Information Security Risk Analysis: 3rd Edition (Hardback) book cover

Information Security Risk Analysis

3rd Edition

By Thomas R. Peltier

Auerbach Publications

456 pages | 105 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781439839560
pub: 2010-03-16
SAVE ~$19.79
$98.95
$79.16
x
eBook (VitalSource) : 9780429094071
pub: 2010-03-16
from $47.48


FREE Standard Shipping!

Description

Successful security professionals have had to modify the process of responding to new threats in the high-profile, ultra-connected business environment. But just because a threat exists does not mean that your organization is at risk. This is what risk assessment is all about. Information Security Risk Analysis, Third Edition demonstrates how to identify threats your company faces and then determine if those threats pose a real risk to your organization.

Providing access to more than 350 pages of helpful ancillary materials, this volume:

  • Presents and explains the key components of risk management
  • Demonstrates how the components of risk management are absolutely necessary and work in your organization and business situation
  • Shows how a cost-benefit analysis is part of risk management and how this analysis is performed as part of risk mitigation
  • Explains how to draw up an action plan to protect the assets of your organization when the risk assessment process concludes
  • Examines the difference between a Gap Analysis and a Security or Controls Assessment
  • Presents case studies and examples of all risk management components

Authored by renowned security expert and certification instructor, Thomas Peltier, this authoritative reference provides you with the knowledge and the skill-set needed to achieve a highly effective risk analysis assessment in a matter of days. Supplemented with user-friendly checklists, forms, questionnaires, sample assessments, and other documents, this work is truly a one-stop, how-to resource for industry and academia professionals.

Table of Contents

INTRODUCTION

Frequently Asked Questions

Conclusion

RISK MANAGEMENT

Overview

Risk Management as Part of the Business Process

Employee Roles and Responsibilities

Information Security Life Cycle

Risk Analysis Process

Risk Assessment

Cost-Benefit Analysis

Risk Mitigation

Final Thoughts

RISK ASSESSMENT PROCESS

Introduction

Risk Assessment Process

Information Is an Asset

Risk Assessment Methodology

Final Thoughts

QUANTITATIVE VERSUS QUALITATIVE RISK ASSESSMENT

Introduction

Quantitative and Qualitative Pros and Cons

Qualitative Risk Assessment Basics

Qualitative Risk Assessment Using Tables

The 30-Minute Risk Assessment

Conclusion

OTHER FORMS OF QUALITATIVE RISK ASSESSMENT

Introduction

Hazard Impact Analysis

Questionnaires

Single Time Loss Algorithm

Conclusion

FACILITATED RISK ANALYSIS AND ASSESSMENT PROCESS (FRAAP)

Introduction

FRAAP Overview

Why The FRAAP Was Created

Introducing the FRAAP to Your Organization

Conclusion

VARIATIONS ON THE FRAAP

Overview

Infrastructure FRAAP

Conclusion

MAPPING CONTROLS

Controls Overview

Creating Your Controls List

Control List Examples

BUSINESS IMPACT ANALYSIS (BIA)

Overview

Creating a BIA Process

CONCLUSION

Appendix A: Sample Risk Assessment Management Summary Report

Appendix B: Terms and Definitions

Appendix C: Bibliography

Subject Categories

BISAC Subject Codes/Headings:
BUS041000
BUSINESS & ECONOMICS / Management
BUS073000
BUSINESS & ECONOMICS / Commerce
COM032000
COMPUTERS / Information Technology
COM053000
COMPUTERS / Security / General