As this is a curated collection of books from a personal library, please be mindful that some books may be out of print, have more current editions, or be available in digital formats. A large portion of the books presented are related to research and reference.
Risk Management
A practical, real-world guide for implementing enterprise risk management (ERM) programs into your organizationEnterprise risk management (ERM) is a complex yet critical issue that all companies must deal with in the twenty-first century. Failure to properly manage risk continues to plague corporations around the world. ERM empowers risk professionals to balance risks with rewards and balance people with processes.But to master the numerous aspects of enterprise risk management, you must integrate it into the culture and operations of the business. No one knows this better than risk management expert James Lam, and now, with Implementing Enterprise Risk Management: From Methods to Applications, he distills more than thirty years' worth of experience in the field to give risk professionals a clear understanding of how to implement an enterprise risk management program for every business.
- Offers valuable insights on solving real-world business problems using ERM
- Effectively addresses how to develop specific ERM tools
- Contains a significant number of case studies to help with practical implementation of an ERM program
A fully revised second edition focused on the best practices of enterprise risk managementSince the first edition of Enterprise Risk Management: From Incentives to Controls was published a decade ago, much has changed in the worlds of business and finance. That's why James Lam has returned with a new edition of this essential guide. Written to reflect today's dynamic market conditions, the Second Edition of Enterprise Risk Management: From Incentives to Controls clearly puts this discipline in perspective.Engaging and informative, it skillfully examines both the art as well as the science of effective enterprise risk management practices. Along the way, it addresses the key concepts, processes, and tools underlying risk management, and lays out clear strategies to manage what is often a highly complex issue.
Offers in-depth insights, practical advice, and real-world case studies that explore the various aspects of ERM
Based on risk management expert James Lam's thirty years of experience in this field
Discusses how a company should strive for balance between risk and return
Failure to properly manage risk continues to plague corporations around the world. Don't let it hurt your organization. Pick up the Second Edition of Enterprise Risk Management: From Incentives to Controls and learn how to meet the enterprise-wide risk management challenge head on, and succeed.
High-level guidance for implementing enterprise risk management in any organizationA Practical Guide to Risk Management shows organizations how to implement an effective ERM solution, starting with senior management and risk and compliance professionals working together to categorize and assess risks throughout the enterprise. Detailed guidance is provided on the key risk categories, including financial, operational, reputational, and strategic areas, along with practical tips on how to handle risks that overlap across categories.
- Provides high-level guidance on how to implement enterprise risk management across any organization
- Includes discussion of the latest trends and best practices
- Features the role of IT in ERM and the tools that are available in both assessment and on-going compliance
- Discusses the key challenges that need to be overcome for a successful ERM initiative
Walking readers through the creation of ERM architecture and setting up on-going monitoring and assessement processes, this is an essential book for every CFO, controller and IT manager.
Security problems have evolved in the corporate world because of technological changes, such as using the Internet as a means of communication. With this, the creation, transmission, and storage of information may represent security problem.Metrics and Methods for Security Risk Management is of interest, especially since the 9/11 terror attacks, because it addresses the ways to manage risk security in the corporate world. The book aims to provide information about the fundamentals of security risks and the corresponding components, an analytical approach to risk assessments and mitigation, and quantitative methods to assess the risk components. In addition, it also discusses the physical models, principles, and quantitative methods needed to assess the risk components. The by-products of the methodology used include security standards, audits, risk metrics, and program frameworks. Security professionals, as well as scientists and engineers who are working on technical issues related to security problems will find this book relevant and useful.
- Offers an integrated approach to assessing security risk
- Addresses homeland security as well as IT and physical security issues
- Describes vital safeguards for ensuring true business continuity
Step-by-step guidance on creating internal controls to manage riskInternal control is a process for assuring achievement of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations, and policies.This is a "toolkit" approach that addresses a practical need for a series of standards of internal controls that can be used to mitigate risk within any size organization. Inadequate internal controls can cause a myriad of problems that adversely affect its ability to provide reliable, timely, and useful financial and managerial data needed to support operating, budgeting, and policy decisions. Reliable data is necessary to make sound business decisions.
