Author: Ohad Samet
Publisher: "O'Reilly Media, Inc."
ISBN: 1449368913
Category : Computers
Languages : en
Pages : 29
Book Description
If you've been tasked with building a team to handle risk management for online payments (RMP), this practical introduction provides a framework for choosing the technologies and personnel you need. Author and financial services executive Ohad Samet explains the components of payments risk management, and presents a coherent strategy and operational approach. You'll learn the answers to questions you're likely to encounter in the first 18 months of operation, with information that Samet has shaped and tested over several years in the industry. This book is ideal whether you intend to be a one-person task force or work with dozens of agents and analysts. Use both a portfolio and behavioral approach to analyzing and optimizing losses Learn about your customers to determine if they can and will meet obligations Build an RMP team for payment risk operations, analytics, and decision automation Use linking mechanisms and velocity models to detect unusual activity among your customers Design system and data architecture to facilitate your activity analysis Implement the decision and loss-reduction mechanisms you need to act on your findings
Introduction to Online Payments Risk Management
Author: Ohad Samet
Publisher: "O'Reilly Media, Inc."
ISBN: 1449368913
Category : Computers
Languages : en
Pages : 29
Book Description
If you've been tasked with building a team to handle risk management for online payments (RMP), this practical introduction provides a framework for choosing the technologies and personnel you need. Author and financial services executive Ohad Samet explains the components of payments risk management, and presents a coherent strategy and operational approach. You'll learn the answers to questions you're likely to encounter in the first 18 months of operation, with information that Samet has shaped and tested over several years in the industry. This book is ideal whether you intend to be a one-person task force or work with dozens of agents and analysts. Use both a portfolio and behavioral approach to analyzing and optimizing losses Learn about your customers to determine if they can and will meet obligations Build an RMP team for payment risk operations, analytics, and decision automation Use linking mechanisms and velocity models to detect unusual activity among your customers Design system and data architecture to facilitate your activity analysis Implement the decision and loss-reduction mechanisms you need to act on your findings
Publisher: "O'Reilly Media, Inc."
ISBN: 1449368913
Category : Computers
Languages : en
Pages : 29
Book Description
If you've been tasked with building a team to handle risk management for online payments (RMP), this practical introduction provides a framework for choosing the technologies and personnel you need. Author and financial services executive Ohad Samet explains the components of payments risk management, and presents a coherent strategy and operational approach. You'll learn the answers to questions you're likely to encounter in the first 18 months of operation, with information that Samet has shaped and tested over several years in the industry. This book is ideal whether you intend to be a one-person task force or work with dozens of agents and analysts. Use both a portfolio and behavioral approach to analyzing and optimizing losses Learn about your customers to determine if they can and will meet obligations Build an RMP team for payment risk operations, analytics, and decision automation Use linking mechanisms and velocity models to detect unusual activity among your customers Design system and data architecture to facilitate your activity analysis Implement the decision and loss-reduction mechanisms you need to act on your findings
Assessing and Managing Risk in Psychological Practice
Author: Samuel Knapp
Publisher:
ISBN: 9780989122108
Category : Psychologists
Languages : en
Pages : 286
Book Description
The Second Edition of Assessing and Managing Risk in Psychological Practice: An Individualized Approach adds significant new content to its coverage of the basic principles of risk management and its descriptions of how risk management strategies can be applied to specific areas of professional practice. This includes work with children and families, forensic psychology, assessment, psychotherapy, and other emerging areas of practice. Special attention is given to applying risk management principles in accordance with overarching ethical principles with the goal of improving the quality of services provided. The Second Edition will help readers: • Identify the contexts or circumstances that increase the risk of a disciplinary complaint; • Integrate the risk management strategies (documentation, informed consent, and consultation) based on overarching ethical principles into their practices; • Adapt patient-focused risk management strategies according to Bloom’s Taxonomy of Learning; • Describe unique ethical and legal risks and practice concerns when considering issues of competence, multiple relationships, and confidentiality; • Describe unique ethical and legal risks and practice concerns when treating couples, children or families, patients who threaten to harm themselves or others, or other difficult patients; • Describe unique ethical and legal risks and practice concerns when engaging in assessment, court appearances, or acting as a consultant or supervisor; and • Describe unique ethical and legal risks and practice concerns when billing for services, considering retirement, or purchasing professional liability insurance. Note that this publication is available in eBook formats.
