Introduces risk analysis techniques that can be used to identify and quantify both accidental and malicious threats to computer systems within an organization. The author walks through the qualitative risk analysis process using such techniques as the practical application of risk analysis (PARA) and the facilitated risk analysis process (FRAP). A case study of a truck rental company illustrates application of the method. The appendices provide a questionnaire and sample process forms. Annotation c. Book News, Inc., Portland, OR (booknews.com)
Read More
Risk is a cost of doing business. The question is, "What are the risks, and what are their costs?" Knowing the vulnerabilities and threats that face your organization's information and systems is the first essential step in risk management. Information Security Risk Analysis shows you how to use cost-effective risk analysis techniques to identify and quantify the threats--both accidental and purposeful--that your organization faces. The book steps you through the qualitative risk analysis process using techniques such as PARA (Practical Application of Risk Analysis) and FRAP (Facilitated Risk Analysis Process) to:Evaluate tangible and intangible risksUse the qualitative risk analysis processIdentify elements that make up a strong Business Impact AnalysisConduct risk analysis with confidenceManagement looks to you, its information security professional, to provide a process that allows for the systematic review of risk, threats, hazards, and concerns, and to provide cost-effective measures to lower risk to an acceptable level. You can find books that cover risk analysis for financial, environmental, and even software projects, but you will find none that apply risk analysis to information technology and business continuity planning or deal with issues of loss of systems configuration, passwords, information loss, system integrity, CPU cycles, bandwidth, and more. Information Security Risk Analysis shows you how to determine cost effective solutions for your organization's information technology.
Read Less