frame, Complexity, and Stakeholders Step 2: Identify Risks and Impacts Step 3: Consensus of Risks and Impacts Step 4 Risks and Impacts Analysis Step 5: Prioritize Risks and Impacts Step 6: Review Existing Controls Step 7: Risks and Impacts Mitigation Analysis Step 8: Costing, Prioritization, and Decisions Step 9: Implementation Step 10: Review Metrics User Experienced Metrics Best Practices Principles and Concepts: Section Summary Part II: SERVICE DELIVERY Product Management Products You Deliver as a CIO Information Delivery: How Information Flows in Your Organization Organizing IT for Information Delivery, Management, and Protection Process Management Project Management Projects Risk Ranking Vulnerability Scanning Reporting IT Service Management Opportunity Capacity Reporting on Service Delivery Service Delivery: Section Summary LIABILITIES MANAGEMENT Information Management The Value of Information Classify Your Information: Value and Categories Value/Sensitivity of Information Categories of Information Controlled Vocabulary, Taxonomies, Keywords, and Search Controlled Vocabularies Summary Identify Information Assets Information Has a Life Cycle Database Information Life Cycle Information Flows Information Flow Analysis Information Management Strategy Designing Information Management across Large Organizations Steps to Better Information Management Information Protection Security Controls Essential Controls Personnel (Includes Management and Operations) Technology Information Ingress Egress Database Security and Monitoring Defense in Depth Audit and Compliance Documentation Information Security Architecture Reporting on Information Security FISMA, NIST, and FIPS Why What Specifications for Minimum Security Requirements How Payment Card Industry Data Security Standard Analysis of Good Information Security Practices Employee, Hacker, Insider, or Outsider Insiders Employees Partners Contractors Outsourced Insider Threats Insider Controls Outsiders General Public Hackers Customers, Clients, Others Outsider Threats Outsider Controls Data Loss Prevention/Information Knowledge Leakage Database Solutions Network and End-Point Solutions Portable Device Control Defining the Risk Deploying DLP Solutions Paper: Print, Keep, Shred E-Discovery Rules and Obligations Standard of Proof E-Discovery Process Information Management Collection and Preservation Production Presentation Summary of E-Discovery Privacy Policies and Procedures Writing Good Policies Communicating Policy Enforcing Policy Writing Good Procedures Following Procedures Next-Generation Policies and Procedures Planning for Big Failures or Business Continuity Business Resilience and Redundancy Business Continuity Management Liabilities Management: Section Summary PUTTING IT ALL TOGETHER Designing a Risk Management Strategy External Factors Organization Structure Identify Assets Compliance Requirements Risk Management Profiles Risk Culture Governance Risk Management Strategy for Service Delivery Risk Management Strategy for Liabilities Consolidated Risk Management Strategy Risk Management Framework: Outline Maintain Risk Management Program Resourcing a Risk Management Program Forward-Looking Risk Management Preparing for a "Black Swan" Conclusion Appendices: OECD Privacy Principles Project Profiling Risk Assessment Risk Impact Scales Classification Schema Bibliography Index
Responsibility: Mark Scherling.
Retrieving notes about this item Retrieving notes about this item

Reviews

Editorial reviews

Publisher Synopsis

This is an exceptionally well-written primer for anyone responsible for corporate information risk management. ... It's obvious that the author has regularly encountered and solved the problems he Read more...

 
User-contributed reviews

Tags

Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.