[ISN] REVIEW: "Minimizing Enterprise Risk", Corinne Gregory

From: InfoSec News (isnat_private)
Date: Tue Jan 07 2003 - 01:27:04 PST

Next message: InfoSec News: "[ISN] Flaw Found in Ethernet Device Drivers"

Previous message: InfoSec News: "[ISN] Hacking Away, Long Before There Were Hackers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rsladeat_private>

BKMIENRI.RVW   20020916

"Minimizing Enterprise Risk", Corinne Gregory, 2003, 0-273-66158-2,
UK#156.99/C$319.99
%A   Corinne Gregory corinne.gregoryat_private
%C   London, UK
%D   2003
%G   0-273-66158-2
%I   Prentice Hall/Financial Times
%O   UK#156.99/C$319.99 +1-201-236-7139 fax: +1-201-236-7131
%O  http://www.amazon.com/exec/obidos/ASIN/0273661582/robsladesinterne
%P   120 p.
%T   "Minimizing Enterprise Risk: A practical guide to risk and
      continuity"

Chapter one defines four types of risks--and immediately contradicts
itself with tables of other types of risks.  The basic point seems to
be that risks exist.  Chapter two looks at the new product development
process and reputation management (after all, one type of risk is bad
publicity).  There is a look at risk mitigation, but not risk
acceptance or avoidance, a cost/benefit analysis that is not very
detailed, and a contrived use of the "9/11" World Trade Center
disaster (but no mention of the brokerage firm that survived) that
undercuts the ultimate message about having a disaster plan. 
Enterprise continuity, in chapter three, has, like other chapters,
good ideas mixed in with a random collection of topics from business
continuity planning, disaster recovery, incident response, contingency
planning, and other areas.  Business impact analysis is proposed as a
justification for planning, in chapter four, although it should be
part of risk analysis itself.  Otherwise this material is pretty
basic; get a committee, list the risks, think of what to do about
them; the type of thing you would see in any decent article on risk
management.  Chapter five states that Internet use is risky, and has a
(short) list of some precautions.

Anyone who thinks that they understand risk management or business
continuity planning from reading this book is seriously misled, and
possibly a liability to the company.

copyright Robert M. Slade, 2002   BKMIENRI.RVW   20020916

-- 
======================
rsladeat_private  rsladeat_private  sladeat_private p1at_private
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
    February 10, 2003   February 14, 2003   St. Louis, MO
    March 31, 2003      April 4, 2003       Indianapolis, IN




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Flaw Found in Ethernet Device Drivers"
Previous message: InfoSec News: "[ISN] Hacking Away, Long Before There Were Hackers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 04:56:47 PST