Information Security Risk Analysis / Edition 3 available in Hardcover
Information Security Risk Analysis / Edition 3
- ISBN-10:
- 1439839565
- ISBN-13:
- 9781439839560
- Pub. Date:
- 03/16/2010
- Publisher:
- Taylor & Francis
- ISBN-10:
- 1439839565
- ISBN-13:
- 9781439839560
- Pub. Date:
- 03/16/2010
- Publisher:
- Taylor & Francis
Information Security Risk Analysis / Edition 3
Buy New
$141.46Buy Used
$150.00-
SHIP THIS ITEM— Not Eligible for Free Shipping$150.00
-
SHIP THIS ITEM
Temporarily Out of Stock Online
Please check back later for updated availability.
-
Overview
Providing access to more than 350 pages of helpful ancillary materials, this volume:
- Presents and explains the key components of risk management
- Demonstrates how the components of risk management are absolutely necessary and work in your organization and business situation
- Shows how a cost-benefit analysis is part of risk management and how this analysis is performed as part of risk mitigation
- Explains how to draw up an action plan to protect the assets of your organization when the risk assessment process concludes
- Examines the difference between a Gap Analysis and a Security or Controls Assessment
- Presents case studies and examples of all risk management components
Authored by renowned security expert and certification instructor, Thomas Peltier, this authoritative reference provides you with the knowledge and the skill-set needed to achieve a highly effective risk analysis assessment in a matter of days. Supplemented with user-friendly checklists, forms, questionnaires, sample assessments, and other documents, this work is truly a one-stop, how-to resource for industry and academia professionals.
Product Details
ISBN-13: | 9781439839560 |
---|---|
Publisher: | Taylor & Francis |
Publication date: | 03/16/2010 |
Edition description: | New Edition |
Pages: | 456 |
Product dimensions: | 6.40(w) x 9.30(h) x 1.10(d) |
Table of Contents
Acknowledgments xi
About the Author xiii
Introduction xv
1 The Facilitated Risk Analysis and Assessment Process (FRAAP) 1
1.1 Introduction 1
1.2 FRAAP Overview 2
1.3 FRAAP History 3
1.4 Introducing the FRAAP 5
1.4.1 Key Concepts 6
1.5 The Pre-FRAAP Meeting 8
1.5.1 Pre-FRAAP Meeting Checklist 13
1.5.2 Pre-FRAAP Meeting Summary 18
1.6 The FRAAP Session 18
1.6.1 Overview 18
1.6.2 FRAAP Session Introduction 19
1.6.3 FRAAP Session Talking Points 20
1.6.4 FRAAP Threats Identification 22
1.6.5 Identifying Threats Using a Checklist 25
1.6.6 Identifying Existing Controls 26
1.6.7 Establishing Risk Levels 26
1.6.8 Residual Risk 30
1.7 Using a Threats Identification Checklist 38
1.7.1 FRAAP Session Summary 43
1.8 Post-FRAAP Process 47
1.8.1 Complete the Action Plan 50
1.9 Conclusion 54
2 Risk Analysis (Project Impact Analysis) 57
2.1 Overview 57
2.2 The Difference between Risk Analysis and Risk Assessment 57
2.3 Risk Analysis and Due Diligence 58
2.4 Risk Assessment and Fiduciary Duty 58
2.5 Performing a Risk Analysis 59
2.6 Risk Analysis Elements 61
2.7 Other Considerations 62
2.8 When to Conduct a Risk Analysis 64
2.9 Final Words 64
2.10 Sample Risk Analysis Questionnaire 65
2.11 Sample Risk Analysis Report Outline 65
3 Pre-Screening 67
3.1 Introduction 67
3.2 Background 71
3.2.1 Pre-Screening Example 1 71
3.2.2 Pre-Screening Example 2 73
3.2.3 Pre-Screening Example 3 75
3.2.4 Pre-Screening Example 4 78
3.3 Summary 78
4 Business Impact Analysis 81
4.1 Overview 81
4.2 BIA versus Risk Assessment 82
4.3 Creating a BIA Process 83
4.4 Creating the Financial Impact Table 84
4.5 Working the BIA Process 86
4.6 Additional Examples 88
4.7 Objectives of the BIA 93
4.8 Using Questionnaires for a BIA 93
4.9 Data Collection and Analysis 95
4.10 Prepare Management Presentation 96
4.11 Final Thoughts 97
5 Gap Analysis 99
5.1 Introduction 99
5.2 Background 99
5.3 GAP Analysis Process 100
5.3.1 Gap Analysis Example 1 103
5.3.2 Gap Analysis Example 2 106
5.3.3 How to Use the Self-Assessment Checklist 107
5.4 Summary 108
Appendix A Facilitator Skills 111
Appendix B FRAAP Team Members 117
Introduction 117
The Risk Assessment Team 118
Conclusion 123
Appendix C Project Scope Statement 125
Overview 125
Summary 128
Appendix D Laws, Standards, and Regulations 129
Appendix E Frequently Asked Questions about Risk Management 131
Introduction 131
Is There a Difference between Risk Analysis and Risk Assessment? 131
Why Should a Risk Analysis Be Conducted? 132
When Should a Risk Assessment Be Conducted? 132
Who Should Conduct the Risk Assessment? 133
How Long Should a Risk Assessment Take? 134
What Can a Risk Analysis or Risk Assessment Analyze? 134
Who Should Review the Results of a Risk Analysis and Risk Assessment? 134
How Is the Success of the Risk Analysis Measured? 135
Summary 135
Appendix F Risk Analysis versus Risk Assessment 137
Overview 137
The Difference between Risk Analysis and Risk Assessment 137
Risk Analysis and Due Diligence 138
Risk Assessment and Fiduciary Duty 138
Conducting a Risk Assessment 139
Risk Assessment Timetable 140
Risk Assessment and Risk Analysis Results 140
Risk Management Metrics 140
Summary 141
Appendix G Sample Threat Checklist 143
Appendix H Sample BIA Questionnaire 153
Appendix I Sample Risk Assessment Management Summary Report 251
Risk Assessment Scope Summary 252
Assessment Methodology Used 252
Assessment Findings and Action Plan 253
Full Findings Documentation 254
Conclusion 254
Appendix J Project Scope Statement 259
Introduction 259
Project Statement 260
Specifications 260
Well-Defined Standards and Metrics 262
Summary 263
Appendix K Why Risk Assessments Fail 265
Scope Creep 265
Ineffective Project Team 266
Stating Concerns as How They Impact Security 266
Every Threat Is a Major Concern 267
Conclusion 267
Appendix L Gap Analysis Examples 269
Overview 269
Gap Analysis Using ISO 17799 270
Answer the Following Questions 270
Gap Analysis Using Utility-Specific Standards 298
Gap Analysis Sample 3 Using Combination of Standards and Laws 344
Appendix M Control Lists 399
Overview 399
Appendix N Heat Charts 423
Index 431