Michael Gioia

Corporate Defense and the Value Preservation Imperative is the first book to finally address the umbrella term corporate defense, and to explain how an integrated corporate defense program can help an organization address both value creation and preservation. The book explores the value preservation imperative, which represents an organization’s obligation to implement a comprehensive corporate defense program in order to deliver long-term sustainable value to its stakeholders. For the first time the reader is provided with a complete picture of how corporate defense operates all the way from the boardroom to the front-lines, and vice versa. It provides comprehensive guidance on how to implement a robust corporate defense program by addressing this challenge from strategic, tactical, and operational perspectives. This arrangement provides readers with a holistic view of corporate defense and incorporates the management of the eight critical corporate defense components. It includes how an organization needs to integrate its governance, risk, compliance, intelligence, security, resilience, controls and assurance activities within its corporate defense program.Radical Reporting, this small volume provides the tools and techniques needed to improve reports. It does so through addressing crucial concepts all too often overlooked in the familiar rush to perform tasks, complete projects, and meet deadlines.These concepts – the role of culture in communication; the link between logic and language; the importance of organizing thoughts before writing; and how to achieve clarity – may seem academic or theoretical. They’re not. Unless writers understand their own thoughts, actions, and objectives, they cannot hope to communicate them at all – let alone clearly.Cognitive Risk is a book about the least understood but most pervasive risk to mankind – human decision-making. Cognitive risks are subconscious and unconscious influence factors on human decision-making: heuristics and biases. To understand the scope of cognitive risk, we look at case studies, corporate and organizational failure, and the science that explains why we systemically make errors in judgment and repeat the same errors.In Security Risk Management - The Driving Force for Operational Resilience, we change the perspective on an organization’s operational resilience capabilities so that it shifts from being a reactive (tick box) approach to being proactive. The perspectives of every chapter in this book focus on risk profiles and how your business can reduce these profiles using effective mitigation measures.The book is divided into two sections:1. Security Risk Management (SRM).All the components of security risk management contribute to your organization’s operational resilience capabilities, to help reduce your risks.• Reduce the probability/ likelihood.2. Survive to Operate.If your SRM capabilities fail your organization, these are the components that are needed to allow you to quickly ‘bounce back.’• Reduce the severity/ impact.

The importance of businesses being ‘operationally resilient’ is becoming increasingly important, and a driving force behind whether an organization can ensure that its valuable business operations can ‘bounce back’ from or manage to evade impactful occurrences is its security risk management capabilities.In this book, we change the perspective on an organization’s operational resilience capabilities so that it shifts from being a reactive (tick box) approach to being proactive. The perspectives of every chapter in this book focus on risk profiles and how your business can reduce these profiles using effective mitigation measures.The book is divided into two sections:1. Security Risk Management (SRM).All the components of security risk management contribute to your organization’s operational resilience capabilities, to help reduce your risks.• Reduce the probability/ likelihood.2. Survive to Operate.If your SRM capabilities fail your organization, these are the components that are needed to allow you to quickly ‘bounce back.’• Reduce the severity/ impact.Rather than looking at this from an operational resilience compliance capabilities aspect, we have written these to be agnostic of any specific operational resilience framework (e.g., CERT RMM, ISO 22316, SP 800- 160 Vol. 2 Rev. 1, etc.), with the idea of looking at operational resilience through a risk management lens instead.This book is not intended to replace these numerous operational resilience standards/ frameworks but, rather, has been designed to complement them by getting you to appreciate their value in helping to identify and mitigate your operational resilience risks.Unlike the cybersecurity or information security domains, operational resilience looks at risks from a business-oriented view, so that anything that might disrupt your essential business operations are risk-assessed and appropriate countermeasures identified and applied. Consequently, this book is not limited to cyberattacks or the loss of sensitive data but, instead, looks at things from a holistic business-based perspective.

The importance of businesses being ‘operationally resilient’ is becoming increasingly important, and a driving force behind whether an organization can ensure that its valuable business operations can ‘bounce back’ from or manage to evade impactful occurrences is its security risk management capabilities.In this book, we change the perspective on an organization’s operational resilience capabilities so that it shifts from being a reactive (tick box) approach to being proactive. The perspectives of every chapter in this book focus on risk profiles and how your business can reduce these profiles using effective mitigation measures.The book is divided into two sections:1. Security Risk Management (SRM).All the components of security risk management contribute to your organization’s operational resilience capabilities, to help reduce your risks.• Reduce the probability/ likelihood.2. Survive to Operate.If your SRM capabilities fail your organization, these are the components that are needed to allow you to quickly ‘bounce back.’• Reduce the severity/ impact.Rather than looking at this from an operational resilience compliance capabilities aspect, we have written these to be agnostic of any specific operational resilience framework (e.g., CERT RMM, ISO 22316, SP 800- 160 Vol. 2 Rev. 1, etc.), with the idea of looking at operational resilience through a risk management lens instead.This book is not intended to replace these numerous operational resilience standards/ frameworks but, rather, has been designed to complement them by getting you to appreciate their value in helping to identify and mitigate your operational resilience risks.Unlike the cybersecurity or information security domains, operational resilience looks at risks from a business-oriented view, so that anything that might disrupt your essential business operations are risk-assessed and appropriate countermeasures identified and applied. Consequently, this book is not limited to cyberattacks or the loss of sensitive data but, instead, looks at things from a holistic business-based perspective.