My Account
Log in Registration
All
Cart
Highlights
Fiction Books
Non-Fiction Books
Children's Books
Rare Books
Music
DVD & Blu-Ray
Video Games
Category
Wishlists
Cart
All
Free US shipping over $10
Trustpilot
Proud to be B-Corp

Information Security Risk Management for ISO 27001/ISO27002 A. Calder

Information Security Risk Management for ISO 27001/ISO27002 By A. Calder

Information Security Risk Management for ISO 27001/ISO27002 by A. Calder

Reviews:
$44.19
Condition - New
Only 2 left
New

Summary

This book provides information security and risk management teams with detailed, practical guidance on how to develop and implement a risk assessment in line with the requirements of ISO27001. Drawing on international best practice including ISO/IEC 27005 and BS7799-3, the book explains in detail how to do an information security risk assessment.

Information Security Risk Management for ISO 27001/ISO27002 Summary

Information Security Risk Management for ISO 27001/ISO27002 by A. Calder

The changing global economy, together with recent corporate and IT governance developments, all provide the context within which organisations have to assess risks to the information assets on which their organisations, and the delivery of their business plan objectives, depend. Information security management decisions are entirely driven by specific decisions made as an outcome of a risk assessment process in relation to identified risks and specific information assets. Risk assessment is, therefore, the core competence of information security management.

About A. Calder

Alan Calder is the founder director of IT Governance Ltd. He has many years of senior management and board-level experience in the private and public sectors. Steve G Watkins leads the consultancy and training services of IT Governance Ltd. He has over 20 years' experience of managing integrated management systems. He is a trained ISO27001 and ISO9000 auditor and an ISMS expert for UKAS.

Table of Contents

Introduction Chapter 1: Risk Management Risk management: two phases Enterprise risk management Chapter 2: Risk Assessment Methodologies Publicly available risk assessment standards Qualitative versus quantitative Quantitative risk analysis Qualitative risk analysis - the ISO27001 approach Other risk assessment methodologies Chapter 3: Risk Management Objectives Risk acceptance or tolerance Information security risk management objectives Risk management and PDCA Chapter 4: Roles and Responsibilities Senior management commitment The (lead) risk assessor Other roles and responsibilities Chapter 5: Risk Assessment Software Gap analysis tools Vulnerability assessment tools Penetration testing Risk assessment tools Risk assessment tool descriptions Chapter 6: Information Security Policy and Scoping Information security policy Scope of the ISMS Chapter 7: The ISO27001 Risk Assessment Overview of the risk assessment process Chapter 8: Information Assets Assets within the scope Grouping of assets Asset dependencies Asset owners Sensitivity classification Are vendors assets? What about duplicate copies and backups? Identification of existing controls Chapter 9: Threats and Vulnerabilities Threats Vulnerabilities Technical vulnerabilities Chapter 10: Impact and Asset Valuation Impacts Defining impact Estimating impact The asset valuation table Business, legal and contractual impact values Reputation damage Chapter 11: Likelihood Risk analysis Information to support assessments Chapter 12: Risk Level The risk scale Boundary calculations Mid-point calculations Chapter 13: Risk Treatment and the Selection of Controls Types of controls Risk assessment and existing controls Residual risk Risk transfer Optimising the solution Chapter 14: The Statement of Applicability Drafting the Statement of Applicability Chapter 15: The Gap Analysis and Risk Treatment Plan Gap analysis Risk Treatment Plan Chapter 16: Repeating and Reviewing the Risk Assessment Appendix 1: Carrying out an ISO27001 Risk Assessment using vsRiskA' How the tool actually works Training requirements Start using vsRiskA' for your risk assessment Identify the assets Identify the risks Assess the risks Identify and evaluate options for the treatment of risks Select control objectives and controls for treatment of the risks Appendix 2: ISO27001 Implementation Resources Books by the Same Authors ITG Resources

Additional information

NLS9781849280433
9781849280433
1849280436
Information Security Risk Management for ISO 27001/ISO27002 by A. Calder
A. Calder
New
Paperback
IT Governance Publishing
2010-04-27
198
N/A
Book picture is for illustrative purposes only, actual binding, cover or edition may vary.
This is a new book - be the first to read this copy. With untouched pages and a perfect binding, your brand new copy is ready to be opened for the first time

Customer Reviews - Information Security Risk Management for ISO 27001/ISO27002