• Tous les prix incluent la TVA.
En stock.
Expédié et vendu par Amazon. Emballage cadeau disponible.
Managing Risk and Informa... a été ajouté à votre Panier
+ EUR 2,99 (livraison)
D'occasion: Bon | Détails
Vendu par Nearfine
État: D'occasion: Bon
Commentaire: Peut contenir des notes ou être un ancien livre de bibliothèque. Livraison prévue entre 2 et 3 semaines.
Vous l'avez déjà ?
Repliez vers l'arrière Repliez vers l'avant
Ecoutez Lecture en cours... Interrompu   Vous écoutez un extrait de l'édition audio Audible
En savoir plus
Voir les 3 images

Managing Risk and Information Security: Protect to Enable (Anglais) Broché – 17 décembre 2012


Voir les formats et éditions Masquer les autres formats et éditions
Prix Amazon
Neuf à partir de Occasion à partir de
Broché
"Veuillez réessayer"
EUR 31,60
EUR 28,60 EUR 16,76
Note: Cet article est éligible à la livraison en points de collecte. Détails
Récupérer votre colis où vous voulez quand vous voulez.
  • Choisissez parmi 17 000 points de collecte en France
  • Les membres du programme Amazon Premium bénéficient de livraison gratuites illimitées
Comment commander vers un point de collecte ?
  1. Trouvez votre point de collecte et ajoutez-le à votre carnet d’adresses
  2. Sélectionnez cette adresse lors de votre commande
Plus d’informations

Il y a une édition plus récente de cet article:

click to open popover

Offres spéciales et liens associés

  • Outlet Anciennes collections, fin de séries, articles commandés en trop grande quantité, … découvrez notre sélection de produits à petits prix Profitez-en !

  • Rentrée scolaire : trouvez tous vos livres, cartables, cahiers, chaussures, et bien plus encore... dans notre boutique dédiée


Descriptions du produit

Présentation de l'éditeur

Managing Risk and Information Security: Protect to Enable, an ApressOpen title, describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. The book discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies such as social media and the huge proliferation of Internet-enabled devices while minimizing risk. ApressOpen books are available in electronic form for free. eBook vendors sell the book for free and there is a free distribution license on the copyright page. As a result, we offer the book at a reduced affordable list price. Here are some of the responses from reviewers of this exceptional work: 'Managing Risk and Information Security is a perceptive, balanced, and often thought-provoking exploration of evolving information risk and security challenges within a business context. Harkins clearly connects the needed, but often-overlooked linkage and dialog between the business and technical worlds and offers actionable strategies. The book contains eye-opening security insights that are easily understood, even by the curious layman' Fred Wettling, Bechtel Fellow, IS&T Ethics & Compliance Officer, Bechtel 'As disruptive technology innovations and escalating cyber threats continue to create enormous information security challenges, Managing Risk and Information Security: Protect to Enable provides a much-needed perspective. This book compels information security professionals to think differently about concepts of ris

Aucun appareil Kindle n'est requis. Téléchargez l'une des applis Kindle gratuites et commencez à lire les livres Kindle sur votre smartphone, tablette ou ordinateur.

  • Apple
  • Android
  • Windows Phone
  • Android

Pour obtenir l'appli gratuite, saisissez votre numéro de téléphone mobile.




Détails sur le produit

Commentaires en ligne

Il n'y a pas encore de commentaires clients sur Amazon.fr
5 étoiles
4 étoiles
3 étoiles
2 étoiles
1 étoile

Commentaires client les plus utiles sur Amazon.com (beta)

Amazon.com: 4.1 étoiles sur 5 34 commentaires
6 internautes sur 6 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 Great book to use to start the information security journey 20 mars 2013
Par Ben Rothke - Publié sur Amazon.com
Format: Broché
Risk management in the real world is not an easy endeavor. On one side, people use toilet seat covers thinking they do something, on the other side, millions of people smoke cigarettes, ignoring the empirical evidence of their danger.

In Managing Risk and Information Security: Protect to Enable, author Malcolm Harkins deals with the inherent tension of information security - that between limitations and enablement.

