Over 10 mio. titler Fri fragt ved køb over 499,- Hurtig levering Forlænget returret til 31/01/25

Security Risk Management

- Building an Information Security Risk Management Program from the Ground Up

Bog
  • Format
  • Bog, paperback
  • Engelsk

Beskrivelse

Security Risk Management is the definitive guide for building or running an information security risk management program. This book teaches practical techniques that will be used on a daily basis, while also explaining the fundamentals so students understand the rationale behind these practices. It explains how to perform risk assessments for new IT projects, how to efficiently manage daily risk activities, and how to qualify the current risk level for presentation to executive level management. While other books focus entirely on risk analysis methods, this is the first comprehensive text for managing security risks. This book will help you to break free from the so-called best practices argument by articulating risk exposures in business terms. It includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment. It explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk. It also presents a roadmap for designing and implementing a security risk management program. This book will be a valuable resource for CISOs, security managers, IT managers, security consultants, IT auditors, security analysts, and students enrolled in information security/assurance college programs.

Læs hele beskrivelsen
Detaljer
  • SprogEngelsk
  • Sidetal360
  • Udgivelsesdato24-06-2011
  • ISBN139781597496155
  • Forlag Syngress Media,u.S.
  • FormatPaperback
Størrelse og vægt
  • Vægt700 g
  • coffee cup img
    10 cm
    book img
    19,1 cm
    23,5 cm

    Findes i disse kategorier...

    Se andre, der handler om...

    Design Software Audit Scanning Interview Cryptography Trust Engagement Model Executive Communication Threat Development Documentation Integrity Models Rating Responsibility Risk assessment Risk management Standards Terminology Inspection Transfer Monitoring Cost Security measures Analysis Computer networks Access control Strategy Standardization Policy Testing Auditing Workflow Style Techniques Remediation Qualitative Compliance Authentication Charts Modularity Process Confidentiality Certification Threats Impact Quantitative Logging Building Planning Accountability Application Information security OPTIMIZATION Presentation Validation Artifacts Assessment Pattern accept Program Development project Resilience purpose Customer framework Sensitivity Client ASSET Vendor Likelihood Profile Findings Risk Model SDLC Penetration Test Filtering Questionnaire Qualification Service Provider Security investment Best Practices PCI Fair Graphs Data Classification Security architecture Availability Regulator Profiling Processes Risk analysis Threat Analysis Operations Scope Owner Octave NIST Constraint Security metrics Criticality Risk Acceptance Defense in Depth Senior management Checklist Session Management Vulnerability Management Prerequisites Principles Vulnerability Consultant Report Threat Vector Resource Severity Baseline Threat modeling Code review Event monitoring Tasks Risk appetite Authorization Security Services Business impact assessment Conséquences Enforcement Controls Risk Evaluation Advisory Vulnerability Assessment Prioritization Information flow Security zone Executive summary Risk measure Architectural Risk Analysis Alert Approval Security program Avoid Sig Management Response 800-30 800-37 action owner acceptable range access control model active test assessment steps Certification and Accreditation Compartmentalization compensating controls control requirements failure condition findings summary fraap compliance to standards default configuration discretionary facilitated Mitigate mitigation planning nonrepudiation Peltier octave allegro passive test risk area risk scale rule based risk activities risk review Security ROI risk decision risk domain threat and vulnerability management third-party review threat actor threat and vulnerability assessment security value threat universe Lifecycle notification Residual Risk Risk sensitivity Risk Threshold mitigation plan security risk profile security risk program policy exception perimeter Risk Description risk exposure threat profiles Separation of duties threat activity
    Machine Name: SAXO081