Download or read book PRAGMATIC Security Metrics written by W. Krag Brotby and published by CRC Press. This book was released on 2016-04-19 with total page 507 pages. Available in PDF, EPUB and Kindle. Book excerpt: Other books on information security metrics discuss number theory and statistics in academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security Metrics: Applying Metametrics to Information Security breaks the mold. This is the ultimate how-to-do-it guide for security metrics.Packed with time-saving tips, the book offers easy-to-fo

Download or read book Security Metrics written by Andrew Jaquith and published by Pearson Education. This book was released on 2007-03-26 with total page 356 pages. Available in PDF, EPUB and Kindle. Book excerpt: The Definitive Guide to Quantifying, Classifying, and Measuring Enterprise IT Security Operations Security Metrics is the first comprehensive best-practice guide to defining, creating, and utilizing security metrics in the enterprise. Using sample charts, graphics, case studies, and war stories, Yankee Group Security Expert Andrew Jaquith demonstrates exactly how to establish effective metrics based on your organization’s unique requirements. You’ll discover how to quantify hard-to-measure security activities, compile and analyze all relevant data, identify strengths and weaknesses, set cost-effective priorities for improvement, and craft compelling messages for senior management. Security Metrics successfully bridges management’s quantitative viewpoint with the nuts-and-bolts approach typically taken by security professionals. It brings together expert solutions drawn from Jaquith’s extensive consulting work in the software, aerospace, and financial services industries, including new metrics presented nowhere else. You’ll learn how to: • Replace nonstop crisis response with a systematic approach to security improvement • Understand the differences between “good” and “bad” metrics • Measure coverage and control, vulnerability management, password quality, patch latency, benchmark scoring, and business-adjusted risk • Quantify the effectiveness of security acquisition, implementation, and other program activities • Organize, aggregate, and analyze your data to bring out key insights • Use visualization to understand and communicate security issues more clearly • Capture valuable data from firewalls and antivirus logs, third-party auditor reports, and other resources • Implement balanced scorecards that present compact, holistic views of organizational security effectiveness

Download or read book Security Metrics A Beginner s Guide written by Caroline Wong and published by McGraw Hill Professional. This book was released on 2011-10-06 with total page 433 pages. Available in PDF, EPUB and Kindle. Book excerpt: Security Smarts for the Self-Guided IT Professional “An extraordinarily thorough and sophisticated explanation of why you need to measure the effectiveness of your security program and how to do it. A must-have for any quality security program!”—Dave Cullinane, CISSP, CISO & VP, Global Fraud, Risk & Security, eBay Learn how to communicate the value of an information security program, enable investment planning and decision making, and drive necessary change to improve the security of your organization. Security Metrics: A Beginner's Guide explains, step by step, how to develop and implement a successful security metrics program. This practical resource covers project management, communication, analytics tools, identifying targets, defining objectives, obtaining stakeholder buy-in, metrics automation, data quality, and resourcing. You'll also get details on cloud-based security metrics and process improvement. Templates, checklists, and examples give you the hands-on help you need to get started right away. Security Metrics: A Beginner's Guide features: Lingo--Common security terms defined so that you're in the know on the job IMHO--Frank and relevant opinions based on the author's years of industry experience Budget Note--Tips for getting security technologies and processes into your organization's budget In Actual Practice--Exceptions to the rules of security explained in real-world contexts Your Plan--Customizable checklists you can use on the job now Into Action--Tips on how, why, and when to apply new skills and techniques at work Caroline Wong, CISSP, was formerly the Chief of Staff for the Global Information Security Team at eBay, where she built the security metrics program from the ground up. She has been a featured speaker at RSA, ITWeb Summit, Metricon, the Executive Women's Forum, ISC2, and the Information Security Forum.

