rent-now

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

9780849329982

The Security Risk Assessment Handbook

by Landoll; Douglas J.
  • ISBN13:

    9780849329982

  • ISBN10:

    0849329981

  • Edition: 1st
  • Format: Hardcover
  • Copyright: 2005-12-12
  • Publisher: CRC Press
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $89.95

Summary

The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments provides detailed insight into precisely how to conduct an information security risk assessment from a practical point of view. Designed for security professionals who want a more in-depth understanding of the risk assessment process, this volume contains real-world advice that promotes professional development and experience. It also enables security consumers to better negotiate the scope and rigor of a security assessment, effectively interface with a security assessment team, deliver insightful comments on a draft report, and have a greater understanding of final report recommendations.

Table of Contents

Introductionp. 1
The Need for an Information Security Programp. 2
Elements of an Information Security Programp. 4
Security Control Standards and Regulationsp. 5
Common Core Information Security Practicesp. 5
Unanimous Core Security Practicesp. 6
Majority Core Security Practicesp. 7
Core Security Practice Conclusionsp. 8
Security Risk Assessmentp. 8
The Role of the Security Risk Assessmentp. 8
Definition of a Security Risk Assessmentp. 10
The Need for a Security Risk Assessmentp. 11
Security Risk Assessment Secondary Benefitsp. 14
Related Activitiesp. 15
Gap Assessmentp. 16
Compliance Auditp. 16
Security Auditp. 19
Vulnerability Scanningp. 20
Penetration Testingp. 20
Ad Hoc Testingp. 20
Social Engineeringp. 20
Wardialingp. 21
The Need for This Bookp. 21
Who Is This Book For?p. 23
Notesp. 24
Referencesp. 25
Information Security Risk Assessment Basicsp. 27
Phase 1: Project Definitionp. 27
Phase 2: Project Preparationp. 29
Phase 3: Data Gatheringp. 29
Phase 4: Risk Analysisp. 29
Assetsp. 30
Threat Agents and Threatsp. 30
Vulnerabilitiesp. 34
Security Riskp. 34
Phase 5: Risk Mitigationp. 35
Safeguardsp. 36
Residual Security Riskp. 37
Phase 6: Risk Reporting and Resolutionp. 38
Risk Resolutionp. 38
Notep. 39
Referencesp. 40
Project Definitionp. 41
Ensuring Project Successp. 41
Success Definitionp. 42
Setting the Budgetp. 53
Determining the Objectivep. 54
Limiting the Scopep. 55
Identifying System Boundariesp. 60
Specifying the Rigorp. 63
Sample Scope Statementsp. 64
Project Descriptionp. 64
Project Variablesp. 64
Statement of Workp. 64
Notesp. 74
Referencesp. 75
Security Risk Assessment Preparationp. 77
Introduce the Teamp. 77
Introductory Letterp. 78
Pre-Assessment Briefingp. 79
Obtain Proper Permissionp. 80
Review Business Missionp. 83
What Is a Business Missionp. 83
Obtaining Business Mission Informationp. 84
Identify Critical Systemsp. 85
Determining Criticalityp. 86
Identify Assetsp. 89
Checklists and Judgmentp. 91
Asset Sensitivity/Criticality Classificationp. 91
Asset Valuationp. 95
Identifying Threatsp. 99
Threat Componentsp. 100
Listing Possible Threatsp. 100
Threat Statementsp. 105
Validating Threat Statementsp. 105
Determine Expected Controlsp. 108
Notesp. 112
Referencesp. 114
Data Gatheringp. 115
Samplingp. 117
Sampling Objectivesp. 119
Sampling Typesp. 120
Use of Sampling in Security Testingp. 121
The RIIOT Method of Data Gatheringp. 123
RIIOT Method Benefitsp. 123
RIIOT Method Approachesp. 123
Using the RIIOT Methodp. 148
Notesp. 148
Referencesp. 149
Administrative Data Gatheringp. 151
Threats and Safeguardsp. 151
Human Resourcesp. 154
Organizational Structurep. 159
Information Controlp. 163
