Atnaujinkite slapukų nuostatas

El. knyga: How to Complete a Risk Assessment in 5 Days or Less [Taylor & Francis e-book]

(Thomas R. Peltier Associates, LLC, Wyandotte, Michigan, USA Thomas R. Peltier Associates, LLC, Wyandotte, Michigan, USA)
  • Formatas: 444 pages
  • Išleidimo metai: 05-Sep-2019
  • Leidėjas: CRC Press
  • ISBN-13: 9780429074646
Kitos knygos pagal šią temą:
  • Taylor & Francis e-book
  • Kaina: 184,65 €*
  • * this price gives unlimited concurrent access for unlimited time
  • Standartinė kaina: 263,78 €
  • Sutaupote 30%
How to Complete a Risk Assessment in 5 Days or LessDidesnis paveikslėlis
  • Formatas: 444 pages
  • Išleidimo metai: 05-Sep-2019
  • Leidėjas: CRC Press
  • ISBN-13: 9780429074646
Kitos knygos pagal šią temą:
Taylor & Francis e-booksMore info about Taylor & Francis e-books
Partnerių interneto svetainė: https://www.taylorfrancis.com/books/9780429074646

Successful security professionals have had to modify the process of responding to new threats in the high-profile, ultra-connected business environment. But just because a threat exists does not mean that your organization is at risk. This is what risk assessment is all about. How to Complete a Risk Assessment in 5 Days or Less demonstrates how to identify threats your company faces and then determine if those threats pose a real risk to the organization.







To help you determine the best way to mitigate risk levels in any given situation, How to Complete a Risk Assessment in 5 Days or Less includes more than 350 pages of user-friendly checklists, forms, questionnaires, and sample assessments.



Presents Case Studies and Examples of all Risk Management Components



Based on the seminars of information security expert Tom Peltier, this volume provides the processes that you can easily employ in your organization to assess risk.







 Answers such FAQs as:







  • Why should a risk analysis be conducted?






  • Who should review the results?






  • How is the success measured?




Always conscious of the bottom line, Peltier discusses the cost-benefit of risk mitigation and looks at specific ways to manage costs. He supports his conclusions with numerous case studies and diagrams that show you how to apply risk management skills in your organization—and it’s not limited to information security risk assessment. You can apply these techniques to any area of your business. This step-by-step guide to conducting risk assessments gives you the knowledgebase and the skill set you need to achieve a speedy and highly-effective risk analysis assessment in a matter of days.



Based on the seminars of Tom Peltier, this volume presents the various processes that an organization can employ in assessing risk, fully detailing each of its strengths and weaknesses. This information will allow managers to determine what processes best fit the needs of a given situation to mitigate risk levels. Always conscious of the bottom line, the author discusses the cost-benefit analysis of risk mitigation and looks at specific ways to manage costs. The conclusions presented are supported by numerous case studies and explained through diagrams that show how to apply risk management skills in an organization with regard to any business endeavor.

