LEADER 05407nam  2200517   450 
001 9910824268803321
005 20230105142131.0
010   $a1-5231-4835-7
010   $a1-78017-574-4
035   $a(CKB)4940000000613509
035   $a(MiAaPQ)EBC6733537
035   $a(Au-PeEL)EBL6733537
035   $a(OCoLC)1272992512
035   $a(OCoLC)1277198003
035   $a(OCoLC-P)1277198003
035   $a(CaSebORM)9781780175751
035   $a(EXLCZ)994940000000613509
100   $a20220622d2021      uy             0
101 0 $aeng
135   $aurcnu||||||||
181   $ctxt$2rdacontent
182   $cc$2rdamedia
183   $acr$2rdacarrier
200 10$aInformation risk management $ea practitioner's guide /$fDavid Sutton
205   $a2nd ed.
210  1$aEngland :$cBCS Learning & Development Limited,$d[2021]
210  4$dİ2021
215   $a1 online resource (240 pages)
300   $aIncludes index.
311   $a1-78017-572-8 
327   $aCover -- CONTENTS -- LIST OF FIGURES AND TABLES -- AUTHOR -- OTHER WORKS BY THE AUTHOR -- ACKNOWLEDGEMENTS -- ABBREVIATIONS -- PREFACE -- 1. THE NEED FOR INFORMATION RISK MANAGEMENT -- WHAT IS INFORMATION? -- WHO SHOULD USE INFORMATION RISK MANAGEMENT? -- THE LEGAL FRAMEWORK -- THE CONTEXT OF RISK IN THE ORGANISATION -- HOT TOPICS TO CONSIDER IN INFORMATION RISK MANAGEMENT -- THE BENEFITS OF TAKING ACCOUNT OF INFORMATION RISK -- OVERVIEW OF THE INFORMATION RISK MANAGEMENT PROCESS -- SUMMARY -- 2. REVIEW OF INFORMATION SECURITY FUNDAMENTALS -- INFORMATION CLASSIFICATION -- PLAN-DO-CHECK-ACT -- SUMMARY -- 3. THE INFORMATION RISK MANAGEMENT PROGRAMME -- GOALS, SCOPE AND OBJECTIVES -- ROLES AND RESPONSIBILITIES -- GOVERNANCE OF THE RISK MANAGEMENT PROGRAMME -- INFORMATION RISK MANAGEMENT CRITERIA -- SUMMARY -- 4. RISK IDENTIFICATION -- THE RISK IDENTIFICATION PROCESS -- THE APPROACH TO RISK IDENTIFICATION -- IMPACT ASSESSMENT -- SUMMARY -- 5. THREAT AND VULNERABILITY ASSESSMENT -- CONDUCTING THREAT ASSESSMENTS -- CONDUCTING VULNERABILITY ASSESSMENTS -- IDENTIFICATION OF EXISTING CONTROLS -- SUMMARY -- 6. RISK ANALYSIS AND RISK EVALUATION -- ASSESSMENT OF LIKELIHOOD -- RISK ANALYSIS -- RISK EVALUATION -- SUMMARY -- 7. RISK TREATMENT -- STRATEGIC RISK OPTIONS -- TACTICAL RISK MANAGEMENT CONTROLS -- OPERATIONAL RISK MANAGEMENT CONTROLS -- EXAMPLES OF CRITICAL CONTROLS AND CONTROL CATEGORIES -- SUMMARY -- 8. RISK REPORTING AND PRESENTATION -- BUSINESS CASES -- RISK TREATMENT DECISION-MAKING -- RISK TREATMENT PLANNING AND IMPLEMENTATION -- BUSINESS CONTINUITY AND DISASTER RECOVERY -- DISASTER RECOVERY FAILOVER TESTING -- SUMMARY -- 9. COMMUNICATION, CONSULTATION, MONITORING AND REVIEW -- SKILLS REQUIRED FOR AN INFORMATION RISK PROGRAMME MANAGER -- COMMUNICATION -- CONSULTATION -- RISK REVIEWS AND MONITORING -- SUMMARY.
327   $a10. THE NCSC CERTIFIED PROFESSIONAL SCHEME -- SFIA -- THE CIISEC SKILLS FRAMEWORK -- SUMMARY -- 11. HMG SECURITY-RELATED DOCUMENTS -- HMG SECURITY POLICY FRAMEWORK -- THE NATIONAL SECURITY STRATEGY -- CONTEST, THE UNITED KINGDOM'S STRATEGY FOR COUNTERING TERRORISM -- THE MINIMUM CYBER SECURITY STANDARD -- THE UK CYBER SECURITY STRATEGY 2016-2021 -- UK GOVERNMENT SECURITY CLASSIFICATIONS -- SUMMARY -- APPENDIX A - TAXONOMIES AND DESCRIPTIONS -- INFORMATION RISK -- TYPICAL IMPACTS OR CONSEQUENCES -- APPENDIX B - TYPICAL THREATS AND HAZARDS -- MALICIOUS INTRUSION (HACKING) -- ENVIRONMENTAL THREATS -- ERRORS AND FAILURES -- SOCIAL ENGINEERING -- MISUSE AND ABUSE -- PHYSICAL THREATS -- MALWARE -- APPENDIX C - TYPICAL VULNERABILITIES -- ACCESS CONTROL -- POOR PROCEDURES -- PHYSICAL AND ENVIRONMENTAL SECURITY -- COMMUNICATIONS AND OPERATIONS MANAGEMENT -- PEOPLE-RELATED SECURITY FAILURES -- APPENDIX D - INFORMATION RISK CONTROLS -- STRATEGIC CONTROLS -- TACTICAL CONTROLS -- OPERATIONAL CONTROLS -- THE CENTRE FOR INTERNET SECURITY CONTROLS VERSION 8 -- ISO/IEC 27001:2017 CONTROLS -- NIST SPECIAL PUBLICATION 800-53 REVISION 5 -- APPENDIX E - METHODOLOGIES, GUIDELINES AND TOOLS -- METHODOLOGIES -- OTHER GUIDELINES AND TOOLS -- APPENDIX F - TEMPLATES -- APPENDIX G - HMG CYBERSECURITY GUIDELINES -- HMG CYBER ESSENTIALS SCHEME -- 10 STEPS TO CYBER SECURITY -- APPENDIX H - REFERENCES AND FURTHER READING -- PRIMARY UK LEGISLATION -- GOOD PRACTICE GUIDELINES -- OTHER REFERENCE MATERIAL -- NCSC CERTIFIED PROFESSIONAL SCHEME -- OTHER UK GOVERNMENT PUBLICATIONS -- RISK MANAGEMENT METHODOLOGIES -- UK AND INTERNATIONAL STANDARDS -- APPENDIX I - DEFINITIONS, STANDARDS AND GLOSSARY OF TERMS -- DEFINITIONS AND GLOSSARY OF TERMS -- INFORMATION RISK MANAGEMENT STANDARDS -- INDEX -- Back cover.
330   $aInformation risk management (IRM) is about identifying, assessing, prioritising and treating risks to keep information secure and available. This book provides practical guidance to the principles and development of a strategic approach to an IRM programme. The only textbook for the BCS Practitioner Certificate in Information Risk Management.
606   $aInformation technology$xManagement
606   $aRisk management
615  0$aInformation technology$xManagement.
615  0$aRisk management.
676   $a658.4038
700   $aSutton$b David$064524
801  0$bMiAaPQ
801  1$bMiAaPQ
801  2$bMiAaPQ
906   $aBOOK
912   $a9910824268803321
996   $aInformation risk management$94022041
997   $aUNINA