Publisher:
ISBN: 9780989122108
Category : Psychologists
Languages : en
Pages : 286
Book Description
The Second Edition of Assessing and Managing Risk in Psychological Practice: An Individualized Approach adds significant new content to its coverage of the basic principles of risk management and its descriptions of how risk management strategies can be applied to specific areas of professional practice. This includes work with children and families, forensic psychology, assessment, psychotherapy, and other emerging areas of practice. Special attention is given to applying risk management principles in accordance with overarching ethical principles with the goal of improving the quality of services provided. The Second Edition will help readers: • Identify the contexts or circumstances that increase the risk of a disciplinary complaint; • Integrate the risk management strategies (documentation, informed consent, and consultation) based on overarching ethical principles into their practices; • Adapt patient-focused risk management strategies according to Bloom’s Taxonomy of Learning; • Describe unique ethical and legal risks and practice concerns when considering issues of competence, multiple relationships, and confidentiality; • Describe unique ethical and legal risks and practice concerns when treating couples, children or families, patients who threaten to harm themselves or others, or other difficult patients; • Describe unique ethical and legal risks and practice concerns when engaging in assessment, court appearances, or acting as a consultant or supervisor; and • Describe unique ethical and legal risks and practice concerns when billing for services, considering retirement, or purchasing professional liability insurance. Note that this publication is available in eBook formats.
Managing Online Risk
Author: Deborah Gonzalez
Publisher: Butterworth-Heinemann
ISBN: 0124200605
Category : Business & Economics
Languages : en
Pages : 287
Book Description
In recent years, building a corporate online presence has become nonnegotiable for businesses, as consumers expect to connect with them in as many ways as possible. There are benefits to companies that use online technology, but there are risks as well. Managing Online Risk presents the tools and resources needed to better understand the security and reputational risks of online and digital activity, and how to mitigate those risks to minimize potential losses. Managing Online Risk highlights security and risk management best practices that address concerns such as data collection and storage, liability, recruitment, employee communications, compliance violations, security of devices (in contexts like mobile, apps, and cloud computing), and more. Additionally, this book offers a companion website that was developed in parallel with the book and includes the latest updates and resources for topics covered in the book. Explores the risks associated with online and digital activity and covers the latest technologies, such as social media and mobile devices Includes interviews with risk management experts and company executives, case studies, checklists, and policy samples A website with related content and updates (including video) is also available
Publisher: Butterworth-Heinemann
ISBN: 0124200605
Category : Business & Economics
Languages : en
Pages : 287
Book Description
In recent years, building a corporate online presence has become nonnegotiable for businesses, as consumers expect to connect with them in as many ways as possible. There are benefits to companies that use online technology, but there are risks as well. Managing Online Risk presents the tools and resources needed to better understand the security and reputational risks of online and digital activity, and how to mitigate those risks to minimize potential losses. Managing Online Risk highlights security and risk management best practices that address concerns such as data collection and storage, liability, recruitment, employee communications, compliance violations, security of devices (in contexts like mobile, apps, and cloud computing), and more. Additionally, this book offers a companion website that was developed in parallel with the book and includes the latest updates and resources for topics covered in the book. Explores the risks associated with online and digital activity and covers the latest technologies, such as social media and mobile devices Includes interviews with risk management experts and company executives, case studies, checklists, and policy samples A website with related content and updates (including video) is also available
Risk Management for Enterprises and Individuals
Author: Baranoff
Publisher:
ISBN: 9781936126187
Category : Electronic book
Languages : en
Pages :
Book Description
Publisher:
ISBN: 9781936126187
Category : Electronic book
Languages : en
Pages :
Book Description
Risk Management
Author: Céline Bérard
Publisher: John Wiley & Sons
ISBN: 1786301652
Category : Business & Economics
Languages : en
Pages : 324
Book Description
Risk management practices are growing both in number and complexity in businesses, notably driven by new regulatory standards that feature risk management at their core. Although large businesses are more likely to adopt a formal, holistic approach to risk management, the stakes are just as high for SMEs. Risk management in SMEs can contribute to a certain organizational, entrepreneurial and partnership dynamic which constitutes a real opportunity to evolve practices and improve performance. This book offers varied responses to this question by combining conceptual approaches, empirical illustrations and the associated managerial implications.
