Please take a moment to complete this survey below

Library's collection Library's IT development Cancel

Managing risk in information systems 2nd ed.

Author
  • Gibson, Darril
Additional Author(s)
-
Publisher
Burlington, MA: Jones and Bartlett Publishers, 2015
Language
English
ISBN
9781284055955
Series
Subject(s)
  • INFORMATION RESOURCES MANAGEMENT
  • RISK MANAGEMENT
  • MANAGEMENT INFORMATION SYSTEMS
Notes
  • Appendix: p. 431-436
  • Glossary: p. 437-447
. Bibliography: p. 449-452 . Index: p. 453-462
Abstract

This second edition provides a comprehensive overview of the SSCP Risk, Response, and Recovery Domain in addition to providing a thorough overview of risk management and its implications on IT infrastructures and compliance. Written by industry experts, and using a wealth of examples and exercises, this book incorporates hands-on activities to walk the reader through the fundamentals of risk management, strategies and approaches for mitigating risk, and the anatomy of how to create a plan that reduces risk. It provides a modern and comprehensive view of information security policies and frameworks; examines the technical knowledge and software skills required for policy implementation; explores the creation of an effective IT security policy framework; discusses the latest governance, regulatory mandates, business drives, legal considerations, and much more
Physical Dimension
Number of Page(s)
xviii, 462 p.
Dimension
23 cm.
Other Desc.
ill.
Summary / Review / Table of Content
Cover;
Title Page;
Copyright;
Contents;
Dedication;
Preface;
Acknowledgments;
About the Author;
Part One: Risk Management Business Challenges;
Chapter 1 Risk Management Fundamentals;
What Is Risk?;
Compromise of Business Functions;
Compromise of Business Assets;
Driver of Business Costs;
Profitability Versus Survivability;
What Are the Major Components of Risk to an IT Infrastructure?;
Seven Domains of a Typical IT Infrastructure;
Threats, Vulnerabilities, and Impact;
Risk Management and Its Importance to the Organization;
How Risk Affects an Organization's Survivability;
Reasonableness Balancing Risk and Cost Role-Based Perceptions of Risk;
Risk Identification Techniques;
Identifying Threats;
Identifying Vulnerabilities;
Pairing Threats with Vulnerabilities;
Risk Management Techniques; Avoidance;
Share or Transfer;
Mitigation;
Acceptance;
Cost-Benefit Analysis;
Residual Risk;
Chapter Summary;
Key Concepts and Terms;
Chapter 1 Assessment;
Chapter 2 Managing Risk: Threats, Vulnerabilities, and Exploits;
Understanding and Managing Threats;
The Uncontrollable Nature of Threats;
Unintentional Threats;
Intentional Threats Best Practices for Managing Threats Within Your IT Infrastructure Understanding and Managing Vulnerabilities;
Threat/Vulnerability Pairs;
Vulnerabilities Can Be Mitigated;
Mitigation Techniques;
Best Practices for Managing Vulnerabilities Within Your IT Infrastructure;
Understanding and Managing Exploits;
What Is an Exploit?;
How Do Perpetrators Initiate an Exploit?;
Where Do Perpetrators Find Information About Vulnerabilities and Exploits?;
Mitigation Techniques;
Best Practices for Managing Exploits Within Your IT Infrastructure;
U.S. Federal Government Risk Management Initiatives National Institute of Standards and Technology Department of Homeland Security;
National Cybersecurity and Communications Integration Center;
US Computer Emergency Readiness Team;
The MITRE Corporation and the CVE List;
Chapter Summary;
Key Concepts and Terms;
Chapter 2 Assessment;
Chapter 3 Maintaining Compliance;
U.S. Compliance Laws;
Federal Information Security Management Act;
Health Insurance Portability and Accountability Act;
Gramm-Leach-Bliley Act;
Sarbanes-Oxley Act;
Family Educational Rights and Privacy Act;
Children's Internet Protection Act;
Regulations Related to Compliance Securities and Exchange Commission Federal Deposit Insurance Corporation;
Department of Homeland Security;
Federal Trade Commission;
State Attorney General;
U.S. Attorney General;
Organizational Policies for Compliance;
Standards and Guidelines for Compliance;
Payment Card Industry Data Security Standard;
National Institute of Standards and Technology;
Generally Accepted Information Security Principles;
Control Objectives for Information and Related Technology;
International Organization for Standardization;
International Electrotechnical Commission
Exemplar(s)
# Accession No. Call Number Location Status
1.00965/18005.8 Gib MLibrary - 7th FloorAvailable

Similar Collection

by author or subject
Information systems control and audit
Single point of failure
LKP : Bengkel "Adamas"
IT risk
Decision support and business intelligence systems
Enterprise integration
Management information systems
The Fundamentals of risk measurement