Anne Kohnke, Ken Sigler, Dan Shoemaker
March 8, 2017
by Auerbach Publications
Reference - 313 Pages - 40 B/W Illustrations
ISBN 9781498785143 - CAT# K30184
Series: Internal Audit and IT Audit
• The only book that applies a National level standardized initiative to practical process development applications within the field of cybersecurity
• The process and stages detailed in the book represent the first fully-validated and authoritative body of knowledge (BOK) in strategic, organization-wide, risk management. All books published prior to this are based on best practice rather than a National standard.
• Directly relates a well-defined of risk management practices to concrete applications of that knowledge within the overall cybersecurity process
• Allows an organization to develop a fully operational risk management process within its own time-frame and resources
The book provides the complete strategic understanding requisite to allow a person to create and use the RMF process recommendations for risk management. This will be the case both for applications of the RMF in corporate training situations, as well as for any individual who wants to obtain specialized knowledge in organizational risk management. It is an all-purpose roadmap of sorts aimed at the practical understanding and implementation of the risk management process as a standard entity. It will enable an "application" of the risk management process as well as the fundamental elements of control formulation within an applied context.
Introduction to Organizational Security Risk Management. Survey of Existing Risk Management Models. Step 1 – Categorize Information and Information Systems. Step 2 – Select Security Controls. Step 3 – Implement Security Controls. Step 4 – Assess Security Controls. Step 5 – Authorize Information Systems. Step 6 – Monitor Security State. Practical Application to the Implementation of the NIST Risk Management Framework.