Information security risk management for ISO27001/ISO27002:
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Elektronisch E-Book |
| Sprache: | English |
| Veröffentlicht: |
Cambridgeshire
IT Governance Pub.
c2010
|
| Schlagworte: | |
| Online-Zugang: | FAW01 FAW02 Volltext |
| Beschreibung: | Includes bibliographical references Cover13; -- Contents -- Introduction -- Chapter 1: Risk Management -- Risk management: two phases -- Enterprise risk management -- Chapter 2: Risk Assessment Methodologies -- Publicly available risk assessment standards -- Qualitative versus quantitative -- Quantitative risk analysis -- Qualitative risk analysis 8211; the ISO27001 approach -- Other risk assessment methodologies -- Chapter 3: Risk Management Objectives -- Risk acceptance or tolerance -- Information security risk management objectives -- Risk management and PDCA -- Chapter 4: Roles and Responsibilities -- Senior management commitment -- The (lead) risk assessor -- Other roles and responsibilities -- Chapter 5: Risk Assessment Software -- Gap analysis tools -- Vulnerability assessment tools -- Penetration testing -- Risk assessment tools -- Risk assessment tool descriptions -- Chapter 6: Information Security Policy and Scoping -- Information security policy -- Scope of the ISMS -- - Chapter 7: The ISO27001 Risk Assessment -- Overview of the risk assessment process -- Chapter 8: Information Assets -- Assets within the scope -- Grouping of assets -- Asset dependencies -- Asset owners -- Sensitivity classification -- Are vendors assets? -- What about duplicate copies and backups? -- Identification of existing controls -- Chapter 9: Threats and Vulnerabilities -- Threats -- Vulnerabilities -- Technical vulnerabilities -- Chapter 10: Impact and Asset Valuation -- Impacts -- Defining impact -- Estimating impact -- The asset valuation table -- Business, legal and contractual impact values -- Reputation damage -- Chapter 11: Likelihood -- Risk analysis -- Information to support assessments -- Chapter 12: Risk Level -- The risk scale -- Boundary calculations -- Mid-point calculations -- Chapter 13: Risk Treatment and the Selection of Controls -- Types of controls -- Risk assessment and existing controls -- Residual risk -- Risk transfer -- Optimising the solution -- - Chapter 14: The Statement of Applicability -- Drafting the Statement of Applicability -- Chapter 15: The Gap Analysis and Risk Treatment Plan -- Gap analysis -- Risk Treatment Plan -- Chapter 16: Repeating and Reviewing the Risk Assessment -- Appendix 1: Carrying out an ISO27001 Risk Assessment using vsRisk8482; -- Appendix 2: ISO27001 Implementation Resources -- Books by the Same Authors -- ITG Resources Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software |
| Beschreibung: | 1 Online-Ressource (186 p.) |
| ISBN: | 1282737066 1849280436 1849280444 9781282737068 9781849280433 9781849280440 |
Internformat
MARC
| LEADER | 00000nmm a2200000zc 4500 | ||
|---|---|---|---|
| 001 | BV043120146 | ||
| 003 | DE-604 | ||
| 005 | 00000000000000.0 | ||
| 007 | cr|uuu---uuuuu | ||
| 008 | 151126s2010 |||| o||u| ||||||eng d | ||
| 020 | |a 1282737066 |9 1-282-73706-6 | ||
| 020 | |a 1849280436 |9 1-84928-043-6 | ||
| 020 | |a 1849280444 |c electronic bk. |9 1-84928-044-4 | ||
| 020 | |a 9781282737068 |9 978-1-282-73706-8 | ||
| 020 | |a 9781849280433 |9 978-1-84928-043-3 | ||
| 020 | |a 9781849280440 |c electronic bk. |9 978-1-84928-044-0 | ||
| 035 | |a (OCoLC)742516936 | ||
| 035 | |a (DE-599)BVBBV043120146 | ||
| 040 | |a DE-604 |b ger |e aacr | ||
| 041 | 0 | |a eng | |
| 049 | |a DE-1046 |a DE-1047 | ||
| 082 | 0 | |a 005.8 | |
| 100 | 1 | |a Calder, Alan |e Verfasser |4 aut | |
| 245 | 1 | 0 | |a Information security risk management for ISO27001/ISO27002 |c Alan Calder, Steve G. Watkins |
| 264 | 1 | |a Cambridgeshire |b IT Governance Pub. |c c2010 | |
| 300 | |a 1 Online-Ressource (186 p.) | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b c |2 rdamedia | ||
| 338 | |b cr |2 rdacarrier | ||
| 500 | |a Includes bibliographical references | ||
| 500 | |a Cover13; -- Contents -- Introduction -- Chapter 1: Risk Management -- Risk management: two phases -- Enterprise risk management -- Chapter 2: Risk Assessment Methodologies -- Publicly available risk assessment standards -- Qualitative versus quantitative -- Quantitative risk analysis -- Qualitative risk analysis 8211; the ISO27001 approach -- Other risk assessment methodologies -- Chapter 3: Risk Management Objectives -- Risk acceptance or tolerance -- Information security risk management objectives -- Risk management and PDCA -- Chapter 4: Roles and Responsibilities -- Senior management commitment -- The (lead) risk assessor -- Other roles and responsibilities -- Chapter 5: Risk Assessment Software -- Gap analysis tools -- Vulnerability assessment tools -- Penetration testing -- Risk assessment tools -- Risk assessment tool descriptions -- Chapter 6: Information Security Policy and Scoping -- Information security policy -- Scope of the ISMS -- | ||
| 500 | |a - Chapter 7: The ISO27001 Risk Assessment -- Overview of the risk assessment process -- Chapter 8: Information Assets -- Assets within the scope -- Grouping of assets -- Asset dependencies -- Asset owners -- Sensitivity classification -- Are vendors assets? -- What about duplicate copies and backups? -- Identification of existing controls -- Chapter 9: Threats and Vulnerabilities -- Threats -- Vulnerabilities -- Technical vulnerabilities -- Chapter 10: Impact and Asset Valuation -- Impacts -- Defining impact -- Estimating impact -- The asset valuation table -- Business, legal and contractual impact values -- Reputation damage -- Chapter 11: Likelihood -- Risk analysis -- Information to support assessments -- Chapter 12: Risk Level -- The risk scale -- Boundary calculations -- Mid-point calculations -- Chapter 13: Risk Treatment and the Selection of Controls -- Types of controls -- Risk assessment and existing controls -- Residual risk -- Risk transfer -- Optimising the solution -- | ||
| 500 | |a - Chapter 14: The Statement of Applicability -- Drafting the Statement of Applicability -- Chapter 15: The Gap Analysis and Risk Treatment Plan -- Gap analysis -- Risk Treatment Plan -- Chapter 16: Repeating and Reviewing the Risk Assessment -- Appendix 1: Carrying out an ISO27001 Risk Assessment using vsRisk8482; -- Appendix 2: ISO27001 Implementation Resources -- Books by the Same Authors -- ITG Resources | ||
| 500 | |a Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software | ||
| 650 | 7 | |a COMPUTERS / Internet / Security |2 bisacsh | |
| 650 | 7 | |a COMPUTERS / Networking / Security |2 bisacsh | |
| 650 | 7 | |a COMPUTERS / Security / General |2 bisacsh | |
| 650 | 7 | |a Computer networks / Security measures |2 local | |
| 650 | 7 | |a Risk management |2 local | |
| 650 | 7 | |a Computer networks / Security measures |2 fast | |
| 650 | 4 | |a Computer networks |x Security measures | |
| 700 | 1 | |a Watkins, Steve G. |e Sonstige |4 oth | |
| 856 | 4 | 0 | |u http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=391096 |x Aggregator |3 Volltext |
| 912 | |a ZDB-4-EBA | ||
| 999 | |a oai:aleph.bib-bvb.de:BVB01-028544337 | ||
| 966 | e | |u http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=391096 |l FAW01 |p ZDB-4-EBA |q FAW_PDA_EBA |x Aggregator |3 Volltext | |
| 966 | e | |u http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=391096 |l FAW02 |p ZDB-4-EBA |q FAW_PDA_EBA |x Aggregator |3 Volltext | |
Datensatz im Suchindex
| _version_ | 1804175548764651520 |
|---|---|
| any_adam_object | |
| author | Calder, Alan |
| author_facet | Calder, Alan |
| author_role | aut |
| author_sort | Calder, Alan |
| author_variant | a c ac |
| building | Verbundindex |
| bvnumber | BV043120146 |
| collection | ZDB-4-EBA |
| ctrlnum | (OCoLC)742516936 (DE-599)BVBBV043120146 |
| dewey-full | 005.8 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 005 - Computer programming, programs, data, security |
| dewey-raw | 005.8 |
| dewey-search | 005.8 |
| dewey-sort | 15.8 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>04830nmm a2200529zc 4500</leader><controlfield tag="001">BV043120146</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">00000000000000.0</controlfield><controlfield tag="007">cr|uuu---uuuuu</controlfield><controlfield tag="008">151126s2010 |||| o||u| ||||||eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1282737066</subfield><subfield code="9">1-282-73706-6</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1849280436</subfield><subfield code="9">1-84928-043-6</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1849280444</subfield><subfield code="c">electronic bk.</subfield><subfield code="9">1-84928-044-4</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781282737068</subfield><subfield code="9">978-1-282-73706-8</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781849280433</subfield><subfield code="9">978-1-84928-043-3</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781849280440</subfield><subfield code="c">electronic bk.</subfield><subfield code="9">978-1-84928-044-0</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)742516936</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV043120146</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-1046</subfield><subfield code="a">DE-1047</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Calder, Alan</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Information security risk management for ISO27001/ISO27002</subfield><subfield code="c">Alan Calder, Steve G. Watkins</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Cambridgeshire</subfield><subfield code="b">IT Governance Pub.