Information security risk assessment toolkit : practical assessments through data collection and data analysis

Information security risk assessment toolkit practical assessments through data collection and data analysis

In order to protect company's information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus a...

Descripción completa

Detalles Bibliográficos
Autor principal: Talabis, Mark Ryan N. (-)
Otros Autores: Martin, Jason L., Wheeler, Evan
Formato: Libro electrónico
Idioma:Inglés
Publicado: Amsterdam ; Boston : Elsevier 2013.
Edición:1st edition
Materias:
Computer security.
Risk assessment.
Data mining.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628565806719
Tabla de Contenidos:
  • Information Security Risk Assessment Toolkit; copyright; Dedication; CONTENTS; Acknowledgments; About the Technical Editor; About the Authors; Introduction; 1 Information Security Risk Assessments; Introduction; What is Risk?; Going Deeper with Risk; Components of Risk; Event; Asset; Outcome; Probability; Putting it All Together; Information Security Risk; What is an Information Security Risk Assessment?; Why Assess Information Security Risk?; Risk Assessments and the Security Program; Information Risk Assessments Activities in a Nutshell; Identify Threats; Identify Vulnerabilities
  • Identify AssetsDetermine Impact; Determine Likelihood; Identify Controls; Drivers, Laws, and Regulations; Federal Information Security Management Act of 2002 (FISMA); Gramm-Leach-Bliley Act (GLBA); Health Insurance Portability and Accountability Act (HIPAA); State Governments; ISO 27001; Summary; What is Risk?; What is an Information Security Risk Assessment?; Drivers, Laws, and Regulations; References; 2 Information Security Risk Assessment: A Practical Approach; Introduction; A Primer on Information Security Risk Assessment Frameworks; Do I Use an Existing Framework or Should I Use My Own?
  • OCTAVEDetails; Establish Risk Measurement Criteria; Develop an Information Asset Profile; Identify Information Asset Containers; Identify Areas of Concern; Identify Threat Scenarios; Identify Risks; Analyze Risks; Select Mitigation Approach; Strengths and Weaknesses of OCTAVE (see Table 2.5); Fair; Details; Stage 1: Identify Scenario Components; Stage 2: Evaluate Loss Event Frequency; Stage 3: Evaluate Probable Loss Magnitude (PLM); Derive and Articulate Risk; Strengths and Weaknesses (see Table 2.14); NIST SP800-30; Details; System Characterization; Threat Identification
  • Vulnerability IdentificationControl Analysis; Likelihood Determination; Impact Analysis; Risk Determination; Control Recommendations; Results Documentation; Strenghts and Weaknesses of NIST; ISO 27005; Details; Risk Identification; Risk Estimation; Risk Evaluation; A Comparison of the Major Activities for the Four Frameworks; Strength and Weaknesses (see Table 2.19); A Comparison of the Major Activities for the Four Frameworks Based on Activities; Our Risk Assessment Approach; Main Phases in Our Methodology; Data Collection; Data Analysis; Risk Analysis, Prioritization, and Treatment
  • ReportingMaintenance; Summary; 3 Information Security Risk Assessment: Data Collection; Introduction; The Sponsor; The Project Team; The Size and Breadth of the Risk Assessment; Scheduling and Deadlines; Assessor and Organization Experience; Workload; Data Collection Mechanisms; Collectors; Containers; Executive Interviews; Document Requests; IT Asset Inventories; Asset Scoping; Interviews; Asset Scoping Workshops; Business Impact Analysis and Other Assessments; Critical Success Factor Analysis; The Asset Profile Survey; Who Do You Ask for information?; How Do You Ask for the Information?
  • What Do You Ask for?

Ejemplares similares