Download or read book Core Software Security written by James Ransome and published by CRC Press. This book was released on 2018-10-03 with total page 387 pages. Available in PDF, EPUB and Kindle. Book excerpt: "... an engaging book that will empower readers in both large and small software development and engineering organizations to build security into their products. ... Readers are armed with firm solutions for the fight against cyber threats."—Dr. Dena Haritos Tsamitis. Carnegie Mellon University"... a must read for security specialists, software developers and software engineers. ... should be part of every security professional’s library." —Dr. Larry Ponemon, Ponemon Institute"... the definitive how-to guide for software security professionals. Dr. Ransome, Anmol Misra, and Brook Schoenfield deftly outline the procedures and policies needed to integrate real security into the software development process. ...A must-have for anyone on the front lines of the Cyber War ..." —Cedric Leighton, Colonel, USAF (Ret.), Cedric Leighton Associates"Dr. Ransome, Anmol Misra, and Brook Schoenfield give you a magic formula in this book - the methodology and process to build security into the entire software development life cycle so that the software is secured at the source! "—Eric S. Yuan, Zoom Video CommunicationsThere is much publicity regarding network security, but the real cyber Achilles’ heel is insecure software. Millions of software vulnerabilities create a cyber house of cards, in which we conduct our digital lives. In response, security people build ever more elaborate cyber fortresses to protect this vulnerable software. Despite their efforts, cyber fortifications consistently fail to protect our digital treasures. Why? The security industry has failed to engage fully with the creative, innovative people who write software. Core Software Security expounds developer-centric software security, a holistic process to engage creativity for security. As long as software is developed by humans, it requires the human element to fix it. Developer-centric security is not only feasible but also cost effective and operationally relevant. The methodology builds security into software development, which lies at the heart of our cyber infrastructure. Whatever development method is employed, software must be secured at the source. Book Highlights: Supplies a practitioner's view of the SDL Considers Agile as a security enabler Covers the privacy elements in an SDL Outlines a holistic business-savvy SDL framework that includes people, process, and technology Highlights the key success factors, deliverables, and metrics for each phase of the SDL Examines cost efficiencies, optimized performance, and organizational structure of a developer-centric software security program and PSIRT Includes a chapter by noted security architect Brook Schoenfield who shares his insights and experiences in applying the book’s SDL framework View the authors' website at http://www.androidinsecurity.com/

Download or read book IT Security Metrics A Practical Framework for Measuring Security Protecting Data written by Lance Hayden and published by McGraw Hill Professional. This book was released on 2010-08-22 with total page 398 pages. Available in PDF, EPUB and Kindle. Book excerpt: Implement an Effective Security Metrics Project or Program IT Security Metrics provides a comprehensive approach to measuring risks, threats, operational activities, and the effectiveness of data protection in your organization. The book explains how to choose and design effective measurement strategies and addresses the data requirements of those strategies. The Security Process Management Framework is introduced and analytical strategies for security metrics data are discussed. You'll learn how to take a security metrics program and adapt it to a variety of organizational contexts to achieve continuous security improvement over time. Real-world examples of security measurement projects are included in this definitive guide. Define security metrics as a manageable amount of usable data Design effective security metrics Understand quantitative and qualitative data, data sources, and collection and normalization methods Implement a programmable approach to security using the Security Process Management Framework Analyze security metrics data using quantitative and qualitative methods Design a security measurement project for operational analysis of security metrics Measure security operations, compliance, cost and value, and people, organizations, and culture Manage groups of security measurement projects using the Security Improvement Program Apply organizational learning methods to security metrics

Download or read book Security Awareness For Dummies written by Ira Winkler and published by John Wiley & Sons. This book was released on 2022-05-03 with total page 295 pages. Available in PDF, EPUB and Kindle. Book excerpt: Make security a priority on your team Every organization needs a strong security program. One recent study estimated that a hacker attack occurs somewhere every 37 seconds. Since security programs are only as effective as a team’s willingness to follow their rules and protocols, it’s increasingly necessary to have not just a widely accessible gold standard of security, but also a practical plan for rolling it out and getting others on board with following it. Security Awareness For Dummies gives you the blueprint for implementing this sort of holistic and hyper-secure program in your organization. Written by one of the world’s most influential security professionals—and an Information Systems Security Association Hall of Famer—this pragmatic and easy-to-follow book provides a framework for creating new and highly effective awareness programs from scratch, as well as steps to take to improve on existing ones. It also covers how to measure and evaluate the success of your program and highlight its value to management. Customize and create your own program Make employees aware of the importance of security Develop metrics for success Follow industry-specific sample programs Cyberattacks aren’t going away anytime soon: get this smart, friendly guide on how to get a workgroup on board with their role in security and save your organization big money in the long run.

