Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010196949 | HD61 P44 2009 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Successful security professionals have had to modify the process of responding to new threats in the high-profile, ultra-connected business environment. But just because a threat exists does not mean that your organization is at risk. This is what risk assessment is all about. How to Complete a Risk Assessment in 5 Days or Less demonstrates how to identify threats your company faces and then determine if those threats pose a real risk to the organization.
To help you determine the best way to mitigate risk levels in any given situation, How to Complete a Risk Assessment in 5 Days or Less includes more than 350 pages of user-friendly checklists, forms, questionnaires, and sample assessments.
Presents Case Studies and Examples of all Risk Management Components
Based on the seminars of information security expert Tom Peltier, this volume provides the processes that you can easily employ in your organization to assess risk.
Answers such FAQs as:
Why should a risk analysis be conducted? Who should review the results? How is the success measured?Always conscious of the bottom line, Peltier discusses the cost-benefit of risk mitigation and looks at specific ways to manage costs. He supports his conclusions with numerous case studies and diagrams that show you how to apply risk management skills in your organization--and it's not limited to information security risk assessment. You can apply these techniques to any area of your business. This step-by-step guide to conducting risk assessments gives you the knowledgebase and the skill set you need to achieve a speedy and highly-effective risk analysis assessment in a matter of days.
Author Notes
Peltier, Thomas R.
Table of Contents
| Acknowledgments | p. xi |
| About the Author | p. xiii |
| Introduction | p. xv |
| 1 The Facilitated Risk Analysis and Assessment Process (FRAAP) | p. 1 |
| 1.1 Introduction | p. 1 |
| 1.2 FRAAP Overview | p. 2 |
| 1.3 FRAAP History | p. 3 |
| 1.4 Introducing the FRAAP | p. 5 |
| 1.4.1 Key Concepts | p. 6 |
| 1.5 The Pre-FRAAP Meeting | p. 8 |
| 1.5.1 Pre-FRAAP Meeting Checklist | p. 13 |
| 1.5.2 Pre-FRAAP Meeting Summary | p. 18 |
| 1.6 The FRAAP Session | p. 18 |
| 1.6.1 Overview | p. 18 |
| 1.6.2 FRAAP Session Introduction | p. 19 |
| 1.6.3 FRAAP Session Talking Points | p. 20 |
| 1.6.4 FRAAP Threats Identification | p. 22 |
| 1.6.5 Identifying Threats Using a Checklist | p. 25 |
| 1.6.6 Identifying Existing Controls | p. 26 |
| 1.6.7 Establishing Risk Levels | p. 26 |
| 1.6.8 Residual Risk | p. 30 |
| 1.7 Using a Threats Identification Checklist | p. 38 |
| 1.7.1 FRAAP Session Summary | p. 43 |
| 1.8 Post-FRAAP Process | p. 47 |
| 1.8.1 Complete the Action Plan | p. 50 |
| 1.9 Conclusion | p. 54 |
| 2 Risk Analysis (Project Impact Analysis) | p. 57 |
| 2.1 Overview | p. 57 |
| 2.2 The Difference between Risk Analysis and Risk Assessment | p. 57 |
| 2.3 Risk Analysis and Due Diligence | p. 58 |
| 2.4 Risk Assessment and Fiduciary Duty | p. 58 |
| 2.5 Performing a Risk Analysis | p. 59 |
| 2.6 Risk Analysis Elements | p. 61 |
| 2.7 Other Considerations | p. 62 |
| 2.8 When to Conduct a Risk Analysis | p. 64 |
| 2.9 Final Words | p. 64 |
| 2.10 Sample Risk Analysis Questionnaire | p. 65 |
| 2.11 Sample Risk Analysis Report Outline | p. 65 |
| 3 Pre-Screening | p. 67 |
| 3.1 Introduction | p. 67 |
| 3.2 Background | p. 71 |
| 3.2.1 Pre-Screening Example 1 | p. 71 |
