The Resource Information security risk management for ISO27001/ISO27002, Alan Calder, Steve G. Watkins, (electronic resource)

Information security risk management for ISO27001/ISO27002, Alan Calder, Steve G. Watkins, (electronic resource)

Label
Information security risk management for ISO27001/ISO27002
Title
Information security risk management for ISO27001/ISO27002
Statement of responsibility
Alan Calder, Steve G. Watkins
Creator
Contributor
Provider
Subject
Language
eng
Summary
Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software
Cataloging source
E7B
http://library.link/vocab/creatorDate
1957-
http://library.link/vocab/creatorName
Calder, Alan
Illustrations
illustrations
Index
no index present
LC call number
TK5105.59
LC item number
.C35 2010eb
Literary form
non fiction
Nature of contents
  • dictionaries
  • bibliography
http://library.link/vocab/relatedWorkOrContributorDate
1970-
http://library.link/vocab/relatedWorkOrContributorName
  • Watkins, Steve
  • JSTOR
http://library.link/vocab/subjectName
  • Computer networks
  • Computer networks
  • Risk management
  • COMPUTERS
  • COMPUTERS
  • COMPUTERS
  • Computer networks
Label
Information security risk management for ISO27001/ISO27002, Alan Calder, Steve G. Watkins, (electronic resource)
Instantiates
Publication
Bibliography note
Includes bibliographical references
Carrier category
online resource
Carrier category code
  • cr
Carrier MARC source
rdacarrier
Color
multicolored
Content category
text
Content type code
  • txt
Content type MARC source
rdacontent
Contents
Cover13; -- Contents -- Introduction -- Chapter 1: Risk Management -- Risk management: two phases -- Enterprise risk management -- Chapter 2: Risk Assessment Methodologies -- Publicly available risk assessment standards -- Qualitative versus quantitative -- Quantitative risk analysis -- Qualitative risk analysis 8211; the ISO27001 approach -- Other risk assessment methodologies -- Chapter 3: Risk Management Objectives -- Risk acceptance or tolerance -- Information security risk management objectives -- Risk management and PDCA -- Chapter 4: Roles and Responsibilities -- Senior management commitment -- The (lead) risk assessor -- Other roles and responsibilities -- Chapter 5: Risk Assessment Software -- Gap analysis tools -- Vulnerability assessment tools -- Penetration testing -- Risk assessment tools -- Risk assessment tool descriptions -- Chapter 6: Information Security Policy and Scoping -- Information security policy -- Scope of the ISMS -- Chapter 7: The ISO27001 Risk Assessment -- Overview of the risk assessment process -- Chapter 8: Information Assets -- Assets within the scope -- Grouping of assets -- Asset dependencies -- Asset owners -- Sensitivity classification -- Are vendors assets? -- What about duplicate copies and backups? -- Identification of existing controls -- Chapter 9: Threats and Vulnerabilities -- Threats -- Vulnerabilities -- Technical vulnerabilities -- Chapter 10: Impact and Asset Valuation -- Impacts -- Defining impact -- Estimating impact -- The asset valuation table -- Business, legal and contractual impact values -- Reputation damage -- Chapter 11: Likelihood -- Risk analysis -- Information to support assessments -- Chapter 12: Risk Level -- The risk scale -- Boundary calculations -- Mid-point calculations -- Chapter 13: Risk Treatment and the Selection of Controls -- Types of controls -- Risk assessment and existing controls -- Residual risk -- Risk transfer -- Optimising the solution -- Chapter 14: The Statement of Applicability -- Drafting the Statement of Applicability -- Chapter 15: The Gap Analysis and Risk Treatment Plan -- Gap analysis -- Risk Treatment Plan -- Chapter 16: Repeating and Reviewing the Risk Assessment -- Appendix 1: Carrying out an ISO27001 Risk Assessment using vsRisk8482; -- Appendix 2: ISO27001 Implementation Resources -- Books by the Same Authors -- ITG Resources
Dimensions
unknown
Extent
1 online resource (186 pages)
Form of item
online
Isbn
9781849280440
Media category
computer
Media MARC source
rdamedia
Media type code
  • c
Other physical details
color illustrations
Specific material designation
remote
Stock number
  • CL0500000268
  • 22573/ctt4k5d44
System control number
  • (OCoLC)742516936
  • (OCoLC)ocn742516936
Label
Information security risk management for ISO27001/ISO27002, Alan Calder, Steve G. Watkins, (electronic resource)
Publication
Bibliography note
Includes bibliographical references
Carrier category
online resource
Carrier category code
  • cr
Carrier MARC source
rdacarrier
Color
multicolored
Content category
text
Content type code
  • txt
Content type MARC source
rdacontent
Contents
Cover13; -- Contents -- Introduction -- Chapter 1: Risk Management -- Risk management: two phases -- Enterprise risk management -- Chapter 2: Risk Assessment Methodologies -- Publicly available risk assessment standards -- Qualitative versus quantitative -- Quantitative risk analysis -- Qualitative risk analysis 8211; the ISO27001 approach -- Other risk assessment methodologies -- Chapter 3: Risk Management Objectives -- Risk acceptance or tolerance -- Information security risk management objectives -- Risk management and PDCA -- Chapter 4: Roles and Responsibilities -- Senior management commitment -- The (lead) risk assessor -- Other roles and responsibilities -- Chapter 5: Risk Assessment Software -- Gap analysis tools -- Vulnerability assessment tools -- Penetration testing -- Risk assessment tools -- Risk assessment tool descriptions -- Chapter 6: Information Security Policy and Scoping -- Information security policy -- Scope of the ISMS -- Chapter 7: The ISO27001 Risk Assessment -- Overview of the risk assessment process -- Chapter 8: Information Assets -- Assets within the scope -- Grouping of assets -- Asset dependencies -- Asset owners -- Sensitivity classification -- Are vendors assets? -- What about duplicate copies and backups? -- Identification of existing controls -- Chapter 9: Threats and Vulnerabilities -- Threats -- Vulnerabilities -- Technical vulnerabilities -- Chapter 10: Impact and Asset Valuation -- Impacts -- Defining impact -- Estimating impact -- The asset valuation table -- Business, legal and contractual impact values -- Reputation damage -- Chapter 11: Likelihood -- Risk analysis -- Information to support assessments -- Chapter 12: Risk Level -- The risk scale -- Boundary calculations -- Mid-point calculations -- Chapter 13: Risk Treatment and the Selection of Controls -- Types of controls -- Risk assessment and existing controls -- Residual risk -- Risk transfer -- Optimising the solution -- Chapter 14: The Statement of Applicability -- Drafting the Statement of Applicability -- Chapter 15: The Gap Analysis and Risk Treatment Plan -- Gap analysis -- Risk Treatment Plan -- Chapter 16: Repeating and Reviewing the Risk Assessment -- Appendix 1: Carrying out an ISO27001 Risk Assessment using vsRisk8482; -- Appendix 2: ISO27001 Implementation Resources -- Books by the Same Authors -- ITG Resources
Dimensions
unknown
Extent
1 online resource (186 pages)
Form of item
online
Isbn
9781849280440
Media category
computer
Media MARC source
rdamedia
Media type code
  • c
Other physical details
color illustrations
Specific material designation
remote
Stock number
  • CL0500000268
  • 22573/ctt4k5d44
System control number
  • (OCoLC)742516936
  • (OCoLC)ocn742516936

