Information security risk management for ISO27001/ISO27002 /

Mostrar otras versiones (2)

Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and re...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Calder, Alan, 1957-
Otros Autores: Watkins, Steve, 1970-
Formato: Documento de Gobierno Electrónico eBook
Idioma:Inglés
Publicado: Cambridgeshire : IT Governance Pub., ©2010.
Temas:
Computer networks > Security measures.
Réseaux d'ordinateurs > Sécurité > Mesures.
COMPUTERS > Internet > Security.
COMPUTERS > Networking > Security.
COMPUTERS > Security > General.
Acceso en línea:Texto completo
Tabla de Contenidos:
  • Cover13;
  • Contents
  • Introduction
  • Chapter 1: Risk Management
  • Risk management: two phases
  • Enterprise risk management
  • Chapter 2: Risk Assessment Methodologies
  • Publicly available risk assessment standards
  • Qualitative versus quantitative
  • Quantitative risk analysis
  • Qualitative risk analysis 8211; the ISO27001 approach
  • Other risk assessment methodologies
  • Chapter 3: Risk Management Objectives
  • Risk acceptance or tolerance
  • Information security risk management objectives
  • Risk management and PDCA
  • Chapter 4: Roles and Responsibilities
  • Senior management commitment
  • The (lead) risk assessor
  • Other roles and responsibilities
  • Chapter 5: Risk Assessment Software
  • Gap analysis tools
  • Vulnerability assessment tools
  • Penetration testing
  • Risk assessment tools
  • Risk assessment tool descriptions
  • Chapter 6: Information Security Policy and Scoping
  • Information security policy
  • Scope of the ISMS
  • Chapter 7: The ISO27001 Risk Assessment
  • Overview of the risk assessment process
  • Chapter 8: Information Assets
  • Assets within the scope
  • Grouping of assets
  • Asset dependencies
  • Asset owners
  • Sensitivity classification
  • Are vendors assets?
  • What about duplicate copies and backups?
  • Identification of existing controls
  • Chapter 9: Threats and Vulnerabilities
  • Threats
  • Vulnerabilities
  • Technical vulnerabilities
  • Chapter 10: Impact and Asset Valuation
  • Impacts
  • Defining impact
  • Estimating impact
  • The asset valuation table
  • Business, legal and contractual impact values
  • Reputation damage
  • Chapter 11: Likelihood
  • Risk analysis
  • Information to support assessments
  • Chapter 12: Risk Level
  • The risk scale
  • Boundary calculations
  • Mid-point calculations
  • Chapter 13: Risk Treatment and the Selection of Controls
  • Types of controls
  • Risk assessment and existing controls
  • Residual risk
  • Risk transfer
  • Optimising the solution
  • Chapter 14: The Statement of Applicability
  • Drafting the Statement of Applicability
  • Chapter 15: The Gap Analysis and Risk Treatment Plan
  • Gap analysis
  • Risk Treatment Plan
  • Chapter 16: Repeating and Reviewing the Risk Assessment
  • Appendix 1: Carrying out an ISO27001 Risk Assessment using vsRisk8482;
  • Appendix 2: ISO27001 Implementation Resources
  • Books by the Same Authors
  • ITG Resources.

Ejemplares similares