Misconceptions of Risk


Book Description

We all face risks in a variety of ways, as individuals, businesses and societies. The discipline of risk assessment and risk management is growing rapidly and there is an enormous drive for the implementation of risk assessment methods and risk management in organizations. There are great expectations that these tools provide suitable frameworks for obtaining high levels of performance and balance different concerns such as safety and costs. The analysis and management of risk are not straightforward. There are many challenges. The risk discipline is young and there area a number of ideas, perspectives and conceptions of risk out there. For example many analysts and researchers consider it appropriate to base their risk management policies on the use of expected values, which basically means that potential losses are multiplied with their associated consequences. However, the rationale for such a policy is questionable. A number of such common conceptions of risk are examined in the book, related to the risk concept, risk assessments, uncertainty analyses, risk perception, the precautionary principle, risk management and decision making under uncertainty. The Author discusses these concepts, their strenghts and weaknesses, and concludes that they are often better judged as misconceptions of risk than conceptions of risk. Key Features: Discusses common conceptions of risk with supporting examples. Provides recommendations and guidance to risk analysis and risk management. Relevant for all types of applications, including engineering and business. Presents the Author’s overall conclusions on the issues addressed throughout the book. All those working with risk-related problems need to understand the fundamental ideas and concepts of risk. Professionals in the field of risk, as well as researchers and graduate sutdents will benefit from this book. Policy makers and business people will also find this book of interest.




Foundations of Risk Analysis


Book Description

Everyday we face decisions that carry an element of risk and uncertainty. The ability to analyse, communicate and control the level of risk entailed by these decisions remains one of the most pressing challenges to the analyst, scientist and manager. This book presents the foundational issues in risk analysis ? expressing risk, understanding what risk means, building risk models, addressing uncertainty, and applying probability models to real problems. The principal aim of the book is to give the reader the knowledge and basic thinking they require to approach risk and uncertainty to support decision making. Presents a statistical framework for dealing with risk and uncertainty. Includes detailed coverage of building and applying risk models and methods. Offers new perspectives on risk, risk assessment and the use of parametric probability models. Highlights a number of applications from business and industry. Adopts a conceptual approach based on elementary probability calculus and statistical theory. Foundations of Risk Analysis provides a framework for understanding, conducting and using risk analysis suitable for advanced undergraduates, graduates, analysts and researchers from statistics, engineering, finance, medicine and the physical sciences, as well as for managers facing decision making problems involving risk and uncertainty.