Download or read book The Pragmatic Programmer written by Andrew Hunt and published by Addison-Wesley Professional. This book was released on 1999-10-20 with total page 346 pages. Available in PDF, EPUB and Kindle. Book excerpt: What others in the trenches say about The Pragmatic Programmer... “The cool thing about this book is that it’s great for keeping the programming process fresh. The book helps you to continue to grow and clearly comes from people who have been there.” — Kent Beck, author of Extreme Programming Explained: Embrace Change “I found this book to be a great mix of solid advice and wonderful analogies!” — Martin Fowler, author of Refactoring and UML Distilled “I would buy a copy, read it twice, then tell all my colleagues to run out and grab a copy. This is a book I would never loan because I would worry about it being lost.” — Kevin Ruland, Management Science, MSG-Logistics “The wisdom and practical experience of the authors is obvious. The topics presented are relevant and useful.... By far its greatest strength for me has been the outstanding analogies—tracer bullets, broken windows, and the fabulous helicopter-based explanation of the need for orthogonality, especially in a crisis situation. I have little doubt that this book will eventually become an excellent source of useful information for journeymen programmers and expert mentors alike.” — John Lakos, author of Large-Scale C++ Software Design “This is the sort of book I will buy a dozen copies of when it comes out so I can give it to my clients.” — Eric Vought, Software Engineer “Most modern books on software development fail to cover the basics of what makes a great software developer, instead spending their time on syntax or technology where in reality the greatest leverage possible for any software team is in having talented developers who really know their craft well. An excellent book.” — Pete McBreen, Independent Consultant “Since reading this book, I have implemented many of the practical suggestions and tips it contains. Across the board, they have saved my company time and money while helping me get my job done quicker! This should be a desktop reference for everyone who works with code for a living.” — Jared Richardson, Senior Software Developer, iRenaissance, Inc. “I would like to see this issued to every new employee at my company....” — Chris Cleeland, Senior Software Engineer, Object Computing, Inc. “If I’m putting together a project, it’s the authors of this book that I want. . . . And failing that I’d settle for people who’ve read their book.” — Ward Cunningham Straight from the programming trenches, The Pragmatic Programmer cuts through the increasing specialization and technicalities of modern software development to examine the core process--taking a requirement and producing working, maintainable code that delights its users. It covers topics ranging from personal responsibility and career development to architectural techniques for keeping your code flexible and easy to adapt and reuse. Read this book, and you'll learn how to Fight software rot; Avoid the trap of duplicating knowledge; Write flexible, dynamic, and adaptable code; Avoid programming by coincidence; Bullet-proof your code with contracts, assertions, and exceptions; Capture real requirements; Test ruthlessly and effectively; Delight your users; Build teams of pragmatic programmers; and Make your developments more precise with automation. Written as a series of self-contained sections and filled with entertaining anecdotes, thoughtful examples, and interesting analogies, The Pragmatic Programmer illustrates the best practices and major pitfalls of many different aspects of software development. Whether you're a new coder, an experienced programmer, or a manager responsible for software projects, use these lessons daily, and you'll quickly see improvements in personal productivity, accuracy, and job satisfaction. You'll learn skills and develop habits and attitudes that form the foundation for long-term success in your career. You'll become a Pragmatic Programmer.

Download or read book Defensive Security Handbook written by Lee Brotherston and published by "O'Reilly Media, Inc.". This book was released on 2017-04-03 with total page 382 pages. Available in PDF, EPUB and Kindle. Book excerpt: Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don’t have the budget to establish or outsource an information security (InfoSec) program, forcing them to learn on the job. For companies obliged to improvise, this pragmatic guide provides a security-101 handbook with steps, tools, processes, and ideas to help you drive maximum-security improvement at little or no cost. Each chapter in this book provides step-by-step instructions for dealing with a specific issue, including breaches and disasters, compliance, network infrastructure and password management, vulnerability scanning, and penetration testing, among others. Network engineers, system administrators, and security professionals will learn tools and techniques to help improve security in sensible, manageable chunks. Learn fundamentals of starting or redesigning an InfoSec program Create a base set of policies, standards, and procedures Plan and design incident response, disaster recovery, compliance, and physical security Bolster Microsoft and Unix systems, network infrastructure, and password management Use segmentation practices and designs to compartmentalize your network Explore automated process and tools for vulnerability management Securely develop code to reduce exploitable errors Understand basic penetration testing concepts through purple teaming Delve into IDS, IPS, SOC, logging, and monitoring

Download or read book Information Security and Employee Behaviour written by Angus McIlwraith and published by CRC Press. This book was released on 2016-05-23 with total page 176 pages. Available in PDF, EPUB and Kindle. Book excerpt: Research suggests that between 60-75% of all information security incidents are the result of a lack of knowledge and/or understanding amongst an organization's own staff. And yet the great majority of money spent protecting systems is focused on creating technical defences against external threats. Angus McIlwraith's book explains how corporate culture affects perceptions of risk and information security, and how this in turn affects employee behaviour. He then provides a pragmatic approach for educating and training employees in information security and explains how different metrics can be used to assess awareness and behaviour. Information security awareness will always be an ongoing struggle against complacency, problems associated with new systems and technology, and the challenge of other more glamorous and often short term priorities. Information Security and Employee Behaviour will help you develop the capability and culture that will enable your organization to avoid or reduce the impact of unwanted security breaches.

