Book description
PART OF THE JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES
Revised and updated with the latest data in the field, the Second Edition of Managing Risk in Information Systems provides a comprehensive overview of the SSCP® Risk, Response, and Recovery Domain in addition to providing a thorough overview of risk management and its implications on IT infrastructures and compliance. Written by industry experts, and using a wealth of examples and exercises, this book incorporates hands-on activities to walk the reader through the fundamentals of risk management, strategies and approaches for mitigating risk, and the anatomy of how to create a plan that reduces risk.
Instructor's Material for Managing Risk in Information Systems include:
PowerPoint Lecture Slides
Instructor's Guide
Course Syllabus
Quiz & Exam Questions
Case Scenarios/Handouts
Table of contents
- Cover
- Title Page
- Copyright
- Contents
- Dedication
- Preface
- Acknowledgments
- About the Author
-
Part One: Risk Management Business Challenges
- Chapter 1 Risk Management Fundamentals
- Chapter 2 Managing Risk: Threats, Vulnerabilities, and Exploits
-
Chapter 3 Maintaining Compliance
- U.S. Compliance Laws
- Regulations Related to Compliance
- Organizational Policies for Compliance
-
Standards and Guidelines for Compliance
- Payment Card Industry Data Security Standard
- National Institute of Standards and Technology
- Generally Accepted Information Security Principles
- Control Objectives for Information and Related Technology
- International Organization for Standardization
- International Electrotechnical Commission
- Information Technology Infrastructure Library
- Capability Maturity Model Integration
- Department of Defense Information Assurance Certification and Accreditation Process
- Chapter Summary
- Key Concepts and Terms
- Chapter 3 Assessment
-
Chapter 4 Developing a Risk Management Plan
- Objectives of a Risk Management Plan
- Scope of a Risk Management Plan
- Assigning Responsibilities
- Describing Procedures and Schedules for Accomplishment
- Reporting Requirements
- Plan of Action and Milestones
- Charting the Progress of a Risk Management Plan
- Chapter Summary
- Key Concepts and Terms
- Chapter 4 Assessment
-
Part Two: Mitigating Risk
- Chapter 5 Defining Risk Assessment Approaches
-
Chapter 6 Performing a Risk Assessment
- Selecting a Risk Assessment Methodology
- Identifying the Management Structure
- Identifying Assets and Activities Within Risk Assessment Boundaries
- Identifying and Evaluating Relevant Threats
- Identifying and Evaluating Relevant Vulnerabilities
- Identifying and Evaluating Countermeasures
- Selecting a Methodology Based on Assessment Needs
- Developing Mitigating Recommendations
- Presenting Risk Assessment Results
- Best Practices for Performing Risk Assessments
- Chapter Summary
- Key Concepts and Terms
- Chapter 6 Assessment
-
Chapter 7 Identifying Assets and Activities to Be Protected
- System Access and Availability
- System Functions: Manual and Automated
- Hardware Assets
- Software Assets
- Personnel Assets
- Data and Information Assets
- Asset and Inventory Management Within the Seven Domains of a Typical IT Infrastructure
- Identifying Facilities and Supplies Needed to Maintain Business Operations
- Chapter Summary
- Key Concepts and Terms
- Chapter 7 Assessment
-
Chapter 8 Identifying and Analyzing Threats, Vulnerabilities, and Exploits
- Threat Assessments
-
Vulnerability Assessments
- Documentation Review
- Review of System Logs, Audit Trails, and Intrusion Detection System Outputs
- Vulnerability Scans and Other Assessment Tools
- Audits and Personnel Interviews
- Process Analysis and Output Analysis
- System Testing
- Best Practices for Performing Vulnerability Assessments Within the Seven Domains of a Typical IT Infrastructure
- Exploit Assessments
- Chapter Summary
- Key Concepts and Terms
- Chapter 8 Assessment
- Chapter 9 Identifying and Analyzing Risk Mitigation Security Controls
-
Chapter 10 Planning Risk Mitigation Throughout Your Organization
- Where Should Your Organization Start with Risk Mitigation?
- What Is the Scope of Risk Management for Your Organization?
- Understanding and Assessing the Impact of Legal and Compliance Issues on Your Organization
- Translating Legal and Compliance Implications for Your Organization
- Assessing the Impact of Legal and Compliance Implications on the Seven Domains of a Typical IT Infrastructure
- Assessing How Security Countermeasures and Safeguards Can Assist with Risk Mitigation
- Understanding the Operational Implications of Legal and Compliance Requirements
- Identifying Risk Mitigation and Risk Reduction Elements for the Entire Organization
- Performing a Cost-Benefit Analysis
- Best Practices for Planning Risk Mitigation Throughout Your Organization
- Chapter Summary
- Key Concepts and Terms
- Chapter 10 Assessment
-
Chapter 11 Turning Your Risk Assessment into a Risk Mitigation Plan
- Reviewing the Risk Assessment for Your IT Infrastructure
- Translating Your Risk Assessment into a Risk Mitigation Plan
- Prioritizing Risk Elements That Require Risk Mitigation
- Verifying Risk Elements and How These Risks Can Be Mitigated
- Performing a Cost-Benefit Analysis on the Identified Risk Elements
- Implementing a Risk Mitigation Plan
- Following Up on the Risk Mitigation Plan
- Best Practices for Enabling a Risk Mitigation Plan from Your Risk Assessment
- Chapter Summary
- Key Concepts and Terms
- Chapter 11 Assessment
-
Part Three: Risk Mitigation Plans
-
Chapter 12 Mitigating Risk with a Business Impact Analysis
- What Is a Business Impact Analysis?
- Defining the Scope of Your Business Impact Analysis
- Objectives of a Business Impact Analysis
- The Steps of a Business Impact Analysis Process
- Identifying Mission-Critical Business Functions and Processes
- Mapping Business Functions and Processes to IT Systems
- Best Practices for Performing a BIA for Your Organization
- Chapter Summary
- Key Concepts and Terms
- Chapter 12 Assessment
- Chapter 13 Mitigating Risk with a Business Continuity Plan
- Chapter 14 Mitigating Risk with a Disaster Recovery Plan
- Chapter 15 Mitigating Risk with a Computer Incident Response Team Plan
-
Chapter 12 Mitigating Risk with a Business Impact Analysis
- Appendix A: Answer Key
- Appendix B: Standard Acronyms
- Glossary of Key Terms
- References
- Index
Product information
- Title: Managing Risk in Information Systems, 2nd Edition
- Author(s):
- Release date: July 2014
- Publisher(s): Jones & Bartlett Learning
- ISBN: 9781284055962
You might also like
book
Managing Risk in Information Systems, 3rd Edition
Revised and updated with the latest data in the field, the Second Edition of Managing Risk …
book
Enterprise Risk Management, 2nd Edition
Unlock the incredible potential of enterprise risk management There has been much evolution in terms of …
book
Managing Risk and Information Security: Protect to Enable, Second Edition
Examine the evolving enterprise security landscape and discover how to manage and survive risk. While based …
book
Information Security Management Principles - Second edition
Commercial, personal and sensitive information is very hard to keep secure, and technological solutions are not …