Managing Risk and Information Security


Book Description

Managing Risk and Information Security: Protect to Enable, an ApressOpen title, describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This compact book discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies—such as social media and the huge proliferation of Internet-enabled devices—while minimizing risk. With ApressOpen, content is freely available through multiple online distribution channels and electronic formats with the goal of disseminating professionally edited and technically reviewed content to the worldwide community. Here are some of the responses from reviewers of this exceptional work: “Managing Risk and Information Security is a perceptive, balanced, and often thought-provoking exploration of evolving information risk and security challenges within a business context. Harkins clearly connects the needed, but often-overlooked linkage and dialog between the business and technical worlds and offers actionable strategies. The book contains eye-opening security insights that are easily understood, even by the curious layman.” Fred Wettling, Bechtel Fellow, IS&T Ethics & Compliance Officer, Bechtel “As disruptive technology innovations and escalating cyber threats continue to create enormous information security challenges, Managing Risk and Information Security: Protect to Enable provides a much-needed perspective. This book compels information security professionals to think differently about concepts of risk management in order to be more effective. The specific and practical guidance offers a fast-track formula for developing information security strategies which are lock-step with business priorities.” Laura Robinson, Principal, Robinson Insight Chair, Security for Business Innovation Council (SBIC) Program Director, Executive Security Action Forum (ESAF) “The mandate of the information security function is being completely rewritten. Unfortunately most heads of security haven’t picked up on the change, impeding their companies’ agility and ability to innovate. This book makes the case for why security needs to change, and shows how to get started. It will be regarded as marking the turning point in information security for years to come.” Dr. Jeremy Bergsman, Practice Manager, CEB “The world we are responsible to protect is changing dramatically and at an accelerating pace. Technology is pervasive in virtually every aspect of our lives. Clouds, virtualization and mobile are redefining computing – and they are just the beginning of what is to come. Your security perimeter is defined by wherever your information and people happen to be. We are attacked by professional adversaries who are better funded than we will ever be. We in the information security profession must change as dramatically as the environment we protect. We need new skills and new strategies to do our jobs effectively. We literally need to change the way we think. Written by one of the best in the business, Managing Risk and Information Security challenges traditional security theory with clear examples of the need for change. It also provides expert advice on how to dramatically increase the success of your security strategy and methods – from dealing with the misperception of risk to how to become a Z-shaped CISO. Managing Risk and Information Security is the ultimate treatise on how to deliver effective security to the world we live in for the next 10 years. It is absolute must reading for anyone in our profession – and should be on the desk of every CISO in the world.” Dave Cullinane, CISSP CEO Security Starfish, LLC “In this overview, Malcolm Harkins delivers an insightful survey of the trends, threats, and tactics shaping information risk and security. From regulatory compliance to psychology to the changing threat context, this work provides a compelling introduction to an important topic and trains helpful attention on the effects of changing technology and management practices.” Dr. Mariano-Florentino Cuéllar Professor, Stanford Law School Co-Director, Stanford Center for International Security and Cooperation (CISAC), Stanford University “Malcolm Harkins gets it. In his new book Malcolm outlines the major forces changing the information security risk landscape from a big picture perspective, and then goes on to offer effective methods of managing that risk from a practitioner's viewpoint. The combination makes this book unique and a must read for anyone interested in IT risk." Dennis Devlin AVP, Information Security and Compliance, The George Washington University “Managing Risk and Information Security is the first-to-read, must-read book on information security for C-Suite executives. It is accessible, understandable and actionable. No sky-is-falling scare tactics, no techno-babble – just straight talk about a critically important subject. There is no better primer on the economics, ergonomics and psycho-behaviourals of security than this.” Thornton May, Futurist, Executive Director & Dean, IT Leadership Academy “Managing Risk and Information Security is a wake-up call for information security executives and a ray of light for business leaders. It equips organizations with the knowledge required to transform their security programs from a “culture of no” to one focused on agility, value and competitiveness. Unlike other publications, Malcolm provides clear and immediately applicable solutions to optimally balance the frequently opposing needs of risk reduction and business growth. This book should be required reading for anyone currently serving in, or seeking to achieve, the role of Chief Information Security Officer.” Jamil Farshchi, Senior Business Leader of Strategic Planning and Initiatives, VISA “For too many years, business and security – either real or imagined – were at odds. In Managing Risk and Information Security: Protect to Enable, you get what you expect – real life practical ways to break logjams, have security actually enable business, and marries security architecture and business architecture. Why this book? It's written by a practitioner, and not just any practitioner, one of the leading minds in Security today.” John Stewart, Chief Security Officer, Cisco “This book is an invaluable guide to help security professionals address risk in new ways in this alarmingly fast changing environment. Packed with examples which makes it a pleasure to read, the book captures practical ways a forward thinking CISO can turn information security into a competitive advantage for their business. This book provides a new framework for managing risk in an entertaining and thought provoking way. This will change the way security professionals work with their business leaders, and help get products to market faster. The 6 irrefutable laws of information security should be on a stone plaque on the desk of every security professional.” Steven Proctor, VP, Audit & Risk Management, Flextronics




50 Great Myths of Popular Psychology


Book Description

50 Great Myths of Popular Psychology uses popular myths as a vehicle for helping students and laypersons to distinguish science from pseudoscience. Uses common myths as a vehicle for exploring how to distinguish factual from fictional claims in popular psychology Explores topics that readers will relate to, but often misunderstand, such as 'opposites attract', 'people use only 10% of their brains', and 'handwriting reveals your personality' Provides a 'mythbusting kit' for evaluating folk psychology claims in everyday life Teaches essential critical thinking skills through detailed discussions of each myth Includes over 200 additional psychological myths for readers to explore Contains an Appendix of useful Web Sites for examining psychological myths Features a postscript of remarkable psychological findings that sound like myths but that are true Engaging and accessible writing style that appeals to students and lay readers alike




Myths of Leadership


Book Description

WINNER: CMI Management Book of the Year 2019 - Aspiring Leaders Category The best leaders are born, not made. The best leaders are always in control. The best leaders are those with the highest IQs. But are they really? The thinking surrounding what makes the greatest leaders is increasingly muddled by stereotypes, snake oil promises and pseudo-science. The best leaders rely on fact, not fads. Myths of Leadership blasts away the fluff and confronts false legends head on. Jo Owen uses the most credible research to analyze each myth, using international business case studies, leadership theory and insightful interviews, to uncover the truth. This is a compelling and practical examination of the most pervasive misconceptions about leadership that will help you elevate your own leadership abilities, better inspire your team and empower your organization by thinking differently. Entertaining but evidence-based, Myths of Leadership throws out the management jargon and skewers over-hyped leadership trends to bring you the best practical tips you need to become a better leader.