Download or read book A Pragmatic Introduction to Secure Multi Party Computation written by David Evans and published by Foundations and Trends (R) in Privacy and Security. This book was released on 2018-12-19 with total page 190 pages. Available in PDF, EPUB and Kindle. Book excerpt: Practitioners and researchers seeking a concise, accessible introduction to secure multi-party computation which quickly enables them to build practical systems or conduct further research will find this essential reading.

Download or read book How to Measure Anything written by Douglas W. Hubbard and published by John Wiley & Sons. This book was released on 2007-08-03 with total page 305 pages. Available in PDF, EPUB and Kindle. Book excerpt: Publisher Description

Download or read book How to Measure Anything in Cybersecurity Risk written by Douglas W. Hubbard and published by John Wiley & Sons. This book was released on 2016-07-25 with total page 304 pages. Available in PDF, EPUB and Kindle. Book excerpt: A ground shaking exposé on the failure of popular cyber risk management methods How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security. In his bestselling book How to Measure Anything, author Douglas W. Hubbard opened the business world's eyes to the critical need for better measurement. This book expands upon that premise and draws from The Failure of Risk Management to sound the alarm in the cybersecurity realm. Some of the field's premier risk management approaches actually create more risk than they mitigate, and questionable methods have been duplicated across industries and embedded in the products accepted as gospel. This book sheds light on these blatant risks, and provides alternate techniques that can help improve your current situation. You'll also learn which approaches are too risky to save, and are actually more damaging than a total lack of any security. Dangerous risk management methods abound; there is no industry more critically in need of solutions than cybersecurity. This book provides solutions where they exist, and advises when to change tracks entirely. Discover the shortcomings of cybersecurity's "best practices" Learn which risk management approaches actually create risk Improve your current practices with practical alterations Learn which methods are beyond saving, and worse than doing nothing Insightful and enlightening, this book will inspire a closer examination of your company's own risk management practices in the context of cybersecurity. The end goal is airtight data protection, so finding cracks in the vault is a positive thing—as long as you get there before the bad guys do. How to Measure Anything in Cybersecurity Risk is your guide to more robust protection through better quantitative processes, approaches, and techniques.

Download or read book Data Driven Marketing written by Mark Jeffery and published by John Wiley & Sons. This book was released on 2010-02-08 with total page 325 pages. Available in PDF, EPUB and Kindle. Book excerpt: NAMED BEST MARKETING BOOK OF 2011 BY THE AMERICAN MARKETING ASSOCIATION How organizations can deliver significant performance gains through strategic investment in marketing In the new era of tight marketing budgets, no organization can continue to spend on marketing without knowing what's working and what's wasted. Data-driven marketing improves efficiency and effectiveness of marketing expenditures across the spectrum of marketing activities from branding and awareness, trail and loyalty, to new product launch and Internet marketing. Based on new research from the Kellogg School of Management, this book is a clear and convincing guide to using a more rigorous, data-driven strategic approach to deliver significant performance gains from your marketing. Explains how to use data-driven marketing to deliver return on marketing investment (ROMI) in any organization In-depth discussion of the fifteen key metrics every marketer should know Based on original research from America's leading marketing business school, complemented by experience teaching ROMI to executives at Microsoft, DuPont, Nisan, Philips, Sony and many other firms Uses data from a rigorous survey on strategic marketing performance management of 252 Fortune 1000 firms, capturing $53 billion of annual marketing spending In-depth examples of how to apply the principles in small and large organizations Free downloadable ROMI templates for all examples given in the book With every department under the microscope looking for results, those who properly use data to optimize their marketing are going to come out on top every time.