- Toolkit approach with detailed controls and risks outlined for key business processes
- Foundational for SOX 404 initiatives
- Key material to improve internal control efforts
- Guidance during M&A projects
Poor controls over data quality can cause financial data to be unreliable, incomplete, and inaccurate―this book helps you control that quality and manage risk.
Essential guidance on the revised COSO internal controls frameworkNeed the latest on the new, revised COSO internal controls framework? Executive's Guide to COSO Internal Controls provides a step-by-step plan for installing and implementing effective internal controls with an emphasis on building improved IT as well as other internal controls and integrating better risk management processes. The COSO internal controls framework forms the basis for establishing Sarbanes-Oxley compliance and internal controls specialist Robert Moeller looks at topics including the importance of effective systems on internal controls in today's enterprises, the new COSO framework for effective enterprise internal controls, and what has changed since the 1990s internal controls framework.
- Written by Robert Moeller, an authority in internal controls and IT governance
- Practical, no-nonsense coverage of all three dimensions of the new COSO framework
- Helps you change systems and processes when implementing the new COSO internal controls framework
- Includes information on how ISO internal control and risk management standards as well as COBIT can be used with COSO internal controls
- Other titles by Robert Moeller: IT Audit, Control, and Security, Executives Guide to IT Governance
Under the Sarbanes-Oxley Act, every corporation has to assert that their internal controls are adequate and public accounting firms certifying those internal controls are attesting to the adequacy of those same internal controls, based on the COSO internal controls framework. Executive's Guide to COSO Internal Controls thoroughly considers improved risk management processes as part of the new COSO framework; the importance of IT systems and processes; and risk management techniques.
Drawing on her many years as a consultant to numerous companies big and small, author Rose Hightower infuses Internal Controls Policies and Procedures with her wealth of experience and knowledge. Instead of reinventing the wheel, your company can use this useful how-to manual to quickly and effectively put a successful program of internal controls in place. Complete with flowcharts and checklists, this essential desktop reference is a best practices model for establishing and enhancing your organization's control framework. These manuals are favorites for organizations and companies that need a foundation and grounding to ensure an internal control posture of integrity, credibility, method, process and process: or a reminder of its importance. URLs were included when first published to encourage the dissemination and distribution of relevant chapters to those interested and in charge of the specific departments. Although times have changed, the principles professed are sound and solid for today’s accounting and business environment. Implementing these cornerstones will produce a principled manageable approach. These manuals can be used by accounting individuals, finance departments, sole proprietor businesses, large corporations, accounting / auditing students and any others interested in specific topics or general disciplines.The discipline for the oversight processes and procedures are important when introducing or implementing auditing practices whether in accounting or throughout the organization. These manuals should be used together to provide the basics when setting up a department or specific process discipline, for learning about the strengths, weaknesses and opportunities within the specific focus areas.
The modern dependence upon information technology and the corresponding information security regulations and requirements force companies to evaluate the security of their core business processes, mission critical data, and supporting IT environment. Combine this with a slowdown in IT spending resulting in justifications of every purchase, and security professionals are forced to scramble to find comprehensive and effective ways to assess their environment in order to discover and prioritize vulnerabilities, and to develop cost-effective solutions that show benefit to the business. A Practical Guide to Security Assessments is a process-focused approach that presents a structured methodology for conducting assessments. The key element of the methodology is an understanding of business goals and processes, and how security measures are aligned with business risks. The guide also emphasizes that resulting security recommendations should be cost-effective and commensurate with the security risk. The methodology described serves as a foundation for building and maintaining an information security program. In addition to the methodology, the book includes an Appendix that contains questionnaires that can be modified and used to conduct security assessments. This guide is for security professionals who can immediately apply the methodology on the job, and also benefits management who can use the methodology to better understand information security and identify areas for improvement.
