Practical Risk Management for the CIO (Hardcover)

Mark Scherling

相關主題

商品描述

The growing complexity of today’s interconnected systems has not only increased the need for improved information security, but also helped to move information from the IT backroom to the executive boardroom as a strategic asset. And, just like the tip of an iceberg is all you see until you run into it, the risks to your information are mostly invisible until disaster strikes.

Detailing procedures to help your team perform better risk assessments and aggregate results into more meaningful metrics, Practical Risk Management for the CIO approaches information risk management through improvements to information management and information security. It provides easy-to-follow guidance on how to effectively manage the flow of information and incorporate both service delivery and reliability.

  • Explains why every CIO should be managing his or her information differently
  • Provides time-tested risk ranking strategies
  • Considers information security strategy standards such as NIST, FISMA, PCI, SP 800, & ISO 17799
  • Supplies steps for managing: information flow, classification, controlled vocabularies, life cycle, and data leakage
  • Describes how to put it all together into a complete information risk management framework

Information is one of your most valuable assets. If you aren’t on the constant lookout for better ways to manage it, your organization will inevitably suffer. Clarifying common misunderstandings about the risks in cyberspace, this book provides the foundation required to make more informed decisions and effectively manage, protect, and deliver information to your organization and its constituents.

商品描述(中文翻譯)

現今日益複雜的互聯系統不僅增加了對改進信息安全的需求,還將信息從IT後勤室提升到執行董事會,成為戰略資產。就像冰山的尖端只有在撞上時才能看到,對信息的風險在災難發生之前大多是看不見的。

《實用風險管理指南:CIO的角度》詳細介紹了幫助您的團隊進行更好的風險評估並將結果整合為更有意義的指標的程序。該書通過改進信息管理和信息安全的方式來進行信息風險管理,並提供易於遵循的指導,以有效管理信息流動並兼顧服務交付和可靠性。

該書包括以下內容:
- 解釋了為什麼每位CIO都應該以不同方式管理信息
- 提供了經過時間考驗的風險評估策略
- 考慮了信息安全戰略標準,如NIST、FISMA、PCI、SP 800和ISO 17799
- 提供了管理信息流動、分類、控制詞彙、生命周期和數據洩露的步驟
- 描述了如何將所有內容整合為完整的信息風險管理框架

信息是您最寶貴的資產之一。如果您不不斷尋找更好的管理方式,您的組織將不可避免地遭受損失。本書澄清了關於網絡空間風險的常見誤解,為您做出更明智的決策並有效地管理、保護和傳遞信息提供了必要的基礎。