Publisher: John Wiley & Sons
ISBN: 1786301652
Category : Business & Economics
Languages : en
Pages : 324
Book Description
Risk management practices are growing both in number and complexity in businesses, notably driven by new regulatory standards that feature risk management at their core. Although large businesses are more likely to adopt a formal, holistic approach to risk management, the stakes are just as high for SMEs. Risk management in SMEs can contribute to a certain organizational, entrepreneurial and partnership dynamic which constitutes a real opportunity to evolve practices and improve performance. This book offers varied responses to this question by combining conceptual approaches, empirical illustrations and the associated managerial implications.
Managing Risk in Information Systems
Author: Darril Gibson
Publisher: Jones & Bartlett Publishers
ISBN: 1284055965
Category : Computers
Languages : en
Pages : 480
Book Description
This second edition provides a comprehensive overview of the SSCP Risk, Response, and Recovery Domain in addition to providing a thorough overview of risk management and its implications on IT infrastructures and compliance. Written by industry experts, and using a wealth of examples and exercises, this book incorporates hands-on activities to walk the reader through the fundamentals of risk management, strategies and approaches for mitigating risk, and the anatomy of how to create a plan that reduces risk. It provides a modern and comprehensive view of information security policies and frameworks; examines the technical knowledge and software skills required for policy implementation; explores the creation of an effective IT security policy framework; discusses the latest governance, regulatory mandates, business drives, legal considerations, and much more. --
Publisher: Jones & Bartlett Publishers
ISBN: 1284055965
Category : Computers
Languages : en
Pages : 480
Book Description
This second edition provides a comprehensive overview of the SSCP Risk, Response, and Recovery Domain in addition to providing a thorough overview of risk management and its implications on IT infrastructures and compliance. Written by industry experts, and using a wealth of examples and exercises, this book incorporates hands-on activities to walk the reader through the fundamentals of risk management, strategies and approaches for mitigating risk, and the anatomy of how to create a plan that reduces risk. It provides a modern and comprehensive view of information security policies and frameworks; examines the technical knowledge and software skills required for policy implementation; explores the creation of an effective IT security policy framework; discusses the latest governance, regulatory mandates, business drives, legal considerations, and much more. --
Ethics and Risk Management in Online and Distance Social Work
Author: Frederic G. Reamer
Publisher: Cognella Academic Publishing
ISBN: 9781793519498
Category :
Languages : en
Pages :
Book Description
Timely and essential, Ethics and Risk Management in Online and Distance Social Work identifies pertinent ethical challenges and ethically related risk-management issues that social workers should consider when using digital technology to assist people in need. The text illuminates how the use of technology is influenced by traditional ethics concepts, including consent, privacy, confidentiality, professional boundaries, documentation, and other issues. The text begins by discussing how social workers today are leveraging technology to provide services to clients and the importance of continually considering the ethical issues involved in using such communication methods. It addresses the specific ethical issues involved in video counseling, cybertherapy, text messaging, self-guided web-based interventions, smartphone apps, and other forms of digital communication. Ethical, regulatory, and practice standards are covered, as well as challenges in integrated health and social work educational settings. The final chapter is dedicated to preventing and managing ethical and legal risk. Ethics and Risk Management in Online and Distance Social Work is an ideal textbook for advanced courses in social work. It is also an excellent resource for social workers interested in incorporating online or distance communication in their practice.
Publisher: Cognella Academic Publishing
ISBN: 9781793519498
Category :
Languages : en
Pages :
Book Description
Timely and essential, Ethics and Risk Management in Online and Distance Social Work identifies pertinent ethical challenges and ethically related risk-management issues that social workers should consider when using digital technology to assist people in need. The text illuminates how the use of technology is influenced by traditional ethics concepts, including consent, privacy, confidentiality, professional boundaries, documentation, and other issues. The text begins by discussing how social workers today are leveraging technology to provide services to clients and the importance of continually considering the ethical issues involved in using such communication methods. It addresses the specific ethical issues involved in video counseling, cybertherapy, text messaging, self-guided web-based interventions, smartphone apps, and other forms of digital communication. Ethical, regulatory, and practice standards are covered, as well as challenges in integrated health and social work educational settings. The final chapter is dedicated to preventing and managing ethical and legal risk. Ethics and Risk Management in Online and Distance Social Work is an ideal textbook for advanced courses in social work. It is also an excellent resource for social workers interested in incorporating online or distance communication in their practice.
