Start reading Managing Risk and Information Security: Protect to Enable on your Kindle in under a minute. Don't have a Kindle? Get your Kindle here or start reading now with a free Kindle Reading App.

Deliver to your Kindle or other device

Anybody can read Kindle books—even without a Kindle device—with the FREE Kindle app for smartphones, tablets and computers.
Managing Risk and Information Security: Protect to Enable (Expert's Voice in Information Technology)

Managing Risk and Information Security: Protect to Enable (Expert's Voice in Information Technology) [Kindle Edition]

Malcolm Harkins

Print List Price: £23.50
Kindle Price: £0.00 includes free wireless delivery via Amazon Whispernet
You Save: £23.50 (100%)


Amazon Price New from Used from
Kindle Edition £0.00  
Paperback £20.27  
Kindle Daily Deal
Kindle Daily Deal: At least 60% off
Each day we unveil a new book deal at a specially discounted price--for that day only. Learn more about the Kindle Daily Deal or sign up for the Kindle Daily Deal Newsletter to receive free e-mail notifications about each day's deal.

Special Offers and Product Promotions

  • Purchase any Kindle Book sold by and receive £1 credit to try out our Digital Music Store. Here's how (terms and conditions apply)

Customers Who Bought This Item Also Bought

Product Description

Product Description

Managing Risk and Information Security: Protect to Enable, an ApressOpen title, describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This compact book discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies—such as social media and the huge proliferation of Internet-enabled devices—while minimizing risk.

With ApressOpen, content is freely available through multiple online distribution channels and electronic formats with the goal of disseminating professionally edited and technically reviewed content to the worldwide community.

Here are some of the responses from reviewers of this exceptional work:

Managing Risk and Information Security is a perceptive, balanced, and often thought-provoking exploration of evolving information risk and security challenges within a business context.  Harkins clearly connects the needed, but often-overlooked linkage and dialog between the business and technical worlds and offers actionable strategies.   The book contains eye-opening security insights that are easily understood, even by the curious layman.”

Fred Wettling, Bechtel Fellow, IS&T Ethics & Compliance Officer, Bechtel    

“As disruptive technology innovations and escalating cyber threats continue to create enormous information security challenges, Managing Risk and Information Security: Protect to Enable provides a much-needed perspective. This book compels information security professionals to think differently about concepts of risk management in order to be more effective. The specific and practical guidance offers a fast-track formula for developing information security strategies which are lock-step with business priorities.”

Laura Robinson, Principal, Robinson Insight

Chair, Security for Business Innovation Council (SBIC)

Program Director, Executive Security Action Forum (ESAF)

“The mandate of the information security function is being completely rewritten. Unfortunately most heads of security haven’t picked up on the change, impeding their companies’ agility and ability to innovate. This book makes the case for why security needs to change, and shows how to get started. It will be regarded as marking the turning point in information security for years to come.”

Dr. Jeremy Bergsman, Practice Manager, CEB    

“The world we are responsible to protect is changing dramatically and at an accelerating pace. Technology is pervasive in virtually every aspect of our lives. Clouds, virtualization and mobile are redefining computing – and they are just the beginning of what is to come. Your security perimeter is defined by wherever your information and people happen to be. We are attacked by professional adversaries who are better funded than we will ever be. We in the information security profession must change as dramatically as the environment we protect. We need new skills and new strategies to do our jobs effectively. We literally need to change the way we think.  

Written by one of the best in the business, Managing Risk and Information Security challenges traditional security theory with clear examples of the need for change. It also provides expert advice on how to dramatically increase the success of your security strategy and methods – from dealing with the misperception of risk to how to become a Z-shaped CISO.  

Managing Risk and Information Security
is the ultimate treatise on how to deliver effective security to the world we live in for the next 10 years. It is absolute must reading for anyone in our profession – and should be on the desk of every CISO in the world.”  

About the Author

Malcolm W. Harkins is vice president of the Information Technology Group, and Chief Information Security Officer (CISO) and general manager of Information Risk and Security at Intel. The group is responsible for managing the risk, controls, privacy, security, and other related compliance activities for all of Intel's information assets. Before becoming Intel's first CISO, Harkins held roles in Finance, Procurement and Operations. He has managed IT benchmarking efforts and Sarbanes Oxley systems compliance efforts. Before moving into IT, Harkins acted as the profit and loss manager for the Flash Product Group at Intel; was the general manager of Enterprise Capabilities, responsible for the delivery and support of Intel's Finance and HR systems; and worked in an Intel business venture focusing on e-commerce hosting. Harkins previously taught at the CIO institute at the UCLA Anderson School of Business and was an adjunct faculty member at Susquehanna University in 2009. In 2010, he received the excellence in the field of security award at the RSA conference. He was also recently recognized by Computerworld magazine as one of the top 100 Information Technology Leaders for 2012. Harkins received his bachelor's degree in economics from the University of California at Irvine and an MBA in finance and accounting from the University of California at Davis.

