Synopses & Reviews
"Corporate leaders need to familiarise themselves with digital security issues as they would with any other major risk they face."
from Defending the Digital Frontier: Practical Security for Management
In today's competitive business environment, information and information systems have become crucial for a company's success. Protecting this information and these systems is vital, but many senior managers believe (mistakenly) that such protection is the responsibility of a technical function and are fearful of asking questions, or even knowing what questions to ask. Additionally, recent corporate failures have focused significant attention on corporate governance and the need for effective and visible identification and management of enterprise risks. Defending the Digital Frontier: Practical Security for Management explains why digital security is a board-level governance issue, and describes an approach for creating an enterprise-wide security culture based on business-led risk management principles.
Written by specialists from Ernst & Young's information security practice, Defending the Digital Frontier: Practical Security for Management is aimed at business executives and outlines a clear plan for ensuring that their digital security approach and programmes will protect their organisation's assets and people. It helps managers to separate hype from reality and gives them the confidence to ask the right questions of their line managers and specialist security personnel.
Many multinational organisations not only need to coordinate their digital security planning globally, but must also deal with sometimes contradictory legislation on issues such as privacy and data management. This Second Edition recognises and explores the global nature of well-planned information security programmes.
With detailed examples and real-world scenarios, the authors explain how to build a digital security programme that is:
- Aligned with the organisation's overall objectives
- Enterprise-wide, taking a holistic view of security needs for the extended organisation
- Continuous, maintaining constant, real-time monitoring and updating of policies, procedures, and processes
- Proactive, to effectively anticipate potential threats
- Validated, to confirm that appropriate risk management procedures are in place
- Formal, so that policies, standards, and guidelines are communicated to every member of the extended organisation
Threats to information systems can approach from any direction. But, by strengthening collective digital security knowledge from the top down and developing an ongoing and comprehensive security agenda, every organisation can reap the rewards these systems provide. Defending the Digital Frontier is an essential guide for the business leader.
Ernst & Young is a global leader in professional services. It helps organisations across all industriesfrom emerging growth companies to global powerhousesto deal with a broad range of business issues. Its 103,000 people in more than 140 countries worldwide can implement a broad array of solutions in audit, tax, corporate finance, transactions, information security, enterprise risk management, and other critical business-performance issues.
Review
“…the authors not only help readers explore the digital frontier but also empower them to identify, understand and assess these risks.” (Gulf Business, July 2005)
Synopsis
This book describes the significant vulnerabilities to an organization's digital security structure and explains why that structure's success relies as heavily on the organization and its processes as on technology. It offers a definition of successful digital security and provides in-depth examples of what its six key characteristics are: it must be aligned, enterprise-wide, validated, continuous, proactive, and formal. It describes how digital security can be achieved by designing it according to a tripartite agenda: Restrict, Run, and Recover. It explains why digital security is no longer merely a technical function, but a risk management operation, and therefore dependent on a fluid strategy centered on identification and mitigation. And, finally, It provides an approach for crafting, implementing, and supporting an enterprise-wide security culture that is based on dynamic responsiveness to an evolving environment.
By strengthening the collective digital security knowledge base within an organization from the top down, and enabling a clear understanding of the benefits of a comprehensive, inclusive, on-going security agenda, every organization can build a secure future to the edge of the digital frontier. This book will discuss:
-The Challenge of The Digital Frontier
-The Agenda for Action
-The Measurement of Risk
-The Approach for Safety
Synopsis
Defending the Digital Frontier
Second Edition
"The book recognizes, and correctly characterizes, digital security according to one of the fundamental tenets of IT governance: security, like IT governance, is a management issue, not a technical one. This book takes a very practical approach to a critical issue, and provides executive management with sound, cost-effective techniques grounded in business realities. Management and the C-suite will do well to keep these techniques in mind when formulating IT strategies that are aligned with and support business goals."
—Marios Damianides
CISA, CISM, CPA, CA, International President, Information Systems Audit and Control Association and IT Governance Institute
"Ernst & Young has done a superb job in demonstrating why the integrity of Digital Information Systems is fundamental to success. The authors show that protecting computers from attack is only a small part of this task. This book focuses on handling systemic risk and complexity—the inevitable problems that arise when you integrate computerized information systems with human activity systems: namely the company itself, customers, suppliers, competitors, as well as the broader political and regulatory environment. I can recommend it as essential reading to all senior executives."
