Verfügbarkeit: Information security risk analysis

Information security risk analysis:

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Peltier, Thomas R. (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Boca Raton [u.a.] Auerbach 2005
Ausgabe:	2. ed.
Schlagworte:	Computerbeveiliging Databescherming Informatietechnologie Réseaux d'ordinateurs - Sécurité - Mesures Évaluation du risque Computer security Computer networks > Security measures Risk assessment Projektmanagement Computersicherheit Risikoanalyse Risiko
Online-Zugang:	Publisher description Inhaltsverzeichnis
Beschreibung:	Includes bibliographical references and index
Beschreibung:	XVI, 344 S. graph. Darst. 24 cm
ISBN:	0849333466 9780849333460

Internformat

MARC


LEADER	00000nam a2200000zc 4500
001	BV021694792
003	DE-604
005	20081117
007	t
008	060814s2005 xxud\|\|\| \|\|\|\| 00\|\|\| eng d
010			\|a 2004062725
020			\|a 0849333466 \|9 0-8493-3346-6
020			\|a 9780849333460 \|9 978-0-8493-3346-0
035			\|a (OCoLC)57168595
035			\|a (DE-599)BVBBV021694792
040			\|a DE-604 \|b ger \|e aacr
041	0		\|a eng
044			\|a xxu \|c US
049			\|a DE-91G \|a DE-863
050		0	\|a QA76.9.A25
082	0		\|a 005.8
084			\|a ST 276 \|0 (DE-625)143642: \|2 rvk
084			\|a DAT 060f \|2 stub
084			\|a DAT 050f \|2 stub
100	1		\|a Peltier, Thomas R. \|e Verfasser \|4 aut
245	1	0	\|a Information security risk analysis \|c Thomas R. Peltier
250			\|a 2. ed.
264		1	\|a Boca Raton [u.a.] \|b Auerbach \|c 2005
300			\|a XVI, 344 S. \|b graph. Darst. \|c 24 cm
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
500			\|a Includes bibliographical references and index
650		7	\|a Computerbeveiliging \|2 gtt
650		7	\|a Databescherming \|2 gtt
650		7	\|a Informatietechnologie \|2 gtt
650		4	\|a Réseaux d'ordinateurs - Sécurité - Mesures
650		4	\|a Évaluation du risque
650		4	\|a Computer security
650		4	\|a Computer networks \|x Security measures
650		4	\|a Risk assessment
650	0	7	\|a Projektmanagement \|0 (DE-588)4047441-0 \|2 gnd \|9 rswk-swf
650	0	7	\|a Computersicherheit \|0 (DE-588)4274324-2 \|2 gnd \|9 rswk-swf
650	0	7	\|a Risikoanalyse \|0 (DE-588)4137042-9 \|2 gnd \|9 rswk-swf
650	0	7	\|a Risiko \|0 (DE-588)4050129-2 \|2 gnd \|9 rswk-swf
689	0	0	\|a Computersicherheit \|0 (DE-588)4274324-2 \|D s
689	0	1	\|a Risiko \|0 (DE-588)4050129-2 \|D s
689	0	2	\|a Projektmanagement \|0 (DE-588)4047441-0 \|D s
689	0		\|5 DE-604
689	1	0	\|a Computersicherheit \|0 (DE-588)4274324-2 \|D s
689	1	1	\|a Risikoanalyse \|0 (DE-588)4137042-9 \|D s
689	1		\|8 1\p \|5 DE-604
856	4		\|u http://www.loc.gov/catdir/enhancements/fy0648/2004062725-d.html \|3 Publisher description
856	4	2	\|m HEBIS Datenaustausch Darmstadt \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=014908811&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-014908811
883	1		\|8 1\p \|a cgwrk \|d 20201028 \|q DE-101 \|u https://d-nb.info/provenance/plan#cgwrk