Essentials of Financial Risk Management
Author: Karen A. Horcher
Publisher: John Wiley & Sons
ISBN: 1118160975
Category : Business & Economics
Languages : en
Pages : 155
Book Description
A concise introduction to financial risk management strategies, policies, and techniques This ideal guide for business professionals focuses on strategic and management issues associated with financial risk. Essentials of Financial Risk Management identifies risk-mitigation policies and strategies; suggestions for determining an organization's risk tolerance; and sources of risk associated with currency exchange rates, interest rates, credit exposure, commodity prices, and other related events. Examples illustrate risk scenarios and offer tips on an array of management alternatives, including changes in the way business is conducted and hedging strategies involving derivatives.
Publisher: John Wiley & Sons
ISBN: 1118160975
Category : Business & Economics
Languages : en
Pages : 155
Book Description
A concise introduction to financial risk management strategies, policies, and techniques This ideal guide for business professionals focuses on strategic and management issues associated with financial risk. Essentials of Financial Risk Management identifies risk-mitigation policies and strategies; suggestions for determining an organization's risk tolerance; and sources of risk associated with currency exchange rates, interest rates, credit exposure, commodity prices, and other related events. Examples illustrate risk scenarios and offer tips on an array of management alternatives, including changes in the way business is conducted and hedging strategies involving derivatives.
Bow Ties in Risk Management
Author: CCPS (Center for Chemical Process Safety)
Publisher: John Wiley & Sons
ISBN: 1119490391
Category : Technology & Engineering
Languages : en
Pages : 224
Book Description
AN AUTHORITATIVE GUIDE THAT EXPLAINS THE EFFECTIVENESS AND IMPLEMENTATION OF BOW TIE ANALYSIS, A QUALITATIVE RISK ASSESSMENT AND BARRIER MANAGEMENT METHODOLOGY From a collaborative effort of the Center for Chemical Process Safety (CCPS) and the Energy Institute (EI) comes an invaluable book that puts the focus on a specific qualitative risk management methodology – bow tie barrier analysis. The book contains practical advice for conducting an effective bow tie analysis and offers guidance for creating bow tie diagrams for process safety and risk management. Bow Ties in Risk Management clearly shows how bow tie analysis and diagrams fit into an overall process safety and risk management framework. Implementing the methods outlined in this book will improve the quality of bow tie analysis and bow tie diagrams across an organization and the industry. This important guide: Explains the proven concept of bow tie barrier analysis for the preventing and mitigation of incident pathways, especially related to major accidents Shows how to avoid common pitfalls and is filled with real-world examples Explains the practical application of the bow tie method throughout an organization Reveals how to treat human and organizational factors in a sound and practical manner Includes additional material available online Although this book is written primarily for anyone involved with or responsible for managing process safety risks, this book is applicable to anyone using bow tie risk management practices in other safety and environmental or Enterprise Risk Management applications. It is designed for a wide audience, from beginners with little to no background in barrier management, to experienced professionals who may already be familiar with bow ties, their elements, the methodology, and their relation to risk management. The missions of both the CCPS and EI include developing and disseminating knowledge, skills, and good practices to protect people, property and the environment by bringing the best knowledge and practices to industry, academia, governments and the public around the world through collective wisdom, tools, training and expertise. The CCPS has been at the forefront of documenting and sharing important process safety risk assessment methodologies for more than 30 years. The EI's Technical Work Program addresses the depth and breadth of the energy sector, from fuels and fuels distribution to health and safety, sustainability and the environment. The EI program provides cost-effective, value-adding knowledge on key current and future international issues affecting those in the energy sector.
