The Manager’s Guide to Enterprise Security Risk Management: Essentials of Risk-Based Security

Free sample

Is security management changing so fast that you can’t keep up? Perhaps it seems like those traditional “best practices” in security no longer work? One answer might be that you need better best practices! In their new book, The Manager’s Guide to Enterprise Security Risk Management: Essentials of Risk-Based Security, two experienced professionals introduce ESRM. Their practical, organization-wide, integrated approach redefines the securing of an organization’s people and assets from being task-based to being risk-based.

In their careers, the authors, Brian Allen and Rachelle Loyear, have been instrumental in successfully reorganizing the way security is handled in major corporations. In this ground-breaking book, the authors begin by defining Enterprise Security Risk Management (ESRM):

“Enterprise security risk management is the application of fundamental risk principles to manage all security risks − whether information, cyber, physical security, asset management, or business continuity − in a comprehensive, holistic, all-encompassing approach.”

In the face of a continually evolving and increasingly risky global security landscape, this book takes you through the steps of putting ESRM into practice enterprise-wide, and helps you to:

  • Differentiate between traditional, task-based management and strategic, risk-based management.
  • See how adopting ESRM can lead to a more successful security program overall and enhance your own career. .
  • Prepare your security organization to adopt an ESRM methodology. .
  • Analyze and communicate risks and their root causes to all appropriate parties. .
  • Identify what elements are necessary for long-term success of your ESRM program. .
  • Ensure the proper governance of the security function in your enterprise. .
  • Explain the value of security and ESRM to executives using useful metrics and reports. .

Throughout the book, the authors provide a wealth of real-world case studies from a wide range of businesses and industries to help you overcome any blocks to acceptance as you design and roll out a new ESRM-based security program for your own workplace.

Read more
Collapse

About the author

Brian J. Allen has more than 20 years’ experience in virtually every aspect of the security field. He most recently held the position of Chief Security Officer (CSO) with Time Warner Cable (TWC), a leading multinational provider of telecommunications, information, and entertainment services headquartered in New York City. In this role, he was responsible for protecting TWC’s assets worldwide, coordinating the company’s crisis management and business continuity management (BCM) programs, managing TWC’s cybersecurity policy and leading its security risk management program. He managed the company’s security policy and relations with law enforcement and government authorities, as well as all customer security risk issues, oversaw internal and external investigations, and headed the company’s workplace violence program. Before joining TWC in January 2002, he was Director of the Office of Cable Signal Theft at the National Cable and Telecommunications Association in Washington, D.C., and the owner of ACI Investigations, a multimillion-dollar provider of security guard, investigations, and consulting services.

Brian earned his Bachelor of Science degree in criminal justice from Long Island University and received his Juris Doctor degree from Touro Law Center in New York. He is a member of the New York State Bar Association, a Certified Protection Professional (CPP) with ASIS, a Certified Information Systems Security Professional (CISSP) with ISC2, a Certified Fraud Examiner (CFE) with the ACFE and a Certified Information Security Manager (CISM) with ISACA. Brian is also a member of the International Security Management Association and the Association of Threat Assessment Professionals.

Brian is an Adjunct Professor at the University of Connecticut, School of Business MBA Program and is active in industry organizations. He served as a member of the Communications Infrastructure Reliability and Interoperability Council (CSRIC), an FCC appointed position, and co-chaired its working group on Cybersecurity Best Practices and the Cybersecurity Framework. He is also one of four elected communications company representatives to serve on the Executive Committee of the US Communications Sector Coordinating Council (CSCC). He works with the Cross Sector Cybersecurity Working Group, established by the U.S. Department of Homeland Security (DHS) under the Critical Infrastructure Partnership Advisory Council. Brian has served on the board of directors of ASIS International, and the board of trustees of ASIS International’s Foundation. He is currently a member of the Board of Directors of the Domestic Violence Crisis Center in Connecticut.

Rachelle Loyear has spent over a decade managing various projects and programs in corporate security organizations, focusing strongly on business continuity and organizational resilience. In her work life, she has directed teams responsible for ensuring resilience in the face of many different types of security risks, both physical and logical. Her responsibilities have included: Security/BCM program design and development; crisis management and emergency response planning; functional and location-based recovery and continuity planning; crisis management and continuity training and operational continuity exercises; and logistical programs, such as public/private partnership relationship management and crisis recovery resource programs.

