UID:
almahu_9948026529602882
Format:
1 online resource (281 p.)
Edition:
1st edition
ISBN:
1-283-70550-8
,
1-59749-975-7
Content:
In order to protect company's information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments. Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored. Information Security Ris
Note:
Description based upon print version of record.
,
Information Security Risk Assessment Toolkit; copyright; Dedication; CONTENTS; Acknowledgments; About the Technical Editor; About the Authors; Introduction; 1 Information Security Risk Assessments; Introduction; What is Risk?; Going Deeper with Risk; Components of Risk; Event; Asset; Outcome; Probability; Putting it All Together; Information Security Risk; What is an Information Security Risk Assessment?; Why Assess Information Security Risk?; Risk Assessments and the Security Program; Information Risk Assessments Activities in a Nutshell; Identify Threats; Identify Vulnerabilities
,
Identify AssetsDetermine Impact; Determine Likelihood; Identify Controls; Drivers, Laws, and Regulations; Federal Information Security Management Act of 2002 (FISMA); Gramm-Leach-Bliley Act (GLBA); Health Insurance Portability and Accountability Act (HIPAA); State Governments; ISO 27001; Summary; What is Risk?; What is an Information Security Risk Assessment?; Drivers, Laws, and Regulations; References; 2 Information Security Risk Assessment: A Practical Approach; Introduction; A Primer on Information Security Risk Assessment Frameworks; Do I Use an Existing Framework or Should I Use My Own?
,
OCTAVEDetails; Establish Risk Measurement Criteria; Develop an Information Asset Profile; Identify Information Asset Containers; Identify Areas of Concern; Identify Threat Scenarios; Identify Risks; Analyze Risks; Select Mitigation Approach; Strengths and Weaknesses of OCTAVE (see Table 2.5); Fair; Details; Stage 1: Identify Scenario Components; Stage 2: Evaluate Loss Event Frequency; Stage 3: Evaluate Probable Loss Magnitude (PLM); Derive and Articulate Risk; Strengths and Weaknesses (see Table 2.14); NIST SP800-30; Details; System Characterization; Threat Identification
,
Vulnerability IdentificationControl Analysis; Likelihood Determination; Impact Analysis; Risk Determination; Control Recommendations; Results Documentation; Strenghts and Weaknesses of NIST; ISO 27005; Details; Risk Identification; Risk Estimation; Risk Evaluation; A Comparison of the Major Activities for the Four Frameworks; Strength and Weaknesses (see Table 2.19); A Comparison of the Major Activities for the Four Frameworks Based on Activities; Our Risk Assessment Approach; Main Phases in Our Methodology; Data Collection; Data Analysis; Risk Analysis, Prioritization, and Treatment
,
ReportingMaintenance; Summary; 3 Information Security Risk Assessment: Data Collection; Introduction; The Sponsor; The Project Team; The Size and Breadth of the Risk Assessment; Scheduling and Deadlines; Assessor and Organization Experience; Workload; Data Collection Mechanisms; Collectors; Containers; Executive Interviews; Document Requests; IT Asset Inventories; Asset Scoping; Interviews; Asset Scoping Workshops; Business Impact Analysis and Other Assessments; Critical Success Factor Analysis; The Asset Profile Survey; Who Do You Ask for information?; How Do You Ask for the Information?
,
What Do You Ask for?
,
English
Additional Edition:
ISBN 1-59749-735-5
Language:
English
Bookmarklink
