Description
This book takes up and expands on the contents of my previous publication TOTAL SECURITY 4.0 - The ABC on Physical Cyber Security for DPOs and SMEs (and beyond).
Unlike its predecessor, which, as the title indicates, is aimed primarily at a non-specialist audience, this text addresses the topic of risk management through the view of different methodologies.
In particular, the text draws on methodologies proposed by ISO, NIST, ENISA, OPEN GROUP, but also developed by governmental bodies (Spain, Canada...) that address the issue of risk management through their own analysis methodologies that have over time become a point of reference.
Alongside this established view, the text proposes, with all the limitations of available space, the new frontiers of risk analysis, based on quantitative methods and the use of statistical techniques.
The text is intended to be as comprehensive a handbook as possible, although the specific references to the sources used allow the reader to carry out the appropriate in-depth studies independently.
Except for references to ISO standards, the cited material is normally in the public domain, and therefore freely accessible to all readers.
Particular emphasis is placed on how to collect (or estimate) the information useful for determining the factors that enter into the risk assessment, again referring to catalogues and external sources that are easily retrievable online, examples of which are usually given.
The text is accompanied by operational toolsavailable in the “materiali aggiuntivi”:
- PDF files representing useful forms for mapping one's own organisation
- a series of excel sheets providing examples of processing and reporting.
Some paragraphs are taken from my articles in Toolnews, for which I thank Alessandro Giacchino.
Giancarlo Butti
(LA BS 7799), (LA ISO IEC 27001), CRISC, CDPSE, ISM, DPO, CBCI, AMBCI
Master in Business Management and Organisational Development (MIP - Politecnico di Milano).
He has been involved in ICT, organisation and regulation since the early 1980s:
- organisation analyst, project manager, security manager and auditor in banking groups
- document, security, privacy... consultant in companies of different sectors and sizes.
As a populariser he has to his credit:
- over 800 articles in 30 different publications
- 26 books and white papers, some of which are used as university texts
- 27 opere collettive nell’ambito di ABI LAB, Oracle Community for Security, Rapporto CLUSIT sulla sicurezza ICT in Italia
- relatore in oltre 170 eventi presso ABI, ISACA/AIEA, AIIA, ORACLE/CLUSIT, ITER, INFORMA BANCA, CONVENIA, CETIF, IKN, TECNA…
- docente in master e corsi di perfezionamento post-universitario presso diversi atenei.
Socio di AIEA/ISACA (www.aiea.it – Associazione Italiana Information Systems Auditors) e di BCI (Business Continuity Institute).
Socio e membro del comitato scientifico del CLUSIT (www.clusit.it – Associazione Italiana per la Sicurezza Informatica)
Partecipa ai gruppi di lavoro di ABI LAB, di ISACA-AIEA, di UNINFO, di Oracle Community for security…
Alberto Piamonte
A graduate of the University of Padua in Electronic Engineering, he is currently a member of the KeyMap Team, a group of consultants and companies involved in the development of automated tools and methodologies for audit activities, risk analysis and management, compliance certification and the implementation of effective and efficient control and governance systems.
In addition to carrying out consultancy work himself, he is actively involved in issues related to IT systems governance by holding frequent courses and seminars on methodologies such as COBIT, ITIL and ISO27001 and in raising awareness and dissemination of related issues, and has been an IAEA Advisor with the role of Research Director.
He began his career as an IBM researcher with more than a decade's stay in research and development laboratories (USA, Germany, Sweden and Italy) dealing mainly with communications (SNA) and related security issues.
Later, as Olivetti Marketing Manager for Public Administrations, he was involved in the management and implementation of large projects.
More recently, as Software Director Europe at Amdahl Corporation, he dealt with the management and security issues of large user networks.
Member of ISACA - Rome, COBIT5 Trainer, Assessor and Implementor.
After purchasing the book, request the link to download additional materials