The outstanding value of this book is the smart combination of methods and practical guidelines into one handy book. This reference manual is based on the substantial applied experience of the author. Like Andreas’ earlier publications, “The project is dead… long live the project! (2004)” and “Der Software-Testprozess für IT-Manager (2002)”, this one is also a pragmatic guide.

Many books have been written about Information Security. Most of them are thick and scientific. Here comes the down-to-earth answer for implementers. For those dealing with risks in Information or IT Management this guide is useful in multiple ways: The reader gets a deep insight into applied Information and IT risk management and it helps to build and maintain a well functioning Information and IT risk management system.

The guide consists of four main sections. In the first section “RISK MANAGEMENT ESSENTIALS” the foundation of risk management is explained.
In the next section “THE SIMPLIFIED APPROACH” an easy implementation process for Information and IT risk management is described and illustrated.
In the following section “TEMPLATES” various examples and templates are provided and ready to use for the implementation.
The last section “INFORMATION AND IT RISK MANAGEMENT LEXICON” explains the terms used in Information and IT risk management.

In addition there are arguments to bring forward to gain management support and for practicing continuous Information and IT risk management. There is a pragmatic framework available including possible pitfalls when implementing Information and IT risk management. Finally, the famous “Golden Rules” describe best practices methods.

“Drawing from his experience, Andreas von Grebmer has written a book which allows the practitioner to engage in Risk Management and to develop an approach to treating Risk Management […] making it universally applicable in the increasingly complex jungle of rules, regulations and standards”, Reto Zbinden, Fürsprecher, CEO www.infosec.ch.

“... few valuable collections of information on IT risk management exist, that strike the right balance between the theoretical and methodological foundations. That [book] is to say the practitioner’s view of setting up and using appropriate and sufficiently efficient and effective IT risk management elements …”, Dr. Hannes P. Lubich, Senior Consultant, BT Global Services.

On 179 pages well prepared with a lot of colored graphs the reader is introduced to a ready to use risk management approach.

EURO 24.90, CHF 43.90, ISBN-13: 978-3-8334-9658-5, www.guideline.ch, www.amazon.de
guideline.ch, 4103 Bottmingen - Switzerland

Author
Andreas von Grebmer. Born 1965 in Kiel Germany, is an expert Quality and Project Manager. Since 1997 a specialist in software testing and responsible for process streamlining and design after a major merger in the banking sector. In 2002 switched to a leading global pharmaceutical company, holding positions as Group Information Security Officer (CISSP in 2005) responsible for maintaining the policy framework and performing project and system risk assessment globally. Since mid 2007 member of the HR Business Excellence Team responsible for global data flow and organizational management.