[ISN] REVIEW: "Minimizing Enterprise Risk", Corinne Gregory

From: InfoSec News (isnat_private)
Date: Tue Jan 07 2003 - 01:27:04 PST

  • Next message: InfoSec News: "[ISN] Flaw Found in Ethernet Device Drivers"

    Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rsladeat_private>
    BKMIENRI.RVW   20020916
    "Minimizing Enterprise Risk", Corinne Gregory, 2003, 0-273-66158-2,
    %A   Corinne Gregory corinne.gregoryat_private
    %C   London, UK
    %D   2003
    %G   0-273-66158-2
    %I   Prentice Hall/Financial Times
    %O   UK#156.99/C$319.99 +1-201-236-7139 fax: +1-201-236-7131
    %O  http://www.amazon.com/exec/obidos/ASIN/0273661582/robsladesinterne
    %P   120 p.
    %T   "Minimizing Enterprise Risk: A practical guide to risk and
    Chapter one defines four types of risks--and immediately contradicts
    itself with tables of other types of risks.  The basic point seems to
    be that risks exist.  Chapter two looks at the new product development
    process and reputation management (after all, one type of risk is bad
    publicity).  There is a look at risk mitigation, but not risk
    acceptance or avoidance, a cost/benefit analysis that is not very
    detailed, and a contrived use of the "9/11" World Trade Center
    disaster (but no mention of the brokerage firm that survived) that
    undercuts the ultimate message about having a disaster plan. 
    Enterprise continuity, in chapter three, has, like other chapters,
    good ideas mixed in with a random collection of topics from business
    continuity planning, disaster recovery, incident response, contingency
    planning, and other areas.  Business impact analysis is proposed as a
    justification for planning, in chapter four, although it should be
    part of risk analysis itself.  Otherwise this material is pretty
    basic; get a committee, list the risks, think of what to do about
    them; the type of thing you would see in any decent article on risk
    management.  Chapter five states that Internet use is risky, and has a
    (short) list of some precautions.
    Anyone who thinks that they understand risk management or business
    continuity planning from reading this book is seriously misled, and
    possibly a liability to the company.
    copyright Robert M. Slade, 2002   BKMIENRI.RVW   20020916
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
    Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
        February 10, 2003   February 14, 2003   St. Louis, MO
        March 31, 2003      April 4, 2003       Indianapolis, IN
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 04:56:47 PST