Datensatz im Suchindex

DE-BY-863_location	1911
DE-BY-FWS_call_number	1911/2015:0692
DE-BY-FWS_katkey	312408
DE-BY-FWS_media_number	083101074498
_version_	1806176270252244992
adam_text	INFORMATION SECURITY RISK ANALYSIS SECOND EDITION THOMAS R. PELTIER A AUERBACH PUBLICATIONS TAYLOR &. FRANCIS GROUP BOCA RATON LONDON NEW YORK SINGAPORE CONTENTS 1 INTRODUCTION 1 1.1 FREQUENTLY ASKED QUESTIONS 2 1.1.1 WHY SHOULD A RISK ASSESSMENT BE CONDUCTED? 2 1.1.2 WHEN SHOULD A RISK ANALYSIS BE CONDUCTED? 3 1.1.3 WHO SHOULD CONDUCT THE RISK ANALYSIS AND RISK ASSESSMENT? ....3 1.1.4 WHO WITHIN THE ORGANIZATION SHOULD CONDUCT THE RISK ANALYSIS AND RISK ASSESSMENT? 4 1.1.5 HOW LONG SHOULD A RISK ANALYSIS OR ASSESSMENT TAKE? 4 1.1.6 WHAT CAN A RISK ANALYSIS OR RISK ASSESSMENT ANALYZE? 4 1.1.7 WHAT CAN THE RESULTS OF A RISK MANAGEMENT TELL AN ORGANIZATION? 5 1.1.8 WHO SHOULD REVIEW THE RESULTS OF A RISK ANALYSIS? 5 1.1.9 HOW IS THE SUCCESS OF THE RISK ANALYSIS MEASURED? 5 1.2 CONCLUSION 6 2 RISK MANAGEMENT 7 2.1 OVERVIEW 7 2.2 RISK MANAGEMENT AS PART OF THE BUSINESS PROCESS 8 2.3 EMPLOYEE ROLES AND RESPONSIBILITIES 10 2.4 INFORMATION SECURITY LIFE CYCLE 11 2.5 RISK ANALYSIS PROCESS 15 2.6 RISK ASSESSMENT 16 2.6.1 STEP L:ASSET DEFINITION 16 2.6.2 STEP 2:THREAT IDENTIFICATION 18 2.6.3 STEP 3: DETERMINE PROBABILITY OF OCCURRENCE 19 2.6.4 STEP 4: DETERMINE THE IMPACT OF THE THREAT 24 2.6.5 STEP 5: CONTROLS RECOMMENDED 25 2.6.6 STEP 6: DOCUMENTATION 27 2.7 COST-BENEFIT ANALYSIS 27 2.8 RISK MITIGATION 38 2.9 FINAL THOUGHTS 39 VII VIII * CONTENTS RISK ASSESSMENT PROCESS 41 3.1 INTRODUCTION 41 3.2 RISK ASSESSMENT PROCESS 41 3.3 INFORMATION IS ANASSET 42 3.4 RISK ASSESSMENT METHODOLOGY 44 3.4.1 THREAT IDENTIFICATION 45 3.4.1.1 ELEMENTS OFTHREATS 46 3.4.1.2 THREAT OCCURRENCE RATES 48 3.4.1.3 RISK LEVEL DETERMINATION 50 3.4.1.4 CONTROLS AND SAFEGUARDS 52 3.4.1.5 COST-BENEFIT ANALYSIS 74 3.4.1.6 DOCUMENTATION 74 3.5 FINAL THOUGHTS 74 QUANTITATIVE VERSUS QUALITATIVE RISK ASSESSMENT 77 4.1 INTRODUCTION 77 4.2 QUANTITATIVE AND QUALITATIVE PROS AND CONS 79 4.3 QUALITATIVE RISK ASSESSMENT BASICS 79 4.3.1 STEP 1: DEVELOP A SCOPE STATEMENT 81 4.3.2 STEP 2:ASSEMBLE A QUALITY TEAM 81 4.3.3 STEP 3: IDENTIFY THREATS 84 4.3.4 STEP 4: PRIORITIZE THREATS 84 4.3.5 STEP 5:THREAT IMPACT 90 4.3.6 STEP 6: RISK FACTOR DETERMINATION 92 4.3.7 STEP 7: IDENTIFY SAFEGUARDS AND CONTROLS 93 4.3.8 STEP 8: COST-BENEFIT ANALYSIS 96 4.3.9 STEP 9: RANK SAFEGUARDS IN RECOMMENDED ORDER 96 4.3.10 STEP 10: RISK ASSESSMENT REPORT 97 4.3.11 SUMMARY 99 4.4 QUALITATIVE RISK ASSESSMENT USING TABLES 99 4.4.1 STAGE 1: ASSET VALUATION (BIA) 101 4.4.2 STAGE 2: RISK EVALUATION 102 4.4.3 STAGE 3: RISK MANAGEMENT 107 4.4.4 SUMMARY 108 4.5 THE 30-MINUTE RISK ASSESSMENT 108 4.5.1 OVERVIEW 108 4.5.2 OBJECTIVES 108 4.5.3 ISRA MATRIX 109 4.5.4 THE ISRA PROCESS 109 4.5.5 THREAT-BASED CONTROLS ILL 4.5.6 DOCUMENTATION 112 4.5.7 OUT-OF-CONTROL PROCESS 