The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments provides detailed insight into precisely how to conduct an information security risk assessment. Designed for security professionals and their customers who want a more in-depth understanding of the risk assessment process, this volume contains real-world advice that promotes professional development. It also enables security consumers to better negotiate the scope and rigor of a security assessment, effectively interface with a security assessment team, deliver insightful comments on a draft report, and have a greater understanding of final report recommendations.
This book can save time and money by eliminating guesswork as to what assessment steps to perform, and how to perform them. In addition, the book offers charts, checklists, examples, and templates that speed up data gathering, analysis, and document development. By improving the efficiency of the assessment process, security consultants can deliver a higher-quality service with a larger profit margin.
The text allows consumers to intelligently solicit and review proposals, positioning them to request affordable security risk assessments from quality vendors that meet the needs of their organizations.
|2||Information security risk assessment basics||27|
|4||Security risk assessment preparation||77|
|6||Administrative data gathering||151|
|7||Technical data gathering||215|
|8||Physical data gathering||285|
|9||Security risk analysis||353|
|10||Security risk mitigation||367|
|11||Security risk assessment reporting||377|
|12||Security risk assessment project management||389|
|13||Security risk assessment approaches||415|