India at Risk


Book Description




How to Measure Anything in Cybersecurity Risk


Book Description

A ground shaking exposé on the failure of popular cyber risk management methods How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security. In his bestselling book How to Measure Anything, author Douglas W. Hubbard opened the business world's eyes to the critical need for better measurement. This book expands upon that premise and draws from The Failure of Risk Management to sound the alarm in the cybersecurity realm. Some of the field's premier risk management approaches actually create more risk than they mitigate, and questionable methods have been duplicated across industries and embedded in the products accepted as gospel. This book sheds light on these blatant risks, and provides alternate techniques that can help improve your current situation. You'll also learn which approaches are too risky to save, and are actually more damaging than a total lack of any security. Dangerous risk management methods abound; there is no industry more critically in need of solutions than cybersecurity. This book provides solutions where they exist, and advises when to change tracks entirely. Discover the shortcomings of cybersecurity's "best practices" Learn which risk management approaches actually create risk Improve your current practices with practical alterations Learn which methods are beyond saving, and worse than doing nothing Insightful and enlightening, this book will inspire a closer examination of your company's own risk management practices in the context of cybersecurity. The end goal is airtight data protection, so finding cracks in the vault is a positive thing—as long as you get there before the bad guys do. How to Measure Anything in Cybersecurity Risk is your guide to more robust protection through better quantitative processes, approaches, and techniques.




Statistical Misconceptions


Book Description

This engaging book helps readers identify and then discard 52 misconceptions about data and statistical summaries. The focus is on major concepts contained in typical undergraduate and graduate courses in statistics, research methods, or quantitative analysis. Interactive Internet exercises that further promote undoing the misconceptions are found on the book's website. The author’s accessible discussion of each misconception has five parts: The Misconception - a brief description of the misunderstanding Evidence that the Misconception Exists – examples and claimed prevalence Why the Misconception is Dangerous – consequence of having the misunderstanding Undoing the Misconception - how to think correctly about the concept Internet Assignment - an interactive activity to help readers gain a firm grasp of the statistical concept and overcome the misconception. The book's statistical misconceptions are grouped into 12 chapters that match the topics typically taught in introductory/intermediate courses. However, each of the 52 discussions is self-contained, thus allowing the misconceptions to be covered in any order without confusing the reader. Organized and presented in this manner, the book is an ideal supplement for any standard textbook. An ideal supplement for undergraduate and graduate courses in statistics, research methods, or quantitative analysis taught in psychology, education, business, nursing, medicine, and the social sciences. The book also appeals to independent researchers interested in undoing their statistical misconceptions.




The Power of Broke


Book Description

The star of ABC's "Shark Tank" demonstrates how starting a business on a shoestring can provide significant competitive advantages for entrepreneurs by forcing them to think creatively, use resources efficiently, and connect more authentically with customers. --Publisher's description.




The Failure of Risk Management


Book Description

An essential guide to the calibrated risk analysis approach The Failure of Risk Management takes a close look at misused and misapplied basic analysis methods and shows how some of the most popular "risk management" methods are no better than astrology! Using examples from the 2008 credit crisis, natural disasters, outsourcing to China, engineering disasters, and more, Hubbard reveals critical flaws in risk management methods–and shows how all of these problems can be fixed. The solutions involve combinations of scientifically proven and frequently used methods from nuclear power, exploratory oil, and other areas of business and government. Finally, Hubbard explains how new forms of collaboration across all industries and government can improve risk management in every field. Douglas W. Hubbard (Glen Ellyn, IL) is the inventor of Applied Information Economics (AIE) and the author of Wiley's How to Measure Anything: Finding the Value of Intangibles in Business (978-0-470-11012-6), the #1 bestseller in business math on Amazon. He has applied innovative risk assessment and risk management methods in government and corporations since 1994. "Doug Hubbard, a recognized expert among experts in the field of risk management, covers the entire spectrum of risk management in this invaluable guide. There are specific value-added take aways in each chapter that are sure to enrich all readers including IT, business management, students, and academics alike" —Peter Julian, former chief-information officer of the New York Metro Transit Authority. President of Alliance Group consulting "In his trademark style, Doug asks the tough questions on risk management. A must-read not only for analysts, but also for the executive who is making critical business decisions." —Jim Franklin, VP Enterprise Performance Management and General Manager, Crystal Ball Global Business Unit, Oracle Corporation.