Publisher: John Wiley & Sons
ISBN: 1119490391
Category : Technology & Engineering
Languages : en
Pages : 224
Book Description
AN AUTHORITATIVE GUIDE THAT EXPLAINS THE EFFECTIVENESS AND IMPLEMENTATION OF BOW TIE ANALYSIS, A QUALITATIVE RISK ASSESSMENT AND BARRIER MANAGEMENT METHODOLOGY From a collaborative effort of the Center for Chemical Process Safety (CCPS) and the Energy Institute (EI) comes an invaluable book that puts the focus on a specific qualitative risk management methodology – bow tie barrier analysis. The book contains practical advice for conducting an effective bow tie analysis and offers guidance for creating bow tie diagrams for process safety and risk management. Bow Ties in Risk Management clearly shows how bow tie analysis and diagrams fit into an overall process safety and risk management framework. Implementing the methods outlined in this book will improve the quality of bow tie analysis and bow tie diagrams across an organization and the industry. This important guide: Explains the proven concept of bow tie barrier analysis for the preventing and mitigation of incident pathways, especially related to major accidents Shows how to avoid common pitfalls and is filled with real-world examples Explains the practical application of the bow tie method throughout an organization Reveals how to treat human and organizational factors in a sound and practical manner Includes additional material available online Although this book is written primarily for anyone involved with or responsible for managing process safety risks, this book is applicable to anyone using bow tie risk management practices in other safety and environmental or Enterprise Risk Management applications. It is designed for a wide audience, from beginners with little to no background in barrier management, to experienced professionals who may already be familiar with bow ties, their elements, the methodology, and their relation to risk management. The missions of both the CCPS and EI include developing and disseminating knowledge, skills, and good practices to protect people, property and the environment by bringing the best knowledge and practices to industry, academia, governments and the public around the world through collective wisdom, tools, training and expertise. The CCPS has been at the forefront of documenting and sharing important process safety risk assessment methodologies for more than 30 years. The EI's Technical Work Program addresses the depth and breadth of the energy sector, from fuels and fuels distribution to health and safety, sustainability and the environment. The EI program provides cost-effective, value-adding knowledge on key current and future international issues affecting those in the energy sector.
Managing Risk and Information Security
Author: Malcolm Harkins
Publisher: Apress
ISBN: 143025114X
Category : Computers
Languages : en
Pages : 145
Book Description
Managing Risk and Information Security: Protect to Enable, an ApressOpen title, describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This compact book discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies—such as social media and the huge proliferation of Internet-enabled devices—while minimizing risk. With ApressOpen, content is freely available through multiple online distribution channels and electronic formats with the goal of disseminating professionally edited and technically reviewed content to the worldwide community. Here are some of the responses from reviewers of this exceptional work: “Managing Risk and Information Security is a perceptive, balanced, and often thought-provoking exploration of evolving information risk and security challenges within a business context. Harkins clearly connects the needed, but often-overlooked linkage and dialog between the business and technical worlds and offers actionable strategies. The book contains eye-opening security insights that are easily understood, even by the curious layman.” Fred Wettling, Bechtel Fellow, IS&T Ethics & Compliance Officer, Bechtel “As disruptive technology innovations and escalating cyber threats continue to create enormous information security challenges, Managing Risk and Information Security: Protect to Enable provides a much-needed perspective. This book compels information security professionals to think differently about concepts of risk management in order to be more effective. The specific and practical guidance offers a fast-track formula for developing information security strategies which are lock-step with business priorities.” Laura Robinson, Principal, Robinson Insight Chair, Security for Business Innovation Council (SBIC) Program Director, Executive Security Action Forum (ESAF) “The mandate of the information security function is being completely rewritten. Unfortunately most heads of security haven’t picked up on the change, impeding their companies’ agility and ability to innovate. This book makes the case for why security needs to change, and shows how to get started. It will be regarded as marking the turning point in information security for years to come.” Dr. Jeremy Bergsman, Practice Manager, CEB “The world we are responsible to protect is changing dramatically and at an accelerating pace. Technology is pervasive in virtually every aspect of our lives. Clouds, virtualization and mobile are redefining computing – and they are just the beginning of what is to come. Your security perimeter is defined by wherever your information and people happen to be. We are attacked by professional adversaries who are better funded than we will ever be. We in