| 3.2.2 Pre-Screening Example 2 | p. 73 |
| 3.2.3 Pre-Screening Example 3 | p. 75 |
| 3.2.4 Pre-Screening Example 4 | p. 78 |
| 3.3 Summary | p. 78 |
| 4 Business Impact Analysis | p. 81 |
| 4.1 Overview | p. 81 |
| 4.2 BIA versus Risk Assessment | p. 82 |
| 4.3 Creating a BIA Process | p. 83 |
| 4.4 Creating the Financial Impact Table | p. 84 |
| 4.5 Working the BIA Process | p. 86 |
| 4.6 Additional Examples | p. 88 |
| 4.7 Objectives of the BIA | p. 93 |
| 4.8 Using Questionnaires for a BIA | p. 93 |
| 4.9 Data Collection and Analysis | p. 95 |
| 4.10 Prepare Management Presentation | p. 96 |
| 4.11 Final Thoughts | p. 97 |
| 5 Gap Analysis | p. 99 |
| 5.1 Introduction | p. 99 |
| 5.2 Background | p. 99 |
| 5.3 GAP Analysis Process | p. 100 |
| 5.3.1 Gap Analysis Example 1 | p. 103 |
| 5.3.2 Gap Analysis Example 2 | p. 106 |
| 5.3.3 How to Use the Self-Assessment Checklist | p. 107 |
| 5.4 Summary | p. 108 |
| Appendix A Facilitator Skills | p. 111 |
| Appendix B FRAAP Team Members | p. 117 |
| Introduction | p. 117 |
| The Risk Assessment Team | p. 118 |
| Conclusion | p. 123 |
| Appendix C Project Scope Statement | p. 125 |
| Overview | p. 125 |
| Summary | p. 128 |
| Appendix D Laws, Standards, and Regulations | p. 129 |
| Appendix E Frequently Asked Questions about Risk Management | p. 131 |
| Introduction | p. 131 |
| Is There a Difference between Risk Analysis and Risk Assessment? | p. 131 |
| Why Should a Risk Analysis Be Conducted? | p. 132 |
| When Should a Risk Assessment Be Conducted? | p. 132 |
| Who Should Conduct the Risk Assessment? | p. 133 |
| How Long Should a Risk Assessment Take? | p. 134 |
| What Can a Risk Analysis or Risk Assessment Analyze? | p. 134 |
| Who Should Review the Results of a Risk Analysis and Risk Assessment? | p. 134 |
| How Is the Success of the Risk Analysis Measured? | p. 135 |
| Summary | p. 135 |
| Appendix F Risk Analysis versus Risk Assessment | p. 137 |
| Overview | p. 137 |
| The Difference between Risk Analysis and Risk Assessment | p. 137 |
| Risk Analysis and Due Diligence | p. 138 |
| Risk Assessment and Fiduciary Duty | p. 138 |
| Conducting a Risk Assessment | p. 139 |
| Risk Assessment Timetable | p. 140 |
| Risk Assessment and Risk Analysis Results | p. 140 |
| Risk Management Metrics | p. 140 |
| Summary | p. 141 |
| Appendix G Sample Threat Checklist | p. 143 |
| Appendix H Sample BIA Questionnaire | p. 153 |
| Appendix I Sample Risk Assessment Management Summary Report | p. 251 |
| Risk Assessment Scope Summary | p. 252 |
| Assessment Methodology Used | p. 252 |
| Assessment Findings and Action Plan | p. 253 |
| Full Findings Documentation | p. 254 |
| Conclusion | p. 254 |
| Appendix J Project Scope Statement | p. 259 |
| Introduction | p. 259 |
| Project Statement | p. 260 |
| Specifications | p. 260 |
| Well-Defined Standards and Metrics | p. 262 |
| Summary | p. 263 |
| Appendix K Why Risk Assessments Fail | p. 265 |
| Scope Creep | p. 265 |
| Ineffective Project Team | p. 266 |
| Stating Concerns as How They Impact Security | p. 266 |
| Every Threat Is a Major Concern | p. 267 |
| Conclusion | p. 267 |
| Appendix L Gap Analysis Examples | p. 269 |
| Overview | p. 269 |
| Gap Analysis Using ISO 17799 | p. 270 |
| Answer the Following Questions | p. 270 |
| Gap Analysis Using Utility-Specific Standards | p. 298 |
| Gap Analysis Sample 3 Using Combination of Standards and Laws | p. 344 |
| Appendix M Control Lists | p. 399 |
| Overview | p. 399 |
| Appendix N Heat Charts | p. 423 |
| Index | p. 431 |
