Information and IT Risk Management in a Nutshell

“Information and IT Risk Management in a Nutshell”. The outstanding value of this book is the smart combination of methods and practical guidelines into one handy book. This reference manual is based on the substantial applied experience of the author. Like Andreas’ earlier publications, “The project is dead… long live the project! (2004)” and “Der Software-Testprozess für IT-Manager (2002)”, this one is also a pragmatic guide. Many books have been written about Information Security. Most of them are thick and scientific. Here comes the down-to-earth answer for implementers. For those dealing with risks in Information or IT Management this guide is useful in multiple ways: The reader gets a deep insight into applied Information and IT risk management and it helps to build and maintain a well functioning Information and IT risk management system.

The outstanding value of this book is the smart combination of methods and practical guidelines into one handy book. This reference manual is based on the substantial applied experience of the author. Like Andreas’ earlier publications, “The project is dead… long live the project! (2004)” and “Der Software- Testprozess für IT-Manager (2002)”, this one is also a pragmatic guide. Many books have been written about Information Security. Most of them are thick and scientific. Here comes the down-to-earth answer for implementers. For those dealing with risks in Information or IT Management this guide is useful in multiple ways: The reader gets a deep insight into applied Information and IT risk management and it helps to build and maintain a well functioning Information and IT risk management system. The guide consists of four main sections. In the first section “RISK MANAGEMENT ESSENTIALS” the foundation of risk management is explained. In the next section “THE SIMPLIFIED APPROACH” an easy implementation process for Information and IT risk management is described and illustrated. In the following section “TEMPLATES” various examples and templates are provided and ready to use for the implementation. The last section “INFORMATION AND IT RISK MANAGEMENT LEXICON” explains the terms used in Information and IT risk management. In addition there are arguments to bring forward to gain management support and for practicing continuous Information and IT risk management. There is a pragmatic ramework available including possible pitfalls when implementing Information and IT risk management. Finally, the famous “Golden Rules” describe best practices methods. “Drawing from his experience, Andreas von Grebmer has written a book which allows the practitioner to engage in Risk Management and to develop an approach to treating Risk Management […] making it universally applicable in the increasingly complex jungle of rules, regulations and standards”, Reto Zbinden, Fürsprecher, CEO www.infosec.ch. “... few valuable collections of information on IT risk management exist, that strike the right balance between the theoretical and methodological foundations. That [book] is to say the practitioner’s view of setting up and using appropriate and sufficiently efficient and effective IT risk management elements …”, Dr. Hannes P. Lubich, Senior Consultant, BT Global Services. On 179 pages well prepared with a lot of colored graphs the reader is introduced to a ready to use risk management approach.

Andreas von Grebmer. Born 1965 in Kiel Germany. Dedicated Quality and Project Manager from and by heart. Since 1997 specialist in software testing. Worked as deputy team leader of software testing group in the test center for the global IT end user platform of a Swiss bank. Built and speeded up processes. Responsible for process streamlining and designing after a huge merger. 2001 passed special Swiss education for IT project manager. Contributed to several projects especially e-business in global banks and insurance groups. Published a German guidebook about practical testing with a quality lexicon (currently being translated into English). 2002 switched to a leading global pharmaceutical company. Acting as project quality manager observing and implementing of company wide project standards and methodology. Set up roll-out processes for corporate end user platform. June 2003 until April 2007 Group Information Security Officer (CISSP in 2005) responsible for maintaining the policy framework and performing project and system risk assessment globally. From May 2007 to April 2011 member of the HR Business Excellence Team. Handling employee data of 100K employees in over 100 countries. January 2009 ISACA Certified CISM. June 2010 ISACA Certified CRISC. Since May 2011 Global Service / Vendor Quality & Compliance Officer.