05172nam 2200661 450 991053761060332120220114103451.01-78017-265-61-78017-266-4(CKB)2670000000578859(EBL)1765545(SSID)ssj0001434509(PQKBManifestationID)12012462(PQKBTitleCode)TC0001434509(PQKBWorkID)11441560(PQKB)11749717(MiAaPQ)EBC1765545(CaSebORM)9781780172651(Au-PeEL)EBL1765545(CaPaEBR)ebr10993969(CaONFJC)MIL666122(OCoLC)897450217(EXLCZ)99267000000057885920141220h20142014 uy 0engur|n|---|||||txtccrInformation risk management a practitioner's guide /David Sutton1st editionWiltshire, England :BCS The Chartered Institute for IT,2014.©20141 online resource (245 p.)Description based upon print version of record.1-322-34840-5 1-78017-267-2 Includes bibliographical references and index.Cover; Copyright; CONTENTS; LIST OF FIGURES AND TABLES; AUTHOR; ACKNOWLEDGMENTS; ABBREVIATIONS; DEFINITIONS, STANDARDS AND GLOSSARY OF TERMS; PREFACE; 1 THE NEED FOR INFORMATION RISK MANAGEMENT; INTRODUCTION; WHAT IS INFORMATION?; THE INFORMATION LIFE CYCLE; WHO SHOULD USE INFORMATION RISK MANAGEMENT?; THE LEGAL FRAMEWORK; THE CONTEXT OF RISK IN THE ORGANISATION; THE BENEFITS OF TAKING ACCOUNT OF INFORMATION RISK; OVERVIEW OF THE INFORMATION RISK MANAGEMENT PROCESS; 2 REVIEW OF INFORMATION SECURITY FUNDAMENTALS; INFORMATION CLASSIFICATION; PLAN, DO, CHECK, ACT3 THE INFORMATION RISK MANAGEMENT PROGRAMMEGOALS, SCOPE AND OBJECTIVES; ROLES AND RESPONSIBILITIES; GOVERNANCE OF THE RISK MANAGEMENT PROGRAMME; INFORMATION RISK MANAGEMENT CRITERIA; 4 RISK IDENTIFICATION; THE APPROACH TO RISK IDENTIFICATION; IMPACT ASSESSMENT; TYPES OF IMPACT; QUALITATIVE AND QUANTITATIVE ASSESSMENTS; 5 THREAT AND VULNERABILITY ASSESSMENT; CONDUCTING THREAT ASSESSMENTS; CONDUCTING VULNERABILITY ASSESSMENTS; IDENTIFICATION OF EXISTING CONTROLS; 6 RISK ANALYSIS AND RISK EVALUATION; ASSESSMENT OF LIKELIHOOD; RISK ANALYSIS; RISK EVALUATION; 7 RISK TREATMENTSTRATEGIC RISK OPTIONSTACTICAL RISK MANAGEMENT CONTROLS; OPERATIONAL RISK MANAGEMENT CONTROLS; EXAMPLES OF CRITICAL CONTROLS AND CONTROL CATEGORIES; 8 RISK REPORTING AND PRESENTATION; BUSINESS CASES; RISK TREATMENT DECISION-MAKING; RISK TREATMENT PLANNING AND IMPLEMENTATION; BUSINESS CONTINUITY AND DISASTER RECOVERY; 9 COMMUNICATION, CONSULTATION, MONITORING AND REVIEW; COMMUNICATION; CONSULTATION; RISK REVIEWS AND MONITORING; 10 THE CESG IA CERTIFICATION SCHEME; THE CESG IA CERTIFICATION SCHEME; SKILLS FRAMEWORK FOR THE INFORMATION AGE (SFIA); THE IISP INFORMATION SECURITY SKILLS FRAMEWORK11 HMG SECURITY-RELATED DOCUMENTSHMG SECURITY POLICY FRAMEWORK; UK GOVERNMENT SECURITY CLASSIFICATIONS; APPENDIX A TAXONOMIES AND DESCRIPTIONS; INFORMATION RISK; TYPICAL IMPACTS OR CONSEQUENCES; APPENDIX B TYPICAL THREATS AND HAZARDS; MALICIOUS INTRUSION (HACKING); ENVIRONMENTAL THREATS; ERRORS AND FAILURES; SOCIAL ENGINEERING; MISUSE AND ABUSE; PHYSICAL THREATS; MALWARE; APPENDIX C TYPICAL VULNERABILITIES; ACCESS CONTROL; POOR PROCEDURES; PHYSICAL AND ENVIRONMENTAL SECURITY; COMMUNICATIONS AND OPERATIONS MANAGEMENT; PEOPLE-RELATED SECURITY FAILURES; APPENDIX D INFORMATION RISK CONTROLSSTRATEGIC CONTROLSTACTICAL CONTROLS; OPERATIONAL CONTROLS; CRITICAL SECURITY CONTROLS VERSION 5.0; ISO/IEC 27001 CONTROLS; NIST SPECIAL PUBLICATION 800-53 REVISION 4; APPENDIX E METHODOLOGIES, GUIDELINES AND TOOLS; METHODOLOGIES; OTHER GUIDELINES AND TOOLS; APPENDIX F TEMPLATES; APPENDIX G HMG CYBER SECURITY GUIDELINES; HMG CYBER ESSENTIALS SCHEME; 10 STEPS TO CYBER SECURITY; APPENDIX H REFERENCES AND FURTHER READING; PRIMARY UK LEGISLATION; GOOD PRACTICE GUIDELINES; OTHER REFERENCE MATERIAL; CESG CERTIFIED PROFESSIONAL SCHEME; OTHER UK GOVERNMENT PUBLICATIONS; RISK MANAGEMENT METHODOLOGIESNEWS ARTICLES ETC.Information risk management (IRM) is about identifying, assessing and prioritising risks to keep information secure and available. This accessible book provides practical guidance to the principles and development of a strategic approach to an IRM programme. The only textbook for the BCS Practitioner Certificate in Information Risk Management.Information technologyManagementElectronic books.Information technologyManagement.658.4038Sutton David(Information security practitioner)64524BCS, The Chartered Institute for IT,MiAaPQMiAaPQMiAaPQBOOK9910537610603321Information risk management2691376UNINA