Product details

  • Format: Kindle Edition
  • File Size: 1328 KB
  • Print Length: 152 pages
  • Publisher: Apress; 1 edition (17 Dec 2012)
  • Sold by: Amazon Media EU S.à r.l.
  • Language: English
  • Text-to-Speech: Enabled
  • X-Ray:
  • Amazon Bestsellers Rank: #5,587 Free in Kindle Store (See Top 100 Free in Kindle Store)
  •  Would you like to give feedback on images?

More About the Author

Discover books, learn about writers, and more.

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

There are no customer reviews yet on
5 star
4 star
3 star
2 star
1 star
Most Helpful Customer Reviews on (beta) 4.0 out of 5 stars  21 reviews
3 of 3 people found the following review helpful
4.0 out of 5 stars Great book to use to start the information security journey 20 Mar 2013
By Ben Rothke - Published on
Risk management in the real world is not an easy endeavor. On one side, people use toilet seat covers thinking they do something, on the other side, millions of people smoke cigarettes, ignoring the empirical evidence of their danger.

In Managing Risk and Information Security: Protect to Enable, author Malcolm Harkins deals with the inherent tension of information security - that between limitations and enablement.

Harkins, in his role as CISO at Intel, argues that a new and fresh approach to information security is called for and he outlines it in the book.

At under 150 pages, the book provides a good introduction and high-level overview of the fundamentals of information security risk and details numerous risk management strategies.

One of the books key points is that information security often has a disconnect to the underlying business needs that it is expect to secure. Harkins accurately notes that the only way to create an effective risk mitigation strategy is to ensure that the business and technical groups communicate.

As to Harkins new approach to managing risk; he writes that given the increasing role of technology and the resulting information-related business risk, a new approach to information security built on the concept of protecting to enable is needed. Because compromise is inevitable, managing risk and surviving compromise are the key elements of this strategy.

Harkins writes that this new approach should:

* incorporate privacy and regulatory compliance by design, to encompass the full scope of business risk
* recognize that people and information--not the enterprise network boundary--are the security perimeter
* be dynamic and flexible enough to quickly adapt to new technologies and threats

Harkins writes that we need to accomplish a shift in thinking, adjusting our primary focus to enable the business, and then thinking creatively about how we can do so while managing the risk.

Not only is this a good book, it is part of the Apress Open format and is available for free. Amazon also offers it as a free Kindle download.

The book doesn't propose a single definitive solution, as Harkins notes that information is a journey without a finish line. For those looking to commence on that journey, Managing Risk and Information Security: Protect to Enable is a great place to start.
2 of 2 people found the following review helpful
1.0 out of 5 stars If you are one of the select few with no knowledge of technology and a desire to learn about network security, this is the book 3 July 2014
By Andrew - Published on
Format:Kindle Edition|Verified Purchase
If you are thinking of reading this book, allow me to save you the trouble. Security must balance between protection and freedom of access. People like smart phones and social networking. People take better care of and are more productive with their own devices. Build information networks both within your organization and in others. The future will bring more challenges. Be optimistic. The cloud. The end. If you are hoping to learn anything technical you'll have to look elsewhere. This author does a masterful job of restating the obvious in as many ways possible. If there was a kindergarten curriculum for network security this would be the text book.
2 of 2 people found the following review helpful
5.0 out of 5 stars Quick read 2 April 2013
By Teddy Tsai - Published on
Format:Kindle Edition
A quick flip through, lots of interesting insights and appropriate metaphors. A good communicator and easy enough for a non-IT person.
5.0 out of 5 stars Informative.. 1 Mar 2014
By Daniel Allen - Published on
Format:Kindle Edition|Verified Purchase
Although I haven't read a lot of this book (It's Basically a Reference Book). It has a lot of Good info. in it. It's well written and it's really a good book to have on hand to read off and on to get a good understanding of the (SECURITY ASPECTS) of the computers that play an ever increasing force in world and YOUR personal Life. Price is right go ahead and add it to your collection..
5.0 out of 5 stars Awesome book 20 Feb 2014
By Eduardo Vlieg - Published on
Format:Kindle Edition|Verified Purchase
I have been working in the It field for 18 years and the last 10 in IT Security. This is one of the best books about IT Security management I've read. Written by someone with experience that has been there, done that. I covers several topics, gives examples of what has gone wrong. But what I like most is that it also gives solutions.
I could sympathize with all that was written because I also encounter or have encountered these situations at work.
I highly recommend this book for anyone interested in Information Security Management
Were these reviews helpful?   Let us know

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
First post:
Prompts for sign-in

Search Customer Discussions
Search all Amazon discussions

Look for similar items by category