Security Risk Management: Building an Information Security Risk Management Program from the Ground Up

This is one of the best books on security I've ever read. Highly recommended for new and experienced practitioners.

Great book, great read. Bridges some learning gaps in security risk management. Definitely looking to apply these study areas at my new job. Unfortunately, the (brand new) book cover itself was a little bit bent. Other than that, I highly recommend this!

This book is an excellent and practical introduction to information security risk management. Wheeler starts off with overviews of basic concepts, like how to define and understand risk and its components, breaks down common pitfalls of infosec (like ignoring business needs), and launches into a usable, approachable structure that you can use to asses and deal with risk in your network or organization. The book is full of case studies and security "deep dives" where concepts introduced in the previous chapter are used in real world situations. The writing is clear and refreshingly informal, and the lessons in the book can be put into practice immediately at your organization. Wheeler even includes four chapters at the end of book that introduce a practical approach to creating a formal and effective risk management system in organizations that lack one. Overall, well written, doesn't require you to have experience in info to understand it, and useful.

Finally some sensible thinking about security and risk. As a practitioner there is huge need for fresh thinking in the IT security field. Where we are right now is just not effective or even manageable. This is a good place to start for a new or reemphasized approach. We currently have the cart before the horse. Or maybe a cart with no horse at all. Everything begins and ends with risk, and not with the newest flashy security tool.

Acheter dans le cadre d’un cours sur la cyber sécurité mais le prof indique que ce n’était si nécessaire de l’acheter donc je le garde pareil pour ma bibliothèque.