Download or read book The Pragmatic Turn written by Andreas K. Engel and published by MIT Press. This book was released on 2022-06-07 with total page 433 pages. Available in PDF, EPUB and Kindle. Book excerpt: Experts from a range of disciplines assess the foundations and implications of a novel action-oriented view of cognition. Cognitive science is experiencing a pragmatic turn away from the traditional representation-centered framework toward a view that focuses on understanding cognition as “enactive.” This enactive view holds that cognition does not produce models of the world but rather subserves action as it is grounded in sensorimotor skills. In this volume, experts from cognitive science, neuroscience, psychology, robotics, and philosophy of mind assess the foundations and implications of a novel action-oriented view of cognition. Their contributions and supporting experimental evidence show that an enactive approach to cognitive science enables strong conceptual advances, and the chapters explore key concepts for this new model of cognition. The contributors discuss the implications of an enactive approach for cognitive development; action-oriented models of cognitive processing; action-oriented understandings of consciousness and experience; and the accompanying paradigm shifts in the fields of philosophy, brain science, robotics, and psychology. Contributors Moshe Bar, Lawrence W. Barsalov, Olaf Blanke, Jeannette Bohg, Martin V. Butz, Peter F. Dominey, Andreas K. Engel, Judith M. Ford, Karl J. Friston, Chris D. Frith, Shaun Gallagher, Antonia Hamilton, Tobias Heed, Cecilia Heyes, Elisabeth Hill, Matej Hoffmann, Jakob Hohwy, Bernhard Hommel, Atsushi Iriki, Pierre Jacob, Henrik Jörntell, Jürgen Jost, James Kilner, Günther Knoblich, Peter König, Danica Kragic, Miriam Kyselo, Alexander Maye, Marek McGann, Richard Menary, Thomas Metzinger, Ezequiel Morsella, Saskia Nagel, Kevin J. O'Regan, Pierre-Yves Oudeyer, Giovanni Pezzulo, Tony J. Prescott, Wolfgang Prinz, Friedemann Pulvermüller, Robert Rupert, Marti Sanchez-Fibla, Andrew Schwartz, Anil K. Seth, Vicky Southgate, Antonella Tramacere, John K. Tsotsos, Paul F. M. J. Verschure, Gabriella Vigliocco, Gottfried Vosgerau

Download or read book Information Security Governance written by Andrej Volchkov and published by CRC Press. This book was released on 2018-10-26 with total page 254 pages. Available in PDF, EPUB and Kindle. Book excerpt: This book presents a framework to model the main activities of information security management and governance. The same model can be used for any security sub-domain such as cybersecurity, data protection, access rights management, business continuity, etc.

Download or read book A Pragmatist s Guide to Leveraged Finance written by Robert S. Kricheff and published by FT Press. This book was released on 2012-02-27 with total page 282 pages. Available in PDF, EPUB and Kindle. Book excerpt: The high-yield leveraged bond and loan market (“junk bonds”) is now valued at $3+ trillion in North America, €1 trillion in Europe, and another $1 trillion in emerging markets. What’s more, based on the maturity schedules of current debt, it’s poised for massive growth. To successfully issue, evaluate, and invest in high-yield debt, however, financial professionals need credit and bond analysis skills specific to these instruments. Now, for the first time, there’s a complete, practical, and expert tutorial and workbook covering all facets of modern leveraged finance analysis. In A Pragmatist’s Guide to Leveraged Finance, Credit Suisse managing director Bob Kricheff explains why conventional analysis techniques are inadequate for leveraged instruments, clearly defines the unique challenges sellers and buyers face, walks step-by-step through deriving essential data for pricing and decision-making, and demonstrates how to apply it. Using practical examples, sample documents, Excel worksheets, and graphs, Kricheff covers all this, and much more: yields, spreads, and total return; ratio analysis of liquidity and asset value; business trend analysis; modeling and scenarios; potential interest rate impacts; evaluating and potentially escaping leveraged finance covenants; how to assess equity (and why it matters); investing on news and events; early stage credit; and creating accurate credit snapshots. This book is an indispensable resource for all investment and underwriting professionals, money managers, consultants, accountants, advisors, and lawyers working in leveraged finance. In fact, it teaches credit analysis skills that will be valuable in analyzing a wide variety of higher-risk investments, including growth stocks.

