Security Risk Assessment Handbook A Complete Guide for Performing Security Risk Assessments

Name: Security Risk Assessment Handbook A Complete Guide for Performing Security Risk Assessments
Price: 8.41 USD
Availability: InStock
ISBN: 9780849329982

ISBN-10: 0849329981

ISBN-13: 9780849329982

Edition: 2006

Authors: Douglas J. Landoll

List price: $89.95

30 day, 100% satisfaction guarantee!

Marketplace

3 new & used from $8.41

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

Description:

The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments provides detailed insight into precisely how to conduct an information security risk assessment. Designed for security professionals and their customers who want a more in-depth understanding of the risk assessment process, this volume contains real-world advice that promotes professional development. It also enables security consumers to better negotiate the scope and rigor of a security assessment, effectively interface with a security assessment team, deliver insightful comments on a draft report, and have a greater understanding of final report recommendations. This book can save time and…

Book details

List price: $89.95
Copyright year: 2006
Publisher: CRC Press LLC
Publication date: 12/12/2005
Binding: Hardcover
Pages: 504
Size: 6.25" wide x 9.25" long x 1.25" tall
Weight: 1.848
Language: English




Introduction



The Need for an Information Security Program



Elements of an Information Security Program



Security Control Standards and Regulations



Common Core Information Security Practices



Unanimous Core Security Practices



Majority Core Security Practices



Core Security Practice Conclusions



Security Risk Assessment



The Role of the Security Risk Assessment



Definition of a Security Risk Assessment



The Need for a Security Risk Assessment



Security Risk Assessment Secondary Benefits



Related Activities



Gap Assessment



Compliance Audit



Security Audit



Vulnerability Scanning



Penetration Testing



Ad Hoc Testing



Social Engineering



Wardialing



The Need for This Book



Who Is This Book For?


Notes


References



Information Security Risk Assessment Basics



Phase 1: Project Definition



Phase 2: Project Preparation



Phase 3: Data Gathering



Phase 4: Risk Analysis



Assets



Threat Agents and Threats



Vulnerabilities



Security Risk



Phase 5: Risk Mitigation



Safeguards



Residual Security Risk



Phase 6: Risk Reporting and Resolution



Risk Resolution


Note


References



Project Definition



Ensuring Project Success



Success Definition



Setting the Budget



Determining the Objective



Limiting the Scope



Identifying System Boundaries



Specifying the Rigor



Sample Scope Statements



Project Description



Project Variables



Statement of Work


Notes


References



Security Risk Assessment Preparation



Introduce the Team



Introductory Letter



Pre-Assessment Briefing



Obtain Proper Permission



Review Business Mission



What Is a Business Mission



Obtaining Business Mission Information



Identify Critical Systems



Determining Criticality



Identify Assets



Checklists and Judgment



Asset Sensitivity/Criticality Classification



Asset Valuation



Identifying Threats



Threat Components



Listing Possible Threats



Threat Statements



Validating Threat Statements



Determine Expected Controls


Notes


References



Data Gathering



Sampling



Sampling Objectives



Sampling Types



Use of Sampling in Security Testing



The RIIOT Method of Data Gathering



RIIOT Method Benefits



RIIOT Method Approaches



Using the RIIOT Method


Notes


References



Administrative Data Gathering



Threats and Safeguards



Human Resources



Organizational Structure



Information Control



Business Continuity



System Security



The RIIOT Method: Administrative Data Gathering



Review Administrative Documents



Interview Administrative Personnel



Inspect Administrative Security Controls



Observe Administrative Behavior



Test Administrative Security Controls


Notes


References



Technical Data Gathering



Technical Threats and Safeguards



Information Control



Business Continuity



System Security



Secure Architecture



Components



Configuration



Data Security



The RIIOT Method: Technical Data Gathering



Review Technical Documents



Interview Technical Personnel



Inspect Technical Security Controls



Observe Technical Personnel Behavior



Test Technical Security Controls


Notes


References



Physical Data Gathering



Physical Threats and Safeguards



Utilities and Interior Climate



Fire



Flood and Water Damage



Lightning



Earthquakes



Volcanoes



Landslides



Hurricanes



Tornadoes



Natural Hazards Summary



Human Threats to Physical Security



The RIIOT Method: Physical Data Gathering



Review Physical Documents



Interview Physical Personnel



Inspect Physical Security Controls



Observe Physical Personnel Behavior



Test Physical Security Safeguards


Notes


References



Security Risk Analysis



Determining Risk



Uncertainty and Reducing Uncertainty



Creating Risk Statements



Team Review of Security Risk Statements



Obtaining Consensus



Deriving Overall security Risk


Notes


References



Security Risk Mitigation



Selecting Safeguards



Safeguard Solution Sets



Safeguard Cost Calculations



Justifying Safeguard Selections



Establishing Risk Parameters


Notes


References



Security Risk Assessment Reporting



Cautions in Reporting



Pointers in Reporting



Report Structure



Executive-Level Report



Base Report



Appendices and Exhibits



Document Review Methodology: Create the Report Using a Top-Down Approach



Document Specification



Draft



Final



Assessment Brief



Action Plan


Notes


References



Security Risk Assessment Project Management



Project Planning



Project Definition



Project Planning Details



Project Resources



Project Tracking



Hours Tracking



Calendar Time Tracking



Project Progress Tracking



Taking Corrective Measures



Obtaining More Resources



Using Management Reserve



Project Status Reporting



Report Detail



Report Frequency



Status Report Content



Project Conclusion and Wrap-Up



Eliminating "Scope Creep"



Eliminating Project Run-On


Notes


Reference



Security Risk Assessment Approaches



Quantitative vs. Qualitative Analysis



Quantitative Analysis



Qualitative Analysis



Tools



Lists



Templates



Security Risk Assessment Methods



FAA Security Risk Management Process



OCTAVE



FRAP



CRAMM



NSA IAM


Notes


References



Relevant Standards and Regulations


GAISP


CobiT


ISO 17799


NIST Handbook


Management Controls


Operational Controls


Technical Controls


HIPAA: Security


Administrative Safeguards


Physical Safeguards


Technical Safeguards


Gramm-Leach-Bliley Act (GLB Act)


Notes


Index