Cargando…
INFORMATION RISK MANAGEMENT a practitioner's guide.
Information risk management (IRM) is about identifying, assessing, prioritising and treating risks to keep information secure and available. This book provides practical guidance to the principles and development of a strategic approach to an IRM programme. The only textbook for the BCS Practitioner...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
[S.l.] :
BCS, THE CHARTERED INSTIT,
2021.
|
| Temas: | |
| Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Cover
- CONTENTS
- LIST OF FIGURES AND TABLES
- AUTHOR
- OTHER WORKS BY THE AUTHOR
- ACKNOWLEDGEMENTS
- ABBREVIATIONS
- PREFACE
- 1. THE NEED FOR INFORMATION RISK MANAGEMENT
- WHAT IS INFORMATION?
- WHO SHOULD USE INFORMATION RISK MANAGEMENT?
- THE LEGAL FRAMEWORK
- THE CONTEXT OF RISK IN THE ORGANISATION
- HOT TOPICS TO CONSIDER IN INFORMATION RISK MANAGEMENT
- THE BENEFITS OF TAKING ACCOUNT OF INFORMATION RISK
- OVERVIEW OF THE INFORMATION RISK MANAGEMENT PROCESS
- SUMMARY
- 2. REVIEW OF INFORMATION SECURITY FUNDAMENTALS
- INFORMATION CLASSIFICATION
- PLAN-DO-CHECK-ACT
- SUMMARY
- 3. THE INFORMATION RISK MANAGEMENT PROGRAMME
- GOALS, SCOPE AND OBJECTIVES
- ROLES AND RESPONSIBILITIES
- GOVERNANCE OF THE RISK MANAGEMENT PROGRAMME
- INFORMATION RISK MANAGEMENT CRITERIA
- SUMMARY
- 4. RISK IDENTIFICATION
- THE RISK IDENTIFICATION PROCESS
- THE APPROACH TO RISK IDENTIFICATION
- IMPACT ASSESSMENT
- SUMMARY
- 5. THREAT AND VULNERABILITY ASSESSMENT
- CONDUCTING THREAT ASSESSMENTS
- CONDUCTING VULNERABILITY ASSESSMENTS
- IDENTIFICATION OF EXISTING CONTROLS
- SUMMARY
- 6. RISK ANALYSIS AND RISK EVALUATION
- ASSESSMENT OF LIKELIHOOD
- RISK ANALYSIS
- RISK EVALUATION
- SUMMARY
- 7. RISK TREATMENT
- STRATEGIC RISK OPTIONS
- TACTICAL RISK MANAGEMENT CONTROLS
- OPERATIONAL RISK MANAGEMENT CONTROLS
- EXAMPLES OF CRITICAL CONTROLS AND CONTROL CATEGORIES
- SUMMARY
- 8. RISK REPORTING AND PRESENTATION
- BUSINESS CASES
- RISK TREATMENT DECISION-MAKING
- RISK TREATMENT PLANNING AND IMPLEMENTATION
- BUSINESS CONTINUITY AND DISASTER RECOVERY
- DISASTER RECOVERY FAILOVER TESTING
- SUMMARY
- 9. COMMUNICATION, CONSULTATION, MONITORING AND REVIEW
- SKILLS REQUIRED FOR AN INFORMATION RISK PROGRAMME MANAGER
- COMMUNICATION
- CONSULTATION
- RISK REVIEWS AND MONITORING
- SUMMARY.
- 10. THE NCSC CERTIFIED PROFESSIONAL SCHEME
- SFIA
- THE CIISEC SKILLS FRAMEWORK
- SUMMARY
- 11. HMG SECURITY-RELATED DOCUMENTS
- HMG SECURITY POLICY FRAMEWORK
- THE NATIONAL SECURITY STRATEGY
- CONTEST, THE UNITED KINGDOM'S STRATEGY FOR COUNTERING TERRORISM
- THE MINIMUM CYBER SECURITY STANDARD
- THE UK CYBER SECURITY STRATEGY 2016-2021
- UK GOVERNMENT SECURITY CLASSIFICATIONS
- SUMMARY
- APPENDIX A
- TAXONOMIES AND DESCRIPTIONS
- INFORMATION RISK
- TYPICAL IMPACTS OR CONSEQUENCES
- APPENDIX B
- TYPICAL THREATS AND HAZARDS
- MALICIOUS INTRUSION (HACKING)
- ENVIRONMENTAL THREATS
- ERRORS AND FAILURES
- SOCIAL ENGINEERING
- MISUSE AND ABUSE
- PHYSICAL THREATS
- MALWARE
- APPENDIX C
- TYPICAL VULNERABILITIES
- ACCESS CONTROL
- POOR PROCEDURES
- PHYSICAL AND ENVIRONMENTAL SECURITY
- COMMUNICATIONS AND OPERATIONS MANAGEMENT
- PEOPLE-RELATED SECURITY FAILURES
- APPENDIX D
- INFORMATION RISK CONTROLS
- STRATEGIC CONTROLS
- TACTICAL CONTROLS
- OPERATIONAL CONTROLS
- THE CENTRE FOR INTERNET SECURITY CONTROLS VERSION 8
- ISO/IEC 27001:2017 CONTROLS
- NIST SPECIAL PUBLICATION 800-53 REVISION 5
- APPENDIX E
- METHODOLOGIES, GUIDELINES AND TOOLS
- METHODOLOGIES
- OTHER GUIDELINES AND TOOLS
- APPENDIX F
- TEMPLATES
- APPENDIX G
- HMG CYBERSECURITY GUIDELINES
- HMG CYBER ESSENTIALS SCHEME
- 10 STEPS TO CYBER SECURITY
- APPENDIX H
- REFERENCES AND FURTHER READING
- PRIMARY UK LEGISLATION
- GOOD PRACTICE GUIDELINES
- OTHER REFERENCE MATERIAL
- NCSC CERTIFIED PROFESSIONAL SCHEME
- OTHER UK GOVERNMENT PUBLICATIONS
- RISK MANAGEMENT METHODOLOGIES
- UK AND INTERNATIONAL STANDARDS
- APPENDIX I
- DEFINITIONS, STANDARDS AND GLOSSARY OF TERMS
- DEFINITIONS AND GLOSSARY OF TERMS
- INFORMATION RISK MANAGEMENT STANDARDS
- INDEX
- Back cover.