the information security profession must change as dramatically as the environment we protect. We need new skills and new strategies to do our jobs effectively. We literally need to change the way we think. Written by one of the best in the business, Managing Risk and Information Security challenges traditional security theory with clear examples of the need for change. It also provides expert advice on how to dramatically increase the success of your security strategy and methods – from dealing with the misperception of risk to how to become a Z-shaped CISO. Managing Risk and Information Security is the ultimate treatise on how to deliver effective security to the world we live in for the next 10 years. It is absolute must reading for anyone in our profession – and should be on the desk of every CISO in the world.” Dave Cullinane, CISSP CEO Security Starfish, LLC “In this overview, Malcolm Harkins delivers an insightful survey of the trends, threats, and tactics shaping information risk and security. From regulatory compliance to psychology to the changing threat context, this work provides a compelling introduction to an important topic and trains helpful attention on the effects of changing technology and management practices.” Dr. Mariano-Florentino Cuéllar Professor, Stanford Law School Co-Director, Stanford Center for International Security and Cooperation (CISAC), Stanford University “Malcolm Harkins gets it. In his new book Malcolm outlines the major forces changing the information security risk landscape from a big picture perspective, and then goes on to offer effective methods of managing that risk from a practitioner's viewpoint. The combination makes this book unique and a must read for anyone interested in IT risk." Dennis Devlin AVP, Information Security and Compliance, The George Washington University “Managing Risk and Information Security is the first-to-read, must-read book on information security for C-Suite executives. It is accessible, understandable and actionable. No sky-is-falling scare tactics, no techno-babble – just straight talk about a critically important subject. There is no better primer on the economics, ergonomics and psycho-behaviourals of security than this.” Thornton May, Futurist, Executive Director & Dean, IT Leadership Academy “Managing Risk and Information Security is a wake-up call for information security executives and a ray of light for business leaders. It equips organizations with the knowledge required to transform their security programs from a “culture of no” to one focused on agility, value and competitiveness. Unlike other publications, Malcolm provides clear and immediately applicable solutions to optimally balance the frequently opposing needs of risk reduction and business growth. This book should be required reading for anyone currently serving in, or seeking to achieve, the role of Chief Information Security Officer.” Jamil Farshchi, Senior Business Leader of Strategic Planning and Initiatives, VISA “For too many years, business and security – either real or imagined – were at odds. In Managing Risk and Information Security: Protect to Enable, you get what you expect – real life practical ways to break logjams, have security actually enable business, and marries security architecture and business architecture. Why this book? It's written by a practitioner, and not just any practitioner, one of the leading minds in Security today.” John Stewart, Chief Security Officer, Cisco “This book is an invaluable guide to help security professionals address risk in new ways in this alarmingly fast changing environment. Packed with examples which makes it a pleasure to read, the book captures practical ways a forward thinking CISO can turn information security into a competitive advantage for their business. This book provides a new framework for managing risk in an entertaining and thought provoking way. This will change the way security professionals work with their business leaders, and help get products to market faster. The 6 irrefutable laws of information security should be on a stone plaque on the desk of every security professional.” Steven Proctor, VP, Audit & Risk Management, Flextronics
Publisher: Apress
ISBN: 143025114X
Category : Computers
Languages : en
Pages : 145
Book Description
Managing Risk and Information Security: Protect to Enable, an ApressOpen title, describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This compact book discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies—such as social media and the huge proliferation of Internet-enabled devices—while minimizing risk. With ApressOpen, content is freely available through multiple online distribution channels and electronic formats with the goal of disseminating professionally edited and technically reviewed content to the worldwide community. Here are some of the responses from reviewers of this exceptional work: “Managing Risk and Information Security is a perceptive, balanced, and often thought-provoking exploration of evolving information risk and security challenges within a business context. Harkins clearly connects the needed, but often-overlooked linkage and dialog between the business and technical worlds and offers actionable strategies. The book contains eye-opening security insights that are easily understood, even by the curious layman.” Fred Wettling, Bechtel Fellow, IS&T Ethics & Compliance Officer, Bechtel “As disruptive technology innovations and escalating cyber threats continue to create enormous information security challenges, Managing Risk and Information Security: