LEADER 05429nam  2200673Ia 450 
001 9910790090303321
005 20230120011758.0
010   $a1-283-52639-5
010   $a9786613838841
010   $a1-59749-616-2
035   $a(CKB)2670000000082411
035   $a(EBL)685406
035   $a(OCoLC)726734701
035   $a(SSID)ssj0000492032
035   $a(PQKBManifestationID)11328798
035   $a(PQKBTitleCode)TC0000492032
035   $a(PQKBWorkID)10477129
035   $a(PQKB)11449544
035   $a(Au-PeEL)EBL685406
035   $a(CaPaEBR)ebr10465832
035   $a(CaONFJC)MIL383884
035   $a(CaSebORM)9781597496155
035   $a(MiAaPQ)EBC685406
035   $a(EXLCZ)992670000000082411
100   $a20110510d2011      uy             0
101 0 $aeng
135   $aur|n|---|||||
181   $ctxt$2rdacontent
182   $cc$2rdamedia
183   $acr
200 10$aSecurity risk management$b[electronic resource] $ebuilding an information security risk management program from the ground up /$fEvan Wheeler
205   $a1st edition
210   $aWaltham, MA $cSyngress$d2011
215   $a1 online resource (361 pages)
300   $aDescription based upon print version of record.
311   $a1-59749-615-4 
320   $aIncludes bibliographical references and index.
327   $aFront Cover; Security Risk Management: Building an InformationSecurity Risk Management Program from the Ground Up; Copyright; Table of Contents; Preface; Intended Audience; Organization of This Book; Acknowledgments; About the Author; About the Technical Editor; Part I: Introduction to Risk Management; Chapter 1. The Security Evolution; Introduction; How We Got Here; A Risk-Focused Future; Information Security Fundamentals; The Death of Information Security; Summary; References; Chapter 2. Risky Business; Introduction; Applying Risk Management to Information Security
327   $aBusiness-Driven Security ProgramSecurity as an Investment; Qualitative versus Quantitative; Summary; References; Chapter 3. The Risk Management Lifecycle; Introduction; Stages of the Risk Management Lifecycle; Business Impact Assessment; A Vulnerability Assessment Is Not a Risk Assessment; Making Risk Decisions; Mitigation Planning and Long-Term Strategy; Process Ownership; Summary; Part II: Risk Assessment and AnalysisTechniques; Chapter 4. Risk Profiling; Introduction; How Risk Sensitivity Is Measured; Asking the Right Questions; Assessing Risk Appetite; Summary; Reference
327   $aChapter 5. Formulating a RiskIntroduction; Breaking Down a Risk; Who or What Is the Threat?; Summary; References; Chapter 6. Risk Exposure Factors; Introduction; Qualitative Risk Measures; Risk Assessment; Summary; Reference; Chapter 7. Security Controls and Services; Introduction; Fundamental Security Services; Recommended Controls; Summary; Reference; Chapter 8. Risk Evaluation and Mitigation Strategies; Introduction; Risk Evaluation; Risk Mitigation Planning; Policy Exceptions and Risk Acceptance; Summary; Chapter 9. Reports and Consulting; Introduction; Risk Management Artifacts
327   $aA Consultant's PerspectiveWriting Audit Responses; Summary; References; Chapter 10. Risk Assessment Techniques; Introduction; Operational Assessments; Project-Based Assessments; Third-Party Assessments; Summary; References; Part III: Building and Running a Risk Management Program; Chapter 11. Threat and Vulnerability Management; Introduction; Building Blocks; Threat Identification; Advisories and Testing; An Efficient Workflow; The FAIR Approach; Summary; References; Chapter 12. Security Risk Reviews; Introduction; Assessing the State of Compliance; Implementing a Process
327   $aProcess Optimization: A Review of Key PointsThe NIST Approach; Summary; References; Chapter 13. A Blueprint for Security; Introduction; Risk in the Development Lifecycle; Security Architecture; Patterns and Baselines; Architectural Risk Analysis; Summary; Reference; Chapter 14. Building a Program from Scratch; Introduction; Designing a Risk Program; Prerequisites for a Risk Management Program; Risk at the Enterprise Level; Linking the Program Components; Program Roadmap; Summary; Reference; Appendix A: Sample Security Risk Profile; A. General Information; B. Information Sensitivity
327   $aC Regulatory Requirements
330   $aThe goal of Security Risk Management is to teach you practical techniques that will be used on a daily basis, while also explaining the fundamentals so you understand the rationale behind these practices. Security professionals often fall into the trap of telling the business that they need to fix something, but they can't explain why. This book will help you to break free from the so-called ""best practices"" argument by articulating risk exposures in business terms. You will learn techniques for how to perform risk assessments for new IT projects, how to efficiently manage daily ri
606   $aComputer networks$xSecurity measures
606   $aComputer security
615  0$aComputer networks$xSecurity measures.
615  0$aComputer security.
676   $a005.8
676   $a658.4/7
676   $a658.47
700   $aWheeler$b Evan$01486486
801  0$bMiAaPQ
801  1$bMiAaPQ
801  2$bMiAaPQ
906   $aBOOK
912   $a9910790090303321
996   $aSecurity risk management$93705968
997   $aUNINA