Security Risk Management: Building an Information Security Risk Management Program from the Ground Up
Autor Evan Wheeleren Limba Engleză Paperback – 23 iun 2011
This book will help you to break free from the so-called best practices argument by articulating risk exposures in business terms. It includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment. It explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk. It also presents a roadmap for designing and implementing a security risk management program.
This book will be a valuable resource for CISOs, security managers, IT managers, security consultants, IT auditors, security analysts, and students enrolled in information security/assurance college programs.
- Named a 2011 Best Governance and ISMS Book by InfoSec Reviews
- Includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment
- Explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk
- Presents a roadmap for designing and implementing a security risk management program
Preț: 213.02 lei
Preț vechi: 266.28 lei
-20% Nou
Puncte Express: 320
Preț estimativ în valută:
40.77€ • 42.35$ • 33.86£
40.77€ • 42.35$ • 33.86£
Carte disponibilă
Livrare economică 13-27 ianuarie 25
Livrare express 28 decembrie 24 - 03 ianuarie 25 pentru 41.62 lei
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9781597496155
ISBN-10: 1597496154
Pagini: 360
Ilustrații: 20 illustrations
Dimensiuni: 191 x 235 x 24 mm
Greutate: 0.74 kg
Editura: Elsevier
ISBN-10: 1597496154
Pagini: 360
Ilustrații: 20 illustrations
Dimensiuni: 191 x 235 x 24 mm
Greutate: 0.74 kg
Editura: Elsevier
Public țintă
CISOs, Security Managers, IT Managers, Security Consultants, IT Auditors, Security Analysts, and Students in Information Security/Assurance college programsCuprins
Part I – Introduction to Risk Management Chapter 1. The Security Evolution Chapter 2. Risky Business Chapter 3. The Risk Management Lifecycle Chapter 4. Risk Profiling Part II – Risk Assessment and Analysis Techniques Chapter 5. Formulating a Risk Chapter 6. Risk Exposure Factors Chapter 7. Security Controls and Services Chapter 8. Risk Evaluation and Mitigation Strategies Chapter 9. Reports and Consulting Chapter 10. Risk Assessment Techniques Part III – Building and Running a Risk Management Program Chapter 11. Threat and Vulnerability Management Chapter 12. Security Risk Reviews Chapter 13. A Blueprint for Security Chapter 14. Building a Program from Scratch Appendix A: Security Risk Profile Appendix B: Risk Models and Scales Appendix C: Architectural Risk Analysis Reference Tables
Recenzii
"Evan Wheeler has developed a much needed new approach to the field of security risk management. Readers familiar with this field of study will find that it does what he says he wants it to do: shake the old risk paradigms out of their roots and plant something fresh and useful today." --Dennis Treece, Colonel, US Army (Retired)/Chief Security Officer, Massachusetts Port Authority-Boston
"Wheeler’s book is predominantly a practitioner’s guide to security risk management but can also be used as a teaching text to help engineers, students of security, information assurance, or information systems more broadly. The key message that Wheeler is emphasizing is that risk is at the core of security, and at the heart of every business. Despite that the book lacks key referencing from academic literature, it can still be used as the basis for setting a large-scale team assignment on devising a risk management program from the ground up for a real organisation. Security professionals in banks will particularly find the book relevant." --Computers and Security
"This book is packed with practical
tips and the information contained throughout provides a good overview of the subject matter. The author explains the fundamentals of risk identification, assessment and management, exploring the differences between a vulnerability assessment and a risk assessment, and also providing rationales behind each of the subjects covered. This is not a technical book and the author generally avoids detailed technical analysis; rather it is an aide-memoir for Security Risk Management. …his book is recommended, in particular, for those beginning a career in Risk Management. It also provides a useful reference for current risk professionals who perhaps could benefit from a book that helps refine and further improve their current skillset." --Best Governance and ISMS Books in InfoSecReviews Book Awards
"Evan Wheeler’s book, Security Risk Management, provides security and business continuity practitioners with the ability to thoroughly plan and build a solid security risk management program. The buzz words that are used throughout the corporate risk management industry today are often misused or overused. Wheeler breaks down such terms, translating them for the reader and articulating how they apply to a security risk management program. He believes risk managers should consider banning the term "best practices" from their vocabulary; he doesn’t think one size fits all when creating a security risk management program… Building an information security risk management program from the ground up is a monumental task that requires various business units to react and adopt change to move a business forward. This book provides valuable information for security, IT, and business continuity professionals on creating such a program." --Security Management
"Wheeler’s book is predominantly a practitioner’s guide to security risk management but can also be used as a teaching text to help engineers, students of security, information assurance, or information systems more broadly. The key message that Wheeler is emphasizing is that risk is at the core of security, and at the heart of every business. Despite that the book lacks key referencing from academic literature, it can still be used as the basis for setting a large-scale team assignment on devising a risk management program from the ground up for a real organisation. Security professionals in banks will particularly find the book relevant." --Computers and Security
"This book is packed with practical
tips and the information contained throughout provides a good overview of the subject matter. The author explains the fundamentals of risk identification, assessment and management, exploring the differences between a vulnerability assessment and a risk assessment, and also providing rationales behind each of the subjects covered. This is not a technical book and the author generally avoids detailed technical analysis; rather it is an aide-memoir for Security Risk Management. …his book is recommended, in particular, for those beginning a career in Risk Management. It also provides a useful reference for current risk professionals who perhaps could benefit from a book that helps refine and further improve their current skillset." --Best Governance and ISMS Books in InfoSecReviews Book Awards
"Evan Wheeler’s book, Security Risk Management, provides security and business continuity practitioners with the ability to thoroughly plan and build a solid security risk management program. The buzz words that are used throughout the corporate risk management industry today are often misused or overused. Wheeler breaks down such terms, translating them for the reader and articulating how they apply to a security risk management program. He believes risk managers should consider banning the term "best practices" from their vocabulary; he doesn’t think one size fits all when creating a security risk management program… Building an information security risk management program from the ground up is a monumental task that requires various business units to react and adopt change to move a business forward. This book provides valuable information for security, IT, and business continuity professionals on creating such a program." --Security Management