Acknowledgments xi
About the Author xiii
Introduction xv
1 The Facilitated Risk Analysis and Assessment Process (FRAAP)
1(56)
1.1 Introduction
1(1)
1.2 FRAAP Overview
2(1)
1.3 FRAAP History
3(2)
1.4 Introducing the FRAAP
5(3)
1.4.1 Key Concepts
6(2)
1.5 The Pre-FRAAP Meeting
8(10)
1.5.1 Pre-FRAAP Meeting Checklist
13(5)
1.5.2 Pre-FRAAP Meeting Summary
18(1)
1.6 The FRAAP Session
18(20)
1.6.1 Overview
18(1)
1.6.2 FRAAP Session Introduction
19(1)
1.6.3 FRAAP Session Talking Points
20(2)
1.6.4 FRAAP Threats Identification
22(3)
1.6.5 Identifying Threats Using a Checklist
25(1)
1.6.6 Identifying Existing Controls
26(1)
1.6.7 Establishing Risk Levels
26(4)
1.6.8 Residual Risk
30(8)
1.7 Using a Threats Identification Checklist
38(9)
1.7.1 FRAAP Session Summary
43(4)
1.8 Post-FRAAP Process
47(7)
1.8.1 Complete the Action Plan
50(4)
1.9 Conclusion
54(3)
2 Risk Analysis (Project Impact Analysis)
57(10)
2.1 Overview
57(1)
2.2 The Difference between Risk Analysis and Risk Assessment
57(1)
2.3 Risk Analysis and Due Diligence
58(1)
2.4 Risk Assessment and Fiduciary Duty
58(1)
2.5 Performing a Risk Analysis
59(2)
2.6 Risk Analysis Elements
61(1)
2.7 Other Considerations
62(2)
2.8 When to Conduct a Risk Analysis
64(1)
2.9 Final Words
64(1)
2.10 Sample Risk Analysis Questionnaire
65(1)
2.11 Sample Risk Analysis Report Outline
65(2)
3 Pre-Screening
67(14)
3.1 Introduction
67(4)
3.2 Background
71(7)
3.2.1 Pre-Screening Example 1
71(2)
3.2.2 Pre-Screening Example 2
73(2)
3.2.3 Pre-Screening Example 3
75(3)
3.2.4 Pre-Screening Example 4
78(1)
3.3 Summary
78(3)
4 Business Impact Analysis
81(18)
4.1 Overview
81(1)
4.2 BIA versus Risk Assessment
82(1)
4.3 Creating a BIA Process
83(1)
4.4 Creating the Financial Impact Table
84(2)
4.5 Working the BIA Process
86(2)
4.6 Additional Examples
88(5)
4.7 Objectives of the BIA
93(1)
4.8 Using Questionnaires for a BIA
93(2)
4.9 Data Collection and Analysis
95(1)
4.10 Prepare Management Presentation
96(1)
4.11 Final Thoughts
97(2)
5 Gap Analysis
99(12)
5.1 Introduction
99(1)
5.2 Background
99(1)
5.3 GAP Analysis Process
100(8)
5.3.1 Gap Analysis Example 1
103(3)
5.3.2 Gap Analysis Example 2
106(1)
5.3.3 How to Use the Self-Assessment Checklist
107(1)
5.4 Summary
108(3)
Appendix A Facilitator Skills
111(6)
Appendix B FRAAP Team Members
117(8)
Introduction
117(1)
The Risk Assessment Team
118(5)
Conclusion
123(2)
Appendix C Project Scope Statement
125(4)
Overview
125(3)
Summary
128(1)
Appendix D Laws, Standards, and Regulations
129(2)
Appendix E Frequently Asked Questions about Risk Management
131(6)
Introduction
131(1)
Is There a Difference between Risk Analysis and Risk Assessment?
131(1)
Why Should a Risk Analysis Be Conducted?
132(1)
When Should a Risk Assessment Be Conducted?
132(1)
Who Should Conduct the Risk Assessment?
133(1)
How Long Should a Risk Assessment Take?
134(1)
What Can a Risk Analysis or Risk Assessment Analyze?
134(1)
Who Should Review the Results of a Risk Analysis and Risk Assessment?
134(1)
How Is the Success of the Risk Analysis Measured?
135(1)
Summary
135(2)
Appendix F Risk Analysis versus Risk Assessment
137(6)
Overview
137(1)
The Difference between Risk Analysis and Risk Assessment
137(1)
Risk Analysis and Due Diligence
138(1)
Risk Assessment and Fiduciary Duty
138(1)
Conducting a Risk Assessment
139(1)
Risk Assessment Timetable
140(1)
Risk Assessment and Risk Analysis Results
140(1)
Risk Management Metrics
140(1)
Summary
141(2)
Appendix G Sample Threat Checklist
143(10)
Appendix H Sample BIA Questionnaire
153(98)
Appendix I Sample Risk Assessment Management Summary Report
251(8)
Risk Assessment Scope Summary
252(1)
Assessment Methodology Used
252(1)
Assessment Findings and Action Plan
253(1)
Full Findings Documentation
254(1)
Conclusion
254(5)
Appendix J Project Scope Statement
259(6)
Introduction
259(1)
Project Statement
260(1)
Specifications
260(2)
Well-Defined Standards and Metrics
262(1)
Summary
263(2)
Appendix K Why Risk Assessments Fail
265(4)
Scope Creep
265(1)
Ineffective Project Team
266(1)
Stating Concerns as How They Impact Security
266(1)
Every Threat Is a Major Concern
267(1)
Conclusion
267(2)
Appendix L Gap Analysis Examples
269(1)
Overview
269(1)
Gap Analysis Using ISO 17799
270(1)
Answer the Following Questions
270(28)
Gap Analysis Using Utility-Specific Standards
298(46)
Gap Analysis Sample 3 Using Combination of Standards and Laws
344(55)
Appendix M Control Lists
399(1)
Overview
399(24)
Appendix N Heat Charts
423(8)
Index 431
Peltier, Thomas R.
Pastovi nuoroda: https://www.kriso.lt/db/9780429074646_pe.html
Raktažodžiai: