Title Information Risk Management
Subtitle A Practitioner’s Guide
Author David Sutton
ISBN 9781780172651
List price Rs 995.00
Price outside India Available on Request
Original price
Binding Paperback
No of pages 244
Book size 159 x 235 mm
Publishing year 2016
Original publisher BCS, The Chartered Institute for IT
Published in India by BCS, The Chartered Institute for IT
Exclusive distributors Viva Books Private Limited
Sales territory India, Sri Lanka, Bangladesh, Pakistan, Nepal, .
Status In Stock
About the book
  
 

Reviews:

‘An extremely useful and readable book for those entering this discipline and indeed those practitioners wishing to have an invaluable reference resource sitting on their bookshelf. Highly recommended.’
-John Hughes, Member of the InfoSec Skills Faculty, Director, SecID Consultant

Information is the 21st century’s new gold and protecting such a volatile asset is a tremendous challenge. This book provides many keys to understanding important concepts and possible approaches for mitigating the associated risks.’
-Lionel Dupré, Networks and Information Security Expert, ENISA

Description:

Increasingly, organisations rely on information for their day-to-day operations, and its loss or unavailability of information can mean the difference between success and ruin.
Information risk management is about identifying, assessing and prioritising risks to keep information secure and available. This book is a practical guide to understanding the principles and help the reader develop a strategic approach to effective information risk management.
  • Provides the tools and techniques required to conduct a successful IRM programme
  • Includes a chapter on applying IRM in the public sector
  • The only textbook for the BCS Practitioner Certificate in Information Risk Management

Contents:

List of figures and tables • Author • Acknowledgements • Abbreviations • Definitions, standards and glossary of terms • Preface

Chapter 1. THE NEED FOR INFORMATION RISK MANAGEMENT
Introduction • What is information? • The information life cycle • Who should use information risk management? • The legal framework • The context of risk in the organisation • The benefits of taking account of information risk • Overview of the information risk management process

Chapter 2. REVIEW OF INFORMATION SECURITY FUNDAMENTALS
Information Classification • Plan, Do, Check, Act

Chapter 3. THE INFORMATION RISK MANAGEMENT PROGRAMME
Goals, scope and objectives • Roles and responsibilities • Governance of the risk management programme • Information risk management criteria

Chapter 4. RISK IDENTIFICATION
The approach to risk identification • Impact assessment • Types of impact • Qualitative and quantitative assessments

Chapter 5. THREAT AND. VULNERABILITY ASSESSMENT
Conducting threat assessments • Conducting vulnerability assessments • Identification of existing controls.

Chapter 6. RISK ANALYSIS AND RISK EVALUATION
Assessment of likelihood • Risk analysis • Risk evaluation

Chapter 7. RISK TREATMENT
Strategic risk options • Tactical risk management controls • Operational risk management controls • Examples of critical controls and control categories

Chapter 8. RISK REPORTING AND PRESENTATION
Business cases • Risk treatment decision-making • Risk treatment planning and implementation • Business continuity and disaster recovery

Chapter 9. COMMUNICATION, CONSULTATION, MONITORING AND REVIEW
Communication • Consultation • Risk reviews and monitoring

Chapter 10. THE CESG IA CERTIFICATION SCHEME
The CESG IA Certification Scheme • Skills Framework for the Information Age (SFIA) • The IISP Information Security Skills Framework

Chapter 11. HMG SECURITY-RELATED DOCUMENTS
HMG Security Policy Framework • UK Government Security Classifications

APPENDIX A TAXONOMIES AND DESCRIPTIONS
Information risk • Typical impacts or consequences

APPENDIX B TYPICAL THREATS AND HAZARDS
Malicious intrusion (hacking) • Environmental threats • Errors and failures • Social engineering • Misuse and abuse • Physical threats • Malware

APPENDIX C TYPICAL VULNERABILITIES
Access control • Poor procedures • Physical and environmental security • Communications and operations management • People-related security failures

APPENDIX D INFORMATION RISK CONTROLS
Strategic controls • Tactical controls • Operational controls • Critical Security Controls Version 5.0 • ISO/IEC 27001 controls • NIST Special Publication 800-53 Revision 4

APPENDIX E METHODOLOGIES, GUIDELINES AND TOOLS

Methodologies • Other guidelines and tools

APPENDIX F TEMPLATES

APPENDIX G HMG CYBER SECURITY GUIDELINES

HMG Cyber Essentials Scheme • 10 Steps to Cyber Security

APPENDIX H REFERENCES AND FURTHER READING
Primary UK legislation • Good Practice Guidelines • Other reference material • CESG Certified Professional Scheme • Other UK Government publications • Risk management methodologies • News articles etc. • UK and international standards
Index

About the Author:

David Sutton
’s career in IT spans nearly 50 years and includes voice and data networking, information security and critical information infrastructure protection. He delivers an annual lecture on business continuity at Royal Holloway University of London from where he holds an MSc in Information Security. He is also a co-author of Information Security Management Principles (2nd edition).

Target Audience:

Support material for BCS Practitioner Certificate in Information Risk Management, also helpful for the professionals conducting IRM programme.

 
Special offered prices are applicable to the authorised sales territory and for online purchases only.
No discount is applicable to special offered prices. Prices are subject to change without prior notice.