How to Complete a Risk Assessment in 5 Days or Less
Successful security professionals have had to modify the process of responding to new threats in the high-profile, ultra-connected business environment. But just because a threat exists does not mean that your organization is at risk. This is what risk assessment is all about. How to Complete a Risk Assessment in 5 Days or Less demonstrates how to identify threats your company faces and then determine if those threats pose a real risk to the organization.

To help you determine the best way to mitigate risk levels in any given situation, How to Complete a Risk Assessment in 5 Days or Less includes more than 350 pages of user-friendly checklists, forms, questionnaires, and sample assessments.

Presents Case Studies and Examples of all Risk Management Components

Based on the seminars of information security expert Tom Peltier, this volume provides the processes that you can easily employ in your organization to assess risk.

Answers such FAQs as:





  • Why should a risk analysis be conducted?



  • Who should review the results?



  • How is the success measured?

Always conscious of the bottom line, Peltier discusses the cost-benefit of risk mitigation and looks at specific ways to manage costs. He supports his conclusions with numerous case studies and diagrams that show you how to apply risk management skills in your organization—and it’s not limited to information security risk assessment. You can apply these techniques to any area of your business. This step-by-step guide to conducting risk assessments gives you the knowledgebase and the skill set you need to achieve a speedy and highly-effective risk analysis assessment in a matter of days.

1133036681
How to Complete a Risk Assessment in 5 Days or Less
Successful security professionals have had to modify the process of responding to new threats in the high-profile, ultra-connected business environment. But just because a threat exists does not mean that your organization is at risk. This is what risk assessment is all about. How to Complete a Risk Assessment in 5 Days or Less demonstrates how to identify threats your company faces and then determine if those threats pose a real risk to the organization.

To help you determine the best way to mitigate risk levels in any given situation, How to Complete a Risk Assessment in 5 Days or Less includes more than 350 pages of user-friendly checklists, forms, questionnaires, and sample assessments.

Presents Case Studies and Examples of all Risk Management Components

Based on the seminars of information security expert Tom Peltier, this volume provides the processes that you can easily employ in your organization to assess risk.

Answers such FAQs as:





  • Why should a risk analysis be conducted?



  • Who should review the results?



  • How is the success measured?

Always conscious of the bottom line, Peltier discusses the cost-benefit of risk mitigation and looks at specific ways to manage costs. He supports his conclusions with numerous case studies and diagrams that show you how to apply risk management skills in your organization—and it’s not limited to information security risk assessment. You can apply these techniques to any area of your business. This step-by-step guide to conducting risk assessments gives you the knowledgebase and the skill set you need to achieve a speedy and highly-effective risk analysis assessment in a matter of days.

77.99 In Stock
How to Complete a Risk Assessment in 5 Days or Less

How to Complete a Risk Assessment in 5 Days or Less

by Thomas R. Peltier
How to Complete a Risk Assessment in 5 Days or Less
Add to Wishlist
How to Complete a Risk Assessment in 5 Days or Less

How to Complete a Risk Assessment in 5 Days or Less

by Thomas R. Peltier

Overview

Successful security professionals have had to modify the process of responding to new threats in the high-profile, ultra-connected business environment. But just because a threat exists does not mean that your organization is at risk. This is what risk assessment is all about. How to Complete a Risk Assessment in 5 Days or Less demonstrates how to identify threats your company faces and then determine if those threats pose a real risk to the organization.

To help you determine the best way to mitigate risk levels in any given situation, How to Complete a Risk Assessment in 5 Days or Less includes more than 350 pages of user-friendly checklists, forms, questionnaires, and sample assessments.

Presents Case Studies and Examples of all Risk Management Components

Based on the seminars of information security expert Tom Peltier, this volume provides the processes that you can easily employ in your organization to assess risk.

Answers such FAQs as:





  • Why should a risk analysis be conducted?



  • Who should review the results?



  • How is the success measured?

Always conscious of the bottom line, Peltier discusses the cost-benefit of risk mitigation and looks at specific ways to manage costs. He supports his conclusions with numerous case studies and diagrams that show you how to apply risk management skills in your organization—and it’s not limited to information security risk assessment. You can apply these techniques to any area of your business. This step-by-step guide to conducting risk assessments gives you the knowledgebase and the skill set you need to achieve a speedy and highly-effective risk analysis assessment in a matter of days.