113 4.5.8 FINAL NOTES 113 4.6 CONCLUSION 114 CONTENTS * IX 5 OTHER FORMS OF QUALITATIVE RISK ASSESSMENT 115 5.1 INTRODUCTION 115 5.2 HAZARD IMPACT ANALYSIS 116 5.2.1 HAZARD IMPACT ANALYSIS PROCESS 116 5.2.2 PARALYSIS BY ANALYSIS 119 5.3 QUESTIONNAIRES 120 5.3-1 RISK ASSESSMENT QUESTIONNAIRE PROCESS 121 5.3.2 SUMMARY 124 5.4 SINGLE TIME LOSS ALGORITHM 124 5.5 CONCLUSION 125 6 FACILITATED RISK ANALYSIS AND ASSESSMENT PROCESS (FRAAP) 129 6.1 INTRODUCTION 129 6.2 FRAAP OVERVIEW 129 6.3 WHY THE FRAAP WAS CREATED 131 6.4 INTRODUCING THE FRAAP TO YOUR ORGANIZATION 132 6.4.1 AWARENESS PROGRAM OVERVIEW 133 6.4.2 INTRODUCING THE FRAAP 134 6.4.3 FACILITATION SKILLS 136 6.4.3.1 LISTEN 136 6.4.3.2 LEAD 137 6.4.3.3 REFLECT 137 6.4.3-4 SUMMARIZE 137 6.4.3.5 CONFRONT 137 6.4.3.6 SUPPORT 138 6.4.3.7 CRISIS INTERVENTION 138 6.4.3.8 CENTER 138 6.4.3.9 SOLVE PROBLEMS 139 6.4.3.10 CHANGE BEHAVIOR 139 6.4.311 RECOGNIZE ALL INPUT AND ENCOURAGE PARTICIPATION 139 6.4.3.12 BE OBSERVANT FOR NONVERBAL RESPONSES 139 6.4.3.13 DO NOT LECTURE; LISTEN AND GET THE TEAM INVOLVED... 140 6.4.3.14 NEVER LOSE SIGHT OF THE OBJECTIVE 140 6.4.3.15 STAY NEUTRAL (OR ALWAYS APPEAR TO REMAIN NEUTRAL) 140 6.4.3.16 LEARN TO EXPECT HOSTILITY, BUT DO NOT BECOME HOSTILE 140 6.4.3.17 AVOID BEING THE EXPERT AUTHORITY 140 6.4.3.18 ADHERE TO TIME FRAMES AND BE PUNCTUAL 141 6.4.3.19 USE BREAKS TO FREE A DISCUSSION 141 6.4.3.20 THE FACILITATOR IS THERE TO SERVE THE FRAAP TEAM.... 141 6.4.3.21 STOP THE FRAAP IF THE GROUP IS SLUGGISH AND DIFFICULT TO CONTROL 141 6.4.4 SESSION AGREEMENTS 143 CONTENTS 6.4.5 THEFRAAPTEAM 144 6.4.6 PRESCREENING 147 6.4.6.1 PRESCREENING EXAMPLE 1 147 6.4.6.2 PRESCREENING EXAMPLE 2 153 6.4.6.3 PRESCREENING EXAMPLE 3 155 6.4.7 THE PRE-FRAAP MEETING 159 6.4.7.1 PRE-FRAAP MEETING PROCESS 159 6.4.7.2 PRE-FRAAP SUMMARY 165 6.4.8 THE FRAAP SESSION 166 6.4.8.1 THE FRAAP SESSION STAGE 1 166 6.4.8.2 THE FRAAP SESSION STAGE 2 182 6.4.8.3 FRAAP SESSION SUMMARY 183 6.4.9 THE POST-FRAAP 186 6.4.9.1 COMPLETE ACTION PLAN 186 6.4.9.2 FRAAP MANAGEMENT SUMMARY REPORT 190 6.4.9.3 CROSS-REFERENCE REPORT 194 6.4.9.4 SUMMARY 203 6.5 CONCLUSION 204 7 VARIATIONS ON THE FRAAP 205 7.1 OVERVIEW 205 7.2 INFRASTRUCTURE FRAAP 205 7.2.1 THE INFRASTRUCTURE FRAAP 206 7.2.1.1 INFRASTRUCTURE FRAAP SUMMARY 207 7.2.2 APPLICATION FRAAP 212 7.2.2.1 OVERVIEW 212 7.2.2.2 SUMMARY 212 7.2.3 OTHER VARIATIONS 213 7.2.3.1 VARIATION EXAMPLE 1 213 7.2.3.2 VARIATION EXAMPLE 2 213 7.2.3.3 VARIATION EXAMPLE 3 218 7.3 CONCLUSION 221 8 MAPPING CONTROLS 223 8.1 CONTROLS OVERVIEW 223 8.2 CREATING YOUR CONTROLS LIST 224 8.2.1 INFORMATION SECURITY BASELINE CONTROLS 224 8.2.2 CONTROL REQUIREMENTS CONSIDERATIONS 226 8.2.3 A FINAL CAUTIONARY NOTE 226 8.3 CONTROLS LIST EXAMPLES 227 8.3.1 CONTROLS BY SECURITY CATEGORIES 227 8.3.2 CONTROLS LIST BY INFORMATION SECURITY LAYER 228 8.3.3 CONTROLS LIST BY INFORMATION TECHNOLOGY ORGANIZATION 229 8.3.4 CONTROLS