Cargando…
INFORMATION RISK MANAGEMENT a practitioner's guide.
Information risk management (IRM) is about identifying, assessing, prioritising and treating risks to keep information secure and available. This book provides practical guidance to the principles and development of a strategic approach to an IRM programme. The only textbook for the BCS Practitioner...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
[S.l.] :
BCS, THE CHARTERED INSTIT,
2021.
|
| Temas: | |
| Acceso en línea: | Texto completo |
MARC
| LEADER | 00000cam a2200000M 4500 | ||
|---|---|---|---|
| 001 | KNOVEL_on1269317467 | ||
| 003 | OCoLC | ||
| 005 | 20231027140348.0 | ||
| 006 | m o d | ||
| 007 | cr |n||||||||| | ||
| 008 | 210928s2021 xx o 0|| 0 eng d | ||
| 040 | |a YDX |b eng |c YDX |d N$T |d OCLCF |d OCLCO |d OCLCQ |d UPM |d OCLCQ |d ESU |d OCLCO | ||
| 019 | |a 1269481317 | ||
| 020 | |a 9781780175744 |q (electronic bk.) | ||
| 020 | |a 1780175744 |q (electronic bk.) | ||
| 020 | |z 1780175728 | ||
| 020 | |z 9781780175720 | ||
| 035 | |a (OCoLC)1269317467 |z (OCoLC)1269481317 | ||
| 050 | 4 | |a HD30.2 | |
| 082 | 0 | 4 | |a 658.4038 |2 23 |
| 049 | |a UAMI | ||
| 100 | 1 | |a SUTTON, DAVID. | |
| 245 | 1 | 0 | |a INFORMATION RISK MANAGEMENT |h [electronic resource] : |b a practitioner's guide. |
| 260 | |a [S.l.] : |b BCS, THE CHARTERED INSTIT, |c 2021. | ||
| 300 | |a 1 online resource | ||
| 505 | 0 | |a Cover -- CONTENTS -- LIST OF FIGURES AND TABLES -- AUTHOR -- OTHER WORKS BY THE AUTHOR -- ACKNOWLEDGEMENTS -- ABBREVIATIONS -- PREFACE -- 1. THE NEED FOR INFORMATION RISK MANAGEMENT -- WHAT IS INFORMATION? -- WHO SHOULD USE INFORMATION RISK MANAGEMENT? -- THE LEGAL FRAMEWORK -- THE CONTEXT OF RISK IN THE ORGANISATION -- HOT TOPICS TO CONSIDER IN INFORMATION RISK MANAGEMENT -- THE BENEFITS OF TAKING ACCOUNT OF INFORMATION RISK -- OVERVIEW OF THE INFORMATION RISK MANAGEMENT PROCESS -- SUMMARY -- 2. REVIEW OF INFORMATION SECURITY FUNDAMENTALS -- INFORMATION CLASSIFICATION -- PLAN-DO-CHECK-ACT -- SUMMARY -- 3. THE INFORMATION RISK MANAGEMENT PROGRAMME -- GOALS, SCOPE AND OBJECTIVES -- ROLES AND RESPONSIBILITIES -- GOVERNANCE OF THE RISK MANAGEMENT PROGRAMME -- INFORMATION RISK MANAGEMENT CRITERIA -- SUMMARY -- 4. RISK IDENTIFICATION -- THE RISK IDENTIFICATION PROCESS -- THE APPROACH TO RISK IDENTIFICATION -- IMPACT ASSESSMENT -- SUMMARY -- 5. THREAT AND VULNERABILITY ASSESSMENT -- CONDUCTING THREAT ASSESSMENTS -- CONDUCTING VULNERABILITY ASSESSMENTS -- IDENTIFICATION OF EXISTING CONTROLS -- SUMMARY -- 6. RISK ANALYSIS AND RISK EVALUATION -- ASSESSMENT OF LIKELIHOOD -- RISK ANALYSIS -- RISK EVALUATION -- SUMMARY -- 7. RISK TREATMENT -- STRATEGIC RISK OPTIONS -- TACTICAL RISK MANAGEMENT CONTROLS -- OPERATIONAL RISK MANAGEMENT CONTROLS -- EXAMPLES OF CRITICAL CONTROLS AND CONTROL CATEGORIES -- SUMMARY -- 8. RISK REPORTING AND PRESENTATION -- BUSINESS CASES -- RISK TREATMENT DECISION-MAKING -- RISK TREATMENT PLANNING AND IMPLEMENTATION -- BUSINESS CONTINUITY AND DISASTER RECOVERY -- DISASTER RECOVERY FAILOVER TESTING -- SUMMARY -- 9. COMMUNICATION, CONSULTATION, MONITORING AND REVIEW -- SKILLS REQUIRED FOR AN INFORMATION RISK PROGRAMME MANAGER -- COMMUNICATION -- CONSULTATION -- RISK REVIEWS AND MONITORING -- SUMMARY. | |
