Cargando…

Information security risk management for ISO 27001/ISO 27002 /

Ideal for risk managers, information security managers, lead implementers, compliance managers and consultants, as well as providing useful background material for auditors, this book will enable readers to develop an ISO 27001-compliant risk assessment framework for their organisation and deliver r...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autores principales: Calder, Alan, 1957- (Autor), Watkins, Steve, 1970- (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Ely, Cambridgeshire, United Kingdom : IT Governance Publishing, [2019]
Edición:Third edition.
Temas:
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover; Title; Copyright; About The Authors; Contents; Introduction; Chapter 1: Risk management; Risk management: two phases; Enterprise risk management; Chapter 2: Risk assessment methodologies; Publicly available risk assessment standards; Qualitative versus quantitative; Quantitative risk analysis; Qualitative risk analysis; Chapter 3: Risk management objectives; Risk acceptance or tolerance; Information security risk management objectives; Risk management and process models; Chapter 4: Roles and responsibilities; Senior management commitment; The (lead) risk assessor; Other roles and responsibilities;
  • Chapter 5: Risk assessment software; Gap analysis tools; Vulnerability assessment tools; Penetration testing; Risk assessment tools; Risk assessment tool descriptions; Chapter 6: Information security policy and scoping; Information security policy; Scope of the ISMS; Chapter 7: The ISO 27001 risk assessment; Overview of the risk assessment process; Chapter 8: Information assets; Assets within the scope; Grouping of assets; Asset dependencies; Asset owners; Sensitivity classification; Are vendors assets?; What about duplicate copies and backups? Identification of existing controls;
  • Chapter 9: Threats and vulnerabilities; Threats; Vulnerabilities; Technical vulnerabilities; Chapter 10: Scenario-based risk assessment; Chapter 11: Impact, including asset valuation; Impacts; Defining impact; Estimating impact; The asset valuation table; Business, legal and contractual impact values; Reputational damage; Chapter 12: Likelihood; Risk analysis; Information to support assessments; Chapter 13: Risk level; The risk scale; Boundary calculations; Mid- point calculations; Chapter 14: Risk treatment and the selection of controls; Types of controls; Risk assessment and existing controls, Residual risk; Risk sharing; Optimising the solution;
  • Chapter 15: The Statement of Applicability; Drafting the Statement of Applicability; Chapter 16: The gap analysis and risk treatment plan; Gap analysis; Risk treatment plan; Chapter 17: Repeating and reviewing the risk assessment; Appendix 1: vs Risk Cloud; Appendix 2: ISO 27001 implementation resources; Appendix 3: Books by the same authors; Further reading.