Practical Risk Management for the CIO

Mark Scherling

Auerbach Publications
Published April 25, 2011
Reference - 399 Pages - 34 B/W Illustrations
ISBN 9781439856536 - CAT# K12655

For Instructors Request Inspection Copy


Add to Wish List
FREE Standard Shipping!


    • Provides an overview of information risk management and the association between information delivery, information management, and information protection
    • Offers guidance on how to incorporate both service delivery and reliability
    • Covers security strategy standards including NIST, FISMA, PCI, SP 800, & ISO 17799
    • Considers information management strategies such as valuation, classification, and identification
    • Explains why executives need to pay more attention to the people risks in information security


    The growing complexity of today’s interconnected systems has not only increased the need for improved information security, but also helped to move information from the IT backroom to the executive boardroom as a strategic asset. And, just like the tip of an iceberg is all you see until you run into it, the risks to your information are mostly invisible until disaster strikes.

    Detailing procedures to help your team perform better risk assessments and aggregate results into more meaningful metrics, Practical Risk Management for the CIO approaches information risk management through improvements to information management and information security. It provides easy-to-follow guidance on how to effectively manage the flow of information and incorporate both service delivery and reliability.

    • Explains why every CIO should be managing his or her information differently
    • Provides time-tested risk ranking strategies
    • Considers information security strategy standards such as NIST, FISMA, PCI, SP 800, & ISO 17799
    • Supplies steps for managing: information flow, classification, controlled vocabularies, life cycle, and data leakage
    • Describes how to put it all together into a complete information risk management framework

    Information is one of your most valuable assets. If you aren’t on the constant lookout for better ways to manage it, your organization will inevitably suffer. Clarifying common misunderstandings about the risks in cyberspace, this book provides the foundation required to make more informed decisions and effectively manage, protect, and deliver information to your organization and its constituents.