Information Security Risk Analysis

Name: Information Security Risk Analysis
Availability: InStock
ISBN: 9781439839560

ISBN-10: 1439839565

ISBN-13: 9781439839560

Edition: 3rd 2010 (Revised)

Authors: Thomas R. Peltier

List price: $120.00

This item qualifies for FREE shipping.

30 day, 100% satisfaction guarantee!

Buy new: $131.37

Rent eBooks

180 day rental: $32.43 Expiration date: 10/16/2024

365 day rental: $38.32 Expiration date: 4/19/2025

Marketplace

4 new & used from $17.00

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

Description:

The risk management process supports executive decision-making, allowing managers and owners to perform their fiduciary responsibility of protecting the assets of their enterprises. This crucial process should not be a long, drawn-out affair. To be effective, it must be done quickly and efficiently.Information Security Risk Analysis, Second Edition enables CIOs, CSOs, and MIS managers to understand when, why, and how risk assessments and analyses can be conducted effectively. This book discusses the principle of risk management and its three key elements: risk analysis, risk assessment, and vulnerability assessment. It examines the differences between quantitative and qualitative risk…

Book details

List price: $120.00
Edition: 3rd
Copyright year: 2010
Publisher: Taylor & Francis Group
Publication date: 3/19/2010
Binding: Hardcover
Pages: 456
Size: 6.25" wide x 9.25" long x 1.00" tall
Weight: 1.628
Language: English

Peltier has numerous years of field experience in corporate information security, and is a member of the Advisory Council of the Computer Security Institute (CSI).



Acknowledgments


About the Author


Introduction



The Facilitated Risk Analysis and Assessment Process (FRAAP)



Introduction



FRAAP Overview



FRAAP History



Introducing the FRAAP



Key Concepts



The Pre-FRAAP Meeting



Pre-FRAAP Meeting Checklist



Pre-FRAAP Meeting Summary



The FRAAP Session



Overview



FRAAP Session Introduction



FRAAP Session Talking Points



FRAAP Threats Identification



Identifying Threats Using a Checklist



Identifying Existing Controls



Establishing Risk Levels



Residual Risk



Using a Threats Identification Checklist



FRAAP Session Summary



Post-FRAAP Process



Complete the Action Plan



Conclusion



Risk Analysis (Project Impact Analysis)



Overview



The Difference between Risk Analysis and Risk Assessment



Risk Analysis and Due Diligence



Risk Assessment and Fiduciary Duty



Performing a Risk Analysis



Risk Analysis Elements



Other Considerations



When to Conduct a Risk Analysis



Final Words



Sample Risk Analysis Questionnaire



Sample Risk Analysis Report Outline



Pre-Screening



Introduction



Background



Pre-Screening Example 1



Pre-Screening Example 2



Pre-Screening Example 3



Pre-Screening Example 4



Summary



Business Impact Analysis



Overview



BIA versus Risk Assessment



Creating a BIA Process



Creating the Financial Impact Table



Working the BIA Process



Additional Examples



Objectives of the BIA



Using Questionnaires for a BIA



Data Collection and Analysis



Prepare Management Presentation



Final Thoughts



Gap Analysis



Introduction



Background



GAP Analysis Process



Gap Analysis Example 1



Gap Analysis Example 2



How to Use the Self-Assessment Checklist



Summary



Facilitator Skills



FRAAP Team Members


Introduction


The Risk Assessment Team


Conclusion



Project Scope Statement


Overview


Summary



Laws, Standards, and Regulations



Frequently Asked Questions about Risk Management


Introduction


Is There a Difference between Risk Analysis and Risk Assessment?


Why Should a Risk Analysis Be Conducted?


When Should a Risk Assessment Be Conducted?


Who Should Conduct the Risk Assessment?


How Long Should a Risk Assessment Take?


What Can a Risk Analysis or Risk Assessment Analyze?


Who Should Review the Results of a Risk Analysis and Risk Assessment?


How Is the Success of the Risk Analysis Measured?


Summary



Risk Analysis versus Risk Assessment


Overview


The Difference between Risk Analysis and Risk Assessment


Risk Analysis and Due Diligence


Risk Assessment and Fiduciary Duty


Conducting a Risk Assessment


Risk Assessment Timetable


Risk Assessment and Risk Analysis Results


Risk Management Metrics


Summary



Sample Threat Checklist



Sample BIA Questionnaire



Sample Risk Assessment Management Summary Report


Risk Assessment Scope Summary


Assessment Methodology Used


Assessment Findings and Action Plan


Full Findings Documentation


Conclusion



Project Scope Statement


Introduction


Project Statement


Specifications


Well-Defined Standards and Metrics


Summary



Why Risk Assessments Fail


Scope Creep


Ineffective Project Team


Stating Concerns as How They Impact Security


Every Threat Is a Major Concern


Conclusion



Gap Analysis Examples


Overview


Gap Analysis Using ISO 17799


Answer the Following Questions


Gap Analysis Using Utility-Specific Standards


Gap Analysis Sample 3 Using Combination of Standards and Laws



Control Lists


Overview



Heat Charts


Index