Information Systems Risk Management Handbook

Protecting Your Network & Information Assets

Andy Jones, Debi Ashenden

274 pages, parution le 01/06/2005

Ajouter à une liste

Indisponible

Résumé

The information systems security (InfoSec) profession remains one of the fastest growing professions in the world today. With the advent of the Internet and its use as a method of conducting business, even more emphasis is being placed on InfoSec. However, there is an expanded field of threats that must be addressed by today's InfoSec and information assurance (IA) professionals. Operating within a global business environment with elements of a virtual workforce can create problems not experienced in the past. How do you assess the risk to the organization when information can be accessed, remotely, by employees in the field or while they are traveling internationally? How do you assess the risk to employees who are not working on company premises and are often thousands of miles from the office? How do you assess the risk to your organization and its assets when you have offices or facilities in a nation whose government may be supporting the theft of the corporate "crown jewels" in order to assist their own nationally owned or supported corporations? If your risk assessment and management program is to be effective, then these issues must be assessed. Personnel involved in the risk assessment and management process face a much more complex environment today than they have ever encountered before. This book covers more than just the fundamental elements that make up a good risk program. It provides an integrated "how to" approach to implementing a corporate program, complete with tested methods and processes; flowcharts; and checklists that can be used by the reader and immediately implemented into a computer and overall corporate security program. The challenges are many and this book will help professionals in meeting their challenges as we progress through the 21st Century.

Audience : Corporate security professionals around the world.

L'auteur - Andy Jones

Andy Jones , A Research Group Leader at the Security Research Centre for British Telecommunications where he is conducting research into the security of information and communication systems.

L'auteur - Debi Ashenden

Debi Ashenden , Senior Research Fellow in Information Assurance at the Royal Military College of Science, Cranfield University, UK

Sommaire

Section I: An Introduction to Risk Management
- Introduction to the Theories of Risk Management
- The Changing Environment
- The Art of Managing Risks
Section II: The Threat Assessment Process
- Threat Assessment and its Input to Risk Assessment
- Threat Assessment Method
- Example Threat Assessment
Section III: Vulnerability Issues
- Operating System Vulnerabilities
- Application Vulnerabilities
- Public Domain or Commercial Off-the-Shelf Software?
- Connectivity and Dependence
Section IV: The Risk Process
- What is Risk Assessment?
- Risk Analysis
- Who is Responsible?
Section V: Tools and Types of Risk Assessment
- Qualitative and Quantitative Rrisk Assessment
- Policies, Procedures, Plans, and Processes of Risk Management
- Tools and Techniques
- Integrated Risk Management
Section VI: Future Directions
- The Future of the Risk Management

Voir tout

Replier

Caractéristiques techniques

	PAPIER
Éditeur(s)	Elsevier
Auteur(s)	Andy Jones, Debi Ashenden
Parution	01/06/2005
Nb. de pages	274
Format	15 x 23
Couverture	Broché
Poids	475g
Intérieur	Noir et Blanc
EAN13	9780750677950
ISBN13	978-0-7506-7795-0