Information Technology Risk Management in Enterprise Environments A Review of Industry Practices and a Practical Guide to Risk Management Teams

ISBN-10: 0471762547

ISBN-13: 9780471762546

Edition: 2010

List price: $115.95
eBook available
30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy

Description:

Information Security Risk Management is the first book that takes a practical approach to how an organization needs to position itself to properly handle the ever-increasing and perennially mutating risks to their business-critical assets. By developing ready-to-go technological and human resources within the organization, companies will discover how to assess and avert these risks. The authors look at information technology people issues, procedures, tools, and preparedness and emphasize implementing a risk assessment team that can properly foresee, prevent, and/or rapidly remediate potential infractions.
eBooks Starting from $115.95
Buy eBooks
what's this?
Rush Rewards U
Members Receive:
coins
coins
You have reached 400 XP and carrot coins. That is the daily max!
Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Customers also bought
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading

Book details

List price: $115.95
Copyright year: 2010
Publisher: John Wiley & Sons, Incorporated
Publication date: 1/7/2010
Binding: Hardcover
Pages: 440
Size: 6.25" wide x 9.25" long x 1.00" tall
Weight: 1.760
Language: English

Daniel Minoli has been a network consultant to Teleport, DVI Communications, and Bellcore. recently played a key role in the foundation of two networking companies: Global Nautical Networks, a provider of mobile Internet and data services to marinas, and InfoPort Communications Group, an optical and Gigabit Ethernet metropolitan carrier. He has also taught at New York University, Stevens Institute of Technology, Carnegie-Mellon University, and Monmounth University. An author of best-selling books on telecommunications and data communications, he has written columns for ComputerWorld, NetworkWorld, and Network Computing. He is the author of Telecommunications Handbook, Second Edition, also published by Artech House.

Preface
About the authors
Industry Practices in Risk Management
Information Security Risk Management Imperatives and Opportunities
Risk Management Purpose and Scope
Purpose of Risk Management
Text Scope
References
Bibliography of Related Literature
Information Security Risk Management Defined
Key Risk Management Definitions
Survey of Industry Definitions
Adopted Definitions
A Mathematical Formulation of Risk
What is Risk? A Formal Definition
Risk in IT Environments
Risk Management Procedures
Typical Threats/Risk Events
What is an Enterprise Architecture?
References
The CISSPforum/ISO27k Implementers Forum Information Security Risk List for 2008
What is Enterprise Risk Management (ERM)?
Information security risk management standards
ISO/IEC 13335
ISO/IEC 17799 (ISO/IEC 27002:2005)
ISO/IEC 27000 Series
ISO/IEC 27000, Information Technology-Security Techniques-Information Security Management Systems-Fundamentals and Vocabulary
ISO/IEC 27001:2005, Information Technology-Security Techniques-Specification for an information Security Management, System-
ISO/IEC 27002:2005, Information Technology-Security Techniques-Code of Practice for Information Security Management
ISO/IEC 27003 Information Technology-Security Techniques-Information Security Management System Implementation Guidance
ISO/IEC 27004 Information Technology-Security Techniques-Information Security Management-Measurement
ISO/IEC 27005:2008 Information Technology-Security Techniques-Information Security Risk Management
ISO/ICE 31000
NIST STANDARDS
NIST SP 800-16
NIST SP 800-30
NIST SP 800-39
AS/NZS 4360
References
Organization for Economic Cooperation and Development (OECD) Guidelines for the Security of Information Systems and Networks: Toward a Culture of Security
A Survey of Available Information Security Risk Management Methods and Tools
Overview
Risk Management/Risk Analysis Methods
Austrian IT Security Handbook
CCTA Risk Assessment and Management Methodology (CRAMM)
Dutch A&K Analysis
EBIOS
ETSI Threat Vulnerability and Risk Analysis (TVRA) Method
FAIR (Factor Analysis of Information Risk)
FIRM (Fundamental Information Risk Management)
FMEA (Failure Modes and Effects Analysis)
FRAP (Facilitated Risk Assessment Process)
ISAMM (Information Security Assessment and Monitoring Method)
ISO/IEC Baselines
ISO 31000 Methodology
IT-Grundschutz (IT Baseline Protection Manual)
MAGERIT (Metodologia de Analisis y Gestion de Riesgos de los Sistemas de Informacion) (Methodology for Information Systems Risk Analysis and Management)
MEHARI (M�thode Harmonis�e d'Analyse de Risques-Harmonised Risk Analysis Method)
Microsoft's Security Risk Management Guide
MIGRA (Metodologia Integrata per la Gestione del Rischio Aziendale)
NIST
National Security Agency (NSA) IAM / IEM / IA-CMM
Open Source Approach
PTA (Practical Threat Analysis)
SOMAP (Security Officers Management and Analysis Project)
Summary
References
Methodologies examples: COBIT and octave
Overview
COBIT
COBIT Framework
The Need for a Control Framework for IT Governance
How COBIT Meets the Need
COBIT's Information Criteria
Business Goals and IT Goals
COBTT Framework
IT Resources
Plan and Organize (PO)
Acquire and Implement (AI)
Deliver and Support (DS)
Monitor and Evaluate (ME)
Processes Need Controls
COBIT Framework
Business and IT Controls
IT General Controls and Application Controls
Maturity Models
Performance Measurement
OCTAVE
The OCTAVE Approach
The OCTAVE Method
References
Developing Risk Management Teams
Risk Management Issues and Organization Specifics
Purpose and Scope
Risk Management Policies
A Snapshot of Risk Management in the Corporate World
Motivations for Risk Management
Justifying Risk Management Financially
The Human Factors
Priority-Oriented Rational Approach
Overview of Pragmatic Risk Management Process
Creation of a Risk Management Team, and Adoption of Methodologies
Iterative Procedure for Ongoing Risk Management
Roadmap to Pragmatic Risk Management
References
Example of a Security Policy
Assessing Organization and Establishing Risk Management Scope
Assessing the Current Enterprise Environment
Soliciting Support from Senior Management
Establishing Risk Management Scope and Boundaries
Defining Acceptable Risk for Enterprise
Risk Management Committee
Organization-Specific Risk Methodology
Quantitative Methods
Qualitative Methods
Other Approaches
Risk Waivers Programs
References
Summary of Applicable Legislation
Identifying Resources and Implementing the Risk Management Team
Operating Costs to Support Risk Management and Staffing Requirements
Organizational Models
Staffing Requirements
Specialized Skills Required
Sourcing Options
Risk Management Tools
Risk Management Services
Alerting and Analysis Services
Assessments, Audits, and Project Consulting
Developing and Implementing the Risk Management/ Assessment Team
Creating Security Standards
Defining Subject Matter Experts
Determining Information Sources
References
Sizing Example for Risk Management Team
Example of Vulnerability Alerts by Vendors and CERT
Examples of Data Losses-A One-Month Snapshot
Identifying Assets and Organization Risk Exposures
Importance of Asset Identification and Management
Enterprise Architecture
Identifying IT Assets
Assigning Value to IT Assets
Vulnerability Identification/Classification
Base Parameters
Temporal Parameters
Environmental Parameters
Threat Analysis: Type of Risk Exposures
Type of Risk Exposures
Internal Team Programs (to Uncover Risk Exposures)
Summary
References
Common Information Systems Assets
Remediation planning and compliance reporting
Determining Risk Value
Remediation Approaches
Prioritizing Remediations
Determining Mitigating Timeframes
Compliance Monitoring and Security Metrics
Compliance Reporting
References
Basic Glossary of Terms Used in This Text
Index
×
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.

×