Über den Autor
Malcolm Harkins is vice president and Chief Security and Privacy Officer (CSPO) at Intel Corporation. In this role Malcolm is responsible for managing the risk, controls, privacy, security, and other related compliance activities for all of Intel s information assets, products and services. Before becoming Intel s first CSPO he was the Chief Information Security Officer (CISO) reporting into the Chief Information Officer. Malcolm also held roles in finance, procurement and various business operations. He has managed IT benchmarking efforts and Sarbanes Oxley systems compliance efforts. Harkins acted as the profit and loss manager for the Flash Product Group at Intel; was the general manager of Enterprise Capabilities, responsible for the delivery and support of Intel s finance and HR systems; and worked in an Intel business venture focusing on e-commerce hosting. Malcolm previously taught at the CIO institute at the UCLA Anderson School of Business and was an adjunct faculty member at Susquehanna University in 2009. In 2010, he received the excellence in the field of security award at the RSA conference. He was recognized by Computerworld magazine as one of the top 100 Information Technology Leaders for 2012. In addition, (ISC)2 recognized Malcolm in 2012 with the Information Security Leadership Award. Malcolm is a frequent speaker at industry events, he is also an author of many white papers. Malcolm received his bachelor s degree in economics from the University of California at Irvine and an MBA in finance and accounting from the University of California at Davis.
1: Introduction: Protect to Enable
2: Misperception of Risk
3: Security Governance and Creating Strong Internal Partnerships
4: External Partnerships
5: People are the Perimeter
6: Emerging Capabilities and Usage Models
7: Emerging Threats and Vulnerabilities
8: A New Security Model
9: The 21st Century CISO
Managing Risk and Information Security: Protect to Enable, an ApressOpen title, describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This compact book discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies-such as social media and the huge proliferation of Internet-enabled devices-while minimizing risk.
With ApressOpen, content is freely available through multiple online distribution channels and electronic formats with the goal of disseminating professionally edited and technically reviewed content to the worldwide community.
Here are some of the responses from reviewers of this exceptional work:
"Managing Risk and Information Security is a perceptive, balanced, and often thought-provoking exploration of evolving information risk and security challenges within a business context. Harkins clearly connects the needed, but often-overlooked linkage and dialog between the business and technical worlds and offers actionable strategies. The book contains eye-opening security insights that are easily understood, even by the curious layman."
Fred Wettling, Bechtel Fellow, IS&T Ethics & Compliance Officer, Bechtel
"As disruptive technology innovations and escalating cyber threats continue to create enormous information security challenges, Managing Risk and
This ApressOpen book describes the changing risk environment and why a fresh approach to information security is needed.The book discusses business risk from a broad perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions.