Information Security Risk Assessment Toolkit

Practical Assessments through Data Collection and Data Analysis


  • Mark Talabis, Chief Threat Scientist of Zvelo Inc
  • Jason Martin, is the Vice President of Cloud Business for FireEye, Inc.

In order to protect company’s information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments.  Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored.  Information Security Risk Assessments gives you the tools and skills to get a quick, reliable, and thorough risk assessment for key stakeholders.
View full description


Information Security Officers, IT Auditors, IT Professionals, Chief Information Officers, Privacy Officers, Risk Officers, IT Enterprise Architects


Book information

  • Published: October 2012
  • Imprint: SYNGRESS
  • ISBN: 978-1-59749-735-0

Table of Contents

Chapter 1: Information Security Risk Assessments

Chapter 2: A Practical Approach

Chapter 3:  Data Collection

Chapter 4: Data Analysis

Chapter 5:  Risk Assessment

Chapter 6: Risk Prioritization and Treatment

Chapter 7:  Reporting

Chapter 8: Maintenance and Wrap Up