LIST USING ISO 17799 229 8.3.5 MAPPING ISO 17799 AND HIPAA 236 8.36 CONTROLS LIST MAPPING ISO 17799 AND GLBA 236 CONTENTS * XI 8.3.7 CONTROLS LIST MAPPING ISO 17799, GLBA, AND SARBANES-OXLEY 245 8.3.8 CONTROLS LIST MAPPING ISO 17799 AND FEDERAL SENTENCING GUIDELINES 245 8.3-9 CONTROLS LIST MAPPING ISO 17799, HIPAA, GLBA, SOX, ANDFSGCA 249 8.3-10 NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY CONTROLS LIST 249 8.3.11 CONTROLS LIST MAPPING ISO 17799 AND COBIT 250 8.3-12 OTHER SOURCES 261 9 BUSINESS IMPACT ANALYSIS (BIA) 289 9.1 OVERVIEW 289 9.2 CREATING A BIA PROCESS 290 10 CONCLUSION 297 APPENDIX A: SAMPLE RISK ASSESSMENT MANAGEMENT SUMMARY REPORT 299 APPENDIX B: TERMS AND DEFINITIONS 325 APPENDIX C: BIBLIOGRAPHY 331 INDEX 335
adam_txt	INFORMATION SECURITY RISK ANALYSIS SECOND EDITION THOMAS R. PELTIER A AUERBACH PUBLICATIONS TAYLOR &. FRANCIS GROUP BOCA RATON LONDON NEW YORK SINGAPORE CONTENTS 1 INTRODUCTION 1 1.1 FREQUENTLY ASKED QUESTIONS 2 1.1.1 WHY SHOULD A RISK ASSESSMENT BE CONDUCTED? 2 1.1.2 WHEN SHOULD A RISK ANALYSIS BE CONDUCTED? 3 1.1.3 WHO SHOULD CONDUCT THE RISK ANALYSIS AND RISK ASSESSMENT? .3 1.1.4 WHO WITHIN THE ORGANIZATION SHOULD CONDUCT THE RISK ANALYSIS AND RISK ASSESSMENT? 4 1.1.5 HOW LONG SHOULD A RISK ANALYSIS OR ASSESSMENT TAKE? 4 1.1.6 WHAT CAN A RISK ANALYSIS OR RISK ASSESSMENT ANALYZE? 4 1.1.7 WHAT CAN THE RESULTS OF A RISK MANAGEMENT TELL AN ORGANIZATION? 5 1.1.8 WHO SHOULD REVIEW THE RESULTS OF A RISK ANALYSIS? 5 1.1.9 HOW IS THE SUCCESS OF THE RISK ANALYSIS MEASURED? 5 1.2 CONCLUSION 6 2 RISK MANAGEMENT 7 2.1 OVERVIEW 7 2.2 RISK MANAGEMENT AS PART OF THE BUSINESS PROCESS 8 2.3 EMPLOYEE ROLES AND RESPONSIBILITIES 10 2.4 INFORMATION SECURITY LIFE CYCLE 11 2.5 RISK ANALYSIS PROCESS 15 2.6 RISK ASSESSMENT 16 2.6.1 STEP L:ASSET DEFINITION 16 2.6.2 STEP 2:THREAT IDENTIFICATION 18 2.6.3 STEP 3: DETERMINE PROBABILITY OF OCCURRENCE 19 2.6.4 STEP 4: DETERMINE THE IMPACT OF THE THREAT 24 2.6.5 STEP 5: CONTROLS RECOMMENDED 25 2.6.6 STEP 6: DOCUMENTATION 27 2.7 COST-BENEFIT ANALYSIS 27 2.8 RISK MITIGATION 38 2.9 FINAL THOUGHTS 39 VII VIII * CONTENTS RISK ASSESSMENT PROCESS 41 3.1 INTRODUCTION 41 3.2 RISK ASSESSMENT PROCESS 41 3.3 INFORMATION IS ANASSET 42 3.4 RISK ASSESSMENT METHODOLOGY 44 3.4.1 THREAT IDENTIFICATION 45 3.4.1.1 ELEMENTS OFTHREATS 46 3.4.1.2 THREAT OCCURRENCE RATES 48 3.4.1.3 RISK LEVEL DETERMINATION 50 3.4.1.4 CONTROLS AND SAFEGUARDS 52 3.4.1.5 COST-BENEFIT ANALYSIS 74 3.4.1.6 DOCUMENTATION 74 3.5 FINAL THOUGHTS 74' QUANTITATIVE VERSUS QUALITATIVE RISK ASSESSMENT 77 4.1 INTRODUCTION 77 4.2 QUANTITATIVE AND QUALITATIVE PROS AND CONS 79 4.3 QUALITATIVE RISK ASSESSMENT BASICS 79 4.3.1 STEP 1: DEVELOP A SCOPE STATEMENT 81 4.3.2 STEP 2:ASSEMBLE A QUALITY TEAM 81 4.3.3 STEP 3: IDENTIFY THREATS 84 4.3.4 STEP 4: PRIORITIZE THREATS 84 4.3.5 STEP 5:THREAT IMPACT 90 4.3.6 STEP 6: RISK FACTOR DETERMINATION 92 4.3.7 STEP 7: IDENTIFY SAFEGUARDS AND CONTROLS 93 4.3.8 STEP 8: COST-BENEFIT ANALYSIS 96 4.3.9 STEP 9: RANK SAFEGUARDS IN RECOMMENDED ORDER 96 4.3.10 STEP 10: RISK ASSESSMENT REPORT 97 4.3.11 SUMMARY 99 4.4 QUALITATIVE RISK ASSESSMENT USING TABLES 99 4.4.1 STAGE 1: ASSET VALUATION (BIA) 101 4.4.2 STAGE 2: RISK EVALUATION 102 4.4.3 STAGE 3: RISK MANAGEMENT 107 4.4.4 SUMMARY 108 4.5 THE 30-MINUTE RISK ASSESSMENT 108 4.5.1 OVERVIEW 108 4.5.2 OBJECTIVES 108 4.5.3 ISRA MATRIX 109 4.5.4 THE ISRA PROCESS 109 4.5.5 THREAT-BASED CONTROLS ILL 4.5.6 DOCUMENTATION 112 4.5.7 OUT-OF-CONTROL PROCESS 113 4.5.8 FINAL NOTES 113 4.6 CONCLUSION 114 CONTENTS * IX 5 OTHER FORMS OF QUALITATIVE RISK ASSESSMENT 115 5.1 INTRODUCTION 115 5.2 HAZARD IMPACT ANALYSIS 116 5.2.1 HAZARD IMPACT ANALYSIS PROCESS 116 5.2.2 PARALYSIS BY ANALYSIS 119 5.3 QUESTIONNAIRES 120 5.3-1 RISK ASSESSMENT QUESTIONNAIRE PROCESS 121 5.3.2 SUMMARY 124 5.4 SINGLE TIME LOSS ALGORITHM 124 5.5 CONCLUSION 125 6 FACILITATED RISK ANALYSIS AND ASSESSMENT PROCESS (FRAAP) 129 6.1 INTRODUCTION 129 6.2 FRAAP OVERVIEW 129 6.3 WHY THE FRAAP WAS CREATED 131 6.4 INTRODUCING THE FRAAP TO YOUR ORGANIZATION 132 6.4.1 AWARENESS PROGRAM OVERVIEW 133 6.4.2 INTRODUCING THE FRAAP 134 6.4.3 FACILITATION SKILLS 136 6.4.3.1 LISTEN 136 6.4.3.2 LEAD 137 6.4.3.3 REFLECT 137 6.4.3-4 SUMMARIZE 137 6.4.3.5 CONFRONT 137 6.4.3.6 SUPPORT 138 6.4.3.7 CRISIS INTERVENTION 138 6.4.3.8 CENTER 138 6.4.3.9 SOLVE PROBLEMS 139 6.4.3.10 CHANGE BEHAVIOR 139 6.4.311 RECOGNIZE ALL INPUT AND ENCOURAGE PARTICIPATION 139 6.4.3.12 BE OBSERVANT FOR NONVERBAL RESPONSES 139 6.4.3.13 DO NOT LECTURE; LISTEN AND GET THE TEAM INVOLVED. 140 6.4.3.14 NEVER LOSE SIGHT OF THE OBJECTIVE 140 6.4.3.15 STAY NEUTRAL (OR ALWAYS APPEAR TO REMAIN NEUTRAL) 140 6.4.3.16 LEARN TO EXPECT HOSTILITY, BUT DO NOT BECOME HOSTILE 140 6.4.3.17 AVOID BEING THE EXPERT AUTHORITY 140 6.4.3.18 ADHERE TO TIME FRAMES AND BE PUNCTUAL 141 6.4.3.19 USE BREAKS TO FREE A DISCUSSION 141 6.4.3.20 THE FACILITATOR IS THERE TO SERVE THE FRAAP TEAM. 141 6.4.3.21 STOP THE FRAAP IF THE GROUP IS SLUGGISH AND DIFFICULT TO CONTROL 141 6.4.4 SESSION AGREEMENTS 143 CONTENTS 6.4.5 THEFRAAPTEAM 144 6.4.6 PRESCREENING 147 6.4.6.1 PRESCREENING EXAMPLE 1 147 6.4.6.2 PRESCREENING EXAMPLE 2 153 6.4.6.3 PRESCREENING EXAMPLE 3 155 6.4.7 THE PRE-FRAAP MEETING 159 6.4.7.1 PRE-FRAAP MEETING PROCESS 159 6.4.7.2 PRE-FRAAP SUMMARY 165 6.4.8 THE FRAAP SESSION 166 6.4.8.1 THE FRAAP SESSION STAGE 1 166 6.4.8.2 THE FRAAP SESSION STAGE 2 182 6.4.8.3 FRAAP SESSION SUMMARY 183 6.4.9 THE POST-FRAAP 186 6.4.9.1 COMPLETE ACTION PLAN 186 6.4.9.2 FRAAP MANAGEMENT SUMMARY REPORT 190 6.4.9.3 CROSS-REFERENCE REPORT 194 6.4.9.4 SUMMARY 203 6.5 CONCLUSION 204 7 VARIATIONS ON THE FRAAP 205 7.1 OVERVIEW 205 7.2 INFRASTRUCTURE FRAAP 205 7.2.1 THE INFRASTRUCTURE FRAAP 206 7.2.1.1 INFRASTRUCTURE FRAAP SUMMARY 207 7.2.2 APPLICATION FRAAP 212 7.2.2.1 OVERVIEW 212 7.2.2.2 SUMMARY 212 7.2.3 OTHER VARIATIONS 213 7.2.3.1 VARIATION EXAMPLE 1 213 7.2.3.2 VARIATION EXAMPLE 2 213 7.2.3.3 VARIATION EXAMPLE 3 218 7.3 CONCLUSION 221 8 MAPPING CONTROLS 223 8.1 CONTROLS OVERVIEW 223 8.2 CREATING YOUR CONTROLS LIST 224 8.2.1 INFORMATION SECURITY BASELINE CONTROLS 224 8.2.2 CONTROL REQUIREMENTS CONSIDERATIONS 226 8.2.3 A FINAL CAUTIONARY NOTE 226 8.3 CONTROLS LIST EXAMPLES 227 8.3.1 CONTROLS BY SECURITY CATEGORIES 227 8.3.2 CONTROLS LIST BY INFORMATION SECURITY LAYER 228 8.3.3 CONTROLS LIST BY INFORMATION TECHNOLOGY ORGANIZATION 229 8.3.4 CONTROLS LIST USING ISO 17799 229 8.3.5 MAPPING ISO 17799 AND HIPAA 236 8.36 CONTROLS LIST MAPPING ISO 17799 AND GLBA 236 CONTENTS * XI 8.3.7 CONTROLS LIST MAPPING ISO 17799, GLBA, AND SARBANES-OXLEY 245 8.3.8 CONTROLS LIST MAPPING ISO 17799 AND FEDERAL SENTENCING GUIDELINES 245 8.3-9 CONTROLS LIST MAPPING ISO 17799, HIPAA, GLBA, SOX, ANDFSGCA 249 8.3-10 NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY CONTROLS LIST 249 8.3.11 CONTROLS LIST MAPPING ISO 17799 AND COBIT 250 8.3-12 OTHER SOURCES 261 9 BUSINESS IMPACT ANALYSIS (BIA) 289 9.1 OVERVIEW 289 9.2 CREATING A BIA PROCESS 290 10 CONCLUSION 297 APPENDIX A: SAMPLE RISK ASSESSMENT MANAGEMENT SUMMARY REPORT 299 APPENDIX B: TERMS AND DEFINITIONS 325 APPENDIX C: BIBLIOGRAPHY 331 INDEX 335
any_adam_object	1
any_adam_object_boolean	1
author	Peltier, Thomas R.
author_facet	Peltier, Thomas R.
author_role	aut
author_sort	Peltier, Thomas R.
author_variant	t r p tr trp
building	Verbundindex
bvnumber	BV021694792
callnumber-first	Q - Science
callnumber-label	QA76
callnumber-raw	QA76.9.A25
callnumber-search	QA76.9.A25
callnumber-sort	QA 276.9 A25
callnumber-subject	QA - Mathematics
classification_rvk	ST 276
classification_tum	DAT 060f DAT 050f
ctrlnum	(OCoLC)57168595 (DE-599)BVBBV021694792
dewey-full	005.8
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.8
dewey-search	005.8
dewey-sort	15.8
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
discipline_str_mv	Informatik
edition	2. ed.
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>02431nam a2200637zc 4500</leader><controlfield tag="001">BV021694792</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20081117 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">060814s2005 xxud\|\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="010" ind1=" " ind2=" "><subfield code="a">2004062725</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0849333466</subfield><subfield code="9">0-8493-3346-6</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780849333460</subfield><subfield code="9">978-0-8493-3346-0</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)57168595</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV021694792</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">xxu</subfield><subfield code="c">US</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-91G</subfield><subfield