3rd Edition

Information Security Risk Analysis

By Thomas R. Peltier Copyright 2010
    456 Pages 105 B/W Illustrations
    by Auerbach Publications

    Successful security professionals have had to modify the process of responding to new threats in the high-profile, ultra-connected business environment. But just because a threat exists does not mean that your organization is at risk. This is what risk assessment is all about. Information Security Risk Analysis, Third Edition demonstrates how to identify threats your company faces and then determine if those threats pose a real risk to your organization.

    Providing access to more than 350 pages of helpful ancillary materials, this volume:

    • Presents and explains the key components of risk management
    • Demonstrates how the components of risk management are absolutely necessary and work in your organization and business situation
    • Shows how a cost-benefit analysis is part of risk management and how this analysis is performed as part of risk mitigation
    • Explains how to draw up an action plan to protect the assets of your organization when the risk assessment process concludes
    • Examines the difference between a Gap Analysis and a Security or Controls Assessment
    • Presents case studies and examples of all risk management components

    Authored by renowned security expert and certification instructor, Thomas Peltier, this authoritative reference provides you with the knowledge and the skill-set needed to achieve a highly effective risk analysis assessment in a matter of days. Supplemented with user-friendly checklists, forms, questionnaires, sample assessments, and other documents, this work is truly a one-stop, how-to resource for industry and academia professionals.

    INTRODUCTION
    Frequently Asked Questions
    Conclusion

    RISK MANAGEMENT
    Overview
    Risk Management as Part of the Business Process
    Employee Roles and Responsibilities
    Information Security Life Cycle
    Risk Analysis Process
    Risk Assessment
    Cost-Benefit Analysis
    Risk Mitigation
    Final Thoughts

    RISK ASSESSMENT PROCESS
    Introduction
    Risk Assessment Process
    Information Is an Asset
    Risk Assessment Methodology
    Final Thoughts

    QUANTITATIVE VERSUS QUALITATIVE RISK ASSESSMENT
    Introduction
    Quantitative and Qualitative Pros and Cons
    Qualitative Risk Assessment Basics
    Qualitative Risk Assessment Using Tables
    The 30-Minute Risk Assessment
    Conclusion

    OTHER FORMS OF QUALITATIVE RISK ASSESSMENT
    Introduction
    Hazard Impact Analysis
    Questionnaires
    Single Time Loss Algorithm
    Conclusion

    FACILITATED RISK ANALYSIS AND ASSESSMENT PROCESS (FRAAP)
    Introduction
    FRAAP Overview
    Why The FRAAP Was Created
    Introducing the FRAAP to Your Organization
    Conclusion

    VARIATIONS ON THE FRAAP
    Overview
    Infrastructure FRAAP
    Conclusion

    MAPPING CONTROLS
    Controls Overview
    Creating Your Controls List
    Control List Examples

    BUSINESS IMPACT ANALYSIS (BIA)
    Overview
    Creating a BIA Process

    CONCLUSION
    Appendix A: Sample Risk Assessment Management Summary Report
    Appendix B: Terms and Definitions
    Appendix C: Bibliography

    Biography

    Thomas R. Peltier