The Resource Information Risk Management : a Practitioner's Guide, David Sutton

Information Risk Management : a Practitioner's Guide, David Sutton

Label
Information Risk Management : a Practitioner's Guide
Title
Information Risk Management
Title remainder
a Practitioner's Guide
Statement of responsibility
David Sutton
Creator
Author
Subject
Language
eng
Summary
This book provides a practical guide to implementing an information risk management process. The author takes you logically through the steps required to identify, assess and manage information risks within an organisation. Each step is explained clearly, supported by several generic examples, such as examples of threats and vulnerabilities, as well as the types of controls to treat risk. Ways of presenting the risks, as well as supporting business cases, are also discussed. Other topics include: coverage of the CESG scheme, HMG security-related documents, such as the security policy framework and UK Government security classification scheme, typical threats and hazards, typical vulnerabilities, risk controls, methodologies and tools, and templates. There are references throughout to any appropriate standards, such as ISO27001 and ISO27005. --
Assigning source
Edited summary from book
Cataloging source
UKMGB
Dewey number
658.4038
Index
index present
LC call number
HD30.2
Literary form
non fiction
Nature of contents
  • dictionaries
  • bibliography
Label
Information Risk Management : a Practitioner's Guide, David Sutton
Publication
Antecedent source
unknown
Bibliography note
Includes bibliographical references and index
http://library.link/vocab/branchCode
  • net
Carrier category
online resource
Carrier category code
cr
Carrier MARC source
rdacarrier
Color
multicolored
Content category
text
Content type code
txt
Content type MARC source
rdacontent
Contents
  • Cover; Copyright; CONTENTS; LIST OF FIGURES AND TABLES; AUTHOR; ACKNOWLEDGMENTS; ABBREVIATIONS; DEFINITIONS, STANDARDS AND GLOSSARY OF TERMS; PREFACE; 1 THE NEED FOR INFORMATION RISK MANAGEMENT; INTRODUCTION; WHAT IS INFORMATION?; THE INFORMATION LIFE CYCLE; WHO SHOULD USE INFORMATION RISK MANAGEMENT?; THE LEGAL FRAMEWORK; THE CONTEXT OF RISK IN THE ORGANISATION; THE BENEFITS OF TAKING ACCOUNT OF INFORMATION RISK; OVERVIEW OF THE INFORMATION RISK MANAGEMENT PROCESS; 2 REVIEW OF INFORMATION SECURITY FUNDAMENTALS; INFORMATION CLASSIFICATION; PLAN, DO, CHECK, ACT
  • 11 hmg security-related documentshmg security policy framework; uk government security classifications; appendix a taxonomies and descriptions; information risk; typical impacts or consequences; appendix b typical threats and hazards; malicious intrusion (hacking); environmental threats; errors and failures; social engineering; misuse and abuse; physical threats; malware; appendix c typical vulnerabilities; access control; poor procedures; physical and environmental security; communications and operations management; people-related security failures; appendix d information risk controls
  • 3 the information risk management programmegoals, scope and objectives; roles and responsibilities; governance of the risk management programme; information risk management criteria; 4 risk identification; the approach to risk identification; impact assessment; types of impact; qualitative and quantitative assessments; 5 threat and vulnerability assessment; conducting threat assessments; conducting vulnerability assessments; identification of existing controls; 6 risk analysis and risk evaluation; assessment of likelihood; risk analysis; risk evaluation; 7 risk treatment
  • Strategic controlstactical controls; operational controls; critical security controls version 5.0; iso/iec 27001 controls; nist special publication 800-53 revision 4; appendix e methodologies, guidelines and tools; methodologies; other guidelines and tools; appendix f templates; appendix g hmg cyber security guidelines; hmg cyber essentials scheme; 10 steps to cyber security; appendix h references and further reading; primary uk legislation; good practice guidelines; other reference material; cesg certified professional scheme; other uk government publications; risk management methodologies
  • Strategic risk optionstactical risk management controls; operational risk management controls; examples of critical controls and control categories; 8 risk reporting and presentation; business cases; risk treatment decision-making; risk treatment planning and implementation; business continuity and disaster recovery; 9 communication, consultation, monitoring and review; communication; consultation; risk reviews and monitoring; 10 the cesg ia certification scheme; the cesg ia certification scheme; skills framework for the information age (sfia); the iisp information security skills framework
Control code
ocn897450217
Dimensions
unknown
Extent
1 online resource (210 pages)
File format
unknown
Form of item
online
Isbn
9781780172668
Level of compression
unknown
Media category
computer
Media MARC source
rdamedia
Media type code
c
http://library.link/vocab/ext/overdrive/overdriveId
cl0500000523
Quality assurance targets
not applicable
http://library.link/vocab/recordID
.b34247890
Reformatting quality
unknown
Sound
unknown sound
Specific material designation
remote
System control number
  • (OCoLC)897450217
  • pebcs1780172664

Library Locations

    • Deakin University Library - Geelong Waurn Ponds CampusBorrow it
      75 Pigdons Road, Waurn Ponds, Victoria, 3216, AU
      -38.195656 144.304955
Processing Feedback ...