Measuring and managing information risk a FAIR approach
Using the factor analysis of information risk (FAIR) methodology developed over ten years and adopted by corporations worldwide, Measuring and Managing Information Risk provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity....
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Burlington :
Butterworth-Heinemann
2014.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009629758106719 |
Tabla de Contenidos:
- Front Cover; Measuring and Managing Information Risk; Copyright; Contents; Acknowledgments by Jack Jones; About the Authors; Preface by Jack Jones; WHAT THIS BOOK IS NOT, AND WHAT IT IS; Preface by Jack Freund; Chapter 1 - Introduction; HOW MUCH RISK?; THE BALD TIRE; ASSUMPTIONS; TERMINOLOGY; THE BALD TIRE METAPHOR; RISK ANALYSIS VS RISK ASSESSMENT; EVALUATING RISK ANALYSIS METHODS; RISK ANALYSIS LIMITATIONS; WARNING-LEARNING HOW TO THINK ABOUT RISK JUST MAY CHANGE YOUR PROFESSIONAL LIFE; USING THIS BOOK; Chapter 2 - Basic Risk Concepts; POSSIBILITY VERSUS PROBABILITY; PREDICTION
- SUBJECTIVITY VERSUS OBJECTIVITYPRECISION VERSUS ACCURACY; Chapter 3 - The FAIR Risk Ontology; DECOMPOSING RISK; LOSS EVENT FREQUENCY; THREAT EVENT FREQUENCY; CONTACT FREQUENCY; PROBABILITY OF ACTION; VULNERABILITY; THREAT CAPABILITY; DIFFICULTY; LOSS MAGNITUDE; PRIMARY LOSS MAGNITUDE; SECONDARY RISK; SECONDARY LOSS EVENT FREQUENCY; SECONDARY LOSS MAGNITUDE; ONTOLOGICAL FLEXIBILITY; Chapter 4 - FAIR Terminology; RISK TERMINOLOGY; THREAT; THREAT COMMUNITY; THREAT PROFILING; VULNERABILITY EVENT; PRIMARY AND SECONDARY STAKEHOLDERS; LOSS FLOW; FORMS OF LOSS; Chapter 5 - Measurement
- MEASUREMENT AS REDUCTION IN UNCERTAINTYMEASUREMENT AS EXPRESSIONS OF UNCERTAINTY; BUT WE DON'T HAVE ENOUGH DATA...AND NEITHER DOES ANYONE ELSE; CALIBRATION; EQUIVALENT BET TEST; Chapter 6 - Analysis Process; THE TOOLS NECESSARY TO APPLY THE FAIR RISK MODEL; HOW TO APPLY THE FAIR RISK MODEL; PROCESS FLOW; SCENARIO BUILDING; THE ANALYSIS SCOPE; EXPERT ESTIMATION AND PERT; MONTE CARLO ENGINE; LEVELS OF ABSTRACTION; Chapter 7 - Interpreting Results; WHAT DO THESE NUMBERS MEAN? (HOW TO INTERPRET FAIR RESULTS); UNDERSTANDING THE RESULTS TABLE; VULNERABILITY; PERCENTILES; UNDERSTANDING THE HISTOGRAM
- UNDERSTANDING THE SCATTER PLOTQUALITATIVE SCALES; HEATMAPS; SPLITTING HEATMAPS; SPLITTING BY ORGANIZATION; SPLITTING BY LOSS TYPE; SPECIAL RISK CONDITIONS; UNSTABLE CONDITIONS; FRAGILE CONDITIONS; TROUBLESHOOTING RESULTS; Chapter 8 - Risk Analysis Examples; OVERVIEW; INAPPROPRIATE ACCESS PRIVILEGES; PRIVILEGED INSIDER/SNOOPING/CONFIDENTIALITY; PRIVILEGED INSIDER/MALICIOUS/CONFIDENTIALITY; CYBER CRIMINAL/MALICIOUS/CONFIDENTIALITY; UNENCRYPTED INTERNAL NETWORK TRAFFIC; PRIVILEGED INSIDER/CONFIDENTIALITY; NONPRIVILEGED INSIDER/MALICIOUS; CYBER CRIMINAL/MALICIOUS; WEBSITE DENIAL OF SERVICE
- ANALYSISBASIC ATTACKER/AVAILABILITY; Chapter 9 - Thinking about Risk Scenarios Using FAIR; THE BOYFRIEND; SECURITY VULNERABILITIES; WEB APPLICATION RISK; CONTRACTORS; PRODUCTION DATA IN TEST ENVIRONMENTS; PASSWORD SECURITY; BASIC RISK ANALYSIS; PROJECT PRIORITIZATION; SMART COMPLIANCE; Going into business; CHAPTER SUMMARY; Chapter 10 - Common Mistakes; MISTAKE CATEGORIES; CHECKING RESULTS; SCOPING; DATA; VARIABLE CONFUSION; MISTAKING TEF FOR LEF; MISTAKING RESPONSE LOSS FOR PRODUCTIVITY LOSS; CONFUSING SECONDARY LOSS WITH PRIMARY LOSS
- CONFUSING REPUTATION DAMAGE WITH COMPETITIVE ADVANTAGE LOSS
