Analyzes risk analysis, risk assessment, and vulnerability assessments
Introduces System Development Life Cycle (SDLC) and Business Process Life Cycle (BPLC), and integrates risk analysis and assessment into these processes
Discusses the need to develop a standard set of controls, and details how to apply regulations such as GLBA, HIPPA, SOX, ISO 17799, and others
Explains how to use qualitative risk assessment concepts and FRAAP to conduct business impact analyses and determine information classification requirements
Contains samples of forms, controls, policies, letters, and spreadsheets needed to complete the risk analysis and assessment processes
The risk management process supports executive decision-making, allowing managers and owners to perform their fiduciary responsibility of protecting the assets of their enterprises. This crucial process should not be a long, drawn-out affair. To be effective, it must be done quickly and efficiently.
Information Security Risk Analysis, Second Edition enables CIOs, CSOs, and MIS managers to understand when, why, and how risk assessments and analyses can be conducted effectively. This book discusses the principle of risk management and its three key elements: risk analysis, risk assessment, and vulnerability assessment. It examines the differences between quantitative and qualitative risk assessment, and details how various types of qualitative risk assessment can be applied to the assessment process. The text offers a thorough discussion of recent changes to FRAAP and the need to develop a pre-screening method for risk assessment and business impact analysis.
INTRODUCTION
Frequently asked questions
Conclusion
RISK MANAGEMENT
Overview
Risk Management as Part of the Business Process
Employee Roles and Responsibilities
Information Security Life Cycle
Risk Analysis Process
Risk Assessment
Cost-Benefit Analysis
Risk Mitigation
Final Thoughts
RISK ASSESSMENT PROCESS
Introduction
Risk Assessment Process
Information Is an Asset
Risk Assessment Methodology
Final Thoughts
QUANTITATIVE VERSUS QUALITATIVE RISK
ASSESSMENT
Introduction
Quantitative and Qualitative Pros and Cons
Qualitative Risk Assessment Basics
Qualitative Risk Assessment Using Tables
The 30-Minute Risk Assessment
Conclusion
OTHER FORMS OF QUALITATIVE RISK ASSESSMENT
Introduction
Hazard Impact Analysis
Questionnaires
Single Time Loss Algorithm
Conclusion
FACILITATED RISK ANALYSIS AND ASSESSMENT
PROCESS (FRAAP)
Introduction
FRAAP Overview
Why The FRAAP Was Created
Introducing the FRAAP to Your Organization
Conclusion
VARIATIONS ON THE FRAAP
Overview
Infrastructure FRAAP
Conclusion
MAPPING CONTROLS
Controls Overview
Creating Your Controls List
Control List Examples
BUSINESS IMPACT ANALYSIS (BIA)
Overview
Creating a BIA Process
CONCLUSION
Appendix A: Sample Risk Assessment Management Summary Report
Appendix B: Terms and Definitions
Appendix C: Bibliography
