This publication analyzes the risks of digital transformation and shows how context-aware and integrated risk management can advance the digitally resilient development projects needed to build a more sustainable and equitable future. The publication outlines ADB’s digital risk assessment tools, looks at the role of development partners, and considers issues including cybersecurity, third-party digital risk management, and the ethical risks of artificial intelligence. Explaining why many digital transformations fall short, it shows why digital risk management is an evolutionary process that involves anticipating risk, safeguarding operations, and bridging gaps to better integrate digital technology into development programs.
This is the eBook version of the print title. Note that the eBook does not provide access to the practice test software that accompanies the print book. Learn, prepare, and practice for CISSP exam success with this Cert Guide from Pearson IT Certification, a leader in IT certification learning. Master the latest CISSP exam topics Assess your knowledge with chapter-ending quizzes Review key concepts with exam preparation tasks Practice with realistic exam questions Get practical guidance for test taking strategies CISSP Cert Guide, Fourth Edition is a best-of-breed exam study guide. Leading IT certification experts Robin Abernathy and Darren Hayes share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics. The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan. The companion website contains the powerful Pearson Test Prep practice test software engine, complete with hundreds of exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this CISSP study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time. This study guide helps you master all the topics on the CISSP exam, including Security and Risk Management Asset Security Security Architecture and Engineering Communication and Network Security Identity and Access Management (IAM) Security Assessment and Testing Security Operations Software Development Security
Ideal for information security managers, auditors, consultants and organisations preparing for ISO 27001 certification, this book will help readers understand the requirements of an ISMS (information security management system) based on ISO 27001.
The Practical, Comprehensive Guide to Applying Cybersecurity Best Practices and Standards in Real Environments In Effective Cybersecurity, William Stallings introduces the technology, operational procedures, and management practices needed for successful cybersecurity. Stallings makes extensive use of standards and best practices documents that are often used to guide or mandate cybersecurity implementation. Going beyond these, he offers in-depth tutorials on the “how” of implementation, integrated into a unified framework and realistic plan of action. Each chapter contains a clear technical overview, as well as a detailed discussion of action items and appropriate policies. Stallings offers many pedagogical features designed to help readers master the material: clear learning objectives, keyword lists, review questions, and QR codes linking to relevant standards documents and web resources. Effective Cybersecurity aligns with the comprehensive Information Security Forum document “The Standard of Good Practice for Information Security,” extending ISF’s work with extensive insights from ISO, NIST, COBIT, other official standards and guidelines, and modern professional, academic, and industry literature. • Understand the cybersecurity discipline and the role of standards and best practices • Define security governance, assess risks, and manage strategy and tactics • Safeguard information and privacy, and ensure GDPR compliance • Harden systems across the system development life cycle (SDLC) • Protect servers, virtualized systems, and storage • Secure networks and electronic communications, from email to VoIP • Apply the most appropriate methods for user authentication • Mitigate security risks in supply chains and cloud environments This knowledge is indispensable to every cybersecurity professional. Stallings presents it systematically and coherently, making it practical and actionable.
Cyber risk is the highest perceived business risk according to risk managers and corporate insurance experts. Cybersecurity typically is viewed as the boogeyman: it strikes fear into the hearts of non-technical employees. Enterprise Cybersecurity in Digital Business: Building a Cyber Resilient Organization provides a clear guide for companies to understand cyber from a business perspective rather than a technical perspective, and to build resilience for their business. Written by a world-renowned expert in the field, the book is based on three years of research with the Fortune 1000 and cyber insurance industry carriers, reinsurers, and brokers. It acts as a roadmap to understand cybersecurity maturity, set goals to increase resiliency, create new roles to fill business gaps related to cybersecurity, and make cyber inclusive for everyone in the business. It is unique since it provides strategies and learnings that have shown to lower risk and demystify cyber for each person. With a clear structure covering the key areas of the Evolution of Cybersecurity, Cybersecurity Basics, Cybersecurity Tools, Cybersecurity Regulation, Cybersecurity Incident Response, Forensics and Audit, GDPR, Cybersecurity Insurance, Cybersecurity Risk Management, Cybersecurity Risk Management Strategy, and Vendor Risk Management Strategy, the book provides a guide for professionals as well as a key text for students studying this field. The book is essential reading for CEOs, Chief Information Security Officers, Data Protection Officers, Compliance Managers, and other cyber stakeholders, who are looking to get up to speed with the issues surrounding cybersecurity and how they can respond. It is also a strong textbook for postgraduate and executive education students in cybersecurity as it relates to business.
