Book description
Using the factor analysis of information risk (FAIR) methodology developed over ten years and adopted by corporations worldwide, Measuring and Managing Information Risk provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity. Intended for organizations that need to either build a risk management program from the ground up or strengthen an existing one, this book provides a unique and fresh perspective on how to do a basic quantitative risk analysis. Covering such key areas as risk theory, risk calculation, scenario modeling, and communicating risk within the organization, Measuring and Managing Information Risk helps managers make better business decisions by understanding their organizational risk.
- Uses factor analysis of information risk (FAIR) as a methodology for measuring and managing risk in any organization.
- Carefully balances theory with practical applicability and relevant stories of successful implementation.
- Includes examples from a wide variety of businesses and situations presented in an accessible writing style.
Table of contents
- Cover image
- Title page
- Table of Contents
- Copyright
- Acknowledgments by Jack Jones
- About the Authors
- Preface by Jack Jones
- Preface by Jack Freund
- Chapter 1. Introduction
- Chapter 2. Basic Risk Concepts
- Chapter 3. The FAIR Risk Ontology
- Chapter 4. FAIR Terminology
- Chapter 5. Measurement
- Chapter 6. Analysis Process
-
Chapter 7. Interpreting Results
- What do these numbers mean? (How to interpret FAIR results)
- Understanding the results table
- Vulnerability
- Percentiles
- Understanding the histogram
- Understanding the scatter plot
- Qualitative scales
- Heatmaps
- Splitting heatmaps
- Splitting by organization
- Splitting by loss type
- Special risk conditions
- Unstable conditions
- Fragile conditions
- Troubleshooting results
-
Chapter 8. Risk Analysis Examples
- Overview
- Inappropriate access privileges
- Privileged insider/snooping/confidentiality
- Privileged insider/malicious/confidentiality
- Cyber criminal/malicious/confidentiality
- Unencrypted internal network traffic
- Privileged insider/confidentiality
- Nonprivileged insider/malicious
- Cyber criminal/malicious
- Website denial of service
- Analysis
- Basic attacker/availability
- Chapter 9. Thinking about Risk Scenarios Using FAIR
- Chapter 10. Common Mistakes
- Chapter 11. Controls
- Chapter 12. Risk Management
- Chapter 13. Information Security Metrics
- Chapter 14. Implementing Risk Management
- Index
Product information
- Title: Measuring and Managing Information Risk
- Author(s):
- Release date: August 2014
- Publisher(s): Butterworth-Heinemann
- ISBN: 9780127999326
You might also like
book
Managing Risk in Information Systems, 2nd Edition
PART OF THE JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES Revised and updated …
book
Managing Risk in Information Systems, 3rd Edition
Revised and updated with the latest data in the field, the Second Edition of Managing Risk …
book
Mastering Risk Management
Tony Blunden is an Executive Director of Chase Cooper Limited, a risk management solutions company that …
book
Risk Management for Events, 2nd Edition
Risk Management for Events is a comprehensive and practical guide that supports academic and professional development …