She began her career in information technology (IT), working in programming and training design at an online training company, prior before moving into the telecommunications industry. She has worked in various IT roles – including Web design, user experience, business analysis, and project management – before moving into the security/business continuity arena. This diverse background enables her to approach security, risk, business continuity, and disaster recovery with a broad methodology that melds many aspects into a cohesive whole.

Rachelle holds a bachelor’s degree in history from the University of North Carolina at Charlotte, and a master’s degree in business administration from the University of Phoenix. She is certified as a Master Business Continuity Professional (MBCP) through DRI International, as an Associate Fellow of Business Continuity International (AFBCI), as a Certified Information Security Manager (CISM) through ISACA, and as a Project Management Professional (PMP) through the Project Management Institute (PMI). She is active in multiple BCM industry groups, and is vice-chair of the Crisis Management and Business Continuity Council of ASIS International as well as serving on the IT Security Council.

Kristen Noakes-Fry, ABCI, is Executive Editor at Rothstein Publishing. Previously, she was a Research Director, Information Security and Risk Group, for Gartner,Inc.; Associate Editor at Datapro (McGraw-Hill); and Associate Professor of English at Atlantic Cape College in New Jersey. She holds an M.A. from New York University and a B.A. from Russel Sage College.

Read more
Collapse
Loading...

Additional Information

Publisher
Rothstein Publishing
Read more
Collapse
Published on
Nov 15, 2016
Read more
Collapse
Pages
114
Read more
Collapse
ISBN
9781944480240
Read more
Collapse
Read more
Collapse
Read more
Collapse
Language
English
Read more
Collapse
Genres
Business & Economics / General
Business & Economics / Insurance / General
Business & Economics / Insurance / Risk Assessment & Management
Business & Economics / Management
Read more
Collapse
Content Protection
This content is DRM protected.
Read more
Collapse
Read Aloud
Available on Android devices
Read more
Collapse
Eligible for Family Library

Reading information

Smartphones and Tablets

Install the Google Play Books app for Android and iPad/iPhone. It syncs automatically with your account and allows you to read online or offline wherever you are.

Laptops and Computers

You can read books purchased on Google Play using your computer's web browser.

eReaders and other devices

To read on e-ink devices like the Sony eReader or Barnes & Noble Nook, you'll need to download a file and transfer it to your device. Please follow the detailed Help center instructions to transfer the files to supported eReaders.
Have you begun to question traditional best practices in business continuity (BC)? Do you seem to be concentrating on documentation rather than preparedness? Compliance rather than recoverability? Do your efforts provide true business value? If you have these concerns, David Lindstedt and Mark Armour offer a solution in Adaptive Business Continuity: A New Approach. This ground-breaking new book provides a streamlined, realistic methodology to change BC dramatically.

After years of working with the traditional practices of business continuity (BC) – in project management, higher education, contingency planning, and disaster recovery – David Lindstedt and Mark Armour identified unworkable areas in many core practices of traditional BC. To address these issues, they created nine Adaptive BC principles, the foundation of this book:

Deliver continuous value. Document only for mnemonics. Engage at many levels within the organization. Exercise for improvement, not for testing. Learn the business. Measure and benchmark. Obtain incremental direction from leadership. Omit the risk assessment and business impact analysis. Prepare for effects, not causes.

Adaptive Business Continuity: A New Approach uses the analogy of rebuilding a house. After the initial design, the first step is to identify and remove all the things not needed in the new house. Thus, the first chapter is “Demolition” – not to get rid of the entire BC enterprise, but to remove certain BC activities and products to provide the space to install something new. The stages continue through foundation, framework, and finishing. Finally, the last chapter is “Dwelling,” permitting you a glimpse of what it might be like to live in this new home that has been created.

