Buch, Englisch, 432 Seiten, Format (B × H): 178 mm x 254 mm
The Art and Science of Managing Organisation Security in the Hostile 21st Century
Buch, Englisch, 432 Seiten, Format (B × H): 178 mm x 254 mm
ISBN: 978-1-041-09544-6
Verlag: Taylor & Francis
Conventional risk management was not built for adversaries. The frameworks that organisations rely upon, ISO 31000, COSO ERM, and their derivatives, were designed for a world of probabilistic hazards, accidents, system failures, and random operational disruptions. Against a ransomware operator who studies your disaster recovery plan for weaknesses, a nation-state actor conducting multi-year reconnaissance through your supply chain, or an insider quietly exfiltrating intellectual property while compliance scores remain perfect, they fail. They fail because they were designed for a fundamentally different kind of risk, one governed by statistical distributions rather than human decision-making. An adversary is not a hurricane. Applying actuarial logic to intelligent, adaptive opponents does not produce security. It produces the appearance of security, and adversaries have learned to exploit the gap between the two.
This book makes the case for a different paradigm. Adversarial Risk Management places the adversary's decision-making at the centre of the analytical problem. If a threat actor cannot acquire the intent to harm your organisation, cannot develop or sustain the capability to do so, and cannot identify or create the opportunity to act, the risk does not materialise. ARM works by disrupting that chain, systematically and continuously, across every domain in which your organisation is exposed.
The framework rests on two interlocking constructs. The Intent, Capability, Opportunity model provides the analytical lens through which adversarial threats are deconstructed and understood. The Frame, Assess, Respond, Monitor cycle provides the operational discipline through which that analysis is translated into action, and renewed as adversaries evolve. ARM is applied across six security domains: cyber, physical, information, personnel, personal security, and supply chain, within a single coherent methodology that reflects how adversaries actually operate, without regard for organisational boundaries or disciplinary silos.
ARM does not ask organisations to discard existing governance structures. It integrates with ISO 27001, NIST CSF, COSO ERM, and ISO 31000, providing the adversarial layer those frameworks were never designed to deliver, and it gives security leaders the measurement tools to demonstrate genuine outcome rather than compliance activity.
This book is written for professionals who understand that the hostile twenty-first century demands more than compliance. It demands adversarial thinking.
Zielgruppe
Professional Practice & Development, Professional Reference, and Professional Training
Autoren/Hrsg.
Fachgebiete
- Mathematik | Informatik EDV | Informatik Computerkommunikation & -vernetzung Netzwerksicherheit
- Mathematik | Informatik EDV | Informatik Technische Informatik Computersicherheit
- Wirtschaftswissenschaften Finanzsektor & Finanzdienstleistungen Versicherungswirtschaft
- Interdisziplinäres Wissenschaften Wissenschaften: Forschung und Information Risikobewertung, Risikotheorie
- Sozialwissenschaften Politikwissenschaft Internationale Beziehungen Nachrichtendienste, Geheimdienste
Weitere Infos & Material
Part I: Foundations. The Case for an Adversarial Approach to Risk. Chapter 1: The Shifting Landscape: Redefining Risk in the Age of the Adversary. Chapter 2: The Adversarial Mindset: Deconstructing Intent, Capability, and Opportunity. Part II: Frameworks. The Architecture of Adversarial Risk Management. Chapter 3: The Adversarial Risk Management (ARM) Framework. Chapter 4: The Art of Foresight: Intelligence-Led Threat Identification and Analysis. Chapter 5: Beyond Probability: Modelling Adversarial Scenarios and Impact. Chapter 6: Measuring Adversarial Risk: Metrics, KRIs, and Demonstrating Value. Part III: Domains. Applying ARM Across the Security Landscape. Chapter 7: Designing Resilient Defence: The Science of Controls and the Art of Deterrence. Chapter 8: Cyber Security Domain: Managing Digital Adversarial Threats. Chapter 9: Physical Security Domain: Protecting Physical Assets and Spaces. Chapter 10: Information Security Domain: Protecting Organisational Knowledge. Chapter 11: Personnel and Insider Threat Domain: Managing Workforce Risk. Chapter 12: Personal Security Domain: Protecting Individuals from Targeted Threats. Chapter 13: Third-Party and Supply Chain Adversarial Risk. Part IV: Operations. Translating Analysis into Practice. Chapter 14: Legal, Regulatory, and Ethical Frameworks for ARM. Chapter 15: Strategic Governance and Operationalising ARM. Chapter 16: When the Adversary Wins: Adversarial Crisis Management and Response. Chapter 17: Building and Leading Security Teams. Chapter 18: Security Metrics and Performance Management. Chapter 19: Becoming Match Fit: Building and Scaling the ARM Programme. Part V: Leadership. Securing the Organisation from the Top. Chapter 20: The Perpetual Contest: Leadership, Strategy, and the Future of ARM.




