LEADER 05286nam 2200709Ia 450 001 9910139475703321 005 20170809152941.0 010 $a1-118-21161-8 010 $a1-282-68665-8 010 $a9786612686658 010 $a0-470-55813-X 010 $a0-470-55811-3 035 $a(CKB)2550000000005931 035 $a(EBL)477750 035 $a(OCoLC)609853641 035 $a(SSID)ssj0000361627 035 $a(PQKBManifestationID)11242742 035 $a(PQKBTitleCode)TC0000361627 035 $a(PQKBWorkID)10351632 035 $a(PQKB)10226969 035 $a(MiAaPQ)EBC477750 035 $a(EXLCZ)992550000000005931 100 $a20091222d2010 uy 0 101 0 $aeng 135 $aur|n|---||||| 181 $ctxt 182 $cc 183 $acr 200 10$aInformation technology risk management in enterprise environments$b[electronic resource] $ea review of industry practices and a practical guide to risk management teams /$fJake Kouns, Daniel Minoli 210 $aHoboken, NJ $cWiley$dc2010 215 $a1 online resource (441 p.) 300 $aDescription based upon print version of record. 311 $a0-471-76254-7 327 $aINFORMATION TECHNOLOGY RISK MANAGEMENT IN ENTERPRISE ENVIRONMENTS; CONTENTS; PREFACE; ABOUT THE AUTHORS; PART I INDUSTRY PRACTICES IN RISK MANAGEMENT; 1. INFORMATION SECURITY RISK MANAGEMENT IMPERATIVES AND OPPORTUNITIES; 1.1 Risk Management Purpose and Scope; 1.1.1 Purpose of Risk Management; 1.1.2 Text Scope; References; Appendix 1A: Bibliography of Related Literature; 2. INFORMATION SECURITY RISK MANAGEMENT DEFINED; 2.1 Key Risk Management Definitions; 2.1.1 Survey of Industry Definitions; 2.1.2 Adopted Definitions; 2.2 A Mathematical Formulation of Risk 327 $a2.2.1 What Is Risk? A Formal Definition2.2.2 Risk in IT Environments; 2.2.3 Risk Management Procedures; 2.3 Typical Threats/Risk Events; 2.4 What is an Enterprise Architecture?; References; Appendix 2A: The CISSPforum/ISO27k Implementers Forum Information Security Risk List for 2008; Appendix 2B: What is Enterprise Risk Management (ERM)?; 3. INFORMATION SECURITY RISK MANAGEMENT STANDARDS; 3.1 ISO/IEC 13335; 3.2 ISO/IEC 17799 (ISO/IEC 27002:2005); 3.3 ISO/IEC 27000 SERIES 327 $a3.3.1 ISO/IEC 27000, Information Technology-Security Techniques-Information Security Management Systems-Fundamentals and Vocabulary3.3.2 ISO/IEC 27001:2005, Information Technology-Security Techniques-Specification for an Information Security Management System; 3.3.3 ISO/IEC 27002:2005, Information Technology-Security Techniques-Code of Practice for Information Security Management; 3.3.4 ISO/IEC 27003 Information Technology-Security Techniques-Information Security Management System Implementation Guidance 327 $a3.3.5 ISO/IEC 27004 Information Technology-Security Techniques-Information Security Management-Measurement3.3.6 ISO/IEC 27005:2008 Information Technology-Security Techniques-Information Security Risk Management; 3.4 ISO/IEC 31000; 3.5 NIST STANDARDS; 3.5.1 NIST SP 800-16; 3.5.2 NIST SP 800-30; 3.5.3 NIST SP 800-39; 3.6 AS/NZS 4360; References; Appendix 3A: Organization for Economic CoOperation and Development (OECD) Guidelines for the Security of Information Systems and Networks: Toward a Culture of Security; 4. A SURVEY OF AVAILABLE INFORMATION SECURITY RISK MANAGEMENT METHODS AND TOOLS 327 $a4.1 Overview4.2 Risk Management/Risk Analysis Methods; 4.2.1 Austrian IT Security Handbook; 4.2.2 CCTA Risk Assessment and Management Methodology (CRAMM); 4.2.3 Dutch A&K Analysis; 4.2.4 EBIOS; 4.2.5 ETSI Threat Vulnerability and Risk Analysis (TVRA) Method; 4.2.6 FAIR (Factor Analysis of Information Risk); 4.2.7 FIRM (Fundamental Information Risk Management); 4.2.8 FMEA (Failure Modes and Effects Analysis); 4.2.9 FRAP (Facilitated Risk Assessment Process); 4.2.10 ISAMM (Information Security Assessment and Monitoring Method); 4.2.11 ISO/IEC Baselines; 4.2.12 ISO 31000 Methodology 327 $a4.2.13 IT-Grundschutz (IT Baseline Protection Manual) 330 $aDiscusses all types of corporate risks and practical means of defending against them.Security is currently identified as a critical area of Information Technology management by a majority of government, commercial, and industrial organizations.Offers an effective risk management program, which is the most critical function of an information security program. 606 $aBusiness enterprises$xComputer networks$xSecurity measures 606 $aInformation technology$xSecurity measures 606 $aData protection 606 $aComputer security 606 $aRisk management 608 $aElectronic books. 615 0$aBusiness enterprises$xComputer networks$xSecurity measures. 615 0$aInformation technology$xSecurity measures. 615 0$aData protection. 615 0$aComputer security. 615 0$aRisk management. 676 $a658.4/78 676 $a658.472 700 $aMinoli$b Daniel$f1952-$0535872 701 $aKouns$b Jake$0985123 801 0$bMiAaPQ 801 1$bMiAaPQ 801 2$bMiAaPQ 906 $aBOOK 912 $a9910139475703321 996 $aInformation technology risk management in enterprise environments$92251616 997 $aUNINA