SYSTEMS ENGINEERING HANDBOOK A comprehensive reference on the discipline and practice of systems engineering Systems engineering practitioners provide a wide range of vital functions, conceiving, developing, and supporting complex engineered systems with many interacting elements. The International Council on Systems Engineering (INCOSE) Systems Engineering Handbook describes the state-of-the-good-practice of systems engineering. The result is a comprehensive guide to systems engineering activities across any number of possible projects. From automotive to defense to healthcare to infrastructure, systems engineering practitioners are at the heart of any project built on complex systems. INCOSE Systems Engineering Handbook readers will find: Elaboration on the key systems life cycle processes described in ISO/IEC/IEEE 15288:2023; Chapters covering key systems engineering concepts, system life cycle processes and methods, tailoring and application considerations, systems engineering in practice, and more; and Appendices, including an N2 diagram of the systems engineering processes and a detailed topical index. The INCOSE Systems Engineering Handbook is a vital reference for systems engineering practitioners and engineers in other disciplines looking to perform or understand the discipline of systems engineering.
This book guides readers through the broad field of generic and industry-specific management system standards, as well as through the arsenal of tools that are needed to effectively implement them. It covers a wide spectrum, from the classic standard ISO 9001 for quality management to standards for environmental safety, information security, energy efficiency, business continuity, laboratory management, etc. A dedicated chapter addresses international management standards for compliance, anti-bribery and social responsibility management. In turn, a major portion of the book focuses on relevant tools that students and practitioners need to be familiar with: 8D reports, acceptance sampling, failure tree analysis, FMEA, control charts, correlation analysis, designing experiments, estimating parameters and confidence intervals, event tree analysis, HAZOP, Ishikawa diagrams, Monte Carlo simulation, regression analysis, reliability theory, data sampling and surveys, testing hypotheses, and much more. An overview of the necessary mathematical concepts is also provided to help readers understand the technicalities of the tools discussed. A down-to-earth yet thorough approach is employed throughout the book to help practitioners and management students alike easily grasp the various topics.
We live in an era defined by data proliferation and digital transformation, and the effective management of information has become a concern for organizations across the globe. Creating and Sustaining an Information Governance Program is a comprehensive academic guide that delves into the intricate realm of Information Governance (IG), focusing on the key components and strategies essential for establishing and perpetuating a robust IG program. This book elucidates the intricacies of establishing and nurturing an information governance program, and it equips readers with the knowledge and tools to navigate the challenges and opportunities inherent in this endeavor. It delves into the cultural shifts, communication strategies, and training methods necessary for success. It emphasizes the vital importance of collaboration across organizational silos, the cultivation of administrative support, securing appropriate funding, and educating stakeholders on the purpose and benefits of an IG program. This book is ideal for individuals across academia, corporate sectors, government agencies, and for-profit and not-for-profit organizations. Its insights are universally applicable, spanning industries such as law firms, general corporate environments, government entities, educational institutions, and businesses of all sizes. Creating and Sustaining an Information Governance Program guides organizations of all stripes toward effective information governance, compliance, and risk mitigation in a data-centric world.
Data processing, Computers, Management, Data security, Data storage protection, Anti-burglar measures, Information systems, Documents, Records (documents), Classification systems, Computer technology, Computer networks, Technical documents, Maintenance, Information exchange
As an information security professional, it is essential to stay current on the latest advances in technology and the effluence of security threats. Candidates for the CISSP® certification need to demonstrate a thorough understanding of the eight domains of the CISSP Common Body of Knowledge (CBK®), along with the ability to apply this indepth knowledge to daily practices. Recognized as one of the best tools available for security professionals, specifically for the candidate who is striving to become a CISSP, the Official (ISC)²® Guide to the CISSP® CBK®, Fourth Edition is both up-to-date and relevant. Reflecting the significant changes in the CISSP CBK, this book provides a comprehensive guide to the eight domains. Numerous illustrated examples and practical exercises are included in this book to demonstrate concepts and real-life scenarios. Endorsed by (ISC)² and compiled and reviewed by CISSPs and industry luminaries around the world, this textbook provides unrivaled preparation for the certification exam and is a reference that will serve you well into your career. Earning your CISSP is a respected achievement that validates your knowledge, skills, and experience in building and managing the security posture of your organization and provides you with membership to an elite network of professionals worldwide.