Harkins, in his role as CISO at Intel, argues that a new and fresh approach to information security is called for and he outlines it in the book.

At under 150 pages, the book provides a good introduction and high-level overview of the fundamentals of information security risk and details numerous risk management strategies.

One of the books key points is that information security often has a disconnect to the underlying business needs that it is expect to secure. Harkins accurately notes that the only way to create an effective risk mitigation strategy is to ensure that the business and technical groups communicate.

As to Harkins new approach to managing risk; he writes that given the increasing role of technology and the resulting information-related business risk, a new approach to information security built on the concept of protecting to enable is needed. Because compromise is inevitable, managing risk and surviving compromise are the key elements of this strategy.

Harkins writes that this new approach should:

* incorporate privacy and regulatory compliance by design, to encompass the full scope of business risk
* recognize that people and information--not the enterprise network boundary--are the security perimeter
* be dynamic and flexible enough to quickly adapt to new technologies and threats

Harkins writes that we need to accomplish a shift in thinking, adjusting our primary focus to enable the business, and then thinking creatively about how we can do so while managing the risk.

Not only is this a good book, it is part of the Apress Open format and is available for free. Amazon also offers it as a free Kindle download.

The book doesn't propose a single definitive solution, as Harkins notes that information is a journey without a finish line. For those looking to commence on that journey, Managing Risk and Information Security: Protect to Enable is a great place to start.
3 internautes sur 3 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Quick read 2 avril 2013
Par Teddy Tsai - Publié sur Amazon.com
Format: Format Kindle
A quick flip through, lots of interesting insights and appropriate metaphors. A good communicator and easy enough for a non-IT person.
5.0 étoiles sur 5 An excellent book going beyond the usual fundamentals of information security. 21 mai 2015
Par ANDREA RAVAIOLI - Publié sur Amazon.com
Format: Broché Achat vérifié
A truly excellent and informative source of information, possibly the most useful book on Information Security I read (letting aside the books about Fundamentals, a category to which this book does not belong), and that is said by an Information Security professional.
I just don't get the reviews mentioning that this book only contains basic information. Either those readers need to boost their ego by downplaying everything the other say (we all know those individuals exist...) or they expected to find a detailed security architecture to copy and paste on their service proposal worth hundred of thousands of dollars. Come on, you know that no book provides you with that. In part because some information is confidential (we are talking security after all....), in part because some firms use security as a competitive advantage and quite possibly Intel is one of them. However I found particularly useful the description of their "protect to enable" security architecture. If you are not so familiar with context-aware computing, this reading will be a very stimulating introduction and an eye-opener of what a medium to large company should do to operate with a viable and justifiable balance between security-driven restrictions and the conflicting needs to share more and more information with multiple partners and with a workforce expected to be highly mobile and often using privately-owned devices to obtain and share such information.
Gone are the days in which the IT Security department was seen as the "party stopper": nowadays, with tighter margins driven down by global competition, corporation place productivity ahead of most other concerns as it becomes clear that the alternative is to lose customers and eventually shut down. Security professionals are no longer requested to make the firm as secure as possible, but rather to be enablers of business agility and productivity levels that cannot be reached by deciding to take no risk. We are also asked to prioritize and pick our battles and this book cleverly explains how one of the most successful organizations in the world faced the challenge. The security architecture they created is able to learn (just as the whole organization is expected to) and quickly react to new threats. You will understand through this book how that was accomplished and the more in depth you'll decide to go, the least trivial it will look like.
I also found quite informative the chapter dedicated to Emerging Threats, which has the stated goal of describing methods for discerning real security threats from rhetoric ones. What constitutes a real threat for you?
Read this book and I bet you will learn something worthy. I know I did.
4.0 étoiles sur 5 Sign of the Times 6 octobre 2013
Par Samsonite from Ontario - Publié sur Amazon.com
Format: Format Kindle
The author has provided an accurate point-in-time perspective of risk and information security summarized as "Protect to Enable". The traditional paradigm of usability vs security still holds true but the objective of the book is not to regurgitate more of the same locked decision point - which is often enough to frustrate most CISO/CIOs, but rather to challenge traditional organization leadership to find new ways to solve this problem. The pendulum has swung towards the consumerization of technology and this will leave many organizations behind if they hold to traditional "command and control" cultures.