Through a wealth of examples, diagrams, and real-world case studies, Lindstedt and Armour show you how you can execute the Adaptive BC framework in your own organization. You will:

Recognize specific practices in traditional BC that may be problematic, outdated, or ineffective. Identify specific activities that you may wish to eliminate from your practice. Learn the capability and constraint model of recoverability. Understand how Adaptive BC can be effective in organizations with vastly different cultures and program maturity levels. See how to take the steps to implement Adaptive BC in your own organization. Think through some typical challenges and opportunities that may arise as you implement an Adaptive BC approach.
Financial Risk Forecasting is a complete introduction to practical quantitative risk management, with a focus on market risk. Derived from the authors teaching notes and years spent training practitioners in risk management techniques, it brings together the three key disciplines of finance, statistics and modeling (programming), to provide a thorough grounding in risk management techniques.

Written by renowned risk expert Jon Danielsson, the book begins with an introduction to financial markets and market prices, volatility clusters, fat tails and nonlinear dependence. It then goes on to present volatility forecasting with both univatiate and multivatiate methods, discussing the various methods used by industry, with a special focus on the GARCH family of models. The evaluation of the quality of forecasts is discussed in detail. Next, the main concepts in risk and models to forecast risk are discussed, especially volatility, value-at-risk and expected shortfall. The focus is both on risk in basic assets such as stocks and foreign exchange, but also calculations of risk in bonds and options, with analytical methods such as delta-normal VaR and duration-normal VaR and Monte Carlo simulation. The book then moves on to the evaluation of risk models with methods like backtesting, followed by a discussion on stress testing. The book concludes by focussing on the forecasting of risk in very large and uncommon events with extreme value theory and considering the underlying assumptions behind almost every risk model in practical use – that risk is exogenous – and what happens when those assumptions are violated.

Every method presented brings together theoretical discussion and derivation of key equations and a discussion of issues in practical implementation. Each method is implemented in both MATLAB and R, two of the most commonly used mathematical programming languages for risk forecasting with which the reader can implement the models illustrated in the book.

The book includes four appendices. The first introduces basic concepts in statistics and financial time series referred to throughout the book. The second and third introduce R and MATLAB, providing a discussion of the basic implementation of the software packages. And the final looks at the concept of maximum likelihood, especially issues in implementation and testing.

The book is accompanied by a website - www.financialriskforecasting.com – which features downloadable code as used in the book.

As a security professional, have you found that you and others in your company do not always define “security” the same way? Perhaps security interests and business interests have become misaligned. Brian Allen and Rachelle Loyear offer a new approach: Enterprise Security Risk Management (ESRM). By viewing security through a risk management lens, ESRM can help make you and your security program successful.

In their long-awaited book, based on years of practical experience and research, Brian Allen and Rachelle Loyear show you step-by-step how Enterprise Security Risk Management (ESRM) applies fundamental risk principles to manage all security risks. Whether the risks are informational, cyber, physical security, asset management, or business continuity, all are included in the holistic, all-encompassing ESRM approach which will move you from task-based to risk-based security.

How is ESRM familiar? As a security professional, you may already practice some of the components of ESRM. Many of the concepts – such as risk identification, risk transfer and acceptance, crisis management, and incident response – will be well known to you. How is ESRM new? While many of the principles are familiar, the authors have identified few organizations that apply them in the comprehensive, holistic way that ESRM represents – and even fewer that communicate these principles effectively to key decision-makers. How is ESRM practical? ESRM offers you a straightforward, realistic, actionable approach to deal effectively with all the distinct types of security risks facing you as a security practitioner. ESRM is performed in a life cycle of risk management including: Asset assessment and prioritization. Risk assessment and prioritization. Risk treatment (mitigation). Continuous improvement.

Throughout Enterprise Security Risk Management: Concepts and Applications, the authors give you the tools and materials that will help you advance you in the security field, no matter if you are a student, a newcomer, or a seasoned professional. Included are realistic case studies, questions to help you assess your own security program, thought-provoking discussion questions, useful figures and tables, and references for your further reading.

By redefining how everyone thinks about the role of security in the enterprise, your security organization can focus on working in partnership with business leaders and other key stakeholders to identify and mitigate security risks. As you begin to use ESRM, following the instructions in this book, you will experience greater personal and professional satisfaction as a security professional – and you’ll become a recognized and trusted partner in the business-critical effort of protecting your enterprise and all its assets.

