LEADER 05172nam  2200661   450 
001 9910537610603321
005 20220114103451.0
010   $a1-78017-265-6
010   $a1-78017-266-4
035   $a(CKB)2670000000578859
035   $a(EBL)1765545
035   $a(SSID)ssj0001434509
035   $a(PQKBManifestationID)12012462
035   $a(PQKBTitleCode)TC0001434509
035   $a(PQKBWorkID)11441560
035   $a(PQKB)11749717
035   $a(MiAaPQ)EBC1765545
035   $a(CaSebORM)9781780172651
035   $a(Au-PeEL)EBL1765545
035   $a(CaPaEBR)ebr10993969
035   $a(CaONFJC)MIL666122
035   $a(OCoLC)897450217
035   $a(EXLCZ)992670000000578859
100   $a20141220h20142014  uy             0
101 0 $aeng
135   $aur|n|---|||||
181   $ctxt
182   $cc
183   $acr
200 10$aInformation risk management $ea practitioner's guide /$fDavid Sutton
205   $a1st edition
210  1$aWiltshire, England :$cBCS The Chartered Institute for IT,$d2014.
210  4$dİ2014
215   $a1 online resource (245 p.)
300   $aDescription based upon print version of record.
311   $a1-322-34840-5 
311   $a1-78017-267-2 
320   $aIncludes bibliographical references and index.
327   $aCover; Copyright; CONTENTS; LIST OF FIGURES AND TABLES; AUTHOR; ACKNOWLEDGMENTS; ABBREVIATIONS; DEFINITIONS, STANDARDS AND GLOSSARY OF TERMS; PREFACE; 1 THE NEED FOR INFORMATION RISK MANAGEMENT; INTRODUCTION; WHAT IS INFORMATION?; THE INFORMATION LIFE CYCLE; WHO SHOULD USE INFORMATION RISK MANAGEMENT?; THE LEGAL FRAMEWORK; THE CONTEXT OF RISK IN THE ORGANISATION; THE BENEFITS OF TAKING ACCOUNT OF INFORMATION RISK; OVERVIEW OF THE INFORMATION RISK MANAGEMENT PROCESS; 2 REVIEW OF INFORMATION SECURITY FUNDAMENTALS; INFORMATION CLASSIFICATION; PLAN, DO, CHECK, ACT
327   $a3 THE INFORMATION RISK MANAGEMENT PROGRAMMEGOALS, SCOPE AND OBJECTIVES; ROLES AND RESPONSIBILITIES; GOVERNANCE OF THE RISK MANAGEMENT PROGRAMME; INFORMATION RISK MANAGEMENT CRITERIA; 4 RISK IDENTIFICATION; THE APPROACH TO RISK IDENTIFICATION; IMPACT ASSESSMENT; TYPES OF IMPACT; QUALITATIVE AND QUANTITATIVE ASSESSMENTS; 5 THREAT AND VULNERABILITY ASSESSMENT; CONDUCTING THREAT ASSESSMENTS; CONDUCTING VULNERABILITY ASSESSMENTS; IDENTIFICATION OF EXISTING CONTROLS; 6 RISK ANALYSIS AND RISK EVALUATION; ASSESSMENT OF LIKELIHOOD; RISK ANALYSIS; RISK EVALUATION; 7 RISK TREATMENT
327   $aSTRATEGIC RISK OPTIONSTACTICAL RISK MANAGEMENT CONTROLS; OPERATIONAL RISK MANAGEMENT CONTROLS; EXAMPLES OF CRITICAL CONTROLS AND CONTROL CATEGORIES; 8 RISK REPORTING AND PRESENTATION; BUSINESS CASES; RISK TREATMENT DECISION-MAKING; RISK TREATMENT PLANNING AND IMPLEMENTATION; BUSINESS CONTINUITY AND DISASTER RECOVERY; 9 COMMUNICATION, CONSULTATION, MONITORING AND REVIEW; COMMUNICATION; CONSULTATION; RISK REVIEWS AND MONITORING; 10 THE CESG IA CERTIFICATION SCHEME; THE CESG IA CERTIFICATION SCHEME; SKILLS FRAMEWORK FOR THE INFORMATION AGE (SFIA); THE IISP INFORMATION SECURITY SKILLS FRAMEWORK
327   $a11 HMG SECURITY-RELATED DOCUMENTSHMG SECURITY POLICY FRAMEWORK; UK GOVERNMENT SECURITY CLASSIFICATIONS; APPENDIX A TAXONOMIES AND DESCRIPTIONS; INFORMATION RISK; TYPICAL IMPACTS OR CONSEQUENCES; APPENDIX B TYPICAL THREATS AND HAZARDS; MALICIOUS INTRUSION (HACKING); ENVIRONMENTAL THREATS; ERRORS AND FAILURES; SOCIAL ENGINEERING; MISUSE AND ABUSE; PHYSICAL THREATS; MALWARE; APPENDIX C TYPICAL VULNERABILITIES; ACCESS CONTROL; POOR PROCEDURES; PHYSICAL AND ENVIRONMENTAL SECURITY; COMMUNICATIONS AND OPERATIONS MANAGEMENT; PEOPLE-RELATED SECURITY FAILURES; APPENDIX D INFORMATION RISK CONTROLS
327   $aSTRATEGIC CONTROLSTACTICAL CONTROLS; OPERATIONAL CONTROLS; CRITICAL SECURITY CONTROLS VERSION 5.0; ISO/IEC 27001 CONTROLS; NIST SPECIAL PUBLICATION 800-53 REVISION 4; APPENDIX E METHODOLOGIES, GUIDELINES  AND TOOLS; METHODOLOGIES; OTHER GUIDELINES AND TOOLS; APPENDIX F TEMPLATES; APPENDIX G HMG CYBER SECURITY GUIDELINES; HMG CYBER ESSENTIALS SCHEME; 10 STEPS TO CYBER SECURITY; APPENDIX H REFERENCES AND FURTHER READING; PRIMARY UK LEGISLATION; GOOD PRACTICE GUIDELINES; OTHER REFERENCE MATERIAL; CESG CERTIFIED PROFESSIONAL SCHEME; OTHER UK GOVERNMENT PUBLICATIONS; RISK MANAGEMENT METHODOLOGIES
327   $aNEWS ARTICLES ETC.
330   $aInformation risk management (IRM) is about identifying, assessing and prioritising risks to keep information secure and available. This accessible book provides practical guidance to the principles and development of a strategic approach to an IRM programme. The only textbook for the BCS Practitioner Certificate in Information Risk Management.
606   $aInformation technology$xManagement
608   $aElectronic books.
615  0$aInformation technology$xManagement.
676   $a658.4038
700   $aSutton$b David$c(Information security practitioner)$064524
712 02$aBCS, The Chartered Institute for IT,
801  0$bMiAaPQ
801  1$bMiAaPQ
801  2$bMiAaPQ
906   $aBOOK
912   $a9910537610603321
996   $aInformation risk management$92691376
997   $aUNINA