The unusual perspective is to develop a culture that can accept more risk, however, this is not a blanket statement obviously. The challenge is to accept the responsibility of changing organizational culture to at the very least evolve the scope of risk beyond the boundaries of information systems to adapt to the massively changing threat landscape in the business as it now exists in a global market.

There are cited examples of personalization vs privacy mostly from abroad, but what is interesting to note that here in Canada, there is a reflection of a progressive approach by the Privacy by Design Centre of Excellence. The very popular paper, Privacy by Design, Dr. Ann Cavoukian starts privacy early on in the design of any organization, change, key initiatives - this is a massive shift that enables an IT organization's ability to help protect assets but not as an afterthought or bolt-on, thereby making risk management more seamless. Surprisingly, the term "user experience" shows up here. Who would have thought that good design incorporating governance right up front would lead to an improved user experience, but it does.

Recent discussion on people and information as a combined entity are leading to the personalization of privacy. A movement for users to carry and manage their own privacy is now showing up in various information management products and services. What is evident is that the new generation of users are much more comfortable sharing information than ever before and the inconvenience to accessible services is seen as a greater driver than loss of privacy. If this is the case, what does risk look like now for the enterprise? The author suggests how we perceive risk is greater than one would realize and also how we need to have this discussion very soon.

In the middle chapters, credibility, communication and partnership are emphasized - which is an opening of the kimono compared to traditional IT security practice. This recent Glasnost is also a reflection of the state of helplessness many security practitioners feel. This healthy discussion that traditional controls have failed to manage let alone anticipate threats cements the fact that security is a reactive practice until a mass change in leadership cultural behaviour takes place.

One common complaint I've heard in my few decades in the IT industry is that security is an afterthought based on budget and/or organizational assets. The governance of risk has never taken center stage and many have given in to the status quo.

Later on the author goes on to emphasize that the traditional borders of the enterprise are now people based and that risk management and governance are now critical to the future of an organization. Understanding this and cultivating this at the speed of disruptive trends with all partners, internal and external are a sound strategy. After all, the "enemy" knows the system and traditional controls are unlikely to keep them out given that social engineering tactics and social media have permanently eroded known perimeter defenses.

The later chapters focus on tactical approaches to architecture. Specific tools, techniques and processes are examined along with recommendations on evolved systems such as context-aware security and total integration across the spectrum of system design starting with recognition that leadership needs to understand broad business and people skills even more than ever. In particular, the security practitioner needs to understand how security affects business priorities, constraints and enablement along with deep technical skills.

The final emphasis returns to a focus on leadership, culture change and a positive sense that "Protect to Enable", or my preferred "Privacy by Design" perspective, are key to succeeding in managing during this disruptive, and accelerating time of change. In my day to day travels, I am beginning to see the evidence of such cultural change and leadership in risk management.

This is a welcome disruptive change itself.
3.0 étoiles sur 5 Slightly informative, slightly self-promoting, somewhat useful 18 mai 2013
Par Mark J. Welch - Publié sur Amazon.com
Format: Format Kindle Achat vérifié
This book is essentially an overview of an ill-defined subset of current issues in computer security, building to a discussion of Intel's model for security and protection.

This book seems only marginally useful, and appears to be written from an outline of target topics without a clear purpose, apart from promoting Intel's model. As I think about various potential audiences, I don't think any would be satisfied by this book. Newcomers would find many other books far more useful as an entry to the topic; experienced professionals probably won't find the book very engaging.

There were certainly some specific passages of the book that I found interesting, informative, and original, but finding these passages gave limited relief after wading through long segments of little interest or benefit.

As a free ebook, it's certainly worth checking out. I read a few chapters and skimmed the rest, in a series of intervals while commuting on train and bus.
Ces commentaires ont-ils été utiles ? Dites-le-nous

Rechercher des articles similaires par rubrique


Commentaires

Souhaitez-vous compléter ou améliorer les informations sur ce produit ? Ou faire modifier les images?