x

Our Privacy Policy has changed. By using this site, you agree to the Privacy Policy.

Information Security Risk Assessment Practical Assessments Through Data Collection and Data Analysis

ISBN-10: 1597497355
ISBN-13: 9781597497350
Edition: 2012
List price: $49.95 Buy it from $25.93
eBook available
This item qualifies for FREE shipping

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy

Description: In order to protect company's information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in  More...

Used Starting from $25.93
eBooks Starting from $49.95
Buy
what's this?
Rush Rewards U
Members Receive:
coins
coins
You have reached 400 XP and carrot coins. That is the daily max!

Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Add to cart
Study Briefs
Periodic Table Online content $4.95 $1.99
Add to cart
Study Briefs
SQL Online content $4.95 $1.99
Add to cart
Study Briefs
MS Excel® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS Word® 2010 Online content $4.95 $1.99

Customers also bought

Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading

Book details

List price: $49.95
Copyright year: 2012
Publisher: Elsevier Science & Technology Books
Publication date: 10/26/2012
Binding: Paperback
Pages: 278
Size: 7.50" wide x 9.25" long x 0.75" tall
Weight: 1.606
Language: English

In order to protect company's information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments.  Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored.  Information Security Risk Assessments gives a security practitioner the tools and skills to get a quick, reliable, and thorough risk assessment for key stakeholders.Contains a Web site with spreadsheets you can utilize to create and maintain the risk assessmentBased on authors' experiences of real-world assessments, reports, and presentationsFocuses on implementing a process, rather than theory, that allows you to derive a quick and valuable assessment

Acknowledgments
About the Technical Editor
About the Authors
Introduction
Information Security Risk Assessments
Introduction
What is Risk?
Going Deeper with Risk
Components of Risk
Putting it All Together
Information Security Risk
What is an Information Security Risk Assessment?
Why Assess Information Security Risk?
Risk Assessments and the Security Program
Information Risk Assessments Activities in a Nutshell
Drivers, Laws, and Regulations
Federal Information Security Management Act of 2002 (FISMA)
Gramm-Leach-Bliley Act (GLBA)
Health Insurance Portability and Accountability Act (HIPAA)
State Governments
ISO 27001
Summary
What is Risk?
What is an Information Security Risk Assessment?
Drivers, Laws, and Regulations
References
Information Security Risk Assessment: A Practical Approach
Introduction
A Primer on Information Security Risk Assessment Frameworks
Do I Use an Existing Framework or Should I Use My Own?
Octave
Fair
NIST SP800-30
ISO 27005
A Comparison of the Major Activities for the Four Frameworks
A Comparison of the Major Activities for the Four Frameworks Based on Activities
Our Risk Assessment Approach
Summary
Information Security Risk Assessment: Data Collection
Introduction
The Sponsor
The Project Team
The Size and Breadth of the Risk Assessment
Scheduling and Deadlines
Assessor and Organization Experience
Workload
Data Collection Mechanisms
Collectors
Containers
Executive Interviews
Document Requests
IT Asset Inventories
Asset Scoping
Interviews
Asset Scoping Workshops
Business Impact Analysis and Other Assessments
Critical Success Factor Analysis
The Asset Profile Survey
Who Do You Ask for information?
How Do You Ask for the Information?
What Do You Ask for?
The Control Survey
Who Do You Ask for Information?
How Do You Ask for Information?
What Do You Ask for?
Organizational vs. System Specific
Scale vs. Yes or No
Inquiry vs. Testing
Survey Support Activities and Wrap-Up
Before and During the Survey
Review of Survey Responses
Post-Survey Verifications
Consolidation
Information Security Risk Assessment: Data Analysis
Introduction
Compiling Observations from Organizational Risk Documents
Preparation of Threat and Vulnerability Catalogs
Threat Catalog
Vulnerability Catalog
Threat Vulnerability Pairs
Overview of the System Risk Computation
Designing the Impact Analysis Scheme
Confidentiality
Integrity
Availability
Preparing the Impact Score
Practical Tips
Designing the Control Analysis Scheme
Practical Tips
Designing the Likelihood Analysis Scheme
Exposure
Frequency
Controls
Likelihood
Putting it Together and the Final Risk Score
Information Security Risk Assessment: Risk Assessment
Introduction
System Risk Analysis
Risk Classification
Risk Rankings
Individual System Risk Reviews
Threat and Vulnerability Review
Review Activities for Organizational Risk
Review of Security Threats and Trends
Review of Audit Findings
Review of Security Incidents
Review of Security Exceptions
Review of Security Metrics
Risk Prioritization and Risk Treatment
Information Security Risk Assessment: Risk Prioritization and Treatment
Introduction
Organizational Risk Prioritization and Treatment
Review of Security Threats and Trends
Review of Audit Findings
Review of Security Incidents
Review of Security Exceptions
Review of Security Metrics
System Specific Risk Prioritization and Treatment
Issues Register
Information Security Risk Assessment: Reporting
Introduction
Outline
Risk Analysis Executive Summary
Methodology
Organizational
System Specific
Results
Organizational Analysis
System Specific
Risk Register
Conclusion
Appendices
Information Security Risk Assessment: Maintenance and Wrap Up
Introduction
Process Summary
Data Collection
Data Analysis
Risk Analysis
Reporting
Key Deliverables
Post Mortem
Scoping
Executive Interviews
System Owners and Stewards
Document Requests
System Profile and Control Survey
Analysis
Reporting
General Process
Index

×
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.

×