Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
How to manage cybersecurity risk : a security leader’s roadmap with Open FAIR
Carlson C., Brown Walker Press, Boca Raton, FL, 2019. 308 pp. Type: Book (978-1-627342-76-6)
Date Reviewed: Dec 25 2020

Most chief information security officers (CISOs)/security risk managers probably wouldn’t join a new organization during, or right after, a breach, hence readers may have to use their imagination to apply some of the advice. Having said that, How to manage cybersecurity risk is an easy-to-follow account of the author’s experiences with advising various organizations over the years. The book is clear about its target audience: small to midsize organizations that, for one reason or another, have not prioritized cybersecurity enough, but are now trying to fix this in light of an incident. The chapters follow the author’s advice to a new CISO, that is, the reader.

Broken into stages of maturity, the chapters are action plans categorized into react, plan, and manage phases. Part 1, “Reactive,” focuses on responding to the incident, assessing the current state, and making recommendations that also assess the organization’s risk appetite.

Part 2, “Planned,” walks readers through the various steps required to establish a comprehensive security program. The chapter on international coverage introduces readers to some key considerations when deploying various components of the program in jurisdictions around the world.

Finally, Part 3, “Managed,” describes the governance and assurance aspects required to make a program demonstrably compliant with applicable standards/regulations and sustainable.

Overall, this guide is a simple and succinct reference for security managers who want to add a bit of maturity to their security programs. Its introduction to one of the most widely adopted risk management frameworks in Open FAIR will help readers continue their journey beyond the book via a community of trainers, educational material, and peer networks.

More reviews about this item: Amazon

Reviewer:  Phoram Mehta Review #: CR147146 (2105-0111)
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
 
Security and Protection (K.6.5 )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
CIRCAL and the representation of communication, concurrency, and time
Milne G. ACM Transactions on Programming Languages and Systems 7(2): 270-298, 1985. Type: Article
Oct 1 1985
Computer security risk management
Palmer I., Potter G., Van Nostrand Reinhold Co., New York, NY, 1989. Type: Book (9780442302900)
Apr 1 1991
Computers at risk
, National Academy Press, Washington, DC, 1991. Type: Book (9780309043885)
Oct 1 1991
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy