A veteran of computer technology and especially computer security, Peltier presents a variety of concepts and ideas about risk analysis, and demonstrates how they can be used. He covers risk management, the risk assessment process, quantitative versus qualitative approaches, other forms of qualitative risk assessment, the facilitated risk analysis and assessment process and variations on it, mapping controls, and business impact analysis. He also asks such questions as why, when, how, and by whom a risk analysis should be undertaken. No date is noted for the first edition. Distributed in the US by CRC. Annotation ©2005 Book News, Inc., Portland, OR (booknews.com)
Read More
The risk management process supports executive decision-making, allowing managers and owners to perform their fiduciary responsibility of protecting the assets of their enterprises. This crucial process should not be a long, drawn-out affair. To be effective, it must be done quickly and efficiently.Information Security Risk Analysis, Second Edition enables CIOs, CSOs, and MIS managers to understand when, why, and how risk assessments and analyses can be conducted effectively. This book discusses the principle of risk management and its three key elements: risk analysis, risk assessment, and vulnerability assessment. It examines the differences between quantitative and qualitative risk assessment, and details how various types of qualitative risk assessment can be applied to the assessment process. The text offers a thorough discussion of recent changes to FRAAP and the need to develop a pre-screening method for risk assessment and business impact analysis.
Read Less