Product Details

ISBN-13: 9780367386412
Publisher: Taylor & Francis
Publication date: 09/05/2019
Pages: 444
Product dimensions: 6.12(w) x 9.19(h) x (d)

Table of Contents

Acknowledgments xi

About the Author xiii

Introduction xv

1 The Facilitated Risk Analysis and Assessment Process (FRAAP) 1

1.1 Introduction 1

1.2 FRAAP Overview 2

1.3 FRAAP History 3

1.4 Introducing the FRAAP 5

1.4.1 Key Concepts 6

1.5 The Pre-FRAAP Meeting 8

1.5.1 Pre-FRAAP Meeting Checklist 13

1.5.2 Pre-FRAAP Meeting Summary 18

1.6 The FRAAP Session 18

1.6.1 Overview 18

1.6.2 FRAAP Session Introduction 19

1.6.3 FRAAP Session Talking Points 20

1.6.4 FRAAP Threats Identification 22

1.6.5 Identifying Threats Using a Checklist 25

1.6.6 Identifying Existing Controls 26

1.6.7 Establishing Risk Levels 26

1.6.8 Residual Risk 30

1.7 Using a Threats Identification Checklist 38

1.7.1 FRAAP Session Summary 43

1.8 Post-FRAAP Process 47

1.8.1 Complete the Action Plan 50

1.9 Conclusion 54

2 Risk Analysis (Project Impact Analysis) 57

2.1 Overview 57

2.2 The Difference between Risk Analysis and Risk Assessment 57

2.3 Risk Analysis and Due Diligence 58

2.4 Risk Assessment and Fiduciary Duty 58

2.5 Performing a Risk Analysis 59

2.6 Risk Analysis Elements 61

2.7 Other Considerations 62

2.8 When to Conduct a Risk Analysis 64

2.9 Final Words 64

2.10 Sample Risk Analysis Questionnaire 65

2.11 Sample Risk Analysis Report Outline 65

3 Pre-Screening 67

3.1 Introduction 67

3.2 Background 71

3.2.1 Pre-Screening Example 1 71

3.2.2 Pre-Screening Example 2 73

3.2.3 Pre-Screening Example 3 75

3.2.4 Pre-Screening Example 4 78

3.3 Summary 78

4 Business Impact Analysis 81

4.1 Overview 81

4.2 BIA versus Risk Assessment 82

4.3 Creating a BIA Process 83

4.4 Creating the Financial impact Table 84

4.5 Working the BIA Process 86

4.6 Additional Examples 88

4.7 Objectives of the BIA 93

4.8 Using Questionnaires for a BIA 93

4.9 Data Collection and Analysis 95

4.10 Prepare Management Presentation 96

4.11 Final Thoughts 97

5 Gap Analysis 99

5.1 Introduction 99

5.2 Background 99

5.3 GAP Analysis Process 100

5.3.1 Gap Analysis Example 1 103

5.3.2 Gap Analysis Example 2 106

5.3.3 How to Use the Self-Assessment Checklist 107

5.4 Summary 108

Appendix A Facilitator Skills 111

Appendix B FRAAP Team Members 117

Introduction 117

The Risk Assessment Team 118

Conclusion 123

Appendix C Project Scope Statement 125

Overview 125

Summary 128

Appendix D Laws, Standards, and Regulations 129

Appendix E Frequently Asked Questions about Risk Management 131

Introduction 131

Is There a Difference between Risk Analysis and Risk Assessment? 131

Why Should a Risk Analysis Be Conducted? 132

When Should a Risk Assessment Be Conducted? 132

Who Should Conduct the Risk Assessment? 133

How Long Should a Risk Assessment Take? 134

What Can a Risk Analysis or Risk Assessment Analyze? 134

Who Should Review the Results of a Risk Analysis and Risk Assessment? 134

How Is the Success of the Risk Analysis Measured? 135

Summary 135

Appendix F Risk Analysis versus Risk Assessment 137

Overview 137

The Difference between Risk Analysis and Risk Assessment 137

Risk Analysis and Due Diligence 138

Risk Assessment and Fiduciary Duty 138

Conducting a Risk Assessment 139

Risk Assessment Timetable 140

Risk Assessment and Risk Analysis Results 140

Risk Management Metrics 140

Summary 141

Appendix G Sample Threat Checklist 143

Appendix H Sample BIA Questionnaire 153

Appendix I Sample Risk Assessment Management Summary Report 251

Risk Assessment Scope Summary 252

Assessment Methodology Used 252

Assessment Findings and Action Plan 253

Full Findings Documentation 254

Conclusion 254

Appendix J Project Scope Statement 259

Introduction 259

Project Statement 260

Specifications 260

Weil-Defined Standards and Metrics 262

Summary 263

Appendix K Why Risk Assessments Fail 265

Scope Creep 265

Ineffective Project Team 266

Stating Concerns as How They Impact Security 266

Every Threat Is a Major Concern 267

Conclusion 267

Appendix L Gap Analysis Examples 269

Overview 269

Gap Analysis Using ISO 17799 270

Answer the Following Questions 270

Gap Analysis Using Utility-Specific Standards 298

Gap Analysis Sample 3 Using Combination of Standards and Laws 344

Appendix M Control Lists 399

Overview 399

Appendix N Heat Charts 423

Index 431

From the B&N Reads Blog
Page 1 of

Related Subjects

Business
Management & Leadership
Management - Professional & Reference
Business
Management & Leadership
Management - Professional & Reference

Customer Reviews