Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams - Hardcover

About the Author

JAKE KOUNS is cofounder, CEO, and CFO of the Open Security Foundation. He holds an MBA in information security from James Madison University and a number of certifications, including ISC2's CISSP, ISACA's CISM, CISA, and CGEIT.

DANIEL MINOLI is an expert in the fields of IT, telecommunications, and networking, with work experience at Capital One Financial, Prudential Securities, and AT&T, among others. He is the founder and President Emeritus of the IPv6 Institute. He is the author or coauthor of several books on IT, security, and networking, including Minoli-Cordovana's Authoritative Computer and Network Security Dictionary and Network Infrastructure and Architecture: Designing High Availability Networks, both published by Wiley.

From the Back Cover

LEARN HOW AN ORGANIZATION NEEDS TO POSITION ITSELF TO PROPERLY HANDLE RISKS TO ITS CRITICAL ASSETS

Information Technology Risk Management in Enterprise Environments provides a comprehensive review of industry approaches, practices, and standards on how to handle the ever-increasing risks to organizations' business-critical assets. Through a practical approach, this book explores key topics that enable readers to uncover and remediate potential infractions. The authors present an effective risk management program by providing:

• An overview of risk assessment, mitigation, and management approaches and methodologies
• Processes for developing a repeatable program for technological issues and human resources
• Definitions of key concepts and security standards in the area of risk management
• Analytical techniques for assessing the amount of risk and the benefit of risk remediation
• Information on the development and implementation of the risk management team

Information Technology Risk Management in Enterprise Environments details fundamental corporate risks and outlines how they can be avoided. It is an essential resource for information security managers and analysts, system developers, auditors, consultants, and students in understanding the IT resources, procedures, and tools to identify and handle technology and security risks.

From the Inside Flap

LEARN HOW AN ORGANIZATION NEEDS TO POSITION ITSELF TO PROPERLY HANDLE RISKS TO ITS CRITICAL ASSETS

Information Technology Risk Management in Enterprise Environments provides a comprehensive review of industry approaches, practices, and standards on how to handle the ever-increasing risks to organizations' business-critical assets. Through a practical approach, this book explores key topics that enable readers to uncover and remediate potential infractions. The authors present an effective risk management program by providing:

• An overview of risk assessment, mitigation, and management approaches and methodologies
• Processes for developing a repeatable program for technological issues and human resources
• Definitions of key concepts and security standards in the area of risk management
• Analytical techniques for assessing the amount of risk and the benefit of risk remediation
• Information on the development and implementation of the risk management team

Information Technology Risk Management in Enterprise Environments details fundamental corporate risks and outlines how they can be avoided. It is an essential resource for information security managers and analysts, system developers, auditors, consultants, and students in understanding the IT resources, procedures, and tools to identify and handle technology and security risks.