—Ian Angell
Professor of Information Systems, London School of Economics
"The CBI considers security of information to be a major issue for individuals and businesses in the growing digital world. This book makes clear, that the key to success in this new environment is in using technology effectively—technology cannot make a badly organised business good, but it can make a good business better. Ernst & Young has identified critical organisational and management processes that global companies need to implement to ensure that technology effectively secures information assets that are at the heart of today's economy."
—Digby Jones
Director General, CBI
Synopsis
Enhance the digital security knowledge-base within any organization
In today's competitive business environment, information and information technology have become crucial for a company's success. Ensuring the confidentiality of such information-financial, trade secrets, and the like-has become key. Defending the Digital Frontier, Second Edition describes where organizations are vulnerable and identifies protective measures that rely on people and process as much as technology. This book is a practical guide aimed at business leaders and executives, explaining why digital security is not a technical function, but a risk management operation, and illustrates an approach for creating an enterprise-wide security culture based on business-led risk-management principles.
Ernst & Young is a global leader in professional services, providing tax, assurance, and transaction advice to thousands of individuals as well as domestic and global businesses. Ernst & Young provides independent security solutions for some of the world's most information-intensive organizations, including numerous Fortune 500 companies, and the federal government.
Synopsis
Enhance the digital security knowledge-base within any organization
In today's competitive business environment, information and information technology have become crucial for a company's success. Ensuring the confidentiality of such information-financial, trade secrets, and the like-has become key. Defending the Digital Frontier, Second Edition describes where organizations are vulnerable and identifies protective measures that rely on people and process as much as technology. This book is a practical guide aimed at business leaders and executives, explaining why digital security is not a technical function, but a risk management operation, and illustrates an approach for creating an enterprise-wide security culture based on business-led risk-management principles.
Ernst &Young is a global leader in professional services, providing tax, assurance, and transaction advice to thousands of individuals as well as domestic and global businesses. Ernst &Young provides independent security solutions for some of the world's most information-intensive organizations, including numerous Fortune 500 companies, and the federal government.
About the Author
Jan Babiak is the Managing Partner of Ernst & Young's UK Information Security practice. She leads a multi-country team of professionals providing security advisory and assurance services to many of the world's most sophisticated organisations. Jan acts as information security and risk management advisor to boards and senior management of a number of FTSE 100 and global organisations. She is involved in a number of professional forums and is a frequent commentator for broadcast and press media.
John Butters is a Partner in Ernst & Young's UK Information Security practice. He has developed and edited IT technical reference materials and is a frequent speaker on the topics of security and business continuity. John leads a team that carries out attack and penetration testing (or ethical hacking) services from a state-of-the-art IT facility, which has attracted a high level of business and media interest.
Mark W. Doll is a Partner and the Americas Director of Ernst & Young's Security Services. As the Americas Director, Mark is responsible overall for security projects, including security assessments, architecture design, and security implementation as well as business continuity. Mark is a sought-after speaker on the topic of digital security, and has recently appeared before the House Energy and Commerce Subcommittee on Commerce, Trade, and Consumer Protection as an expert witness on the subject.
Table of Contents
List of Figures and Tables.
Foreword.
Preface.
Acknowledgments.
PART ONE: THE CHALLENGE OF THE FRONTIER.
Chapter 1: Living at the Digital Frontier.
Chapter 3: Organisational Components and Security Objectives.
PART TWO: THE AGENDA FOR ACTION.
Chapter 4: The Security Agenda.
Chapter 5: The Security Life Cycle.
PART THREE: THE APPROACH FOR SAFETY.
Chapter 6: The Security Culture.
Chapter 7: The Risk Frontier.
Chapter 8: Road Map for Success.
Appendix A: Security-Related Laws and Regulations.
Appendix B: Threat Vectors.
Appendix C: Ernst & Young 2004 Digital Security Overview: An Executive Guide and Diagnostic.
Endnotes.
Glossary of Digital Security Terminology.
Index.