Defending the Digital Frontier: Practical Security for Management, 2nd Edition - Hardcover

In today's competitive business environment, information and information systems have become crucial for a company's success. Protecting this information and these systems is vital, but many senior managers believe (mistakenly) that such protection is the responsibility of a technical function and are fearful of asking questions, or even knowing what questions to ask. Additionally, recent corporate failures have focused significant attention on corporate governance and the need for effective and visible identification and management of enterprise risks. Defending the Digital Frontier: Practical Security for Management explains why digital security is a board-level governance issue, and describes an approach for creating an enterprise-wide security culture based on business-led risk management principles.

Written by specialists from Ernst & Young's information security practice, Defending the Digital Frontier: Practical Security for Management is aimed at business executives and outlines a clear plan for ensuring that their digital security approach and programmes will protect their organisation's assets and people. It helps managers to separate hype from reality and gives them the confidence to ask the right questions of their line managers and specialist security personnel.

Many multinational organisations not only need to coordinate their digital security planning globally, but must also deal with sometimes contradictory legislation on issues such as privacy and data management. This Second Edition recognises and explores the global nature of well-planned information security programmes.

With detailed examples and real-world scenarios, the authors explain how to build a digital security programme that is:

• Aligned with the organisation's overall objectives
• Enterprise-wide, taking a holistic view of security needs for the extended organisation
• Continuous, maintaining constant, real-time monitoring and updating of policies, procedures, and processes
• Proactive, to effectively anticipate potential threats
• Validated, to confirm that appropriate risk management procedures are in place
• Formal, so that policies, standards, and guidelines are communicated to every member of the extended organisation

Threats to information systems can approach from any direction. But, by strengthening collective digital security knowledge from the top down and developing an ongoing and comprehensive security agenda, every organisation can reap the rewards these systems provide. Defending the Digital Frontier is an essential guide for the business leader.

Ernst & Young is a global leader in professional services. It helps organisations across all industriesfrom emerging growth companies to global powerhousesto deal with a broad range of business issues. Its 103,000 people in more than 140 countries worldwide can implement a broad array of solutions in audit, tax, corporate finance, transactions, information security, enterprise risk management, and other critical business-performance issues.

Defending the Digital Frontier, Second Edition

"The book recognizes, and correctly characterizes, digital security according to one of the fundamental tenets of IT governance: security, like IT governance, is a management issue, not a technical one. This book takes a very practical approach to a critical issue, and provides executive management with sound, cost-effective techniques grounded in business realities. Management and the C-suite will do well to keep these techniques in mind when formulating IT strategies that are aligned with and support business goals."
—Marios Damianides CISA, CISM, CPA, CA, International President, Information Systems Audit and Control Association and IT Governance Institute

"Ernst & Young has done a superb job in demonstrating why the integrity of Digital Information Systems is fundamental to success. The authors show that protecting computers from attack is only a small part of this task. This book focuses on handling systemic risk and complexity—the inevitable problems that arise when you integrate computerized information systems with human activity systems: namely the company itself, customers, suppliers, competitors, as well as the broader political and regulatory environment. I can recommend it as essential reading to all senior executives."
—Ian Angell Professor of Information Systems, London School of Economics

"The CBI considers security of information to be a major issue for individuals and businesses in the growing digital world. This book makes clear, that the key to success in this new environment is in using technology effectively—technology cannot make a badly organised business good, but it can make a good business better. Ernst & Young has identified critical organisational and management processes that global companies need to implement to ensure that technology effectively secures information assets that are at the heart of today's economy."
—Digby Jones Director General, CBI