Cargando…

Information Risk Management : a Practitioner's Guide /

This book provides a practical guide to implementing an information risk management process. The author takes you logically through the steps required to identify, assess and manage information risks within an organisation. Each step is explained clearly, supported by several generic examples, such...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Sutton, David (Information security practitioner) (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: London : BCS, 2014.
Temas:
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)

MARC

LEADER 00000cam a2200000 a 4500
001 OR_ocn897450217
003 OCoLC
005 20231017213018.0
006 m o d
007 cr cnu---unuuu
008 141120s2014 enk ob 001 0 eng d
040 |a UKMGB  |b eng  |e pn  |c UKMGB  |d OCLCO  |d E7B  |d N$T  |d OCLCF  |d STF  |d EBLCP  |d UMI  |d DEBSZ  |d YDXCP  |d COO  |d B24X7  |d TJC  |d NKT  |d D6H  |d COCUF  |d CNNOR  |d OCLCQ  |d MOR  |d CCO  |d PIFAG  |d ZCU  |d LIV  |d MERUC  |d OCLCQ  |d U3W  |d ICG  |d VT2  |d OCLCQ  |d WYU  |d G3B  |d TKN  |d UAB  |d DKC  |d AU@  |d OCLCQ  |d UKAHL  |d OCLCQ  |d BCSLD  |d OCLCO  |d OCLCQ  |d PSYSI  |d OCLCQ 
016 7 |a 016956524  |2 Uk 
019 |a 898101259  |a 899594741  |a 907301331 
020 |a 9781780172668  |q (electronic bk.) 
020 |a 1780172664  |q (electronic bk.) 
020 |a 9781780172675  |q (electronic bk.) 
020 |a 1780172672  |q (electronic bk.) 
020 |a 9781780172682 
020 |a 1780172680 
020 |z 9781780172651 
029 1 |a DEBBG  |b BV042744142 
029 1 |a DEBBG  |b BV044069927 
029 1 |a DEBSZ  |b 425891208 
029 1 |a DEBSZ  |b 43468760X 
035 |a (OCoLC)897450217  |z (OCoLC)898101259  |z (OCoLC)899594741  |z (OCoLC)907301331 
037 |a CL0500000523  |b Safari Books Online 
050 4 |a HD30.2 
072 7 |a BUS  |x 082000  |2 bisacsh 
072 7 |a BUS  |x 041000  |2 bisacsh 
072 7 |a BUS  |x 042000  |2 bisacsh 
072 7 |a BUS  |x 085000  |2 bisacsh 
082 0 4 |a 658.4038  |2 23 
049 |a UAMI 
100 1 |a Sutton, David  |c (Information security practitioner),  |e author. 
245 1 0 |a Information Risk Management :  |b a Practitioner's Guide /  |c David Sutton. 
264 1 |a London :  |b BCS,  |c 2014. 
300 |a 1 online resource (210 pages) 
336 |a text  |b txt  |2 rdacontent 
337 |a computer  |b c  |2 rdamedia 
338 |a online resource  |b cr  |2 rdacarrier 
588 0 |a CIP data; resource not viewed. 
588 0 |a Print version record. 
520 |a This book provides a practical guide to implementing an information risk management process. The author takes you logically through the steps required to identify, assess and manage information risks within an organisation. Each step is explained clearly, supported by several generic examples, such as examples of threats and vulnerabilities, as well as the types of controls to treat risk. Ways of presenting the risks, as well as supporting business cases, are also discussed. Other topics include: coverage of the CESG scheme, HMG security-related documents, such as the security policy framework and UK Government security classification scheme, typical threats and hazards, typical vulnerabilities, risk controls, methodologies and tools, and templates. There are references throughout to any appropriate standards, such as ISO27001 and ISO27005. --  |c Edited summary from book. 
504 |a Includes bibliographical references and index. 
505 0 |a Cover; Copyright; CONTENTS; LIST OF FIGURES AND TABLES; AUTHOR; ACKNOWLEDGMENTS; ABBREVIATIONS; DEFINITIONS, STANDARDS AND GLOSSARY OF TERMS; PREFACE; 1 THE NEED FOR INFORMATION RISK MANAGEMENT; INTRODUCTION; WHAT IS INFORMATION?; THE INFORMATION LIFE CYCLE; WHO SHOULD USE INFORMATION RISK MANAGEMENT?; THE LEGAL FRAMEWORK; THE CONTEXT OF RISK IN THE ORGANISATION; THE BENEFITS OF TAKING ACCOUNT OF INFORMATION RISK; OVERVIEW OF THE INFORMATION RISK MANAGEMENT PROCESS; 2 REVIEW OF INFORMATION SECURITY FUNDAMENTALS; INFORMATION CLASSIFICATION; PLAN, DO, CHECK, ACT. 
