Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

REVIEW: "Minimizing Enterprise Risk", Corinne Gregory

From: InfoSec News <isn () c4i org>
Date: Tue, 7 Jan 2003 03:27:04 -0600 (CST)
Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade () sprint ca>

BKMIENRI.RVW   20020916

"Minimizing Enterprise Risk", Corinne Gregory, 2003, 0-273-66158-2,
UK#156.99/C$319.99
%A   Corinne Gregory corinne.gregory () hartgregorygroup com
%C   London, UK
%D   2003
%G   0-273-66158-2
%I   Prentice Hall/Financial Times
%O   UK#156.99/C$319.99 +1-201-236-7139 fax: +1-201-236-7131
%O  http://www.amazon.com/exec/obidos/ASIN/0273661582/robsladesinterne
%P   120 p.
%T   "Minimizing Enterprise Risk: A practical guide to risk and
      continuity"

Chapter one defines four types of risks--and immediately contradicts
itself with tables of other types of risks.  The basic point seems to
be that risks exist.  Chapter two looks at the new product development
process and reputation management (after all, one type of risk is bad
publicity).  There is a look at risk mitigation, but not risk
acceptance or avoidance, a cost/benefit analysis that is not very
detailed, and a contrived use of the "9/11" World Trade Center
disaster (but no mention of the brokerage firm that survived) that
undercuts the ultimate message about having a disaster plan. 
Enterprise continuity, in chapter three, has, like other chapters,
good ideas mixed in with a random collection of topics from business
continuity planning, disaster recovery, incident response, contingency
planning, and other areas.  Business impact analysis is proposed as a
justification for planning, in chapter four, although it should be
part of risk analysis itself.  Otherwise this material is pretty
basic; get a committee, list the risks, think of what to do about
them; the type of thing you would see in any decent article on risk
management.  Chapter five states that Internet use is risky, and has a
(short) list of some precautions.

Anyone who thinks that they understand risk management or business
continuity planning from reading this book is seriously misled, and
possibly a liability to the company.

copyright Robert M. Slade, 2002   BKMIENRI.RVW   20020916

-- 
======================
rslade () vcn bc ca  rslade () sprint ca  slade () victoria tc ca p1 () canada com
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
    February 10, 2003   February 14, 2003   St. Louis, MO
    March 31, 2003      April 4, 2003       Indianapolis, IN




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: