Information Security Risk Analysis
Risk is a cost of doing business. The question is, "What are the risks, and what are their costs?" Knowing the vulnerabilities and threats that face your organization's information and systems is the first essential step in risk management.
Information Security Risk Analysis shows you how to use cost-effective risk analysis techniques to identify and quantify the threats--both accidental and purposeful--that your organization faces. The book steps you through the qualitative risk analysis process using techniques such as PARA (Practical Application of Risk Analysis) and FRAP (Facilitated Risk Analysis Process) to:
Management looks to you, its information security professional, to provide a process that allows for the systematic review of risk, threats, hazards, and concerns, and to provide cost-effective measures to lower risk to an acceptable level. You can find books that cover risk analysis for financial, environmental, and even software projects, but you will find none that apply risk analysis to information technology and business continuity planning or deal with issues of loss of systems configuration, passwords, information loss, system integrity, CPU cycles, bandwidth, and more. Information Security Risk Analysis shows you how to determine cost effective solutions for your organization's information technology.
What people are saying - Write a review
We haven't found any reviews in the usual places.
Chapter 2 Qualitative Risk Analysis
Chapter 3 Value Analysis
Chapter 4 Other Qualitative Methods
Chapter 5 Facilitated Risk Analysis Process FRAP
Chapter 6 Other Uses of Qualitative Risk Analysis
Chapter 7 Case Study
Facilitated Risk Analysis Process FRAP Forms
Business Impact Analysis BIA Forms
Other editions - View all
acceptable Access Control accidental Action Plan Annualized Loss Expectancy application or system audit availability Backup business continuity plan business impact analysis business manager business objectives business process business resumption planning business unit Chapter cloud Computer Security confidentiality cost cost-benefit analysis cost-effective data center database definitions determine develop disclosure discussed document Editor ISBN effective elements employees ensure enterprise environment evaluation FRAP session FRAP team hardware identify implemented information assets information risk assessment information risk management information security information systems Integrated Risk Management John O’Leary Loss Impact ment METAR methodology National Weather Service NIST occur organization outage owner policies and procedures priority Process FRAP QRA team qualitative risk analysis quantitative questions recommended requirements responsible risk analysis process safeguards scope statement security management shown in Exhibit snow specific storm team members threat frequency tornado tropical cyclone Valuation vulnerability analysis winds Worksheet