Security Risk Assessment: Essential Reference Sources

Security Risk Assessment: Essential Reference Sources

Measuring and Managing Information Risk: A FAIR Approach

This book assists the reader in understanding how to put to use the Factor Analysis of Information Risk (FAIR) methodology. The book consists of topics on measuring and managing information risk and provides a framework for understanding, measuring, and analyzing information risk. Freund & Jones (2015) discuss a unique viewpoint on how to conduct the fundamental quantitative risk analysis. Areas covered in the book are risk philosophy, risk control, situation modeling, and communicating risk within the organization. The measurement and management of information risk, as Freund & Jones (2015) points out, assist management in making better business choices by understanding their organizational risk. This book will assist in the risk analysis and types of risk analysis areas of the paper.

Fundamentals of Information Systems Security

The book covers the fundamentals of information security. There are sections of the book that discuss risks, threats, and vulnerabilities associated with the Internet and computing systems. The topics include looking at how business, government, and individuals operate today. The second half of the book is drawn from the Systems Security Certified Practitioner (SSCP) Professional Certification from ISC2 and provides a broad synopsis of the seven domains within the System Security Certified Practitioner certification. The book goes on to provide additional information on security standards, education, professional certifications, and laws surrounding security compliance. Information concerning cloud computing, risk analysis, Agile Software Development, Information Systems Security laws, certificates, standards, amendments, and the proposed Federal Information Security Amendments Act of 2013.

The Security Risk Assessment Handbook

The book covers the information security risk assessment fundamentals and outlines how to define a project. The book describes the process of conducting an effective security assessment and describes the tools and the latest ways and understandings in selecting the security measures best suited to an organization. It defines the steps need to prepare a security risk assessment and how to gather administrative, technical and physical data. Then the book goes into the security risk analysis and mitigation. Finally, the last section discusses security risk assessment project management and a risk assessment approach.

Information Security Risk Analysis

The Information Security Risk Analysis book reveals how to identify threats an organization faces and then identifies if each threat poses a real risk to the organization. The book discusses the components of risk management are completely required at work in an organizations situation. The author goes on to explain how cost-benefit analysis is part of risk management and the analysis is performed during risk mitigation. One learns to draw an action plan to safeguard assets of an organization when the risk assessment is completed. There is a section on the difference between a gap analysis and a security assessment. Finally, the book presents case studies and samples of each the risk management areas.

Information Security Management

This book provides a broad overview of security auditing before examining the different components of the information security life cycle. The author explains the ISO 17799 standard and discusses the steps of conducting a small security audit that follows the standard. The book also delivers details on conducting a technical security audit which allows an organization to gain an ISO 27001 certification. There are sections in the book that addresses cybersecurity, security risk assessments, privacy rights, privacy standards, intrusion detection systems (IDS), security testing activities, cyber terrorism, and vulnerability assessments. The book includes a thorough security auditing methodology the reader can use to create and implement effective risk-driven security programs that include all the areas in the computing environment.

Information Security Risk Assessment Toolkit

For an organization to protect its information assets that can include sensitive client records, healthcare records or other information a security team first needs to find out what needs to be protected. This book assists in understanding what risks the assets are exposed to and what controls are in effect to offset those risks. The security team needs to be sure they focus attention on risk treatment. This is the actual importance and purpose of information security risk assessments. Successful risk assessments are expected to deliver a defensible analysis of the remaining risk associated with the organizations key assets so that risk treatment options can be explored. This book supplies one the tools and skills to produce a quick, reliable, and thorough risk assessment for key stakeholders. The book focuses on applying a process, rather than theory, that allows one to deliver a quick and valuable assessment.

References

Freund, J., & Jones, J. (2015). Measuring and managing information risk: A FAIR approach. Waltham, MA: Butterworth-Heinemann.

Kim, D., & Solomon, M. G. (2014). Fundamentals of information systems security (2nd ed.). Burlington, MA: Jones & Bartlett Learning.

Landoll, D. (2016). The security risk assessment handbook (2nd ed.). Boca Raton, FL: CRC Press.

Peltier, T. R. (2010). Information security risk analysis (3rd ed.). Boca Raton, FL: Auerbach Publications.

Raggad, B. (2010). Information security management: Concepts and practice. Boca Raton, FL: CRC Press.

Talabis, R. M., & Martin, J. L. (2013). Information security risk assessment toolkit: Practical assessments through data collection and data analysis. Waltham, MA: Syngress.