Security risk management the driving force for operational resilience : the firefighting paradox
In this book, we change the perspective on an organization's operational resilience capabilities so that it changes from being a reactive (tick box) approach to being proactive. The perspectives of every chapter in this book are with a focus on risk profiles and how your business can reduce the...
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Boca Raton :
CRC Press
2023.
|
| Colección: | Security, audit and leadership series
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009825853906719 |
Tabla de Contenidos:
- <B><P>Introduction.</P><P>Section One
- Security Risk Management (SRM).</P><P>1. Finagling Your Business.</P></B><P>1.1 The Finagle Analogy. 1.2 Introduction. 1.3 The Importance of Effective Security Risk Management (SRM). 1.4 To Finagle, or not to Finagle, That Is the Question. 1.5 The Firefighting Paradox. 1.6 The Psychology of Finagling. Resource Investigator. 1.7 Effective Risk Communication. 1.8 When Security Risk Management Bites Back. 1.9 The Security Risk Management Enabler. 1.10 Decoding Security Risk Management</P><B><P>2. Business Impact Analysis.</P></B><P>2.1 A Vehicle Wheel and Tire/Tyre analogy. re2.2 Introduction to Business Impact Analysis/Assessment (BIA). 2.3 Understanding Recovery Point Objectives (RPO). 2.4 Understanding Recovery Time Objectives (RTO). 2.5 Identifying potential loss/impact. 2.6 Prioritizing business assets/processes/operations. 2.8 When BIA Bites Back. 2.8 Lessons Learned From Health & Safety (H&S). 2.8 Decoding Business Impact Analysis.</P><B><P>3. Asset Management.</P></B><P>3.1 The US Air Force Mission Statement Analogy. 3.2 Introduction. 3.3 What is an Asset?. 3.4 The Components of Effective Asset Management. 3.5 When Security Risk Management Bites Back. The Asset Management Enabler. Decoding Asset Management.</P><B><P>4. Risk-Based Vulnerability Management. </P></B><P>4.1 The First Aid analogy. 4.2 Introduction to Vulnerability Management. 4.3 What is vulnerability management?. 4.4 Difference between patch management and risk-based vulnerability management. 4.5 Applying project management techniques. 4.6 When Risk-Based Vulnerability Management Bites Back. 4.7 Decoding Risk-based Vulnerability Management. </P><B><P>5. Threat Management. </P></B><P>5.1 A Farming analogy. 5.2 Introduction to Threat Management. 5.3 Threat Modelling. 5.4 Attack Tree Threat Analysis. 5.5 Mitre Att&ck Threat Framework. 5.6 Mitre CAPEC. 5.7 Open-Source Intelligence (OSINT). 5.8 Internal Sources/Knowledge. 5.9 When Threat Management Bites Back. 5.10 Decoding Threat Management. </P><B><P>6. Risk Scenarios. </P></B><P>6.1 The 'Big Bad Wolf' analogy. 6.2 Introduction to Risk Scenarios. 6.3 The value of Risk Scenarios. 6.4 Prior Planning with Risk Scenarios. 6.5 Creating Risk Scenario Playbooks. 6.6 When Risk Scenarios Bite Back. 6.7 Decoding Risk Scenarios. </P><B><P>7. Quality Versus Quantity. </P></B><P>7.1. The Aging Brain Analogy. 7.2 Introduction to Risk Assessments. 7.3 Conducting Qualitative Risk Assessments. 7.4 Conducting Quantitative Risk Assessments. 7.5 Quality or Quantity? 7.6 Choosing Your Risk Assessment Types. 7.8 When Risk Assessments Bite Back. 7.9 Decoding Risk Assessments. </P><B><P>8. Developing a Risk Culture.</P></B><P>8.1 The British Military Deployments analogy. 8.2 An Introduction to Risk Culture. 8.3 Risk Culture versus 'Security' Culture. 8.4 Developing an effective Risk Culture. 8.5 Risk Culture Hierarchy. 8.6 When Developing a Risk Culture Bites Back. 8.7 Decoding Developing a Risk Culture. </P><B><P>9. Risk Enabling the Human Firewall.</P></B><P>9.1 Learning how to drive analogy. 9.2 An Introduction to Risk Enabling the Human Firewall. 9.3 Service Provider versus Service Enablement. 9.4 Achieving Risk-Based Service Enablement. 9.5 When a Lack of Risk Enabling the Human Firewall Bites Back. 9.6 Decoding Risk Enabling the Human Firewall </P><B><P>10. Risk-Based Security Operations.</P></B><P>10.1 The Human Security Operations Center
- The Immune System. 10.2 An Introduction to Risk-Based Security Operations. 10.3 The Great Divide of Security. 10.4 Establishing a Risk-Based Security Operations Framework. 10.5 When Risk-Based Security Operations Bites Back. 10.6 Decoding Risk-Based Security Operations. </P><B><P>11. Creating Visibility & Insights Through Effective Security Risk Metrics.</P></B><P>11.1 A Vehicle Warning Lights analogy. 11.2 Introduction to Security Risk Metrics. 11.3 Creating Visibility & Showing a Return on Investments. 11.4 Converting Information into Actionable Intelligence. 11.5 Delivering the 'Elevator (Lift) Pitch'. 11.6 When Security Risk Metrics Bites Back. 11.7 Decoding Security Risk Metrics. </P><B><P>Section Two
- Survive to Operate.</P><P>12. Security Incident Management. </P></B><P>12.1 An Emergency & Military Services analogy. 12.2 Introduction to Security Incident Management. 12.3 What is a security incident?. 12.4 The Importance of an Effective Security Incident Management Practice. 12.5 It's All In The Play. 12.6 When Incident Management Bites Back. 12.7 Decoding Incident Management.</P><B><P>13. Business Continuity Management. </P></B><P>13.1 Roadside assistance analogy. 13.2. Introduction to Business Continuity Management. 13.3 Understanding Business Continuity?. 13.4 Constructs of a BCP. 13.5 When Business Continuity Management Bites Back. 13.6 Decoding Business Continuity Management. </P><B><P>14. Disaster Recovery Management. </P></B><P>14.1 A Disaster Recovery analogy. 14.2 Introduction to Disaster Recovery. 14.3 Constructing Your DR Plan/Program. 14.4 Creating a Disaster Recovery Plan (DRP). 14.5 Validating the Effectiveness of Your DR Plan/Program. 14.6 When Disaster Recovery Bites Back. 14.6 Decoding Disaster Recovery (DR).</P>
