Chapter 1: InfoSec and Risk Management
As this is the first page of this book, I'm meant to tell you why you might want to buy this book, instead of any of the others. Well, if the following describes you, then this book is going to help you in your career:
You are looking to begin (or have recently begun) working in an information security role. Perhaps you've been taking courses and studying for an industry-standard certification such as the CISSP or CISM, but you're looking for a way to convert the concepts (and seemingly endless number of acronyms) from theory into practice, and start making a difference in your day-to-day work at your organization.
In this book, we're going to help you turn the theory of your certifications into actionable and practical changes to make your organization more secure, and also help you progress your career as an information security professional.
Has that sold you? Is this book in your shopping cart now? Great – then let's get started.
This first chapter will go over the major topics that heavily influence decisions made by information security professionals: risk management and governance structures. That may not sound like a barnburner, full of thrills and excitement, but if you can manage to master the basics found in this first chapter, I can actually promise you that you will be a highly effective, well-oiled risk management machine in no time. Now if that doesn't make you want to read on, what would?
Let's get a bit more formal and list the main topics we're going to cover in this chapter:
- Basic InfoSec terminology
- Understanding why risk management is important
- Performing a basic risk assessment
- Considering legal regulations, investigations, and compliance structures
- Proven methodologies in creating a strategy
And so, let's begin!
