Information Security Risk Analysis, Third

The risk management process supports executive decision-making, allowing managers and owners to perform their fiduciary responsibility of protecting the assets of their enterprises. This crucial process should not be a long, drawn-out affair. To be effective, it must be done quickly and efficiently.Information Security Risk Analysis, Second Edition enables CIOs, CSOs, and MIS managers to understand when, why, and how risk assessments and analyses can be conducted effectively. This book discusses the principle of risk management and its three key elements: risk analysis, risk assessment, and vulnerability assessment. It examines the differences between quantitative and qualitative risk assessment, and details how various types of qualitative risk assessment can be applied to the assessment process. The text offers a thorough discussion of recent changes to FRAAP and the need to develop a pre-screening method for risk assessment and business impact analysis.

Acknowledgments	p. xi
About the Author	p. xiii
Introduction	p. xv
The Facilitated Risk Analysis and Assessment Process (FRAAP)	p. 1
Introduction	p. 1
FRAAP Overview	p. 2
FRAAP History	p. 3
Introducing the FRAAP	p. 5
Key Concepts	p. 6
The Pre-FRAAP Meeting	p. 8
Pre-FRAAP Meeting Checklist	p. 13
Pre-FRAAP Meeting Summary	p. 18
The FRAAP Session	p. 18
Overview	p. 18
FRAAP Session Introduction	p. 19
FRAAP Session Talking Points	p. 20
FRAAP Threats Identification	p. 22
Identifying Threats Using a Checklist	p. 25
Identifying Existing Controls	p. 26
Establishing Risk Levels	p. 26
Residual Risk	p. 30
Using a Threats Identification Checklist	p. 38
FRAAP Session Summary	p. 43
Post-FRAAP Process	p. 47
Complete the Action Plan	p. 50
Conclusion	p. 54
Risk Analysis (Project Impact Analysis)	p. 57
Overview	p. 57
The Difference between Risk Analysis and Risk Assessment	p. 57
Risk Analysis and Due Diligence	p. 58
Risk Assessment and Fiduciary Duty	p. 58
Performing a Risk Analysis	p. 59
Risk Analysis Elements	p. 61
Other Considerations	p. 62
When to Conduct a Risk Analysis	p. 64
Final Words	p. 64
Sample Risk Analysis Questionnaire	p. 65
Sample Risk Analysis Report Outline	p. 65
Pre-Screening	p. 67
Introduction	p. 67
Background	p. 71
Pre-Screening Example 1	p. 71
Pre-Screening Example 2	p. 73
Pre-Screening Example 3	p. 75
Pre-Screening Example 4	p. 78
Summary	p. 78
Business Impact Analysis	p. 81
Overview	p. 81
BIA versus Risk Assessment	p. 82
Creating a BIA Process	p. 83
Creating the Financial Impact Table	p. 84
Working the BIA Process	p. 86
Additional Examples	p. 88
Objectives of the BIA	p. 93
Using Questionnaires for a BIA	p. 93
Data Collection and Analysis	p. 95
Prepare Management Presentation	p. 96
Final Thoughts	p. 97
Gap Analysis	p. 99
Introduction	p. 99
Background	p. 99
GAP Analysis Process	p. 100
Gap Analysis Example 1	p. 103
Gap Analysis Example 2	p. 106
How to Use the Self-Assessment Checklist	p. 107
Summary	p. 108
Facilitator Skills	p. 111
FRAAP Team Members	p. 117
Introduction	p. 117
The Risk Assessment Team	p. 118
Conclusion	p. 123
Project Scope Statement	p. 125
Overview	p. 125
Summary	p. 128
Laws, Standards, and Regulations	p. 129
Frequently Asked Questions about Risk Management	p. 131
Introduction	p. 131
Is There a Difference between Risk Analysis and Risk Assessment?	p. 131
Why Should a Risk Analysis Be Conducted?	p. 132
When Should a Risk Assessment Be Conducted?	p. 132
Who Should Conduct the Risk Assessment?	p. 133
How Long Should a Risk Assessment Take?	p. 134
What Can a Risk Analysis or Risk Assessment Analyze?	p. 134
Who Should Review the Results of a Risk Analysis and Risk Assessment?	p. 134
How Is the Success of the Risk Analysis Measured?	p. 135
Summary	p. 135
Risk Analysis versus Risk Assessment	p. 137
Overview	p. 137
The Difference between Risk Analysis and Risk Assessment	p. 137
Risk Analysis and Due Diligence	p. 138
Risk Assessment and Fiduciary Duty	p. 138
Conducting a Risk Assessment	p. 139
Risk Assessment Timetable	p. 140
Risk Assessment and Risk Analysis Results	p. 140
Risk Management Metrics	p. 140
Summary	p. 141
Sample Threat Checklist	p. 143
Sample BIA Questionnaire	p. 153
Sample Risk Assessment Management Summary Report	p. 251
Risk Assessment Scope Summary	p. 252
Assessment Methodology Used	p. 252
Assessment Findings and Action Plan	p. 253
Full Findings Documentation	p. 254
Conclusion	p. 254
Project Scope Statement	p. 259
Introduction	p. 259
Project Statement	p. 260
Specifications	p. 260
Well-Defined Standards and Metrics	p. 262
Summary	p. 263
Why Risk Assessments Fail	p. 265
Scope Creep	p. 265
Ineffective Project Team	p. 266
Stating Concerns as How They Impact Security	p. 266
Every Threat Is a Major Concern	p. 267
Conclusion	p. 267
Gap Analysis Examples	p. 269
Overview	p. 269
Gap Analysis Using ISO 17799	p. 270
Answer the Following Questions	p. 270
Gap Analysis Using Utility-Specific Standards	p. 298
Gap Analysis Sample 3 Using Combination of Standards and Laws	p. 344
Control Lists	p. 399
Overview	p. 399
Heat Charts	p. 423
Index	p. 431
Table of Contents provided by Ingram. All Rights Reserved.

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

FREE SHIPPING

Amazon no longer offers textbook rentals. We do!

Information Security Risk Analysis, Third Edition

Summary

Table of Contents

Supplemental Materials