Wij werken op volle kracht, er is geen vertraging in productie en levering door het Coronavirus. Meer informatie via deze link.

€ 24,50

ePUB ebook

  € 14,50

PDF ebook

niet beschikbaar

Meer van deze auteur

  • Cover Risk-Aware Culture & Empowerment
    Risk-Aware Culture & Empowerment (ePUB)

Risk-Aware Culture & Empowerment

Ardie Kleijn and Annemiek Wauters • Boek • paperback

  • Samenvatting
    Are you in control, and do you know all the security risks in your organisation? Has your IT department been telling you they are in control by implementing baselines? Do you have the feeling you are squeezed between regulations and emerging threats while the auditors tell you ‘You are compliant’? Does your gut feeling tell you to do things differently?
    Let us inspire you to approach risk management in a refreshing way. This will lead you to get a grip on knowing the real risks, and lead you through the maze of security and continuity, addressing the relevant risks and reaching an optimum at any given moment in time, being able to rapidly adapt to new situations and connect doing business with security. The focus is on doing business in a controlled way. 
    Use our approach and concepts to think differently, to be more successful, and be in control. Our approach is based on more than twenty years of experience, and trial and error. It’s not just a method on paper, but a real proven approach that works.
    ‘This way of thinking opened the possibility to provide mobile devices fit for use and proved to our management that the risks were manageable.’ Edwin Delwel. Chief Commissioner and Head of Mobile Solutions Dutch Police Force
    ‘This practical approach adds a new dimension to how we look at information security, especially in involving management.’ Inge Philips-Bryan. Public Policy Leader, Partner Cyber Risk Services, Deloitte Netherlands
  • Productinformatie
    Binding : Paperback
    Distributievorm : Boek (print, druk)
    Formaat : 150mm x 230mm
    Aantal pagina's : 155
    Uitgeverij : Kleijn Information Security
    ISBN : 9789083037004
    Datum publicatie : 11-2019
  • Inhoudsopgave
    1 Preface
    2 Introduction
    3 The changing world of security
    Needs of the business
    Evolving security
    Rapid developments, rapid response
    The common approach
    Hidden baselines
    Why managers want baselines that don’t work
    4 A different view
    It is all about perspective
    If you do what you always did
    Creating ‘Bright Spots’
    A fundamentally different approach
    Peer intervision, hybrid model, and no plausible deniability
    Accountability, one step further
    Being in control
    Abandoning the old
    5 Tapping into reality
    Benefits of peer intervision
    The method
    Summary of the approach
    Plan, do, check, act
    6 Connecting two worlds
    Business and service delivery
    Focusing measures, Pcigo
    Speak business
    Enriched language
    Balancing demand and supply
    The interaction between the two worlds
    7 Involvement
    No plausible deniability
    Explicit handoff
    Compliance, control, and in control
    Crisis escalation
    8 The new CISO
    The changing role
    Role and position
    Governing principles
    9 In control
    Metrics, information, or knowledge
    Four types of measures
    Service packages and cohesion
    10 Risk-Aware Culture and Empowerment
    Tying together the concepts
    Taking responsibility
    11 How we got there
    Not overnight
    Early stages of development
    Our challenges in implementing RACE
    The key elements for success in developing RACE
    Some advice
    12 Glossary
    13 Literature
  • Reviews (0 uit 0 reviews)

€ 24,50

niet beschikbaar

1-2 werkdagen
Veilig betalen Logo
14 dagen bedenktermijn


In this book, we will lead you through a new way of thinking about security. Your first impression might be that we are crazy and unrealistic. Bear with us and our examples, and you will see that it works. A case study by Gartner done on the implementation within the Dutch police force concludes that it is the only working risk method so far. Paul Proctor, their former chief of security and risk management, said, ‘They nailed it!’

All the trends that are foreseen by Gartner and Forrester on security are already implemented and integrated into our approach. We did it for real. You might wonder what the ‘it’ is and if it is magic. We assure you it is not magic. It is like the Columbus egg puzzle; once you know how to do it, it is common sense. And, of course, you have to be persistent in achieving the goals and applying this way of thinking.

Over the years, we devised a way of thinking about
• ‘Being’ in control without measuring and still seeing progress,
• One’s perspective on reality as just one way of looking at the world,
• Management involvement and no plausible deniability,
• Objectivity and intersubjectivity: not needing a complete picture and still doing the right things,
• Where the truth lies: with the experts and never in documentation,
• What you need to be secure: leave behind all that you hold true on security as described in baseline-and-risk-management approaches,
and how to:
• Abandon red-tape approaches focused on compliance,
• Connect with business continuity,
• Have an integrated risk-management approach instead of just leaving it to IT,
• Have management in control and still have service delivery involved,
• Have management follow up on risks.

With this way of thinking, and with implementing integrated security, we abandoned all that is perceived as a common good and best practices. We challenge you to think about all that you hold true in security and whether this helps you solve the real problems of your organisation; or does it just help management and the auditors feel safe?

In this book, you will find our approach accompanied with examples from its implementation by a variety of organisations, the latest being the Dutch police force. So far, the Dutch police force implementation is the most complete one of all the concepts devised.

To emphasise, this book is based on actual experience and implementation and does not just offer a theoretical approach. ×