Presenting definitions of roles and responsibilities throughout the organization, this practical guide identifies information security risks. It deals with processes and technical solutions that implement the information security governance framework, focuses on the tasks necessary for the information security manager to effectively manage information security within an organization, and provides a description of various techniques the information security manager can use. The book also covers steps and solutions for responding to an incident. At the end of each key area, a quiz is offered on the materials just presented. Also included is a workbook to a thirty-question final exam.
Complete Guide to CISM® Certification describes the tasks performed by information security managers and contains the necessary knowledge to manage, design, and oversee an information security program. With definitions and practical examples, this text is ideal for information security managers, IT auditors, and network and system administrators.
The book discusses organization-wide policies, their documentation, and legal and business requirements. It explains policy format with a focus on global, topic-specific, and application-specific policies. Following a review of asset classification, it explores access control, the components of physical security, and the foundations and processes of risk analysis and risk management.
The text concludes by describing business continuity planning, preventive controls, recovery strategies, and how to conduct a business impact analysis. Each chapter in the book has been written by a different expert to ensure you gain the comprehensive understanding of what it takes to develop an effective information security program.
How do companies know how to grow? How can they create products that they are sure customers want to buy? Can innovation be more than a game of hit and miss? Harvard Business School professor Clayton Christensen has the answer. A generation ago, Christensen revolutionized business with his groundbreaking theory of disruptive innovation. Now, he goes further, offering powerful new insights.
After years of research, Christensen has come to one critical conclusion: our long held maxim—that understanding the customer is the crux of innovation—is wrong. Customers don’t buy products or services; they "hire" them to do a job. Understanding customers does not drive innovation success, he argues. Understanding customer jobs does. The "Jobs to Be Done" approach can be seen in some of the world’s most respected companies and fast-growing startups, including Amazon, Intuit, Uber, Airbnb, and Chobani yogurt, to name just a few. But this book is not about celebrating these successes—it’s about predicting new ones.
Christensen contends that by understanding what causes customers to "hire" a product or service, any business can improve its innovation track record, creating products that customers not only want to hire, but that they’ll pay premium prices to bring into their lives. Jobs theory offers new hope for growth to companies frustrated by their hit and miss efforts.
This book carefully lays down Christensen’s provocative framework, providing a comprehensive explanation of the theory and why it is predictive, how to use it in the real world—and, most importantly, how not to squander the insights it provides.
The book emphasizes how information security must be integrated into all aspects of the business process. It examines the 12 enterprise-wide (Tier 1) policies, and maps information security requirements to each. The text also discusses the need for top-specific (Tier 2) policies and application-specific (Tier 3) policies and details how they map with standards and procedures.
It may be tempting to download some organization’s policies from the Internet, but Peltier cautions against that approach. Instead, he investigates how best to use examples of policies, standards, and procedures toward the achievement of goals. He analyzes the influx of national and international standards, and outlines how to effectively use them to meet the needs of your business.
To help you determine the best way to mitigate risk levels in any given situation, How to Complete a Risk Assessment in 5 Days or Less includes more than 350 pages of user-friendly checklists, forms, questionnaires, and sample assessments.
Presents Case Studies and Examples of all Risk Management Components
Based on the seminars of information security expert Tom Peltier, this volume provides the processes that you can easily employ in your organization to assess risk.
Answers such FAQs as:
Why should a risk analysis be conducted?
Who should review the results?
How is the success measured?
Always conscious of the bottom line, Peltier discusses the cost-benefit of risk mitigation and looks at specific ways to manage costs. He supports his conclusions with numerous case studies and diagrams that show you how to apply risk management skills in your organization—and it’s not limited to information security risk assessment. You can apply these techniques to any area of your business. This step-by-step guide to conducting risk assessments gives you the knowledgebase and the skill set you need to achieve a speedy and highly-effective risk analysis assessment in a matter of days.
Authored by renowned security expert and certification instructor, Thomas Peltier, this authoritative reference provides you with the knowledge and the skill-set needed to achieve a highly effective risk analysis assessment in a matter of days. Supplemented with user-friendly checklists, forms, questionnaires, sample assessments, and other documents, this work is truly a one-stop, how-to resource for industry and academia professionals.