Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software.
|Publisher:||IT Governance Ltd|
|Sold by:||Barnes & Noble|
|File size:||1 MB|
About the Author
Alan is the author of "IT Governance - a Manager's Guide" and a founder director of IT Governance Ltd. Before that, he was CEO of Wide Learning, a supplier of e-learning, of Focus Central London and, before that, of Business Link London City Partners (BLLCP). He was also a member of the DTI's Information Age Competitiveness Working Group.
Steve G Watkins leads the consultancy and training services of IT Governance Ltd. In his various roles in both the public and private sectors he has been responsible for most support disciplines. He has over 20 years’ experience of managing integrated management systems, and is a lead auditor for ISO27001 and ISO9000. He is now an ISMS Technical Expert for UKAS, and provides them with advice for their assessments of certification bodies offering certification to ISO27001.