Measuring and Managing Information Risk
A FAIR Approach
Table of Contents
Copyright
Acquiring Editor: Brian Romer
Editorial Project Manager: Keira Bunn
Project Manager: Poulouse Joseph
Designer: Matthew Limbert
Butterworth-Heinemann is an imprint of Elsevier
The Boulevard, Langford Lane, Kidlington, Oxford, OX5 1GB, UK
225 Wyman Street, Waltham, MA 02451, USA
Copyright 2015 Elsevier Inc. All rights reserved
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means electronic, mechanical, photocopying, recording or otherwise without the prior written permission of the publisher
Permissions may be sought directly from Elseviers Science & Technology Rights Department in Oxford, UK: phone (+44) (0) 1865 843830; fax (+44) (0) 1865 853333; email: , and selecting Obtaining permission to use Elsevier material
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
Library of Congress Cataloging-in-Publication Data
Application submitted
British Library Cataloguing in Publication Data
A catalogue record for this book is available from the British Library
ISBN: 978-0-12-420231-3
For information on all Butterworth-Heinemann publications visit our web site at http://store.elsevier.com/
This book has been manufactured using Print on Demand technology. Each copy is produced to order and is limited to black ink. The online version of this book will show color figures where appropriate.
Acknowledgments by Jack Jones
Something like FAIR doesnt come about in a vacuum, and there are a lot of people who deserve my deepest gratitude for the role they played in its development. Sometimes their role was subtle and unintentional; perhaps an offhand comment that spurred deeper thinking or a twist in thinking that unlocked some conceptual obstacle I faced. In other cases the role was explicit and obvious; perhaps as a sounding board, support in the face of skeptics, or mentoring me through political mine fields that litter the information security and risk management landscape. Regardless, the following list (in alphabetical order except for the last two entries) inevitably is incomplete and I beg the forgiveness of anyone who feels I have left them out.
Dr. Henry Bekerwhose deep wisdom and strong support have been so crucial to the ongoing success of FAIR and CXOWARE. It is a true privilege to know someone like Henry, let alone have the opportunity to work with him.
The team at CXOWAREhow lucky can one person get, to be surrounded by such great energy, intelligence, and skill. These people seem able to work magic, both in building a business and taking my sometimes half-baked ideas and turning them into truly remarkable software.
Jack Freundwhose mental quickness may be unmatched in my experience. Jack has been a dear friend, great colleague, and outstanding partner in writing this book. In fact, without his gentle persistence this book likely would not exist.
Mike Keller and Susan Guelitwo amazing people, both of whom I had the privilege of working for during my tenure as CISO at Nationwide. It is entirely accurate to say that without their support my career would have been quite different and far less successful than it has been. I am deeply indebted to both of them.
Cindi Hartwho was my right hand (and very often my saving grace) in each of my CISO roles. I hold no other professional in higher regard, and her friendship has been a true blessing.
Kirk Herathwhose support and friendship has been so important over the years. You will not encounter a more courageous professional, or anyone more expert in the field of privacy.
Jim Hietala and Ian Dobsonwhose support for FAIR within the Open Group has been so critical over the years. These gentlemen define the word class, and it has been a privilege to work with them.
Douglas Hubbardperhaps unmatched as a risk guru, Douglas books and insights continue to stoke my internal flame for trying to get this right.
My team and colleagues at Huntington Bankas with Nationwide, there simply are too many amazing people to list. Here again, my success was largely due to them, and I am deeply grateful for their support and hard work.
Alex Huttongreat friend, tireless sounding board, and truly remarkable risk professional. It was his hard work in the early years that kept FAIR alive long beyond what would have happened if I had been trying to do it alone.
Ryan Joneswhose exceptional work developing and providing FAIR training was responsible for keeping CXOWARE afloat in the early days. His unique combination of creativity, critical thinking, work ethic and pragmatism make him a privilege to work with.
Marty Miracleanother great friend, deep thinker, and brilliant risk professional. Few people have provided more honest feedback, and fewer yet can match the quality of Martys analyses.
Brooke Paulgreat advocate and amazing businessman. Brookes business advice in the early days, though not always followed by me, was always spot-on.
My team and colleagues at Nationwide Insuranceany success I realized while at Nationwide was largely a function of the amazing team of professionals around me. There are simply too many to list here, but in my mind and heart they all stand out.
Eddie Schwartzeasily one of the sharpest minds I have ever encountered. Despite this, he seemed to believe there was something worthwhile in me and mentored me in many ways. I learned an awful lot from Eddie, and am truly grateful for his friendship, guidance, and the opportunities he gave me.
Steve Tabacekdear friend and phenomenal business partner. I cant imagine a harder working more ethical person, and FAIR would have certainly died on the vine without his tireless support and exceptional business acumen.
Chad Weinmananother great friend and outstanding colleague. Ive never worked with anyone so completely dedicated to the customer. This combined with Chads energy and positive attitude continue to be critical to CXOWAREs success.