05253nam 2200697Ia 450 991083059460332120230725044904.01-118-21161-81-282-68665-897866126866580-470-55813-X0-470-55811-3(CKB)2550000000005931(EBL)477750(OCoLC)609853641(SSID)ssj0000361627(PQKBManifestationID)11242742(PQKBTitleCode)TC0000361627(PQKBWorkID)10351632(PQKB)10226969(MiAaPQ)EBC477750(EXLCZ)99255000000000593120091222d2010 uy 0engur|n|---|||||txtccrInformation technology risk management in enterprise environments[electronic resource] a review of industry practices and a practical guide to risk management teams /Jake Kouns, Daniel MinoliHoboken, NJ Wileyc20101 online resource (441 p.)Description based upon print version of record.0-471-76254-7 INFORMATION TECHNOLOGY RISK MANAGEMENT IN ENTERPRISE ENVIRONMENTS; CONTENTS; PREFACE; ABOUT THE AUTHORS; PART I INDUSTRY PRACTICES IN RISK MANAGEMENT; 1. INFORMATION SECURITY RISK MANAGEMENT IMPERATIVES AND OPPORTUNITIES; 1.1 Risk Management Purpose and Scope; 1.1.1 Purpose of Risk Management; 1.1.2 Text Scope; References; Appendix 1A: Bibliography of Related Literature; 2. INFORMATION SECURITY RISK MANAGEMENT DEFINED; 2.1 Key Risk Management Definitions; 2.1.1 Survey of Industry Definitions; 2.1.2 Adopted Definitions; 2.2 A Mathematical Formulation of Risk2.2.1 What Is Risk? A Formal Definition2.2.2 Risk in IT Environments; 2.2.3 Risk Management Procedures; 2.3 Typical Threats/Risk Events; 2.4 What is an Enterprise Architecture?; References; Appendix 2A: The CISSPforum/ISO27k Implementers Forum Information Security Risk List for 2008; Appendix 2B: What is Enterprise Risk Management (ERM)?; 3. INFORMATION SECURITY RISK MANAGEMENT STANDARDS; 3.1 ISO/IEC 13335; 3.2 ISO/IEC 17799 (ISO/IEC 27002:2005); 3.3 ISO/IEC 27000 SERIES3.3.1 ISO/IEC 27000, Information Technology-Security Techniques-Information Security Management Systems-Fundamentals and Vocabulary3.3.2 ISO/IEC 27001:2005, Information Technology-Security Techniques-Specification for an Information Security Management System; 3.3.3 ISO/IEC 27002:2005, Information Technology-Security Techniques-Code of Practice for Information Security Management; 3.3.4 ISO/IEC 27003 Information Technology-Security Techniques-Information Security Management System Implementation Guidance3.3.5 ISO/IEC 27004 Information Technology-Security Techniques-Information Security Management-Measurement3.3.6 ISO/IEC 27005:2008 Information Technology-Security Techniques-Information Security Risk Management; 3.4 ISO/IEC 31000; 3.5 NIST STANDARDS; 3.5.1 NIST SP 800-16; 3.5.2 NIST SP 800-30; 3.5.3 NIST SP 800-39; 3.6 AS/NZS 4360; References; Appendix 3A: Organization for Economic CoOperation and Development (OECD) Guidelines for the Security of Information Systems and Networks: Toward a Culture of Security; 4. A SURVEY OF AVAILABLE INFORMATION SECURITY RISK MANAGEMENT METHODS AND TOOLS4.1 Overview4.2 Risk Management/Risk Analysis Methods; 4.2.1 Austrian IT Security Handbook; 4.2.2 CCTA Risk Assessment and Management Methodology (CRAMM); 4.2.3 Dutch A&K Analysis; 4.2.4 EBIOS; 4.2.5 ETSI Threat Vulnerability and Risk Analysis (TVRA) Method; 4.2.6 FAIR (Factor Analysis of Information Risk); 4.2.7 FIRM (Fundamental Information Risk Management); 4.2.8 FMEA (Failure Modes and Effects Analysis); 4.2.9 FRAP (Facilitated Risk Assessment Process); 4.2.10 ISAMM (Information Security Assessment and Monitoring Method); 4.2.11 ISO/IEC Baselines; 4.2.12 ISO 31000 Methodology4.2.13 IT-Grundschutz (IT Baseline Protection Manual)Discusses all types of corporate risks and practical means of defending against them.Security is currently identified as a critical area of Information Technology management by a majority of government, commercial, and industrial organizations.Offers an effective risk management program, which is the most critical function of an information security program.Business enterprisesComputer networksSecurity measuresInformation technologySecurity measuresData protectionComputer securityRisk managementBusiness enterprisesComputer networksSecurity measures.Information technologySecurity measures.Data protection.Computer security.Risk management.658.4/78658.472Minoli Daniel1952-535872Kouns Jake1667947MiAaPQMiAaPQMiAaPQBOOK9910830594603321Information technology risk management in enterprise environments4028174UNINA