Information Security Risk Analysis

CRC Press
2
Free sample

Risk is a cost of doing business. The question is, "What are the risks, and what are their costs?" Knowing the vulnerabilities and threats that face your organization's information and systems is the first essential step in risk management.

Information Security Risk Analysis shows you how to use cost-effective risk analysis techniques to identify and quantify the threats--both accidental and purposeful--that your organization faces. The book steps you through the qualitative risk analysis process using techniques such as PARA (Practical Application of Risk Analysis) and FRAP (Facilitated Risk Analysis Process) to:
  • Evaluate tangible and intangible risks
  • Use the qualitative risk analysis process
  • Identify elements that make up a strong Business Impact Analysis
  • Conduct risk analysis with confidence

    Management looks to you, its information security professional, to provide a process that allows for the systematic review of risk, threats, hazards, and concerns, and to provide cost-effective measures to lower risk to an acceptable level. You can find books that cover risk analysis for financial, environmental, and even software projects, but you will find none that apply risk analysis to information technology and business continuity planning or deal with issues of loss of systems configuration, passwords, information loss, system integrity, CPU cycles, bandwidth, and more. Information Security Risk Analysis shows you how to determine cost effective solutions for your organization's information technology.
  • Read more
    4.5
    2 total
    Loading...

    Additional Information

    Publisher
    CRC Press
    Read more
    Published on
    Jan 23, 2001
    Read more
    Pages
    296
    Read more
    ISBN
    9781420000092
    Read more
    Language
    English
    Read more
    Genres
    Business & Economics / Commerce
    Business & Economics / Industries / Service
    Computers / Security / General
    Read more
    Content Protection
    This content is DRM protected.
    Read more
    Read Aloud
    Available on Android devices
    Read more
    Eligible for Family Library

    Reading information

    Smartphones and Tablets

    Install the Google Play Books app for Android and iPad/iPhone. It syncs automatically with your account and allows you to read online or offline wherever you are.

    Laptops and Computers

    You can read books purchased on Google Play using your computer's web browser.

    eReaders and other devices

    To read on e-ink devices like the Sony eReader or Barnes & Noble Nook, you'll need to download a file and transfer it to your device. Please follow the detailed Help center instructions to transfer the files to supported eReaders.
    Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise’s effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.

    The book examines the elements of computer security, employee roles and responsibilities, and common threats. It discusses the legal requirements that impact security policies, including Sarbanes-Oxley, HIPAA, and the Gramm-Leach-Bliley Act. Detailing physical security requirements and controls, this updated edition offers a sample physical security policy and includes a complete list of tasks and objectives that make up an effective information protection program. Includes ten new chapters Broadens its coverage of regulations to include FISMA, PCI compliance, and foreign requirements Expands its coverage of compliance and governance issues Adds discussions of ISO 27001, ITIL, COSO, COBIT, and other frameworks Presents new information on mobile security issues Reorganizes the contents around ISO 27002

    The book discusses organization-wide policies, their documentation, and legal and business requirements. It explains policy format with a focus on global, topic-specific, and application-specific policies. Following a review of asset classification, it explores access control, the components of physical security, and the foundations and processes of risk analysis and risk management.

    The text concludes by describing business continuity planning, preventive controls, recovery strategies, and how to conduct a business impact analysis. Each chapter in the book has been written by a different expert to ensure you gain the comprehensive understanding of what it takes to develop an effective information security program.

    Starting with the inception of an education program and progressing through its development, implementation, delivery, and evaluation, Managing an Information Security and Privacy Awareness and Training Program, Second Edition provides authoritative coverage of nearly everything needed to create an effective training program that is compliant with applicable laws, regulations, and policies. Written by Rebecca Herold, a well-respected information security and privacy expert named one of the "Best Privacy Advisers in the World" multiple times by Computerworld magazine as well as a "Top 13 Influencer in IT Security" by IT Security Magazine, the text supplies a proven framework for creating an awareness and training program. It also:

    Lists the laws and associated excerpts of the specific passages that require training and awareness Contains a plethora of forms, examples, and samples in the book’s 22 appendices Highlights common mistakes that many organizations make Directs readers to additional resources for more specialized information Includes 250 awareness activities ideas and 42 helpful tips for trainers

    Complete with case studies and examples from a range of businesses and industries, this all-in-one resource provides the holistic and practical understanding needed to identify and implement the training and awareness methods best suited to, and most effective for, your organization.

    Praise for:

    The first edition was outstanding. The new second edition is even better ... the definitive and indispensable guide for information security and privacy awareness and training professionals, worth every cent. As with the first edition, we recommend it unreservedly..
    —NoticeBored.com

    Concept of the Corporation was the first study ever of the constitution, structure, and internal dynamics of a major business enterprise. Basing his work on a two-year analysis of the company done during the closing years of World War II, Drucker looks at the General Motors managerial organization from within. He tries to understand what makes the company work so effectively, what its core principles are, and how they contribute to its successes. The themes this volume addresses go far beyond the business corporation, into a consideration of the dynamics of the so-called corporate state itself.

    When the book initially appeared, General Motors managers rejected it as unfairly critical and antibusiness. Yet, the GM concept of the corporation and its principles of organization later became models for organizations worldwide. Not only businesses, but also government agencies, research laboratories, hospitals, and universities have found in Concept of the Corporation a basis for effective organization and management.

    Because it offers a fundamental theory of corporate goals, this book is a valuable resource for business professionals and organization analysts. It will also be of interest to students and professionals in economics, public administration, and political science. Professional and technical readers who admire Peter Drucker's work will want to be certain this volume is in their personal library. At a time when everything from the size to the structure of corporations is being questioned, this classic should prove a valuable guide.

    ©2018 GoogleSite Terms of ServicePrivacyDevelopersArtistsAbout Google|Location: United StatesLanguage: English (United States)
    By purchasing this item, you are transacting with Google Payments and agreeing to the Google Payments Terms of Service and Privacy Notice.