Cargando…

Measuring and managing information risk : a FAIR approach /

"Using the factor analysis of information risk (FAIR) methodology developed over ten years and adopted by corporations worldwide, Measuring and Managing Information Risk provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexi...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autores principales: Freund, Jack (Autor), Jones, Jack (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Oxford, UK : Butterworth-Heinemann, [2015]
Temas:
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Front Cover; Measuring and Managing Information Risk; Copyright; Contents; Acknowledgments by Jack Jones; About the Authors; Preface by Jack Jones; WHAT THIS BOOK IS NOT, AND WHAT IT IS; Preface by Jack Freund; Chapter 1
  • Introduction; HOW MUCH RISK?; THE BALD TIRE; ASSUMPTIONS; TERMINOLOGY; THE BALD TIRE METAPHOR; RISK ANALYSIS VS RISK ASSESSMENT; EVALUATING RISK ANALYSIS METHODS; RISK ANALYSIS LIMITATIONS; WARNING-LEARNING HOW TO THINK ABOUT RISK JUST MAY CHANGE YOUR PROFESSIONAL LIFE; USING THIS BOOK; Chapter 2
  • Basic Risk Concepts; POSSIBILITY VERSUS PROBABILITY; PREDICTION.
  • SUBJECTIVITY VERSUS OBJECTIVITYPRECISION VERSUS ACCURACY; Chapter 3
  • The FAIR Risk Ontology; DECOMPOSING RISK; LOSS EVENT FREQUENCY; THREAT EVENT FREQUENCY; CONTACT FREQUENCY; PROBABILITY OF ACTION; VULNERABILITY; THREAT CAPABILITY; DIFFICULTY; LOSS MAGNITUDE; PRIMARY LOSS MAGNITUDE; SECONDARY RISK; SECONDARY LOSS EVENT FREQUENCY; SECONDARY LOSS MAGNITUDE; ONTOLOGICAL FLEXIBILITY; Chapter 4
  • FAIR Terminology; RISK TERMINOLOGY; THREAT; THREAT COMMUNITY; THREAT PROFILING; VULNERABILITY EVENT; PRIMARY AND SECONDARY STAKEHOLDERS; LOSS FLOW; FORMS OF LOSS; Chapter 5
  • Measurement.
  • MEASUREMENT AS REDUCTION IN UNCERTAINTYMEASUREMENT AS EXPRESSIONS OF UNCERTAINTY; BUT WE DON'T HAVE ENOUGH DATA ... AND NEITHER DOES ANYONE ELSE; CALIBRATION; EQUIVALENT BET TEST; Chapter 6
  • Analysis Process; THE TOOLS NECESSARY TO APPLY THE FAIR RISK MODEL; HOW TO APPLY THE FAIR RISK MODEL; PROCESS FLOW; SCENARIO BUILDING; THE ANALYSIS SCOPE; EXPERT ESTIMATION AND PERT; MONTE CARLO ENGINE; LEVELS OF ABSTRACTION; Chapter 7
  • Interpreting Results; WHAT DO THESE NUMBERS MEAN? (HOW TO INTERPRET FAIR RESULTS); UNDERSTANDING THE RESULTS TABLE; VULNERABILITY; PERCENTILES; UNDERSTANDING THE HISTOGRAM.
  • UNDERSTANDING THE SCATTER PLOTQUALITATIVE SCALES; HEATMAPS; SPLITTING HEATMAPS; SPLITTING BY ORGANIZATION; SPLITTING BY LOSS TYPE; SPECIAL RISK CONDITIONS; UNSTABLE CONDITIONS; FRAGILE CONDITIONS; TROUBLESHOOTING RESULTS; Chapter 8
  • Risk Analysis Examples; OVERVIEW; INAPPROPRIATE ACCESS PRIVILEGES; PRIVILEGED INSIDER/SNOOPING/CONFIDENTIALITY; PRIVILEGED INSIDER/MALICIOUS/CONFIDENTIALITY; CYBER CRIMINAL/MALICIOUS/CONFIDENTIALITY; UNENCRYPTED INTERNAL NETWORK TRAFFIC; PRIVILEGED INSIDER/CONFIDENTIALITY; NONPRIVILEGED INSIDER/MALICIOUS; CYBER CRIMINAL/MALICIOUS; WEBSITE DENIAL OF SERVICE.
  • ANALYSISBASIC ATTACKER/AVAILABILITY; Chapter 9
  • Thinking about Risk Scenarios Using FAIR; THE BOYFRIEND; SECURITY VULNERABILITIES; WEB APPLICATION RISK; CONTRACTORS; PRODUCTION DATA IN TEST ENVIRONMENTS; PASSWORD SECURITY; BASIC RISK ANALYSIS; PROJECT PRIORITIZATION; SMART COMPLIANCE; Going into business; CHAPTER SUMMARY; Chapter 10
  • Common Mistakes; MISTAKE CATEGORIES; CHECKING RESULTS; SCOPING; DATA; VARIABLE CONFUSION; MISTAKING TEF FOR LEF; MISTAKING RESPONSE LOSS FOR PRODUCTIVITY LOSS; CONFUSING SECONDARY LOSS WITH PRIMARY LOSS.