code="a">DE-863</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">QA76.9.A25</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 276</subfield><subfield code="0">(DE-625)143642:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">DAT 060f</subfield><subfield code="2">stub</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">DAT 050f</subfield><subfield code="2">stub</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Peltier, Thomas R.</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Information security risk analysis</subfield><subfield code="c">Thomas R. Peltier</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">2. ed.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Boca Raton [u.a.]</subfield><subfield code="b">Auerbach</subfield><subfield code="c">2005</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XVI, 344 S.</subfield><subfield code="b">graph. Darst.</subfield><subfield code="c">24 cm</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references and index</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computerbeveiliging</subfield><subfield code="2">gtt</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Databescherming</subfield><subfield code="2">gtt</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Informatietechnologie</subfield><subfield code="2">gtt</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Réseaux d'ordinateurs - Sécurité - Mesures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Évaluation du risque</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Risk assessment</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Projektmanagement</subfield><subfield code="0">(DE-588)4047441-0</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Risikoanalyse</subfield><subfield code="0">(DE-588)4137042-9</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Risiko</subfield><subfield code="0">(DE-588)4050129-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Risiko</subfield><subfield code="0">(DE-588)4050129-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="2"><subfield code="a">Projektmanagement</subfield><subfield code="0">(DE-588)4047441-0</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="689" ind1="1" ind2="0"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="1" ind2="1"><subfield code="a">Risikoanalyse</subfield><subfield code="0">(DE-588)4137042-9</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="1" ind2=" "><subfield code="8">1\p</subfield><subfield code="5">DE-604</subfield></datafield><datafield tag="856" ind1="4" ind2=" "><subfield code="u">http://www.loc.gov/catdir/enhancements/fy0648/2004062725-d.html</subfield><subfield code="3">Publisher description</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">HEBIS Datenaustausch Darmstadt</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=014908811&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-014908811</subfield></datafield><datafield tag="883" ind1="1" ind2=" "><subfield code="8">1\p</subfield><subfield code="a">cgwrk</subfield><subfield code="d">20201028</subfield><subfield code="q">DE-101</subfield><subfield code="u">https://d-nb.info/provenance/plan#cgwrk</subfield></datafield></record></collection>
