Vai al contenuto principale della pagina

Information technology risk management in enterprise environments [[electronic resource] ] : a review of industry practices and a practical guide to risk management teams / / Jake Kouns, Daniel Minoli



(Visualizza in formato marc)    (Visualizza in BIBFRAME)

Autore: Minoli Daniel <1952-> Visualizza persona
Titolo: Information technology risk management in enterprise environments [[electronic resource] ] : a review of industry practices and a practical guide to risk management teams / / Jake Kouns, Daniel Minoli Visualizza cluster
Pubblicazione: Hoboken, NJ, : Wiley, c2010
Descrizione fisica: 1 online resource (441 p.)
Disciplina: 658.4/78
658.472
Soggetto topico: Business enterprises - Computer networks - Security measures
Information technology - Security measures
Data protection
Computer security
Risk management
Soggetto genere / forma: Electronic books.
Altri autori: KounsJake  
Note generali: Description based upon print version of record.
Nota di contenuto: INFORMATION TECHNOLOGY RISK MANAGEMENT IN ENTERPRISE ENVIRONMENTS; CONTENTS; PREFACE; ABOUT THE AUTHORS; PART I INDUSTRY PRACTICES IN RISK MANAGEMENT; 1. INFORMATION SECURITY RISK MANAGEMENT IMPERATIVES AND OPPORTUNITIES; 1.1 Risk Management Purpose and Scope; 1.1.1 Purpose of Risk Management; 1.1.2 Text Scope; References; Appendix 1A: Bibliography of Related Literature; 2. INFORMATION SECURITY RISK MANAGEMENT DEFINED; 2.1 Key Risk Management Definitions; 2.1.1 Survey of Industry Definitions; 2.1.2 Adopted Definitions; 2.2 A Mathematical Formulation of Risk
2.2.1 What Is Risk? A Formal Definition2.2.2 Risk in IT Environments; 2.2.3 Risk Management Procedures; 2.3 Typical Threats/Risk Events; 2.4 What is an Enterprise Architecture?; References; Appendix 2A: The CISSPforum/ISO27k Implementers Forum Information Security Risk List for 2008; Appendix 2B: What is Enterprise Risk Management (ERM)?; 3. INFORMATION SECURITY RISK MANAGEMENT STANDARDS; 3.1 ISO/IEC 13335; 3.2 ISO/IEC 17799 (ISO/IEC 27002:2005); 3.3 ISO/IEC 27000 SERIES
3.3.1 ISO/IEC 27000, Information Technology-Security Techniques-Information Security Management Systems-Fundamentals and Vocabulary3.3.2 ISO/IEC 27001:2005, Information Technology-Security Techniques-Specification for an Information Security Management System; 3.3.3 ISO/IEC 27002:2005, Information Technology-Security Techniques-Code of Practice for Information Security Management; 3.3.4 ISO/IEC 27003 Information Technology-Security Techniques-Information Security Management System Implementation Guidance
3.3.5 ISO/IEC 27004 Information Technology-Security Techniques-Information Security Management-Measurement3.3.6 ISO/IEC 27005:2008 Information Technology-Security Techniques-Information Security Risk Management; 3.4 ISO/IEC 31000; 3.5 NIST STANDARDS; 3.5.1 NIST SP 800-16; 3.5.2 NIST SP 800-30; 3.5.3 NIST SP 800-39; 3.6 AS/NZS 4360; References; Appendix 3A: Organization for Economic CoOperation and Development (OECD) Guidelines for the Security of Information Systems and Networks: Toward a Culture of Security; 4. A SURVEY OF AVAILABLE INFORMATION SECURITY RISK MANAGEMENT METHODS AND TOOLS
4.1 Overview4.2 Risk Management/Risk Analysis Methods; 4.2.1 Austrian IT Security Handbook; 4.2.2 CCTA Risk Assessment and Management Methodology (CRAMM); 4.2.3 Dutch A&K Analysis; 4.2.4 EBIOS; 4.2.5 ETSI Threat Vulnerability and Risk Analysis (TVRA) Method; 4.2.6 FAIR (Factor Analysis of Information Risk); 4.2.7 FIRM (Fundamental Information Risk Management); 4.2.8 FMEA (Failure Modes and Effects Analysis); 4.2.9 FRAP (Facilitated Risk Assessment Process); 4.2.10 ISAMM (Information Security Assessment and Monitoring Method); 4.2.11 ISO/IEC Baselines; 4.2.12 ISO 31000 Methodology
4.2.13 IT-Grundschutz (IT Baseline Protection Manual)
Sommario/riassunto: Discusses all types of corporate risks and practical means of defending against them.Security is currently identified as a critical area of Information Technology management by a majority of government, commercial, and industrial organizations.Offers an effective risk management program, which is the most critical function of an information security program.
Titolo autorizzato: Information technology risk management in enterprise environments  Visualizza cluster
ISBN: 1-118-21161-8
1-282-68665-8
9786612686658
0-470-55813-X
0-470-55811-3
Formato: Materiale a stampa
Livello bibliografico Monografia
Lingua di pubblicazione: Inglese
Record Nr.: 9910139475703321
Lo trovi qui: Univ. Federico II
Opac: Controlla la disponibilità qui