New Book: Making Business Sense of Technology Risk
I am pleased to announce that my new book is available on Amazon.You can find details on the Norman’s Books tab.
While I started my career as a financial auditor, I soon migrated to the IT world. I was an IT auditor, manager, and senior manager in public accounting and industry before crossing over to lead as a vice president a major portion of a large IT function (including information security and related activities).
As the head of internal audit for large public companies and later as chief risk officer, I worked with the executive management team and the board, providing assurance, advice, and insight on a number of areas, but technology was always a hot topic.
So while I was (at one time) a techie, my perspective for the last many years has been that of an executive and board advisor. In fact, at one company the chair of the IT committee asked me to attend its meetings to provide him and the rest of the members with my insights in addition to those of the CIO.
The question was always “what did we have to do, what decisions did we have to make, to enable the company to succeed?”
We should all be concerned about the failure of boards to understand technology-related risks and how they rate compared to other sources of business risk.
Much of the problem can easily be attributed to the failure of the technical management team to communicate those sources of risk in a way that makes sense to business management and the board.
Boards and top executives need actionable information that helps them understand how technology-related sources of risk might affect the objectives they are trying to achieve.
Simply providing leaders with a list of top risks or a heat map with prioritized information assets is not the actionable information leaders need.
This book provides my thoughts on how to bridge the divide between technical management and business leadership. After reviewing the major available frameworks (from NIST and ISO, with reference to FAIR as well), I share some key principles and advice on incorporating the consideration of technology-related sources of risk in decision-making and how to communicate in a way that provides the actionable information needed by leaders.
I hope you enjoy it!
Fantastic! A much needed book.