Text
Managing risk and information security : protect to enable
Security and first-person shooter video games have one obvious thing in common: if
you’re not continuously moving, you’re dead. In this second edition of Managing Risk
and Information Security , Malcolm Harkins helps us move our thinking into areas of risk
that have become more prominent over the last several years.
Because there is so much new content in this edition, I will focus on a topic that has
risen to greater prominence since the first edition: people are the perimeter. When we
reflect on what has changed in recent years, with an eye to the vulnerabilities that result
in real-world compromises, a pattern emerges: virtually all the major breaches that we
have seen involve manipulation of people. When nearly everyone has heard of phishing,
we have to ask ourselves: why is it still such an effective tool?
The obvious theory is that we haven’t managed people risk as well as we should.
Perhaps we have been standing still and need to learn how to dodge and experiment
with the way we drive better people-security outcomes. Unfortunately, the path is not
100% clear. Unlike technology, the field of influencing human behavior in security is
remarkably complicated and supported by limited research.
Malcolm provides us with a great foundation and framework to build our
“security engagement” functions. I like to use the word “engagement” because it
speaks to how the security organization relates to the workforce in a manner that isn’t
simply bounded by the more traditional term “training and awareness.” Engagement
encompasses anything that shifts the desired behavior outcome in the direction we want
it to go. I have seen remarkable shifts in measured behavior from the use of
non-traditional tools such as security gamification and simulation.
The way Malcolm differentiates between “compliance” and “commitment” is key.
Managing Risk and Information Security is an ever-evolving classic in the field of security
management
Availability
No copy data
Detail Information
- Series Title
-
-
- Call Number
-
005.8 HAR
- Publisher
- : Springer Nature., 2016
- Collation
-
xxv, 181 p
- Language
-
English
- ISBN/ISSN
-
9781484214558
- Classification
-
NONE
- Content Type
-
-
- Media Type
-
-
- Carrier Type
-
-
- Edition
-
36
- Subject(s)
- Specific Detail Info
-
-
- Statement of Responsibility
-
By Malcolm W, Harkins
Other version/related
No other version available
File Attachment
Comments
You must be logged in to post a comment
Computer Science, Information & General Works 
Philosophy & Psychology 
Religion 
Social Sciences 
Language 
Pure Science 
Applied Sciences 
Art & Recreation 
Literature 
History & Geography