Information Security Risk Analysis, Third Edition

Information Security Risk Analysis, Third Edition

Published:
Content:
Author(s):
Free Standard Shipping

Purchasing Options

Hardback
$83.95
ISBN 9781439839560
Cat# K11810
Add to cart
eBook (VitalSource)
$83.95 $58.77
ISBN 9781439839577
Cat# KE11818
Add to cart
SAVE 30%
eBook Rentals
Other eBook Options:
 
 

Features

  • Includes a review of risk analysis, risk assessment, and vulnerability assessments
  • Introduces System Development Life Cycle (SDLC) and Business Process Life Cycle (BPLC), and integrates risk analysis and assessment into these processes
  • Discusses the need to develop a standard set of controls, and details how to apply regulations such as GLBA, HIPPA, SOX, ISO 17799, and others
  • Explains how to use qualitative risk assessment concepts and FRAAP to conduct business impact analyses and determine information classification requirements
  • Contains samples of forms, controls, policies, letters, and spreadsheets needed to complete the risk analysis and assessment processes

Summary

Successful security professionals have had to modify the process of responding to new threats in the high-profile, ultra-connected business environment. But just because a threat exists does not mean that your organization is at risk. This is what risk assessment is all about. Information Security Risk Analysis, Third Edition demonstrates how to identify threats your company faces and then determine if those threats pose a real risk to your organization.

Providing access to more than 350 pages of helpful ancillary materials, this volume:

  • Presents and explains the key components of risk management
  • Demonstrates how the components of risk management are absolutely necessary and work in your organization and business situation
  • Shows how a cost-benefit analysis is part of risk management and how this analysis is performed as part of risk mitigation
  • Explains how to draw up an action plan to protect the assets of your organization when the risk assessment process concludes
  • Examines the difference between a Gap Analysis and a Security or Controls Assessment
  • Presents case studies and examples of all risk management components

Authored by renowned security expert and certification instructor, Thomas Peltier, this authoritative reference provides you with the knowledge and the skill-set needed to achieve a highly effective risk analysis assessment in a matter of days. Supplemented with online access to user-friendly checklists, forms, questionnaires, sample assessments, and other documents, this work is truly a one-stop, how-to resource for industry and academia professionals.

Table of Contents

INTRODUCTION
Frequently Asked Questions
Conclusion

RISK MANAGEMENT
Overview
Risk Management as Part of the Business Process
Employee Roles and Responsibilities
Information Security Life Cycle
Risk Analysis Process
Risk Assessment
Cost-Benefit Analysis
Risk Mitigation
Final Thoughts

RISK ASSESSMENT PROCESS
Introduction
Risk Assessment Process
Information Is an Asset
Risk Assessment Methodology
Final Thoughts

QUANTITATIVE VERSUS QUALITATIVE RISK ASSESSMENT
Introduction
Quantitative and Qualitative Pros and Cons
Qualitative Risk Assessment Basics
Qualitative Risk Assessment Using Tables
The 30-Minute Risk Assessment
Conclusion

OTHER FORMS OF QUALITATIVE RISK ASSESSMENT
Introduction
Hazard Impact Analysis
Questionnaires
Single Time Loss Algorithm
Conclusion

FACILITATED RISK ANALYSIS AND ASSESSMENT PROCESS (FRAAP)
Introduction
FRAAP Overview
Why The FRAAP Was Created
Introducing the FRAAP to Your Organization
Conclusion

VARIATIONS ON THE FRAAP
Overview
Infrastructure FRAAP
Conclusion

MAPPING CONTROLS
Controls Overview
Creating Your Controls List
Control List Examples

BUSINESS IMPACT ANALYSIS (BIA)
Overview
Creating a BIA Process

CONCLUSION
Appendix A: Sample Risk Assessment Management Summary Report
Appendix B: Terms and Definitions
Appendix C: Bibliography

Recommended For You

 
 
Textbooks
Other CRC Press Sites
Featured Authors
STAY CONNECTED
Facebook Page for CRC Press Twitter Page for CRC Press You Tube Channel for CRC Press LinkedIn Page for CRC Press Google Plus Page for CRC Press
Sign Up for Email Alerts
© 2014 Taylor & Francis Group, LLC. All Rights Reserved. Privacy Policy | Cookie Use | Shipping Policy | Contact Us