Hilfe Warenkorb Konto Anmelden
 
 
   Schnellsuche   
     zur Expertensuche                      
Security Risk Management - Building an Information Security Risk Management Program from the Ground Up
  Großes Bild
 
Security Risk Management - Building an Information Security Risk Management Program from the Ground Up
von: Evan Wheeler
Elsevier Reference Monographs, 2011
ISBN: 9781597496162
360 Seiten, Download: 3219 KB
 
Format: EPUB, PDF
geeignet für: geeignet für alle DRM-fähigen eReader Apple iPad, Android Tablet PC's Apple iPod touch, iPhone und Android Smartphones Online-Lesen PC, MAC, Laptop

Typ: B (paralleler Zugriff)

 

 
eBook anfordern
Inhaltsverzeichnis

  Front Cover 1  
  Security Risk Management: Building an InformationSecurity Risk Management Program from the Ground Up 4  
  Copyright 5  
  Table of Contents 6  
  Preface 14  
     Intended Audience 15  
     Organization of This Book 16  
     Acknowledgments 20  
     About the Author 21  
     About the Technical Editor 21  
  Part I: Introduction to Risk Management 22  
     Chapter 1. The Security Evolution 24  
        Introduction 24  
        How We Got Here 24  
        A Risk-Focused Future 27  
        Information Security Fundamentals 29  
        The Death of Information Security 37  
        Summary 40  
        References 40  
     Chapter 2. Risky Business 42  
        Introduction 42  
        Applying Risk Management to Information Security 42  
        Business-Driven Security Program 49  
        Security as an Investment 55  
        Qualitative versus Quantitative 58  
        Summary 61  
        References 62  
     Chapter 3. The Risk Management Lifecycle 64  
        Introduction 64  
        Stages of the Risk Management Lifecycle 64  
        Business Impact Assessment 69  
        A Vulnerability Assessment Is Not a Risk Assessment 71  
        Making Risk Decisions 74  
        Mitigation Planning and Long-Term Strategy 77  
        Process Ownership 80  
        Summary 81  
  Part II: Risk Assessment and AnalysisTechniques 82  
     Chapter 4. Risk Profiling 84  
        Introduction 84  
        How Risk Sensitivity Is Measured 84  
        Asking the Right Questions 92  
        Assessing Risk Appetite 102  
        Summary 105  
        Reference 106  
     Chapter 5. Formulating a Risk 108  
        Introduction 108  
        Breaking Down a Risk 108  
        Who or What Is the Threat? 116  
        Summary 123  
        References 124  
     Chapter 6. Risk Exposure Factors 126  
        Introduction 126  
        Qualitative Risk Measures 126  
        Risk Assessment 138  
        Summary 145  
        Reference 146  
     Chapter 7. Security Controls and Services 148  
        Introduction 148  
        Fundamental Security Services 148  
        Recommended Controls 165  
        Summary 166  
        Reference 167  
     Chapter 8. Risk Evaluation and Mitigation Strategies 168  
        Introduction 168  
        Risk Evaluation 168  
        Risk Mitigation Planning 175  
        Policy Exceptions and Risk Acceptance 177  
        Summary 182  
     Chapter 9. Reports and Consulting 184  
        Introduction 184  
        Risk Management Artifacts 184  
        A Consultant’s Perspective 186  
        Writing Audit Responses 204  
        Summary 208  
        References 209  
     Chapter 10. Risk Assessment Techniques 210  
        Introduction 210  
        Operational Assessments 210  
        Project-Based Assessments 219  
        Third-Party Assessments 226  
        Summary 232  
        References 233  
  Part III: Building and Running a Risk Management Program 234  
     Chapter 11. Threat and Vulnerability Management 236  
        Introduction 236  
        Building Blocks 236  
        Threat Identification 241  
        Advisories and Testing 243  
        An Efficient Workflow 249  
        The FAIR Approach 251  
        Summary 257  
        References 258  
     Chapter 12. Security Risk Reviews 260  
        Introduction 260  
        Assessing the State of Compliance 260  
        Implementing a Process 263  
        Process Optimization: A Review of Key Points 272  
        The NIST Approach 274  
        Summary 278  
        References 278  
     Chapter 13. A Blueprint for Security 280  
        Introduction 280  
        Risk in the Development Lifecycle 280  
        Security Architecture 284  
        Patterns and Baselines 294  
        Architectural Risk Analysis 299  
        Summary 304  
        Reference 305  
     Chapter 14. Building a Program from Scratch 306  
        Introduction 306  
        Designing a Risk Program 306  
        Prerequisites for a Risk Management Program 312  
        Risk at the Enterprise Level 316  
        Linking the Program Components 319  
        Program Roadmap 321  
        Summary 323  
        Reference 323  
  Appendix A: Sample Security Risk Profile 324  
     A. General Information 324  
     B. Information Sensitivity 324  
     C Regulatory Requirements 327  
     D. Business Requirements 328  
     E. Definitions 329  
  Appendix B: Qualitative Risk Scale Reference Tables 330  
  Appendix C: Architectural Risk Analysis Reference Tables 334  
     Baseline Security Levels and Sample Controls 334  
     Security Enhancement Levels and Sample Controls 340  
     Mapping Security Levels 348  
  Index 352  


nach oben


  Mehr zum Inhalt
Kapitelübersicht
Kurzinformation
Inhaltsverzeichnis
Leseprobe
Blick ins Buch
Fragen zu eBooks?

  Navigation
Belletristik / Romane
Computer
Geschichte
Kultur
Medizin / Gesundheit
Philosophie / Religion
Politik
Psychologie / Pädagogik
Ratgeber
Recht
Reise / Hobbys
Sexualität / Erotik
Technik / Wissen
Wirtschaft

  Info
Hier gelangen Sie wieder zum Online-Auftritt Ihrer Bibliothek
© 2008-2020 ciando GmbH | Impressum | Kontakt | F.A.Q. | Datenschutz