505 8 |a 3 the information risk management programmegoals, scope and objectives; roles and responsibilities; governance of the risk management programme; information risk management criteria; 4 risk identification; the approach to risk identification; impact assessment; types of impact; qualitative and quantitative assessments; 5 threat and vulnerability assessment; conducting threat assessments; conducting vulnerability assessments; identification of existing controls; 6 risk analysis and risk evaluation; assessment of likelihood; risk analysis; risk evaluation; 7 risk treatment. 
505 8 |a Strategic risk optionstactical risk management controls; operational risk management controls; examples of critical controls and control categories; 8 risk reporting and presentation; business cases; risk treatment decision-making; risk treatment planning and implementation; business continuity and disaster recovery; 9 communication, consultation, monitoring and review; communication; consultation; risk reviews and monitoring; 10 the cesg ia certification scheme; the cesg ia certification scheme; skills framework for the information age (sfia); the iisp information security skills framework. 
505 8 |a 11 hmg security-related documentshmg security policy framework; uk government security classifications; appendix a taxonomies and descriptions; information risk; typical impacts or consequences; appendix b typical threats and hazards; malicious intrusion (hacking); environmental threats; errors and failures; social engineering; misuse and abuse; physical threats; malware; appendix c typical vulnerabilities; access control; poor procedures; physical and environmental security; communications and operations management; people-related security failures; appendix d information risk controls. 
505 8 |a Strategic controlstactical controls; operational controls; critical security controls version 5.0; iso/iec 27001 controls; nist special publication 800-53 revision 4; appendix e methodologies, guidelines and tools; methodologies; other guidelines and tools; appendix f templates; appendix g hmg cyber security guidelines; hmg cyber essentials scheme; 10 steps to cyber security; appendix h references and further reading; primary uk legislation; good practice guidelines; other reference material; cesg certified professional scheme; other uk government publications; risk management methodologies. 
590 |a O'Reilly  |b O'Reilly Online Learning: Academic/Public Library Edition 
650 0 |a Information technology  |x Management. 
650 0 |a Risk management. 
650 6 |a Technologie de l'information  |x Gestion. 
650 6 |a Gestion du risque. 
650 7 |a risk management.  |2 aat 
650 7 |a Computing & information technology.  |2 bicssc 
650 7 |a Computer security.  |2 bicssc 
650 7 |a BUSINESS & ECONOMICS  |x Industrial Management.  |2 bisacsh 
650 7 |a BUSINESS & ECONOMICS  |x Management.  |2 bisacsh 
650 7 |a BUSINESS & ECONOMICS  |x Management Science.  |2 bisacsh 
650 7 |a BUSINESS & ECONOMICS  |x Organizational Behavior.  |2 bisacsh 
650 7 |a Information technology  |x Management.  |2 fast  |0 (OCoLC)fst00973112 
650 7 |a Risk management.  |2 fast  |0 (OCoLC)fst01098164 
650 7 |a Enterprise software.  |2 thema 
650 7 |a Business & Management.  |2 thema 
650 7 |a Knowledge management.  |2 thema 
650 7 |a Computer security.  |2 thema 
776 0 8 |i Print version:  |a Sutton, David.  |t Information risk management  |z 9781780172675 
856 4 0 |u https://learning.oreilly.com/library/view/~/9781780172651/?ar  |z Texto completo (Requiere registro previo con correo institucional) 
938 |a BCS, The Chartered Institute for IT  |b BCSL  |n 9781780172682 
938 |a Askews and Holts Library Services  |b ASKH  |n AH26928770 
938 |a Askews and Holts Library Services  |b ASKH  |n AH26928712 
938 |a Books 24x7  |b B247  |n bks00064603 
938 |a BCS, The Chartered Institute for IT  |b BCSL  |n 9781780172668 
938 |a BCS, The Chartered Institute for IT  |b BCSL  |n 9781780172675 
938 |a ebrary  |b EBRY  |n ebr10993969 
938 |a EBSCOhost  |b EBSC  |n 829098 
938 |a YBP Library Services  |b YANK  |n 12192340 
994 |a 92  |b IZTAP