Conducted properly, information security risk assessments provide managers with the feedback needed to manage risk through the understanding of threats to corporate assets, determination of current control vulnerabilities, and appropriate safeguards selection. Performed incorrectly, they can provide the false sense of security that allows potential threats to develop into disastrous losses of proprietary information, capital, and corporate value. Picking up where its bestselling predecessors left off, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Third Edition gives you detailed instruction on how to conduct a security risk assessment effectively and efficiently, supplying wide-ranging coverage that includes security risk analysis, mitigation, and risk assessment reporting.The third edition has expanded coverage of essential topics, such as threat analysis, data gathering, risk analysis, and risk assessment methods, and added coverage of new topics essential for current assessment projects (e.g., cloud security, supply chain management, and security risk assessment methods). This handbook walks you through the process of conducting an effective security assessment, and it provides the tools, methods, and up-to-date understanding you need to select the security measures best suited to your organization.Trusted to assess security for small companies, leading organizations, and government agencies, including the CIA, NSA, and NATO, Douglas J. Landoll unveils the little-known tips, tricks, and techniques used by savvy security professionals in the field. It includes features on how to
- Better negotiate the scope and rigor of security assessments
- Effectively interface with security assessment teams
- Gain an improved understanding of final report recommendations
- Deliver insightful comments on draft reports
This edition includes detailed guidance on gathering data and analyzes over 200 administrative, technical, and physical controls using the RIIOT data gathering method; introduces the RIIOT FRAME (risk assessment method), including hundreds of tables, over 70 new diagrams and figures, and over 80 exercises; and provides a detailed analysis of many of the popular security risk assessment methods in use today. The companion website (infosecurityrisk.com) provides downloads for checklists, spreadsheets, figures, and tools.
Security Controls Evaluation, Testing, and Assessment Handbook, Second Edition, provides a current and well-developed approach to evaluate and test IT security controls to prove they are functioning correctly. This handbook discusses the world of threats and potential breach actions surrounding all industries and systems. Sections cover how to take FISMA, NIST Guidance, and DOD actions, while also providing a detailed, hands-on guide to performing assessment events for information security professionals in US federal agencies. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements and evaluation efforts.
- Provides direction on how to use SP800-53A, SP800-115, DOD Knowledge Service, and the NIST Families assessment guides to implement thorough evaluation efforts
- Shows readers how to implement proper evaluation, testing, assessment procedures and methodologies, with step-by-step walkthroughs of all key concepts
- Presents assessment techniques for each type of control, provides evidence of assessment, and includes proper reporting techniques
In today's rapidly changing business landscape of ESG, compliance, cyber threats & supply assurance, procurement and sourcing professionals are under increasing pressure to manage supplier risks effectively. By implementing proactive risk management strategies, businesses can reduce supplier related risks and protect their operations. Through this book, you will learn the aspects of building the foundations of an effective framework & using it to protect the business.
The secret is out: If you want to attain protected data as a hacker, you do not attack a big company or organization that likely has good security. You go after a third party that more likely does not. Companies have created the equivalent of how to deter car thieves: Ensure that your car looks difficult enough to break into so that thieves move onto the automobile with its doors unlocked and keys in the ignition. When a burglar sees a car with a car alarm, they know that they can look and eventually find a target that isn't so well protected. Exploiting the weakest link is not new. A bank robber could go to the bank to steal money, but a softer target would likely be the courier service as they bring the money into and out of the bank.
- Learn what the risk is and how to assess the cyber risk
- Step-by-step guide on how to create a cyber-risk third-party risk management program without having to be a cyber or risk management expert
- Create a mature cyber-focused third-party risk management program that is predictive and less reactive
- Learn how to secure your data in a vendor's cloud and how to secure your software supply chain.