Business Continuityp. 166
System Securityp. 168
The RIIOT Method: Administrative Data Gatheringp. 172
Review Administrative Documentsp. 174
Interview Administrative Personnelp. 186
Inspect Administrative Security Controlsp. 190
Observe Administrative Behaviorp. 200
Test Administrative Security Controlsp. 200
Notesp. 211
Referencesp. 213
Technical Data Gatheringp. 215
Technical Threats and Safeguardsp. 215
Information Controlp. 215
Business Continuityp. 220
System Securityp. 221
Secure Architecturep. 223
Componentsp. 226
Configurationp. 228
Data Securityp. 229
The RIIOT Method: Technical Data Gatheringp. 230
Review Technical Documentsp. 230
Interview Technical Personnelp. 245
Inspect Technical Security Controlsp. 247
Observe Technical Personnel Behaviorp. 259
Test Technical Security Controlsp. 259
Notesp. 280
Referencesp. 282
Physical Data Gatheringp. 285
Physical Threats and Safeguardsp. 286
Utilities and Interior Climatep. 286
Firep. 292
Flood and Water Damagep. 302
Lightningp. 305
Earthquakesp. 306
Volcanoesp. 307
Landslidesp. 307
Hurricanesp. 308
Tornadoesp. 308
Natural Hazards Summaryp. 308
Human Threats to Physical Securityp. 310
The RIIOT Method: Physical Data Gatheringp. 322
Review Physical Documentsp. 324
Interview Physical Personnelp. 330
Inspect Physical Security Controlsp. 332
Observe Physical Personnel Behaviorp. 341
Test Physical Security Safeguardsp. 344
Notesp. 350
Referencesp. 351
Security Risk Analysisp. 353
Determining Riskp. 353
Uncertainty and Reducing Uncertaintyp. 354
Creating Risk Statementsp. 362
Team Review of Security Risk Statementsp. 363
Obtaining Consensusp. 363
Deriving Overall security Riskp. 365
Notesp. 365
Referencesp. 366
Security Risk Mitigationp. 367
Selecting Safeguardsp. 367
Safeguard Solution Setsp. 368
Safeguard Cost Calculationsp. 369
Justifying Safeguard Selectionsp. 370
Establishing Risk Parametersp. 375
Notesp. 375
Referencesp. 376
Security Risk Assessment Reportingp. 377
Cautions in Reportingp. 377
Pointers in Reportingp. 379
Report Structurep. 380
Executive-Level Reportp. 380
Base Reportp. 380
Appendices and Exhibitsp. 381
Document Review Methodology: Create the Report Using a Top-Down Approachp. 382
Document Specificationp. 383
Draftp. 384
Finalp. 384
Assessment Briefp. 387
Action Planp. 387
Notesp. 388
Referencesp. 388
Security Risk Assessment Project Managementp. 389
Project Planningp. 389
Project Definitionp. 389
Project Planning Detailsp. 390
Project Resourcesp. 393
Project Trackingp. 405
Hours Trackingp. 405
Calendar Time Trackingp. 406
Project Progress Trackingp. 407
Taking Corrective Measuresp. 407
Obtaining More Resourcesp. 407
Using Management Reservep. 408
Project Status Reportingp. 411
Report Detailp. 411
Report Frequencyp. 412
Status Report Contentp. 412
Project Conclusion and Wrap-Upp. 412
Eliminating "Scope Creep"p. 413
Eliminating Project Run-Onp. 413
Notesp. 413
Referencep. 414
Security Risk Assessment Approachesp. 415
Quantitative vs. Qualitative Analysisp. 416
Quantitative Analysisp. 417
Qualitative Analysisp. 423
Toolsp. 426
Listsp. 426
Templatesp. 426
Security Risk Assessment Methodsp. 427
FAA Security Risk Management Processp. 427
OCTAVEp. 427
FRAPp. 430
CRAMMp. 430
NSA IAMp. 430
Notesp. 430
Referencesp. 431
Relevant Standards and Regulationsp. 433
GAISPp. 433
CobiTp. 435
ISO 17799p. 436
NIST Handbookp. 439
Management Controlsp. 439
Operational Controlsp. 440
Technical Controlsp. 441
HIPAA: Securityp. 441
Administrative Safeguardsp. 442
Physical Safeguardsp. 448
Technical Safeguardsp. 450
Gramm-Leach-Bliley Act (GLB Act)p. 451
Notesp. 453
Indexp. 455
Table of Contents provided by Ingram. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program