Information Risk Management, 2nd edition
by David Sutton
- Length: 242 pages
- Edition: 2
- Language: English
- Publisher: BCS
- Publication Date: 2021-09-27
- ISBN-10: 1780175728
- ISBN-13: 9781780175720
- Sales Rank: #0 (See Top 100 Books)
Information risk management (IRM) is about identifying, assessing, prioritising and treating risks to keep information secure and available. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. It is the only textbook for the BCS Practitioner Certificate in Information Risk Management and this new edition reflects recent changes to the syllabus and to the wider discipline.
Front Cover Half-Title Page BCS, The Chartered Institute for It Title Page Copyright Page Dedication Contents List of figures and tables Author Other works by the author Acknowledgements Abbreviations Preface 1. The Need for Information Risk Management What is information? Who should use information risk management? The legal framework The context of risk in the organisation Hot topics to consider in information risk management The benefits of taking account of information risk Overview of the information risk management process Summary 2. Review of Information Security Fundamentals Information classification Plan-Do-Check-Act Summary 3. The Information Risk Management Programme Goals, scope and objectives Roles and responsibilities Governance of the risk management programme Information risk management criteria Summary 4. Risk Identification The risk identification process The approach to risk identification Impact assessment Summary 5. Threat and Vulnerability Assessment Conducting threat assessments Conducting vulnerability assessments Identification of existing controls Summary 6. Risk Analysis and Risk Evaluation Assessment of likelihood Risk analysis Risk evaluation Summary 7. Risk Treatment Strategic risk options Tactical risk management controls Operational risk management controls Examples of critical controls and control categories Summary 8. Risk Reporting and Presentation Business cases Risk treatment decision-making Risk treatment planning and implementation Business continuity and disaster recovery Disaster recovery failover testing Summary 9. Communication, Consultation, Monitoring and Review Skills required for an information risk programme manager Communication Consultation Risk reviews and monitoring Summary 10. The NCSC Certified Professional Scheme SFIA The CIISec skills framework Summary 11. HMG Security-Related Documents HMG Security Policy Framework The National Security Strategy CONTEST, the United Kingdom’s Strategy for Countering Terrorism The Minimum Cyber Security Standard The UK Cyber Security Strategy 2016– UK government security classifications Summary Appendix A – Taxonomies and Descriptions Information risk Typical impacts or consequences Appendix B – Typical Threats and Hazards Malicious intrusion (hacking) Environmental threats Errors and failures Social engineering Misuse and abuse Physical threats Malware Appendix C – Typical Vulnerabilities Access control Poor procedures Physical and environmental security Communications and operations management People-related security failures Appendix D – Information Risk Controls Strategic controls Tactical controls Operational controls The Centre for Internet Security Controls Version ISO/IEC 27001:2017 controls NIST Special Publication 800-53 Revision Appendix E – Methodologies, Guidelines and Tools Methodologies Other guidelines and tools Appendix F – Templates Appendix G – Hmg Cybersecurity Guidelines HMG Cyber Essentials Scheme 10 Steps to Cyber Security Appendix H – References and Further Reading Primary UK legislation Good Practice Guidelines Other reference material NCSC Certified Professional Scheme Other UK government publications Risk management methodologies UK and international standards Appendix I – Definitions, standards and glossary of terms Definitions and glossary of terms Information risk management standards Index Back Cover
Donate to keep this site alive
To access the Link, solve the captcha.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.