Cyber Security and IT Risk Management in a Nutshell
von: Andreas von Grebmer | CIS Switzerland
A human, risk based, pragmatic and comprehensive approach to Information Security
In 2007 the first edition of this book was published with the intention to support non-experts by addressing this topic in a pragmatic way.
One tends to think that there were a lot of changes since then. The main thing that has really changed is that “Information Security” has become “Cybersecurity” and the topic has, at least for the moment, high attention in many organizations. Of course, I’m oversimplifying, but I’m doing this intentionally.
Somebody who really wants to get hold of your information will always get it. It is just a question of resources and willingness to invest these.
The cybersecurity hype is good but it has a major shortcoming. It is often about technology. The book addresses this among other shortcomings e.g. in the provided extract chapter 1.1 Information Security Stumbling Blocks.
Have fun reading and digesting the theories.