Now updated — your guide to getting the best insurance policy

Are you intimidated by insurance? Have no fear — this easy-to-understand guide explains everything you need to know, from getting the most coverage at the best price to dealing with adjusters, filing claims, and more. Whether you're looking for personal or business insurance, you'll see how to avoid common pitfalls, lower your costs, and get what you deserve at claim time.

Get to know the basics — understand how to make good insurance decisions and reduce the chances of a financial loss in your life

Take your insurance on the road — manage your personal automobile risks, handle special situations, insure recreational vehicles, and deal with insurance adjusters

Understand homeowner's and renter's insurance — know what is and isn't covered by typical policies, common exclusions and pitfalls, and how to cover yourself against personal lawsuits

Buy the right umbrella policy — discover the advantages, and coordinate your policies to cover the gaps

Manage life, health, and disability risks — explore individual and group policies, understand Medicare basics, and evaluate long-term disability and long-term-care insurance

Open the book and find:

The best life, health, home, and auto policies

Strategies for handling the claims process to get what you deserve

Tips on adjusting your deductible to suit your lifestyle

How to navigate healthcare policies

Ways to reduce your risk and your premiums

Common traps and loopholes

Considerations for grads, freelancers, and remote workers

“Entertaining and informative. Desai takes us on a journey through the fundamentals of finance, from asset pricing to risk and risk management, via options, mergers, debt, and bankruptcy."- John Lanchester, The New Yorker

"A fascinating new perspective on modern finance," --Oliver Hart, 2016 Nobel Laureate in Economics

"Lucid, witty and delightfully erudite...From the French revolution to film noir, from the history of probability to Jane Austen and The Simpsons, this is an astonishing intellectual feast." --Sebastian Mallaby, author of The Man Who Knew: The Life and Times of Alan Greenspan

Longlisted for 2017 Financial Times/McKinsey Business Book of the Year 

A 2017 AMAZON PICK IN BUSINESS & LEADERSHIP

A WealthManagement.com BEST BUSINESS BOOK OF 2017

In 1688, essayist Josef de la Vega described finance as both “the fairest and most deceitful business . . . the noblest and the most infamous in the world, the finest and most vulgar on earth.”

The characterization of finance as deceitful, infamous, and vulgar still rings true today – particularly in the wake of the 2008 financial crisis. But, what happened to the fairest, noblest, and finest profession that de la Vega saw? 

De la Vega hit on an essential truth that has been forgotten: finance can be just as principled, life-affirming, and worthy as it can be fraught with questionable practices.  Today, finance is shrouded in mystery for outsiders, while many insiders are uneasy with the disrepute of their profession.  How can finance become more accessible and also recover its nobility?

Harvard Business School professor Mihir Desai, in his “last lecture” to the graduating Harvard MBA class of 2015, took up the cause of restoring humanity to finance. With incisive wit and irony, his lecture drew upon a rich knowledge of literature, film, history, and philosophy to explain the inner workings of finance in a manner that has never been seen before.

This book captures Desai’s lucid exploration of the ideas of finance as seen through the unusual prism of the humanities. Through this novel, creative approach, Desai shows that outsiders can access the underlying ideas easily and insiders can reacquaint themselves with the core humanity of their profession.

The mix of finance and the humanities creates unusual pairings: Jane Austen and Anthony Trollope are guides to risk management; Jeff Koons becomes an advocate of leverage; and Mel Brooks’s The Producers teaches us about fiduciary responsibility. In Desai’s vision, the principles of finance also provide answers to critical questions in our lives. Among many surprising parallels, bankruptcy teaches us how to react to failure, the lessons of mergers apply to marriages, and the Capital Asset Pricing Model demonstrates the true value of relationships.
THE WISDOM OF FINANCE is a wholly unique book, offering a refreshing new perspective on one of the world’s most complex and misunderstood professions.    
©2019 GoogleSite Terms of ServicePrivacyDevelopersArtistsAbout Google|Location: United StatesLanguage: English (United States)
By purchasing this item, you are transacting with Google Payments and agreeing to the Google Payments Terms of Service and Privacy Notice.