Download or read book Managing Risk and Information Security written by Malcolm Harkins and published by Apress. This book was released on 2013-03-21 with total page 145 pages. Available in PDF, EPUB and Kindle. Book excerpt: Managing Risk and Information Security: Protect to Enable, an ApressOpen title, describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This compact book discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies—such as social media and the huge proliferation of Internet-enabled devices—while minimizing risk. With ApressOpen, content is freely available through multiple online distribution channels and electronic formats with the goal of disseminating professionally edited and technically reviewed content to the worldwide community. Here are some of the responses from reviewers of this exceptional work: “Managing Risk and Information Security is a perceptive, balanced, and often thought-provoking exploration of evolving information risk and security challenges within a business context. Harkins clearly connects the needed, but often-overlooked linkage and dialog between the business and technical worlds and offers actionable strategies. The book contains eye-opening security insights that are easily understood, even by the curious layman.” Fred Wettling, Bechtel Fellow, IS&T Ethics & Compliance Officer, Bechtel “As disruptive technology innovations and escalating cyber threats continue to create enormous information security challenges, Managing Risk and Information Security: Protect to Enable provides a much-needed perspective. This book compels information security professionals to think differently about concepts of risk management in order to be more effective. The specific and practical guidance offers a fast-track formula for developing information security strategies which are lock-step with business priorities.” Laura Robinson, Principal, Robinson Insight Chair, Security for Business Innovation Council (SBIC) Program Director, Executive Security Action Forum (ESAF) “The mandate of the information security function is being completely rewritten. Unfortunately most heads of security haven’t picked up on the change, impeding their companies’ agility and ability to innovate. This book makes the case for why security needs to change, and shows how to get started. It will be regarded as marking the turning point in information security for years to come.” Dr. Jeremy Bergsman, Practice Manager, CEB “The world we are responsible to protect is changing dramatically and at an accelerating pace. Technology is pervasive in virtually every aspect of our lives. Clouds, virtualization and mobile are redefining computing – and they are just the beginning of what is to come. Your security perimeter is defined by wherever your information and people happen to be. We are attacked by professional adversaries who are better funded than we will ever be. We in the information security profession must change as dramatically as the environment we protect. We need new skills and new strategies to do our jobs effectively. We literally need to change the way we think. Written by one of the best in the business, Managing Risk and Information Security challenges traditional security theory with clear examples of the need for change. It also provides expert advice on how to dramatically increase the success of your security strategy and methods – from dealing with the misperception of risk to how to become a Z-shaped CISO. Managing Risk and Information Security is the ultimate treatise on how to deliver effective security to the world we live in for the next 10 years. It is absolute must reading for anyone in our profession – and should be on the desk of every CISO in the world.” Dave Cullinane, CISSP CEO Security Starfish, LLC “In this overview, Malcolm Harkins delivers an insightful survey of the trends, threats, and tactics shaping information risk and security. From regulatory compliance to psychology to the changing threat context, this work provides a compelling introduction to an important topic and trains helpful attention on the effects of changing technology and management practices.” Dr. Mariano-Florentino Cuéllar Professor, Stanford Law School Co-Director, Stanford Center for International Security and Cooperation (CISAC), Stanford University “Malcolm Harkins gets it. In his new book Malcolm outlines the major forces changing the information security risk landscape from a big picture perspective, and then goes on to offer effective methods of managing that risk from a practitioner's viewpoint. The combination makes this book unique and a must read for anyone interested in IT risk." Dennis Devlin AVP, Information Security and Compliance, The George Washington University “Managing Risk and Information Security is the first-to-read, must-read book on information security for C-Suite executives. It is accessible, understandable and actionable. No sky-is-falling scare tactics, no techno-babble – just straight talk about a critically important subject. There is no better primer on the economics, ergonomics and psycho-behaviourals of security than this.” Thornton May, Futurist, Executive Director & Dean, IT Leadership Academy “Managing Risk and Information Security is a wake-up call for information security executives and a ray of light for business leaders. It equips organizations with the knowledge required to transform their security programs from a “culture of no” to one focused on agility, value and competitiveness. Unlike other publications, Malcolm provides clear and immediately applicable solutions to optimally balance the frequently opposing needs of risk reduction and business growth. This book should be required reading for anyone currently serving in, or seeking to achieve, the role of Chief Information Security Officer.” Jamil Farshchi, Senior Business Leader of Strategic Planning and Initiatives, VISA “For too many years, business and security – either real or imagined – were at odds. In Managing Risk and Information Security: Protect to Enable, you get what you expect – real life practical ways to break logjams, have security actually enable business, and marries security architecture and business architecture. Why this book? It's written by a practitioner, and not just any practitioner, one of the leading minds in Security today.” John Stewart, Chief Security Officer, Cisco “This book is an invaluable guide to help security professionals address risk in new ways in this alarmingly fast changing environment. Packed with examples which makes it a pleasure to read, the book captures practical ways a forward thinking CISO can turn information security into a competitive advantage for their business. This book provides a new framework for managing risk in an entertaining and thought provoking way. This will change the way security professionals work with their business leaders, and help get products to market faster. The 6 irrefutable laws of information security should be on a stone plaque on the desk of every security professional.” Steven Proctor, VP, Audit & Risk Management, Flextronics