Secure IT Up! Cyber-Insurance Due Diligence

In my first infosec book, "itsecuriteers", published in 2010, revealed how to create an Information Security team that enables business objectives. "Secure it up!", my second book, provides qualitative and quantitative insights that justify why the adoption of Information Security measures brings benefits to organisations and facilitates cyber-insurance due diligence processes.

In the world we live in, risk management and information risk management are complex fields under continuous development. If you need to justify why applying security to your organisation will provide value to your customers or you are involved in cyber-insurance due diligence engagements, "Secure it up!" helps you with a statistically sound quantitative study and a set of reputable literature references.

As I write at the beginning of the book, "now it is when information security can change the business". In a nutshell, here is why:

Three ingredients:
  • The presence of a committed layer of management setting risk objectives and appetite.
  • The development of a strong Information Security practice as part of a holistic Enterprise and Operational Risk Management function.
  • The alignment of Enterprise Risk Management with the business strategy.
Will provide three benefits in your business:
  • Increased stakeholder value.
  • New business opportunities.
  • Better governance.

Here you are two introductory comments both from academia and the business world:

"The recommendations in this book are simple but effective: managers will find them of practical relevance and easy to communicate.  They are based on sound empirical research which makes them go beyond consultancy speak." 

Jean-Noel Ezingeard,  Dean and Professor of Processes and Systems Management
at Kingston University, London.

"Secure it up combines a comprehensive analysis of existing literature and the results of surveys of subject matter experts to make the argument for combining Enterprise Risk Management (ERM) with information security practices."

Richard Stiennon,  Chief Research Analyst at IT-Harvest, Author of "Surviving Cyberwar","Cyber Defense: Countering Targeted Attacks", Blogger at, Michigan.

Happy reading!
Happy 2013!