
Information Security Risk Assessment Toolkit
Practical Assessments through Data Collection and Data Analysis
Description
Key Features
- Based on authors’ experiences of real-world assessments, reports, and presentations
- Focuses on implementing a process, rather than theory, that allows you to derive a quick and valuable assessment
- Includes a companion web site with spreadsheets you can utilize to create and maintain the risk assessment
Readership
Information Security Officers, IT Auditors, IT Professionals, Chief Information Officers, Privacy Officers, Risk Officers, IT Enterprise Architects
Table of Contents
Dedication
Acknowledgements
About the Technical Editor
About the Authors
Introduction
Chapter 1. Information Security Risk Assessments
Introduction
What is Risk?
What is an Information Security Risk Assessment?
Drivers, Laws, and Regulations
Summary
References
Chapter 2. Information Security Risk Assessment: A Practical Approach
Introduction
A Primer on Information Security Risk Assessment Frameworks
Summary
Chapter 3. Information Security Risk Assessment: Data Collection
Introduction
The Sponsor
The Project Team
Data Collection Mechanisms
Executive Interviews
Document Requests
IT Asset Inventories
Asset Scoping
The Asset Profile Survey
The Control Survey
Survey Support Activities and Wrap-Up
Consolidation
Chapter 4. Information Security Risk Assessment: Data Analysis
Introduction
Compiling Observations from Organizational Risk Documents
Preparation of Threat and Vulnerability Catalogs
Overview of the System Risk Computation
Designing the Impact Analysis Scheme
Designing the Control Analysis Scheme
Designing the Likelihood Analysis Scheme
Putting it Together and the Final Risk Score
Chapter 5. Information Security Risk Assessment: Risk Assessment
Introduction
System Risk Analysis
Chapter 6. Information Security Risk Assessment: Risk Prioritization and Treatment
Introduction
Organizational Risk Prioritization and Treatment
System Specific Risk Prioritization and Treatment
Issues Register
Chapter 7. Information Security Risk Assessment: Reporting
Introduction
Outline
Risk Analysis Executive Summary
Methodology
Results
Risk Register
Conclusion
Appendices
Chapter 8. Information Security Risk Assessment: Maintenance and Wrap Up
Introduction
Process Summary
Key Deliverables
Post Mortem
Index
Product details
- No. of pages: 278
- Language: English
- Copyright: © Syngress 2012
- Published: October 17, 2012
- Imprint: Syngress
- Paperback ISBN: 9781597497350
- eBook ISBN: 9781597499750
About the Authors
Mark Talabis
He is co-author of the book "Information Security Risk Assessment Toolkit: Practical Assessments through Data Collection and Data Analysis" from Syngress. He has presented in various security and academic conferences and organizations around the world including Blackhat, Defcon, Shakacon, INFORMS, INFRAGARD, ISSA, and ISACA. He has a number of published papers to his name in various peer-reviewed journals and is also an alumni member of the Honeynet Project.
He has a Master of Liberal Arts Degree (ALM) in Information Technology from Harvard University and a Master of Science (MS) degree in Information Technology from Ateneo de Manila University. He holds several certifications including a Certified Information Systems Security Professional (CISSP); Certified Information Systems Auditor (CISA); and Certified in Risk and Information Systems Control (CRISC).
Affiliations and Expertise
Jason Martin
Affiliations and Expertise
Ratings and Reviews
There are currently no reviews for "Information Security Risk Assessment Toolkit"