did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780470558119

Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams

by ;
  • ISBN13:

    9780470558119

  • ISBN10:

    0470558113

  • Format: eBook
  • Copyright: 2010-01-01
  • Publisher: Wiley-Interscience
  • Purchase Benefits
List Price: $94.95
We're Sorry.
No Options Available at This Time.

Summary

Discusses all types of corporate risks and practical means of defending against them. Security is currently identified as a critical area of Information Technology management by a majority of government, commercial, and industrial organizations. Offers an effective risk management program, which is the most critical function of an information security program.

Table of Contents

Preface
About the Authors
Industry Practices in Risk Management
Information Security Risk Management Imperatives and Opportunities
Risk Management Purpose and Scope
Purpose of Risk Management
Text Scope
References
Bibliography of Related Literature
Information Security Risk Management Defined
Key Risk Management Definitions
A Mathematical Formulation of Risk
Typical Threats/Risk Events
What is an Enterprise Architecture?
References
The CISSPforum/ISO27k Implementers Forum Information Security Risk List for 2008
What is Enterprise Risk Management (ERM)?
Information Security Risk Management Standards
ISO/IEC 13335
ISO/IEC 17799 (ISO/IEC 27002:2005)
ISO/IEC 27000 SERIES
ISO/IEC 27000, Information Technology-Security Techniques-Information Security Management Systems-Fundamentals and Vocabulary
ISO/IEC 27001:2005, Information Technology-Security Techniques-Specification for an Information Security Management System
ISO/IEC 27002:2005, Information Technology-Security Techniques-Code of Practice for Information Security Management
ISO/IEC 27003 Information Technology-Security Techniques-Information Security Management System Implementation Guidance
ISO/IEC 27004 Information Technology-Security Techniques-Information Security Management-Measurement
ISO/IEC 27005:2008 Information Technology-Security Techniques-Information Security Risk Management
ISO/IEC 31000
NIST STANDARDS
NIST SP 800-16
NIST SP 800-30
NIST SP 800-39
AS/NZS 4360
References
Organization for Economic CoOperation and Development (OECD) Guidelines for the Security of Information Systems and Networks: Toward a Culture of Security
A Survey of Available Information Security Risk Management Methods and Tools
Overview
Risk Management/Risk Analysis Methods
Austrian IT Security Handbook
CCTA Risk Assessment and Management Methodology (CRAMM)
Dutch A&K Analysis
EBIOS
ETSI Threat Vulnerability and Risk Analysis (TVRA) Method
FAIR (Factor Analysis of Information Risk)
FIRM (Fundamental Information Risk Management)
FMEA (Failure Modes and Effects Analysis)
FRAP (Facilitated Risk Assessment Process)
ISAMM (Information Security Assessment and Monitoring Method)
ISO/IEC Baselines
ISO 31000 Methodology
IT-Grundschutz (IT Baseline Protection Manual)
MAGERIT (Metodologia de Analisis y Gestion de Riesgos de los Sistemas de Informacion) (Methodology for Information Systems Risk Analysis and Management)
MEHARI (Méthode Harmonisée d'Analyse de Risques-Harmonised Risk Analysis Method)
Microsoft's Security Risk Management Guide
MIGRA (Metodologia Integrata per la Gestione del Rischio Aziendale)
NIST
National Security Agency (NSA) IAM / IEM /IA-CMM
Open Source Approach
PTA (Practical Threat Analysis)
SOMAP (Security Officers Management and Analysis Project)
Summary
References
Methodologies Examples: Cobit and Octave
Overview
COBIT
COBIT Framework
The Need for a Control Framework for IT Governance
How COBIT Meets the Need
COBIT's Information Criteria
Business Goals and IT Goals
COBIT Framework
IT Resources
Plan and Organize (PO)
Acquire and Implement (AI)
Deliver and Support (DS)
Monitor and Evaluate (ME)
Processes Need Controls
COBIT Framework
Business and IT Controls
IT General Controls and Application Controls
Maturity Models
Performance Measurement
OCTAVE
The OCTAVE Approach
The OCTAVE Method
References
Developing Risk Management Teams
Risk Management Issues and Organization Specifics
Purpose and Scope
Risk Management Policies
A Snapshot of Risk Management in the Corporate World
Motivations for Risk Management
Justifying Risk Management Financially
The Human Factors
Priority-Oriented Rational Approach
Overview of Pragmatic Risk Management Process
Creation of a Risk Management Team, and Adoption of Methodologies
Iterative Procedure for Ongoing Risk Management
Roadmap to Pragmatic Risk Management
References
Example of a Security Policy
Assessing Organization and Establishing Risk Management Scope
Assessing the Current Enterprise Environment
Soliciting Support From Senior Management
Establishing Risk Management Scope and Boundaries
Defining Acceptable Risk for Enterprise
Risk Management Committee
Organization-Specific Risk Methodology
Quantitative Methods
Qualitative Methods
Other Approaches
Risk Waivers Programs
References
Summary of Applicable Legislation
Identifying Resources and Implementing The Risk Management Team
Operating Costs to Support Risk Management and Staffing Requirements
Organizational Models
Staffing Requirements
Specialized Skills Required
Sourcing Options
Risk Management Tools
Risk Management Services
Alerting and Analysis Services
Assessments, Audits, and Project Consulting
Developing and Implementing the Risk Management/Assessment Team
Creating Security Standards
Defining Subject Matter Experts
Determining Information Sources
References
Sizing Example for Risk Management Team
Example of Vulnerability Alerts by Vendors and CERT
Examples of Data Losses-A One-Month Snapshot
Identifying Assets and Organization Risk Exposures
Importance of Asset Identification and Management
Enterprise Architecture
Identifying IT Assets
Assigning Value to IT Assets
Vulnerability Identification/Classification
Base Parameters
Temporal Parameters
Environmental Parameters
Threat Analysis: Type of Risk Exposures
Type of Risk Exposures
Internal Team Programs (to Uncover Risk Exposures)
Summary
References
Common Information Systems Assets
Remediation Planning and Compliance Reporting
Determining Risk Value
Remediation Approaches
Prioritizing Remediations
Determining Mitigating Timeframes
Compliance Monitoring and Security Metrics
Compliance Reporting
References
Basic Glossary Of Terms Used in This Text
Index
Table of Contents provided by Publisher. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program