Information Risk Management 2nd Edition by David Sutton ISBN 9781780175720 1780175728

Information Risk Management 2nd Edition by David Sutton – Ebook PDF Instant Download/Delivery: 9781780175720 ,1780175728
Full download Information Risk Management 2nd Edition after payment

Product details:

ISBN 10: 1780175728
ISBN 13: 9781780175720
Author: David Sutton

Information Risk Management 2nd Edition Table of contents:

1. The Need for Information Risk Management

What is information?

Who should use information risk management?

The legal framework

The context of risk in the organisation

Hot topics to consider in information risk management

The benefits of taking account of information risk

Overview of the information risk management process

Summary

2. Review of Information Security Fundamentals

Information classification

Plan-Do-Check-Act

Summary

3. The Information Risk Management Programme

Goals, scope and objectives

Roles and responsibilities

Governance of the risk management programme

Information risk management criteria

Summary

4. Risk Identification

The risk identification process

The approach to risk identification

Impact assessment

Summary

5. Threat and Vulnerability Assessment

Conducting threat assessments

Conducting vulnerability assessments

Identification of existing controls

Summary

6. Risk Analysis and Risk Evaluation

Assessment of likelihood

Risk analysis

Risk evaluation

Summary

7. Risk Treatment

Strategic risk options

Tactical risk management controls

Operational risk management controls

Examples of critical controls and control categories

Summary

8. Risk Reporting and Presentation

Business cases

Risk treatment decision-making

Risk treatment planning and implementation

Business continuity and disaster recovery

Disaster recovery failover testing

Summary

9. Communication, Consultation, Monitoring and Review

Skills required for an information risk programme manager

Communication

Consultation

Risk reviews and monitoring

Summary

10. The NCSC Certified Professional Scheme

SFIA

The CIISec skills framework

Summary

11. HMG Security-Related Documents

HMG Security Policy Framework

The National Security Strategy

CONTEST, the United Kingdom’s Strategy for Countering Terrorism

The Minimum Cyber Security Standard

The UK Cyber Security Strategy 2016–

UK government security classifications

Summary

Appendix A – Taxonomies and Descriptions

Information risk

Typical impacts or consequences

Appendix B – Typical Threats and Hazards

Malicious intrusion (hacking)

Environmental threats

Errors and failures

Social engineering

Misuse and abuse

Physical threats

Malware

Appendix C – Typical Vulnerabilities

Access control

Poor procedures

Physical and environmental security

Communications and operations management

People-related security failures

Appendix D – Information Risk Controls

Strategic controls

Tactical controls

Operational controls

The Centre for Internet Security Controls Version

ISO/IEC 27001:2017 controls

NIST Special Publication 800-53 Revision

Appendix E – Methodologies, Guidelines and Tools

Methodologies

Other guidelines and tools

Appendix F – Templates

Appendix G – Hmg Cybersecurity Guidelines

HMG Cyber Essentials Scheme

10 Steps to Cyber Security

Appendix H – References and Further Reading

Primary UK legislation

Good Practice Guidelines

Other reference material

NCSC Certified Professional Scheme

Other UK government publications

Risk management methodologies

UK and international standards

Appendix I – Definitions, standards and glossary of terms

Definitions and glossary of terms

Information risk management standards

Index

People also search for Information Risk Management 2nd Edition:

    
best available information risk management
    
presidio information risk management
    
bcs practitioner certificate in information risk management
    
what does the information risk management process involve
    
objectives of information risk management

Tags: David Sutton, Information Risk Management