Whether your are a large corporation or a mom and pop shop, you probably cannot manage all your business by yourself. That is where vendors come in. Vendors may provide goods (fresh produce, hardware, fleets of cars) or services (consulting, photography, social media production), all of which can be critical to your business success.When companies began extensively outsourcing and globalizing their operations in the 1980’s and 1990’s, they did so without understanding the risks suppliers posed. Lack of supplier attention to quality management could compromise the brand. Lack of physical or cybersecurity at supplier sites could result in a breach of corporate data systems or product corruption. Over time, companies have begun implementing vendor management systems - ranging from basic, paper-based approaches to highly sophisticated software solutions and physical audits - to access and mitigate vendor risks to their operations.This book walks you through the entire process of managing your risk.
It’s a tough challenge operating at the speed of business while satisfactorily managing complexity and risk across the extended enterprise. But this is exactly what customers, shareholders, regulators, and lawmakers demand. Organizations everywhere operate within their risk appetite only when they identify and control risk. The use of third parties exposes them to many distinct types of strategic, operational, reputational, regulatory, and financial risk. Failure to recognize, mitigate, and manage these risks can cause significant harm, causing organizations to stray outside their risk appetite. The global pandemic revealed some serious cracks in risk practices in many organizations. By visibly supporting proactive third-party risk management, business leaders can confidently make risk-informed decisions. Leaders who demonstrate risk-centric values and encourage their staff to do the right thing justifiably earn their loyalty, motivating them to protect the organization, customers, and shareholders. This books complements Linda’s first book, Third-Party Risk Management: Driving Enterprise Value. It is a must-read for anyone interested in gaining a deeper understanding about third-party risk management and how to successfully treat and manage risk.
Identity theft and other confidential information theft have now topped the charts as the leading cybercrime. In particular, credit card data is preferred by cybercriminals. Is your payment processing secure and compliant? The new Fourth Edition of PCI Compliance has been revised to follow the new PCI DSS standard version 3.0, which is the official version beginning in January 2014. Also new to the Fourth Edition: additional case studies and clear guidelines and instructions for maintaining PCI compliance globally, including coverage of technologies such as NFC, P2PE, CNP/Mobile, and EMV. This is the first book to address the recent updates to PCI DSS. The real-world scenarios and hands-on guidance are also new approaches to this topic. All-new case studies and fraud studies have been added to the Fourth Edition.Each chapter has how-to guidance to walk you through implementing concepts, and real-world scenarios to help you relate to the information and better grasp how it impacts your data. This book provides the information that you need in order to understand the current PCI Data Security standards and how to effectively implement security on network infrastructure in order to be compliant with the credit card industry guidelines, and help you protect sensitive and personally-identifiable information.
- Completely updated to follow the most current PCI DSS standard, version 3.0
- Packed with help to develop and implement an effective strategy to keep infrastructure compliant and secure
- Includes coverage of new and emerging technologies such as NFC, P2PE, CNP/Mobile, and EMV
- Both authors have broad information security backgrounds, including extensive PCI DSS experience
Maintained for historical and reference purposes.
Identity theft has been steadily rising in recent years, and credit card data is one of the number one targets for identity theft. With a few pieces of key information. Organized crime has made malware development and computer networking attacks more professional and better defenses are necessary to protect against attack. The credit card industry established the PCI Data Security standards to provide a baseline expectancy for how vendors, or any entity that handles credit card transactions or data, should protect data to ensure it is not stolen or compromised. This book will provide the information that you need to understand the PCI Data Security standards and how to effectively implement security on the network infrastructure in order to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information. *PCI Data Security standards apply to every company globally that processes or transmits credit card transaction data*Information with helps to develop and implement an effective security strategy to keep their infrastructure compliant*The authors are well known and each has an extensive information security background, making them ideal for conveying the information the reader needs
Maintained for historical and reference purposes.
As a working cybersecurity professional, every attempt is made to separate professional and personal endeavors in a manner consistent with reducing conflicts of interest and maintaining ethics. Statements contained within this site are the explicit and implicit goals, objectives, endorsements, and educated opinion of the author of this site and not those of current or former employers.
