Skip to content
Cart (0) Free shipping over $35*
Buybacks (0) Free shipping on buybacks
loading
Help Contact
Return rental ›

Information Security Risk Assessment Toolkit Practical Assessments Through Data Collection and Data Analysis

Best in textbook rentals since 2012!

ISBN-10: 1597497355

ISBN-13: 9781597497350

Edition: 2013

Authors: Mark Talabis, Jason Martin

List price: $49.95
Blue ribbon 30 day, 100% satisfaction guarantee!
Sell
Get cash fast!
Marketplace
3 new & used from $10.65
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!

Description:

In order to protect company's information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments.  Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored.  Information Security Risk Assessments gives a security practitioner the tools and skills to get a quick, reliable, and thorough…    
Customers also bought

Book details

List price: $49.95
Copyright year: 2013
Publisher: Elsevier Science & Technology Books
Publication date: 12/14/2012
Binding: Paperback
Pages: 278
Size: 7.50" wide x 9.25" long x 0.75" tall
Weight: 1.276
Language: English

Acknowledgments
About the Technical Editor
About the Authors
Introduction
Information Security Risk Assessments
Introduction
What is Risk?
Going Deeper with Risk
Components of Risk
Putting it All Together
Information Security Risk
What is an Information Security Risk Assessment?
Why Assess Information Security Risk?
Risk Assessments and the Security Program
Information Risk Assessments Activities in a Nutshell
Drivers, Laws, and Regulations
Federal Information Security Management Act of 2002 (FISMA)
Gramm-Leach-Bliley Act (GLBA)
Health Insurance Portability and Accountability Act (HIPAA)
State Governments
ISO 27001
Summary
What is Risk?
What is an Information Security Risk Assessment?
Drivers, Laws, and Regulations
References
Information Security Risk Assessment: A Practical Approach
Introduction
A Primer on Information Security Risk Assessment Frameworks
Do I Use an Existing Framework or Should I Use My Own?
Octave
Fair
NIST SP800-30
ISO 27005
A Comparison of the Major Activities for the Four Frameworks
A Comparison of the Major Activities for the Four Frameworks Based on Activities
Our Risk Assessment Approach
Summary
Information Security Risk Assessment: Data Collection
Introduction
The Sponsor
The Project Team
The Size and Breadth of the Risk Assessment
Scheduling and Deadlines
Assessor and Organization Experience
Workload
Data Collection Mechanisms
Collectors
Containers
Executive Interviews
Document Requests
IT Asset Inventories
Asset Scoping
Interviews
Asset Scoping Workshops
Business Impact Analysis and Other Assessments
Critical Success Factor Analysis
The Asset Profile Survey
Who Do You Ask for information?
How Do You Ask for the Information?
What Do You Ask for?
The Control Survey
Who Do You Ask for Information?
How Do You Ask for Information?
What Do You Ask for?
Organizational vs. System Specific
Scale vs. Yes or No
Inquiry vs. Testing
Survey Support Activities and Wrap-Up
Before and During the Survey
Review of Survey Responses
Post-Survey Verifications
Consolidation
Information Security Risk Assessment: Data Analysis
Introduction
Compiling Observations from Organizational Risk Documents
Preparation of Threat and Vulnerability Catalogs
Threat Catalog
Vulnerability Catalog
Threat Vulnerability Pairs
Overview of the System Risk Computation
Designing the Impact Analysis Scheme
Confidentiality
Integrity
Availability
Preparing the Impact Score
Practical Tips
Designing the Control Analysis Scheme
Practical Tips
Designing the Likelihood Analysis Scheme
Exposure
Frequency
Controls
Likelihood
Putting it Together and the Final Risk Score
Information Security Risk Assessment: Risk Assessment
Introduction
System Risk Analysis
Risk Classification
Risk Rankings
Individual System Risk Reviews
Threat and Vulnerability Review
Review Activities for Organizational Risk
Review of Security Threats and Trends
Review of Audit Findings
Review of Security Incidents
Review of Security Exceptions
Review of Security Metrics
Risk Prioritization and Risk Treatment
Information Security Risk Assessment: Risk Prioritization and Treatment
Introduction
Organizational Risk Prioritization and Treatment
Review of Security Threats and Trends
Review of Audit Findings
Review of Security Incidents
Review of Security Exceptions
Review of Security Metrics
System Specific Risk Prioritization and Treatment
Issues Register
Information Security Risk Assessment: Reporting
Introduction
Outline
Risk Analysis Executive Summary
Methodology
Organizational
System Specific
Results
Organizational Analysis
System Specific
Risk Register
Conclusion
Appendices
Information Security Risk Assessment: Maintenance and Wrap Up
Introduction
Process Summary
Data Collection
Data Analysis
Risk Analysis
Reporting
Key Deliverables
Post Mortem
Scoping
Executive Interviews
System Owners and Stewards
Document Requests
System Profile and Control Survey
Analysis
Reporting
General Process
Index
  • TextbookRush.com BBB Business Review
  • Trustpilot
Like TextbookRush on Facebook Follow TextbookRush on X Follow TextbookRush on Instagram Subscribe to TextbookRush on YouTube Follow TextbookRush on Pinterest Add TextbookRush on Snapchat Add TextbookRush on TikTok
© 2002-2024 TextbookRush
Subscribe