But by carefully setting the theoretical stage by examining risk management (and what the term means) in various fields and industries, Shipley prepares us for an insightful -- and surprising -- look at what risk management does and doesn't (and, tellingly, shouldn't) mean in terms of IT and IT-related business.
Shipley, a CTO specializing in IT security, makes a thoughtful and complex case for re-thinking -- and by extension re-approaching -- IT risk management.
Set aside some time for this one -- it may not be the easiest read you'll run into this week, but it'll certainly be among the most provocative and, possibly, rewarding.
And for a less theoretical approach, take a look at this bMighty look at 10 Ways To Mitigate Your Security Risks.