id	DE-604.BV021694792
illustrated	Illustrated
index_date	2024-07-02T15:15:30Z
indexdate	2024-08-01T11:18:38Z
institution	BVB
isbn	0849333466 9780849333460
language	English
lccn	2004062725
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-014908811
oclc_num	57168595
open_access_boolean
owner	DE-91G DE-BY-TUM DE-863 DE-BY-FWS
owner_facet	DE-91G DE-BY-TUM DE-863 DE-BY-FWS
physical	XVI, 344 S. graph. Darst. 24 cm
publishDate	2005
publishDateSearch	2005
publishDateSort	2005
publisher	Auerbach
record_format	marc
spellingShingle	Peltier, Thomas R. Information security risk analysis Computerbeveiliging gtt Databescherming gtt Informatietechnologie gtt Réseaux d'ordinateurs - Sécurité - Mesures Évaluation du risque Computer security Computer networks Security measures Risk assessment Projektmanagement (DE-588)4047441-0 gnd Computersicherheit (DE-588)4274324-2 gnd Risikoanalyse (DE-588)4137042-9 gnd Risiko (DE-588)4050129-2 gnd
subject_GND	(DE-588)4047441-0 (DE-588)4274324-2 (DE-588)4137042-9 (DE-588)4050129-2
title	Information security risk analysis
title_auth	Information security risk analysis
title_exact_search	Information security risk analysis
title_exact_search_txtP	Information security risk analysis
title_full	Information security risk analysis Thomas R. Peltier
title_fullStr	Information security risk analysis Thomas R. Peltier
title_full_unstemmed	Information security risk analysis Thomas R. Peltier
title_short	Information security risk analysis
title_sort	information security risk analysis
topic	Computerbeveiliging gtt Databescherming gtt Informatietechnologie gtt Réseaux d'ordinateurs - Sécurité - Mesures Évaluation du risque Computer security Computer networks Security measures Risk assessment Projektmanagement (DE-588)4047441-0 gnd Computersicherheit (DE-588)4274324-2 gnd Risikoanalyse (DE-588)4137042-9 gnd Risiko (DE-588)4050129-2 gnd
topic_facet	Computerbeveiliging Databescherming Informatietechnologie Réseaux d'ordinateurs - Sécurité - Mesures Évaluation du risque Computer security Computer networks Security measures Risk assessment Projektmanagement Computersicherheit Risikoanalyse Risiko
url	http://www.loc.gov/catdir/enhancements/fy0648/2004062725-d.html http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=014908811&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT peltierthomasr informationsecurityriskanalysis

Verfügbarkeit

Inhaltsverzeichnis

Würzburg Magazin

Bestandesangaben von Würzburg Magazin
Signatur:	1911 2015:0692
Exemplar 1	ausleihbar Verfügbar Bestellen

MARC

Datensatz im Suchindex

Würzburg Magazin

Ähnliche Einträge