Security Risk Assessment Handbook A Complete Guide for Performing Security Risk Assessments

ISBN-10: 0849329981
ISBN-13: 9780849329982
Edition: 2006
List price: $89.95
30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy

Description: The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments provides detailed insight into precisely how to conduct an information security risk assessment. Designed for security professionals and their customers  More...

what's this?
Rush Rewards U
Members Receive:
coins
coins
You have reached 400 XP and carrot coins. That is the daily max!
You could win $10,000

Get an entry for every item you buy, rent, or sell.

Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Add to cart
Study Briefs
Medical Terminology Online content $4.95 $1.99
Add to cart
Study Briefs
Medical Math Online content $4.95 $1.99
Add to cart
Study Briefs
Careers in Medical Assisting Online content $4.95 $1.99

Customers also bought

Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading

Book details

List price: $89.95
Copyright year: 2006
Publisher: CRC Press
Publication date: 12/12/2005
Binding: Hardcover
Pages: 504
Size: 6.25" wide x 9.25" long x 1.25" tall
Weight: 1.848
Language: English

The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments provides detailed insight into precisely how to conduct an information security risk assessment. Designed for security professionals and their customers who want a more in-depth understanding of the risk assessment process, this volume contains real-world advice that promotes professional development. It also enables security consumers to better negotiate the scope and rigor of a security assessment, effectively interface with a security assessment team, deliver insightful comments on a draft report, and have a greater understanding of final report recommendations. This book can save time and money by eliminating guesswork as to what assessment steps to perform, and how to perform them. In addition, the book offers charts, checklists, examples, and templates that speed up data gathering, analysis, and document development. By improving the efficiency of the assessment process, security consultants can deliver a higher-quality service with a larger profit margin. The text allows consumers to intelligently solicit and review proposals, positioning them to request affordable security risk assessments from quality vendors that meet the needs of their organizations.

Introduction
The Need for an Information Security Program
Elements of an Information Security Program
Security Control Standards and Regulations
Common Core Information Security Practices
Unanimous Core Security Practices
Majority Core Security Practices
Core Security Practice Conclusions
Security Risk Assessment
The Role of the Security Risk Assessment
Definition of a Security Risk Assessment
The Need for a Security Risk Assessment
Security Risk Assessment Secondary Benefits
Related Activities
Gap Assessment
Compliance Audit
Security Audit
Vulnerability Scanning
Penetration Testing
Ad Hoc Testing
Social Engineering
Wardialing
The Need for This Book
Who Is This Book For?
Notes
References
Information Security Risk Assessment Basics
Phase 1: Project Definition
Phase 2: Project Preparation
Phase 3: Data Gathering
Phase 4: Risk Analysis
Assets
Threat Agents and Threats
Vulnerabilities
Security Risk
Phase 5: Risk Mitigation
Safeguards
Residual Security Risk
Phase 6: Risk Reporting and Resolution
Risk Resolution
Note
References
Project Definition
Ensuring Project Success
Success Definition
Setting the Budget
Determining the Objective
Limiting the Scope
Identifying System Boundaries
Specifying the Rigor
Sample Scope Statements
Project Description
Project Variables
Statement of Work
Notes
References
Security Risk Assessment Preparation
Introduce the Team
Introductory Letter
Pre-Assessment Briefing
Obtain Proper Permission
Review Business Mission
What Is a Business Mission
Obtaining Business Mission Information
Identify Critical Systems
Determining Criticality
Identify Assets
Checklists and Judgment
Asset Sensitivity/Criticality Classification
Asset Valuation
Identifying Threats
Threat Components
Listing Possible Threats
Threat Statements
Validating Threat Statements
Determine Expected Controls
Notes
References
Data Gathering
Sampling
Sampling Objectives
Sampling Types
Use of Sampling in Security Testing
The RIIOT Method of Data Gathering
RIIOT Method Benefits
RIIOT Method Approaches
Using the RIIOT Method
Notes
References
Administrative Data Gathering
Threats and Safeguards
Human Resources
Organizational Structure
Information Control
Business Continuity
System Security
The RIIOT Method: Administrative Data Gathering
Review Administrative Documents
Interview Administrative Personnel
Inspect Administrative Security Controls
Observe Administrative Behavior
Test Administrative Security Controls
Notes
References
Technical Data Gathering
Technical Threats and Safeguards
Information Control
Business Continuity
System Security
Secure Architecture
Components
Configuration
Data Security
The RIIOT Method: Technical Data Gathering
Review Technical Documents
Interview Technical Personnel
Inspect Technical Security Controls
Observe Technical Personnel Behavior
Test Technical Security Controls
Notes
References
Physical Data Gathering
Physical Threats and Safeguards
Utilities and Interior Climate
Fire
Flood and Water Damage
Lightning
Earthquakes
Volcanoes
Landslides
Hurricanes
Tornadoes
Natural Hazards Summary
Human Threats to Physical Security
The RIIOT Method: Physical Data Gathering
Review Physical Documents
Interview Physical Personnel
Inspect Physical Security Controls
Observe Physical Personnel Behavior
Test Physical Security Safeguards
Notes
References
Security Risk Analysis
Determining Risk
Uncertainty and Reducing Uncertainty
Creating Risk Statements
Team Review of Security Risk Statements
Obtaining Consensus
Deriving Overall security Risk
Notes
References
Security Risk Mitigation
Selecting Safeguards
Safeguard Solution Sets
Safeguard Cost Calculations
Justifying Safeguard Selections
Establishing Risk Parameters
Notes
References
Security Risk Assessment Reporting
Cautions in Reporting
Pointers in Reporting
Report Structure
Executive-Level Report
Base Report
Appendices and Exhibits
Document Review Methodology: Create the Report Using a Top-Down Approach
Document Specification
Draft
Final
Assessment Brief
Action Plan
Notes
References
Security Risk Assessment Project Management
Project Planning
Project Definition
Project Planning Details
Project Resources
Project Tracking
Hours Tracking
Calendar Time Tracking
Project Progress Tracking
Taking Corrective Measures
Obtaining More Resources
Using Management Reserve
Project Status Reporting
Report Detail
Report Frequency
Status Report Content
Project Conclusion and Wrap-Up
Eliminating "Scope Creep"
Eliminating Project Run-On
Notes
Reference
Security Risk Assessment Approaches
Quantitative vs. Qualitative Analysis
Quantitative Analysis
Qualitative Analysis
Tools
Lists
Templates
Security Risk Assessment Methods
FAA Security Risk Management Process
OCTAVE
FRAP
CRAMM
NSA IAM
Notes
References
Relevant Standards and Regulations
GAISP
CobiT
ISO 17799
NIST Handbook
Management Controls
Operational Controls
Technical Controls
HIPAA: Security
Administrative Safeguards
Physical Safeguards
Technical Safeguards
Gramm-Leach-Bliley Act (GLB Act)
Notes
Index

×
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.

×