Home > Risk > New Book: Making Business Sense of Technology Risk

New Book: Making Business Sense of Technology Risk

February 12, 2019 Leave a comment Go to comments

I am pleased to announce that my new book is available on Amazon.You can find details on the Norman’s Books tab.

Making business sense of technology risk - cover

While I started my career as a financial auditor, I soon migrated to the IT world. I was an IT auditor, manager, and senior manager in public accounting and industry before crossing over to lead as a vice president a major portion of a large IT function (including information security and related activities).

As the head of internal audit for large public companies and later as chief risk officer,  I worked with the executive management team and the board, providing assurance, advice, and insight on a number of areas, but technology was always a hot topic.

So while I was (at one time) a techie, my perspective for the last many years has been that of an executive and board advisor. In fact, at one company the chair of the IT committee asked me to attend its meetings to provide him and the rest of the members with my insights in addition to those of the CIO.

The question was always “what did we have to do, what decisions did we have to make, to enable the company to succeed?”

We should all be concerned about the failure of boards to understand technology-related risks and how they rate compared to other sources of business risk.

Much of the problem can easily be attributed to the failure of the technical management team to communicate those sources of risk in a way that makes sense to business management and the board.

Boards and top executives need actionable information that helps them understand how technology-related sources of risk might affect the objectives they are trying to achieve.

Simply providing leaders with a list of top risks or a heat map with prioritized information assets is not the actionable information leaders need.

This book provides my thoughts on how to bridge the divide between technical management and business leadership. After reviewing the major available frameworks (from NIST and ISO, with reference to FAIR as well), I share some key principles and advice on incorporating the consideration of technology-related sources of risk in decision-making and how to communicate in a way that provides the actionable information needed by leaders.

I hope you enjoy it!

  1. Barry
    February 13, 2019 at 6:48 AM
    Reply

    Fantastic! A much needed book.

  1. February 13, 2019 at 11:38 PM
    New Book: Making Business Sense of Technology Risk - РИСК-АКАДЕМИЯ - АНО ДПО ИСАР
  2. August 20, 2020 at 7:27 AM
    How to Communicate Cyber Risk to Leadership · Riskonnect | PG-Intel

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: