Simple search Advanced search Browse by DDC#

Managing risk in information systems

Gibson, Darril Unknown Jones and Bartlett Publishers (Burlington, MA, 2015) (eng) English 9781284055955 Unknown 2nd ed. MANAGEMENT INFORMATION SYSTEMS; Glossary: p. 437-447; Appendix: p. 431-436; This second edition provides a comprehensive overview of the SSCP Risk, Response, and Recovery Domain in addition to providing a thorough overview of risk management and its implications on IT infrastructures and compliance. Written by industry experts, and using a wealth of examples and exercises, this book incorporates hands-on activities to walk the reader through the fundamentals of risk management, strategies and approaches for mitigating risk, and the anatomy of how to create a plan that reduces risk. It provides a modern and comprehensive view of information security policies and frameworks; examines the technical knowledge and software skills required for policy implementation; explores the creation of an effective IT security policy framework; discusses the latest governance, regulatory mandates, business drives, legal considerations, and much more
Physical dimension
xviii, 462 p. 23 cm. ill.
Summary / review / table of contents

Cover;
Title Page;
Copyright;
Contents;
Dedication;
Preface;
Acknowledgments;
About the Author;
Part One: Risk Management Business Challenges;
Chapter 1 Risk Management Fundamentals;
What Is Risk?;
Compromise of Business Functions;
Compromise of Business Assets;
Driver of Business Costs;
Profitability Versus Survivability;
What Are the Major Components of Risk to an IT Infrastructure?;
Seven Domains of a Typical IT Infrastructure;
Threats, Vulnerabilities, and Impact;
Risk Management and Its Importance to the Organization;
How Risk Affects an Organization's Survivability;
Reasonableness Balancing Risk and Cost Role-Based Perceptions of Risk;
Risk Identification Techniques;
Identifying Threats;
Identifying Vulnerabilities;
Pairing Threats with Vulnerabilities;
Risk Management Techniques; Avoidance;
Share or Transfer;
Mitigation;
Acceptance;
Cost-Benefit Analysis;
Residual Risk;
Chapter Summary;
Key Concepts and Terms;
Chapter 1 Assessment;
Chapter 2 Managing Risk: Threats, Vulnerabilities, and Exploits;
Understanding and Managing Threats;
The Uncontrollable Nature of Threats;
Unintentional Threats;
Intentional Threats Best Practices for Managing Threats Within Your IT Infrastructure Understanding and Managing Vulnerabilities;
Threat/Vulnerability Pairs;
Vulnerabilities Can Be Mitigated;
Mitigation Techniques;
Best Practices for Managing Vulnerabilities Within Your IT Infrastructure;
Understanding and Managing Exploits;
What Is an Exploit?;
How Do Perpetrators Initiate an Exploit?;
Where Do Perpetrators Find Information About Vulnerabilities and Exploits?;
Mitigation Techniques;
Best Practices for Managing Exploits Within Your IT Infrastructure;
U.S. Federal Government Risk Management Initiatives National Institute of Standards and Technology Department of Homeland Security;
National Cybersecurity and Communications Integration Center;
US Computer Emergency Readiness Team;
The MITRE Corporation and the CVE List;
Chapter Summary;
Key Concepts and Terms;
Chapter 2 Assessment;
Chapter 3 Maintaining Compliance;
U.S. Compliance Laws;
Federal Information Security Management Act;
Health Insurance Portability and Accountability Act;
Gramm-Leach-Bliley Act;
Sarbanes-Oxley Act;
Family Educational Rights and Privacy Act;
Children's Internet Protection Act;
Regulations Related to Compliance Securities and Exchange Commission Federal Deposit Insurance Corporation;
Department of Homeland Security;
Federal Trade Commission;
State Attorney General;
U.S. Attorney General;
Organizational Policies for Compliance;
Standards and Guidelines for Compliance;
Payment Card Industry Data Security Standard;
National Institute of Standards and Technology;
Generally Accepted Information Security Principles;
Control Objectives for Information and Related Technology;
International Organization for Standardization;
International Electrotechnical Commission

Copies
Access no. Call number Location Status
00965/18 005.8 Gib M Library - 7th Floor Available