</subfield><subfield code="c">c2010</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 Online-Ressource (186 p.)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Cover13; -- Contents -- Introduction -- Chapter 1: Risk Management -- Risk management: two phases -- Enterprise risk management -- Chapter 2: Risk Assessment Methodologies -- Publicly available risk assessment standards -- Qualitative versus quantitative -- Quantitative risk analysis -- Qualitative risk analysis 8211; the ISO27001 approach -- Other risk assessment methodologies -- Chapter 3: Risk Management Objectives -- Risk acceptance or tolerance -- Information security risk management objectives -- Risk management and PDCA -- Chapter 4: Roles and Responsibilities -- Senior management commitment -- The (lead) risk assessor -- Other roles and responsibilities -- Chapter 5: Risk Assessment Software -- Gap analysis tools -- Vulnerability assessment tools -- Penetration testing -- Risk assessment tools -- Risk assessment tool descriptions -- Chapter 6: Information Security Policy and Scoping -- Information security policy -- Scope of the ISMS -- </subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a"> - Chapter 7: The ISO27001 Risk Assessment -- Overview of the risk assessment process -- Chapter 8: Information Assets -- Assets within the scope -- Grouping of assets -- Asset dependencies -- Asset owners -- Sensitivity classification -- Are vendors assets? -- What about duplicate copies and backups? -- Identification of existing controls -- Chapter 9: Threats and Vulnerabilities -- Threats -- Vulnerabilities -- Technical vulnerabilities -- Chapter 10: Impact and Asset Valuation -- Impacts -- Defining impact -- Estimating impact -- The asset valuation table -- Business, legal and contractual impact values -- Reputation damage -- Chapter 11: Likelihood -- Risk analysis -- Information to support assessments -- Chapter 12: Risk Level -- The risk scale -- Boundary calculations -- Mid-point calculations -- Chapter 13: Risk Treatment and the Selection of Controls -- Types of controls -- Risk assessment and existing controls -- Residual risk -- Risk transfer -- Optimising the solution -- </subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a"> - Chapter 14: The Statement of Applicability -- Drafting the Statement of Applicability -- Chapter 15: The Gap Analysis and Risk Treatment Plan -- Gap analysis -- Risk Treatment Plan -- Chapter 16: Repeating and Reviewing the Risk Assessment -- Appendix 1: Carrying out an ISO27001 Risk Assessment using vsRisk8482; -- Appendix 2: ISO27001 Implementation Resources -- Books by the Same Authors -- ITG Resources</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Internet / Security</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Networking / Security</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Security / General</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networks / Security measures</subfield><subfield code="2">local</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Risk management</subfield><subfield code="2">local</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networks / Security measures</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Watkins, Steve G.</subfield><subfield code="e">Sonstige</subfield><subfield code="4">oth</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=391096</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-028544337</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=391096</subfield><subfield code="l">FAW01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FAW_PDA_EBA</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=391096</subfield><subfield code="l">FAW02</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FAW_PDA_EBA</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield></record></collection> |
| id | DE-604.BV043120146 |
| illustrated | Not Illustrated |
| indexdate | 2024-07-10T07:18:03Z |
| institution | BVB |
| isbn | 1282737066 1849280436 1849280444 9781282737068 9781849280433 9781849280440 |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-028544337 |
| oclc_num | 742516936 |
| open_access_boolean | |
| owner | DE-1046 DE-1047 |
| owner_facet | DE-1046 DE-1047 |
| physical | 1 Online-Ressource (186 p.) |
| psigel | ZDB-4-EBA ZDB-4-EBA FAW_PDA_EBA |
| publishDate | 2010 |
| publishDateSearch | 2010 |
| publishDateSort | 2010 |
| publisher | IT Governance Pub. |
| record_format | marc |
