| |
| |
Acknowledgments | |
| |
| |
About the Author | |
| |
| |
Introduction | |
| |
| |
| |
The Facilitated Risk Analysis and Assessment Process (FRAAP) | |
| |
| |
| |
Introduction | |
| |
| |
| |
FRAAP Overview | |
| |
| |
| |
FRAAP History | |
| |
| |
| |
Introducing the FRAAP | |
| |
| |
| |
Key Concepts | |
| |
| |
| |
The Pre-FRAAP Meeting | |
| |
| |
| |
Pre-FRAAP Meeting Checklist | |
| |
| |
| |
Pre-FRAAP Meeting Summary | |
| |
| |
| |
The FRAAP Session | |
| |
| |
| |
Overview | |
| |
| |
| |
FRAAP Session Introduction | |
| |
| |
| |
FRAAP Session Talking Points | |
| |
| |
| |
FRAAP Threats Identification | |
| |
| |
| |
Identifying Threats Using a Checklist | |
| |
| |
| |
Identifying Existing Controls | |
| |
| |
| |
Establishing Risk Levels | |
| |
| |
| |
Residual Risk | |
| |
| |
| |
Using a Threats Identification Checklist | |
| |
| |
| |
FRAAP Session Summary | |
| |
| |
| |
Post-FRAAP Process | |
| |
| |
| |
Complete the Action Plan | |
| |
| |
| |
Conclusion | |
| |
| |
| |
Risk Analysis (Project Impact Analysis) | |
| |
| |
| |
Overview | |
| |
| |
| |
The Difference between Risk Analysis and Risk Assessment | |
| |
| |
| |
Risk Analysis and Due Diligence | |
| |
| |
| |
Risk Assessment and Fiduciary Duty | |
| |
| |
| |
Performing a Risk Analysis | |
| |
| |
| |
Risk Analysis Elements | |
| |
| |
| |
Other Considerations | |
| |
| |
| |
When to Conduct a Risk Analysis | |
| |
| |
| |
Final Words | |
| |
| |
| |
Sample Risk Analysis Questionnaire | |
| |
| |
| |
Sample Risk Analysis Report Outline | |
| |
| |
| |
Pre-Screening | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
Pre-Screening Example 1 | |
| |
| |
| |
Pre-Screening Example 2 | |
| |
| |
| |
Pre-Screening Example 3 | |
| |
| |
| |
Pre-Screening Example 4 | |
| |
| |
| |
Summary | |
| |
| |
| |
Business Impact Analysis | |
| |
| |
| |
Overview | |
| |
| |
| |
BIA versus Risk Assessment | |
| |
| |
| |
Creating a BIA Process | |
| |
| |
| |
Creating the Financial Impact Table | |
| |
| |
| |
Working the BIA Process | |
| |
| |
| |
Additional Examples | |
| |
| |
| |
Objectives of the BIA | |
| |
| |
| |
Using Questionnaires for a BIA | |
| |
| |
| |
Data Collection and Analysis | |
| |
| |
| |
Prepare Management Presentation | |
| |
| |
| |
Final Thoughts | |
| |
| |
| |
Gap Analysis | |
| |
| |
| |
Introduction | |
| |
| |
| |
Background | |
| |
| |
| |
GAP Analysis Process | |
| |
| |
| |
Gap Analysis Example 1 | |
| |
| |
| |
Gap Analysis Example 2 | |
| |
| |
| |
How to Use the Self-Assessment Checklist | |
| |
| |
| |
Summary | |
| |
| |
| |
Facilitator Skills | |
| |
| |
| |
FRAAP Team Members | |
| |
| |
Introduction | |
| |
| |
The Risk Assessment Team | |
| |
| |
Conclusion | |
| |
| |
| |
Project Scope Statement | |
| |
| |
Overview | |
| |
| |
Summary | |
| |
| |
| |
Laws, Standards, and Regulations | |
| |
| |
| |
Frequently Asked Questions about Risk Management | |
| |
| |
Introduction | |
| |
| |
Is There a Difference between Risk Analysis and Risk Assessment? | |
| |
| |
Why Should a Risk Analysis Be Conducted? | |
| |
| |
When Should a Risk Assessment Be Conducted? | |
| |
| |
Who Should Conduct the Risk Assessment? | |
| |
| |
How Long Should a Risk Assessment Take? | |
| |
| |
What Can a Risk Analysis or Risk Assessment Analyze? | |
| |
| |
Who Should Review the Results of a Risk Analysis and Risk Assessment? | |
| |
| |
How Is the Success of the Risk Analysis Measured? | |
| |
| |
Summary | |
| |
| |
| |
Risk Analysis versus Risk Assessment | |
| |
| |
Overview | |
| |
| |
The Difference between Risk Analysis and Risk Assessment | |
| |
| |
Risk Analysis and Due Diligence | |
| |
| |
Risk Assessment and Fiduciary Duty | |
| |
| |
Conducting a Risk Assessment | |
| |
| |
Risk Assessment Timetable | |
| |
| |
Risk Assessment and Risk Analysis Results | |
| |
| |
Risk Management Metrics | |
| |
| |
Summary | |
| |
| |
| |
Sample Threat Checklist | |
| |
| |
| |
Sample BIA Questionnaire | |
| |
| |
| |
Sample Risk Assessment Management Summary Report | |
| |
| |
Risk Assessment Scope Summary | |
| |
| |
Assessment Methodology Used | |
| |
| |
Assessment Findings and Action Plan | |
| |
| |
Full Findings Documentation | |
| |
| |
Conclusion | |
| |
| |
| |
Project Scope Statement | |
| |
| |
Introduction | |
| |
| |
Project Statement | |
| |
| |
Specifications | |
| |
| |
Well-Defined Standards and Metrics | |
| |
| |
Summary | |
| |
| |
| |
Why Risk Assessments Fail | |
| |
| |
Scope Creep | |
| |
| |
Ineffective Project Team | |
| |
| |
Stating Concerns as How They Impact Security | |
| |
| |
Every Threat Is a Major Concern | |
| |
| |
Conclusion | |
| |
| |
| |
Gap Analysis Examples | |
| |
| |
Overview | |
| |
| |
Gap Analysis Using ISO 17799 | |
| |
| |
Answer the Following Questions | |
| |
| |
Gap Analysis Using Utility-Specific Standards | |
| |
| |
Gap Analysis Sample 3 Using Combination of Standards and Laws | |
| |
| |
| |
Control Lists | |
| |
| |
Overview | |
| |
| |
| |
Heat Charts | |
| |
| |
Index | |