Protect to Enable provides a much-needed perspective. This book compels information security professionals to think differently about concepts of risk management in order to be more effective. The specific and practical guidance offers a fast-track formula for developing information security strategies which are lock-step with business priorities.” Laura Robinson, Principal, Robinson Insight Chair, Security for Business Innovation Council (SBIC) Program Director, Executive Security Action Forum (ESAF) “The mandate of the information security function is being completely rewritten. Unfortunately most heads of security haven’t picked up on the change, impeding their companies’ agility and ability to innovate. This book makes the case for why security needs to change, and shows how to get started. It will be regarded as marking the turning point in information security for years to come.” Dr. Jeremy Bergsman, Practice Manager, CEB “The world we are responsible to protect is changing dramatically and at an accelerating pace. Technology is pervasive in virtually every aspect of our lives. Clouds, virtualization and mobile are redefining computing – and they are just the beginning of what is to come. Your security perimeter is defined by wherever your information and people happen to be. We are attacked by professional adversaries who are better funded than we will ever be. We in the information security profession must change as dramatically as the environment we protect. We need new skills and new strategies to do our jobs effectively. We literally need to change the way we think. Written by one of the best in the business, Managing Risk and Information Security challenges traditional security theory with clear examples of the need for change. It also provides expert advice on how to dramatically increase the success of your security strategy and methods – from dealing with the misperception of risk to how to become a Z-shaped CISO. Managing Risk and Information Security is the ultimate treatise on how to deliver effective security to the world we live in for the next 10 years. It is absolute must reading for anyone in our profession – and should be on the desk of every CISO in the world.” Dave Cullinane, CISSP CEO Security Starfish, LLC “In this overview, Malcolm Harkins delivers an insightful survey of the trends, threats, and tactics shaping information risk and security. From regulatory compliance to psychology to the changing threat context, this work provides a compelling introduction to an important topic and trains helpful attention on the effects of changing technology and management practices.” Dr. Mariano-Florentino Cuéllar Professor, Stanford Law School Co-Director, Stanford Center for International Security and Cooperation (CISAC), Stanford University “Malcolm Harkins gets it. In his new book Malcolm outlines the major forces changing the information security risk landscape from a big picture perspective, and then goes on to offer effective methods of managing that risk from a practitioner's viewpoint. The combination makes this book unique and a must read for anyone interested in IT risk." Dennis Devlin AVP, Information Security and Compliance, The George Washington University “Managing Risk and Information Security is the first-to-read, must-read book on information security for C-Suite executives. It is accessible, understandable and actionable. No sky-is-falling scare tactics, no techno-babble – just straight talk about a critically important subject. There is no better primer on the economics, ergonomics and psycho-behaviourals of security than this.” Thornton May, Futurist, Executive Director & Dean, IT Leadership Academy “Managing Risk and Information Security is a wake-up call for information security executives and a ray of light for business leaders. It equips organizations with the knowledge required to transform their security programs from a “culture of no” to one focused on agility, value and competitiveness. Unlike other publications, Malcolm provides clear and immediately applicable solutions to optimally balance the frequently opposing needs of risk reduction and business growth. This book should be required reading for anyone currently serving in, or seeking to achieve, the role of Chief Information Security Officer.” Jamil Farshchi, Senior Business Leader of Strategic Planning and Initiatives, VISA “For too many years, business and security – either real or imagined – were at odds. In Managing Risk and Information Security: Protect to Enable, you get what you expect – real life practical ways to break logjams, have security actually enable business, and marries security architecture and business architecture. Why this book? It's written by a practitioner, and not just any practitioner, one of the leading minds in Security today.” John Stewart, Chief Security Officer, Cisco “This book is an invaluable guide to help security professionals address risk in new ways in this alarmingly fast changing environment. Packed with examples which makes it a pleasure to read, the book captures practical ways a forward thinking CISO can turn information security into a competitive advantage for their business. This book provides a new framework for managing risk in an entertaining and thought provoking way. This will change the way security professionals work with their business leaders, and help get products to market faster. The 6 irrefutable laws of information security should be on a stone plaque on the desk of every security professional.” Steven Proctor, VP, Audit & Risk Management, Flextronics