| spelling | Calder, Alan Verfasser aut Information security risk management for ISO27001/ISO27002 Alan Calder, Steve G. Watkins Cambridgeshire IT Governance Pub. c2010 1 Online-Ressource (186 p.) txt rdacontent c rdamedia cr rdacarrier Includes bibliographical references Cover13; -- Contents -- Introduction -- Chapter 1: Risk Management -- Risk management: two phases -- Enterprise risk management -- Chapter 2: Risk Assessment Methodologies -- Publicly available risk assessment standards -- Qualitative versus quantitative -- Quantitative risk analysis -- Qualitative risk analysis 8211; the ISO27001 approach -- Other risk assessment methodologies -- Chapter 3: Risk Management Objectives -- Risk acceptance or tolerance -- Information security risk management objectives -- Risk management and PDCA -- Chapter 4: Roles and Responsibilities -- Senior management commitment -- The (lead) risk assessor -- Other roles and responsibilities -- Chapter 5: Risk Assessment Software -- Gap analysis tools -- Vulnerability assessment tools -- Penetration testing -- Risk assessment tools -- Risk assessment tool descriptions -- Chapter 6: Information Security Policy and Scoping -- Information security policy -- Scope of the ISMS -- - Chapter 7: The ISO27001 Risk Assessment -- Overview of the risk assessment process -- Chapter 8: Information Assets -- Assets within the scope -- Grouping of assets -- Asset dependencies -- Asset owners -- Sensitivity classification -- Are vendors assets? -- What about duplicate copies and backups? -- Identification of existing controls -- Chapter 9: Threats and Vulnerabilities -- Threats -- Vulnerabilities -- Technical vulnerabilities -- Chapter 10: Impact and Asset Valuation -- Impacts -- Defining impact -- Estimating impact -- The asset valuation table -- Business, legal and contractual impact values -- Reputation damage -- Chapter 11: Likelihood -- Risk analysis -- Information to support assessments -- Chapter 12: Risk Level -- The risk scale -- Boundary calculations -- Mid-point calculations -- Chapter 13: Risk Treatment and the Selection of Controls -- Types of controls -- Risk assessment and existing controls -- Residual risk -- Risk transfer -- Optimising the solution -- - Chapter 14: The Statement of Applicability -- Drafting the Statement of Applicability -- Chapter 15: The Gap Analysis and Risk Treatment Plan -- Gap analysis -- Risk Treatment Plan -- Chapter 16: Repeating and Reviewing the Risk Assessment -- Appendix 1: Carrying out an ISO27001 Risk Assessment using vsRisk8482; -- Appendix 2: ISO27001 Implementation Resources -- Books by the Same Authors -- ITG Resources Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software COMPUTERS / Internet / Security bisacsh COMPUTERS / Networking / Security bisacsh COMPUTERS / Security / General bisacsh Computer networks / Security measures local Risk management local Computer networks / Security measures fast Computer networks Security measures Watkins, Steve G. Sonstige oth http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=391096 Aggregator Volltext |
| spellingShingle | Calder, Alan Information security risk management for ISO27001/ISO27002 COMPUTERS / Internet / Security bisacsh COMPUTERS / Networking / Security bisacsh COMPUTERS / Security / General bisacsh Computer networks / Security measures local Risk management local Computer networks / Security measures fast Computer networks Security measures |
| title | Information security risk management for ISO27001/ISO27002 |
| title_auth | Information security risk management for ISO27001/ISO27002 |
| title_exact_search | Information security risk management for ISO27001/ISO27002 |
| title_full | Information security risk management for ISO27001/ISO27002 Alan Calder, Steve G. Watkins |
| title_fullStr | Information security risk management for ISO27001/ISO27002 Alan Calder, Steve G. Watkins |
| title_full_unstemmed | Information security risk management for ISO27001/ISO27002 Alan Calder, Steve G. Watkins |
| title_short | Information security risk management for ISO27001/ISO27002 |
| title_sort | information security risk management for iso27001 iso27002 |
| topic | COMPUTERS / Internet / Security bisacsh COMPUTERS / Networking / Security bisacsh COMPUTERS / Security / General bisacsh Computer networks / Security measures local Risk management local Computer networks / Security measures fast Computer networks Security measures |
| topic_facet | COMPUTERS / Internet / Security COMPUTERS / Networking / Security COMPUTERS / Security / General Computer networks / Security measures Risk management Computer networks Security measures |
| url | http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=391096 |
| work_keys_str_mv | AT calderalan informationsecurityriskmanagementforiso27001iso27002 AT watkinssteveg informationsecurityriskmanagementforiso27001iso27002 |