| 505 | 8 | |a 10. THE NCSC CERTIFIED PROFESSIONAL SCHEME -- SFIA -- THE CIISEC SKILLS FRAMEWORK -- SUMMARY -- 11. HMG SECURITY-RELATED DOCUMENTS -- HMG SECURITY POLICY FRAMEWORK -- THE NATIONAL SECURITY STRATEGY -- CONTEST, THE UNITED KINGDOM'S STRATEGY FOR COUNTERING TERRORISM -- THE MINIMUM CYBER SECURITY STANDARD -- THE UK CYBER SECURITY STRATEGY 2016-2021 -- UK GOVERNMENT SECURITY CLASSIFICATIONS -- SUMMARY -- APPENDIX A -- TAXONOMIES AND DESCRIPTIONS -- INFORMATION RISK -- TYPICAL IMPACTS OR CONSEQUENCES -- APPENDIX B -- TYPICAL THREATS AND HAZARDS -- MALICIOUS INTRUSION (HACKING) -- ENVIRONMENTAL THREATS -- ERRORS AND FAILURES -- SOCIAL ENGINEERING -- MISUSE AND ABUSE -- PHYSICAL THREATS -- MALWARE -- APPENDIX C -- TYPICAL VULNERABILITIES -- ACCESS CONTROL -- POOR PROCEDURES -- PHYSICAL AND ENVIRONMENTAL SECURITY -- COMMUNICATIONS AND OPERATIONS MANAGEMENT -- PEOPLE-RELATED SECURITY FAILURES -- APPENDIX D -- INFORMATION RISK CONTROLS -- STRATEGIC CONTROLS -- TACTICAL CONTROLS -- OPERATIONAL CONTROLS -- THE CENTRE FOR INTERNET SECURITY CONTROLS VERSION 8 -- ISO/IEC 27001:2017 CONTROLS -- NIST SPECIAL PUBLICATION 800-53 REVISION 5 -- APPENDIX E -- METHODOLOGIES, GUIDELINES AND TOOLS -- METHODOLOGIES -- OTHER GUIDELINES AND TOOLS -- APPENDIX F -- TEMPLATES -- APPENDIX G -- HMG CYBERSECURITY GUIDELINES -- HMG CYBER ESSENTIALS SCHEME -- 10 STEPS TO CYBER SECURITY -- APPENDIX H -- REFERENCES AND FURTHER READING -- PRIMARY UK LEGISLATION -- GOOD PRACTICE GUIDELINES -- OTHER REFERENCE MATERIAL -- NCSC CERTIFIED PROFESSIONAL SCHEME -- OTHER UK GOVERNMENT PUBLICATIONS -- RISK MANAGEMENT METHODOLOGIES -- UK AND INTERNATIONAL STANDARDS -- APPENDIX I -- DEFINITIONS, STANDARDS AND GLOSSARY OF TERMS -- DEFINITIONS AND GLOSSARY OF TERMS -- INFORMATION RISK MANAGEMENT STANDARDS -- INDEX -- Back cover. | |
| 520 | |a Information risk management (IRM) is about identifying, assessing, prioritising and treating risks to keep information secure and available. This book provides practical guidance to the principles and development of a strategic approach to an IRM programme. The only textbook for the BCS Practitioner Certificate in Information Risk Management. | ||
| 590 | |a Knovel |b ACADEMIC - Software Engineering | ||
| 650 | 0 | |a Information technology |x Management. | |
| 650 | 0 | |a Risk management. | |
| 650 | 6 | |a Technologie de l'information |x Gestion. | |
| 650 | 6 | |a Gestion du risque. | |
| 650 | 7 | |a risk management. |2 aat | |
| 650 | 7 | |a Information technology |x Management |2 fast | |
| 650 | 7 | |a Risk management |2 fast | |
| 776 | 0 | 8 | |i Print version: |z 1780175728 |z 9781780175720 |w (OCoLC)1263287470 |
| 856 | 4 | 0 | |u https://appknovel.uam.elogim.com/kn/resources/kpIRMAPGEI/toc |z Texto completo |
| 938 | |a YBP Library Services |b YANK |n 17644153 | ||
| 938 | |a EBSCOhost |b EBSC |n 3043915 | ||
| 994 | |a 92 |b IZTAP | ||