Library Locations

  • African Studies LibraryBorrow it
    771 Commonwealth Avenue, 6th Floor, Boston, MA, 02215, US
    42.350723 -71.108227
  • Alumni Medical LibraryBorrow it
    72 East Concord Street, Boston, MA, 02118, US
    42.336388 -71.072393
  • Astronomy LibraryBorrow it
    725 Commonwealth Avenue, 6th Floor, Boston, MA, 02445, US
    42.350259 -71.105717
  • Fineman and Pappas Law LibrariesBorrow it
    765 Commonwealth Avenue, Boston, MA, 02215, US
    42.350979 -71.107023
  • Frederick S. Pardee Management LibraryBorrow it
    595 Commonwealth Avenue, Boston, MA, 02215, US
    42.349626 -71.099547
  • Howard Gotlieb Archival Research CenterBorrow it
    771 Commonwealth Avenue, 5th Floor, Boston, MA, 02215, US
    42.350723 -71.108227
  • Mugar Memorial LibraryBorrow it
    771 Commonwealth Avenue, Boston, MA, 02215, US
    42.350723 -71.108227
  • Music LibraryBorrow it
    771 Commonwealth Avenue, 2nd Floor, Boston, MA, 02215, US
    42.350723 -71.108227
  • Pikering Educational Resources LibraryBorrow it
    2 Silber Way, Boston, MA, 02215, US
    42.349804 -71.101425
  • School of Theology LibraryBorrow it
    745 Commonwealth Avenue, 2nd Floor, Boston, MA, 02215, US
    42.350494 -71.107235
  • Science & Engineering LibraryBorrow it
    38 Cummington Mall, Boston, MA, 02215, US
    42.348472 -71.102257
  • Stone Science LibraryBorrow it
    675 Commonwealth Avenue, Boston, MA, 02445, US
    42.350103 -71.103784
Processing Feedback ...