Security Risk Management

Informationen zum Autor Evan Wheeler currently is a Director of Information Security for Omgeo (A DTCC | Thomson Reuters Company), an instructor at both Clark and Northeastern Universities, and the author of the Information Security Risk Management course for the SANS Institute. Previously he spent six years as a Security Consultant for the U.S. Department of Defense. Klappentext Security Risk Management provides a roadmap for restructuring enterprise assurance management programs. Security professionals often fall into the trap of telling the business how they need to do something, but they can't explain why. This book will help the reader to justify the so-called "best practices" that security professionals typically impose on businesses. The book also provides organizations with a comprehensive, logical, and straightforward approach to managing information risk across the enterprise. It removes traditional obstacles to success by leveraging the core requirements that drive the business rather than focusing on technology solutions. The overall result is improved alignment of resources with the needs of the business while building in flexibility that will allow the business to absorb and recover from most attacks. Zusammenfassung Teaches you practical techniques that can be used on a daily basis! while also explaining the fundamentals so you understand the rationale behind these practices. This book helps you break free from the so-called "best practices" argument by articulating risk exposures in business terms. Inhaltsverzeichnis Part I - Introduction to Risk Management Chapter 1. The Security Evolution Chapter 2. Risky Business Chapter 3. The Risk Management Lifecycle Chapter 4. Risk Profiling Part II - Risk Assessment and Analysis Techniques Chapter 5. Formulating a Risk Chapter 6. Risk Exposure Factors Chapter 7. Security Controls and Services Chapter 8. Risk Evaluation and Mitigation Strategies Chapter 9. Reports and Consulting Chapter 10. Risk Assessment Techniques Part III - Building and Running a Risk Management Program Chapter 11. Threat and Vulnerability Management Chapter 12. Security Risk Reviews Chapter 13. A Blueprint for Security Chapter 14. Building a Program from Scratch Appendix A: Security Risk Profile Appendix B: Risk Models and Scales Appendix C: Architectural Risk Analysis Reference Tables ...

Klappentext

Security Risk Management provides a roadmap for restructuring enterprise assurance management programs. Security professionals often fall into the trap of telling the business how they need to do something, but they can't explain why. This book will help the reader to justify the so-called "best practices" that security professionals typically impose on businesses. The book also provides organizations with a comprehensive, logical, and straightforward approach to managing information risk across the enterprise. It removes traditional obstacles to success by leveraging the core requirements that drive the business rather than focusing on technology solutions. The overall result is improved alignment of resources with the needs of the business while building in flexibility that will allow the business to absorb and recover from most attacks.

Zusammenfassung
Teaches you practical techniques that can be used on a daily basis, while also explaining the fundamentals so you understand the rationale behind these practices. This book helps you break free from the so-called "best practices" argument by articulating risk exposures in business terms.

Inhalt

Part I - Introduction to Risk Management
Chapter 1. The Security Evolution
Chapter 2. Risky Business
Chapter 3. The Risk Management Lifecycle
Chapter 4. Risk Profiling
Part II - Risk Assessment and Analysis Techniques
Chapter 5. Formulating a Risk
Chapter 6. Risk Exposure Factors
Chapter 7. Security Controls and Services
Chapter 8. Risk Evaluation and Mitigation Strategies
Chapter 9. Reports and Consulting
Chapter 10. Risk Assessment Techniques
**Part III - Building and Running a Risk Management Program
**Chapter 11. Threat and Vulnerability Management
Chapter 12. Security Risk Reviews
Chapter 13. A Blueprint for Security
Chapter 14. Building a Program from Scratch
Appendix A: Security Risk Profile
Appendix B: Risk Models and Scales
Appendix C: Architectural Risk Analysis Reference Tables