Book description
Using the factor analysis of information risk (FAIR) methodology developed over ten years and adopted by corporations worldwide, Measuring and Managing Information Risk provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity. Intended for organizations that need to either build a risk management program from the ground up or strengthen an existing one, this book provides a unique and fresh perspective on how to do a basic quantitative risk analysis. Covering such key areas as risk theory, risk calculation, scenario modeling, and communicating risk within the organization, Measuring and Managing Information Risk helps managers make better business decisions by understanding their organizational risk.
- Uses factor analysis of information risk (FAIR) as a methodology for measuring and managing risk in any organization.
- Carefully balances theory with practical applicability and relevant stories of successful implementation.
- Includes examples from a wide variety of businesses and situations presented in an accessible writing style.
Table of contents
- Cover image
- Title page
- Table of Contents
- Copyright
- Acknowledgments by Jack Jones
- About the Authors
- Preface by Jack Jones
- Preface by Jack Freund
- Chapter 1. Introduction
- Chapter 2. Basic Risk Concepts
- Chapter 3. The FAIR Risk Ontology
- Chapter 4. FAIR Terminology
- Chapter 5. Measurement
- Chapter 6. Analysis Process
-
Chapter 7. Interpreting Results
- What do these numbers mean? (How to interpret FAIR results)
- Understanding the results table
- Vulnerability
- Percentiles
- Understanding the histogram
- Understanding the scatter plot
- Qualitative scales
- Heatmaps
- Splitting heatmaps
- Splitting by organization
- Splitting by loss type
- Special risk conditions
- Unstable conditions
- Fragile conditions
- Troubleshooting results
-
Chapter 8. Risk Analysis Examples
- Overview
- Inappropriate access privileges
- Privileged insider/snooping/confidentiality
- Privileged insider/malicious/confidentiality
- Cyber criminal/malicious/confidentiality
- Unencrypted internal network traffic
- Privileged insider/confidentiality
- Nonprivileged insider/malicious
- Cyber criminal/malicious
- Website denial of service
- Analysis
- Basic attacker/availability
- Chapter 9. Thinking about Risk Scenarios Using FAIR
- Chapter 10. Common Mistakes
- Chapter 11. Controls
- Chapter 12. Risk Management
- Chapter 13. Information Security Metrics
- Chapter 14. Implementing Risk Management
- Index
Product information
- Title: Measuring and Managing Information Risk
- Author(s):
- Release date: August 2014
- Publisher(s): Butterworth-Heinemann
- ISBN: 9780127999326
You might also like
book
Enterprise Risk Management, 2nd Edition
Unlock the incredible potential of enterprise risk management There has been much evolution in terms of …
book
Mastering Risk Management
Tony Blunden is an Executive Director of Chase Cooper Limited, a risk management solutions company that …
book
Risk Management for Events, 2nd Edition
Risk Management for Events is a comprehensive and practical guide that supports academic and professional development …
book
The Failure of Risk Management, 2nd Edition
A practical guide to adopting an accurate risk analysis methodology The Failure of Risk Management provides …