1. Home
  2. Books & Journals
  3. Business, Management and Accounting
  4. Management Information Systems
  5. Computer Security
  6. Information Security Risk Assessment Toolkit
Information Security Risk Assessment Toolkit - 1st Edition - ISBN: 9781597497350, 9781597499750

Information Security Risk Assessment Toolkit

1st Edition

Practical Assessments through Data Collection and Data Analysis

Authors: Mark Talabis Jason Martin
eBook ISBN: 9781597499750
Paperback ISBN: 9781597497350
Imprint: Syngress
Published Date: 26th October 2012
Page Count: 278
Tax/VAT will be calculated at check-out
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
In Stock
In Stock
In Stock
Sorry, this product is currently out of stock.
Sorry, we aren’t shipping this product to your region at this time.
53.59
42.87
42.87
37.51
37.51
37.51
37.51
37.51
49.95
39.96
39.96
34.97
34.97
34.97
34.97
34.97
30.99
24.79
24.79
21.69
21.69
21.69
21.69
21.69
38.95
31.16
31.16
27.27
27.27
27.27
27.27
27.27
Unavailable
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
49.95
39.96
39.96
34.97
34.97
34.97
34.97
34.97
30.99
24.79
24.79
21.69
21.69
21.69
21.69
21.69
38.95
31.16
31.16
27.27
27.27
27.27
27.27
27.27
Unavailable
DRM-Free

Easy - Download and start reading immediately. There’s no activation process to access eBooks; all eBooks are fully searchable, and enabled for copying, pasting, and printing.

Flexible - Read on multiple operating systems and devices. Easily read eBooks on smart phones, computers, or any eBook readers, including Kindle.

Open - Buy once, receive and download all available eBook formats, including PDF, EPUB, and Mobi (for Kindle).

Institutional Access

Support Center

Resources

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

In order to protect company’s information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments. Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored. Information Security Risk Assessment Toolkit gives you the tools and skills to get a quick, reliable, and thorough risk assessment for key stakeholders.

Key Features

  • Based on authors’ experiences of real-world assessments, reports, and presentations
  • Focuses on implementing a process, rather than theory, that allows you to derive a quick and valuable assessment
  • Includes a companion web site with spreadsheets you can utilize to create and maintain the risk assessment

Readership

Information Security Officers, IT Auditors, IT Professionals, Chief Information Officers, Privacy Officers, Risk Officers, IT Enterprise Architects

Table of Contents

Dedication

Acknowledgements

About the Technical Editor

About the Authors

Introduction

Chapter 1. Information Security Risk Assessments

Introduction

What is Risk?

What is an Information Security Risk Assessment?

Drivers, Laws, and Regulations

Summary

References

Chapter 2. Information Security Risk Assessment: A Practical Approach

Introduction

A Primer on Information Security Risk Assessment Frameworks

Summary

Chapter 3. Information Security Risk Assessment: Data Collection

Introduction

The Sponsor

The Project Team

Data Collection Mechanisms

Executive Interviews

Document Requests

IT Asset Inventories

Asset Scoping

The Asset Profile Survey

The Control Survey

Survey Support Activities and Wrap-Up

Consolidation

Chapter 4. Information Security Risk Assessment: Data Analysis

Introduction

Compiling Observations from Organizational Risk Documents

Preparation of Threat and Vulnerability Catalogs

Overview of the System Risk Computation

Designing the Impact Analysis Scheme

Designing the Control Analysis Scheme

Designing the Likelihood Analysis Scheme

Putting it Together and the Final Risk Score

Chapter 5. Information Security Risk Assessment: Risk Assessment

Introduction

System Risk Analysis

Chapter 6. Information Security Risk Assessment: Risk Prioritization and Treatment

Introduction

Organizational Risk Prioritization and Treatment

System Specific Risk Prioritization and Treatment

Issues Register

Chapter 7. Information Security Risk Assessment: Reporting

Introduction

Outline

Risk Analysis Executive Summary

Methodology

Results

Risk Register

Conclusion

Appendices

Chapter 8. Information Security Risk Assessment: Maintenance and Wrap Up

Introduction

Process Summary

Key Deliverables

Post Mortem

Index

Details

No. of pages:
278
Language:
English
Copyright:
© Syngress 2013
Published:
Imprint:
Syngress
eBook ISBN:
9781597499750
Paperback ISBN:
9781597497350

About the Author

Mark Talabis

Mark Ryan Talabis is the Chief Threat Scientist of Zvelo Inc. Previously he was the Director of the Cloud Business Unit of FireEye Inc. He was also the Lead Researcher and VP of Secure DNA and was an Information Technology Consultant for the Office of Regional Economic Integration (OREI) of the Asian Development Bank (ADB). 


He is co-author of the book "Information Security Risk Assessment Toolkit: Practical Assessments through Data Collection and Data Analysis" from Syngress. He has presented in various security and academic conferences and organizations around the world including Blackhat, Defcon, Shakacon, INFORMS, INFRAGARD, ISSA, and ISACA. He has a number of published papers to his name in various peer-reviewed journals and is also an alumni member of the Honeynet Project.

He has a Master of Liberal Arts Degree (ALM) in Information Technology from Harvard University and a Master of Science (MS) degree in Information Technology from Ateneo de Manila University. He holds several certifications including a Certified Information Systems Security Professional (CISSP); Certified Information Systems Auditor (CISA); and Certified in Risk and Information Systems Control (CRISC).

Affiliations and Expertise

Chief Threat Scientist of Zvelo Inc

Jason Martin

Jason Martin is Vice President of Cloud Business for FireEye, Inc. the global leader in advanced threat detection technology. Prior to joining FireEye Jason was the President and CEO of Secure DNA (acquired by FireEye), a company that provided innovative security products and solutions to companies throughout Asia-Pacific and the US Mainland. Customers included Fortune 1000 companies, global government agencies, state and local governments, and private organizations of all sizes. Mr. Martin has over fifteen years of experience in Information Security, is a published author and speaker, and is the co-founder of the Shakacon Security Conference.

Affiliations and Expertise

is the Vice President of Cloud Business for FireEye, Inc.

Request Quote

Tax Exemption

We cannot process tax exempt orders online. If you wish to place a tax exempt order please contact us.