Managing Risk and Information Security: Protect to Enable, an ApressOpen title, describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This compact book discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologiessuch as social media and the huge proliferation of Internet-enabled deviceswhile minimizing risk.
With ApressOpen, content is freely available through multiple online distribution channels and electronic formats with the goal of disseminating professionally edited and technically reviewed content to the worldwide community.
Here are some of the responses from reviewers of this exceptional work:
Managing Risk and Information Security is a perceptive, balanced, and often thought-provoking exploration of evolving information risk and security challenges within a business context. Harkins clearly connects the needed, but often-overlooked linkage and dialog between the business and technical worlds and offers actionable strategies. The book contains eye-opening security insights that are easily understood, even by the curious layman.
Fred Wettling, Bechtel Fellow, IS&T Ethics & Compliance Officer, Bechtel
As disruptive technology innovations and escalating cyber threats continue to create enormous information security challenges, Managing Risk and Information Security: Protect to Enable provides a much-needed perspective. This book compels information security professionals to think differently about concepts of risk management in order to be more effective. The specific and practical guidance offers a fast-track formula for developing information security strategies which are lock-step with business priorities.
Laura Robinson, Principal, Robinson Insight
Chair, Security for Business Innovation Council (SBIC)
Program Director, Executive Security Action Forum (ESAF)
The mandate of the information security function is being completely rewritten. Unfortunately most heads of security havent picked up on the change, impeding their companies agility and ability to innovate. This book makes the case for why security needs to change, and shows how to get started. It will be regarded as marking the turning point in information security for years to come.
Dr. Jeremy Bergsman, Practice Manager, CEB
The world we are responsible to protect is changing dramatically and at an accelerating pace. Technology is pervasive in virtually every aspect of our lives. Clouds, virtualization and mobile are redefining computing and they are just the beginning of what is to come. Your security perimeter is defined by wherever your information and people happen to be. We are attacked by professional adversaries who are better funded than we will ever be. We in the information security profession must change as dramatically as the environment we protect. We need new skills and new strategies to do our jobs effectively. We literally need to change the way we think.
Written by one of the best in the business, Managing Risk and Information Security challenges traditional security theory with clear examples of the need for change. It also provides expert advice on how to dramatically increase the success of your security strategy and methods from dealing with the misperception of risk to how to become a Z-shaped CISO.
Managing Risk and Information Security is the ultimate treatise on how to deliver effective security to the world we live in for the next 10 years. It is absolute must reading for anyone in our profession and should be on the desk of every CISO in the world.
About the Author
Malcolm W. Harkins is vice president of the Information Technology Group, and Chief Information Security Officer (CISO) and general manager of Information Risk and Security at Intel. The group is responsible for managing the risk, controls, privacy, security, and other related compliance activities for all of Intel's information assets. Before becoming Intel's first CISO, Harkins held roles in Finance, Procurement and Operations. He has managed IT benchmarking efforts and Sarbanes Oxley systems compliance efforts. Before moving into IT, Harkins acted as the profit and loss manager for the Flash Product Group at Intel; was the general manager of Enterprise Capabilities, responsible for the delivery and support of Intel's Finance and HR systems; and worked in an Intel business venture focusing on e-commerce hosting. Harkins previously taught at the CIO institute at the UCLA Anderson School of Business and was an adjunct faculty member at Susquehanna University in 2009. In 2010, he received the excellence in the field of security award at the RSA conference. He was also recently recognized by Computerworld magazine as one of the top 100 Information Technology Leaders for 2012. Harkins received his bachelor's degree in economics from the University of California at Irvine and an MBA in finance and accounting from the University of California at Davis.