Verfügbarkeit: Information security risk management for ISO 27001/ISO 27002 /

Information security risk management for ISO 27001/ISO 27002 /:

Ideal for risk managers, information security managers, lead implementers, compliance managers and consultants, as well as providing useful background material for auditors, this book will enable readers to develop an ISO 27001-compliant risk assessment framework for their organisation and deliver r...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	Calder, Alan, 1957- (VerfasserIn), Watkins, Steve, 1970- (VerfasserIn)
Format:	Elektronisch E-Book
Sprache:	English
Veröffentlicht:	Ely, Cambridgeshire, United Kingdom : IT Governance Publishing, [2019]
Ausgabe:	Third edition.
Schlagworte:	Computer security > Management. Computer security > Standards. Data protection > Standards. Sécurité informatique > Gestion. Sécurité informatique > Normes. Protection de l'information (Informatique) > Normes. COMPUTERS / Security / General. Computer security > Management Computer security > Standards Data protection > Standards
Online-Zugang:	Volltext
Zusammenfassung:	Ideal for risk managers, information security managers, lead implementers, compliance managers and consultants, as well as providing useful background material for auditors, this book will enable readers to develop an ISO 27001-compliant risk assessment framework for their organisation and deliver real, bottom-line business benefits.
Beschreibung:	1 online resource : illustrations
Bibliographie:	Includes bibliographical references.
ISBN:	9781787781368 1787781364 9781787781399 1787781399 9781787781375 1787781372

Internformat

MARC


LEADER	00000cam a2200000 i 4500
001	ZDB-4-EBA-on1123220804
003	OCoLC
005	20240705115654.0
006	m o d
007	cr unu\|\|\|\|\|\|\|\|
008	191017s2019 enka ob 000 0 eng d
040			\|a UMI \|b eng \|e rda \|e pn \|c UMI \|d OCLCF \|d LGG \|d WAU \|d EBLCP \|d CHVBK \|d COO \|d N$T \|d OCLCQ \|d OCLCA \|d OCLCO \|d OCLCQ \|d YT1 \|d OCLCO \|d K6U \|d OCLCQ \|d OCLCO \|d OCLCL \|d DEGRU
019			\|a 1119624134
020			\|a 9781787781368
020			\|a 1787781364
020			\|a 9781787781399 \|q (electronic bk.)
020			\|a 1787781399 \|q (electronic bk.)
020			\|a 9781787781375
020			\|a 1787781372
035			\|a (OCoLC)1123220804 \|z (OCoLC)1119624134
037			\|a CL0501000077 \|b Safari Books Online
050		4	\|a HF5548.37
082	7		\|a 658.15/5 \|2 23
049			\|a MAIN
100	1		\|a Calder, Alan, \|d 1957- \|e author. \|0 http://id.loc.gov/authorities/names/nb2002066406
245	1	0	\|a Information security risk management for ISO 27001/ISO 27002 / \|c Alan Calder, Steve G. Watkins.
250			\|a Third edition.
264		1	\|a Ely, Cambridgeshire, United Kingdom : \|b IT Governance Publishing, \|c [2019]
264		4	\|c ©2019
300			\|a 1 online resource : \|b illustrations
336			\|a text \|b txt \|2 rdacontent
337			\|a computer \|b c \|2 rdamedia
338			\|a online resource \|b cr \|2 rdacarrier
504			\|a Includes bibliographical references.
588	0		\|a Online resource; title from title page (Safari, viewed October 16, 2019).
520			\|a Ideal for risk managers, information security managers, lead implementers, compliance managers and consultants, as well as providing useful background material for auditors, this book will enable readers to develop an ISO 27001-compliant risk assessment framework for their organisation and deliver real, bottom-line business benefits.
505	0		\|a Cover; Title; Copyright; About The Authors; Contents; Introduction; Chapter 1: Risk management; Risk management: two phases; Enterprise risk management; Chapter 2: Risk assessment methodologies; Publicly available risk assessment standards; Qualitative versus quantitative; Quantitative risk analysis; Qualitative risk analysis; Chapter 3: Risk management objectives; Risk acceptance or tolerance; Information security risk management objectives; Risk management and process models; Chapter 4: Roles and responsibilities; Senior management commitment; The (lead) risk assessor; Other roles and responsibilities;
505	8		\|a Chapter 5: Risk assessment software; Gap analysis tools; Vulnerability assessment tools; Penetration testing; Risk assessment tools; Risk assessment tool descriptions; Chapter 6: Information security policy and scoping; Information security policy; Scope of the ISMS; Chapter 7: The ISO 27001 risk assessment; Overview of the risk assessment process; Chapter 8: Information assets; Assets within the scope; Grouping of assets; Asset dependencies; Asset owners; Sensitivity classification; Are vendors assets?; What about duplicate copies and backups? Identification of existing controls;
505	8		\|a Chapter 9: Threats and vulnerabilities; Threats; Vulnerabilities; Technical vulnerabilities; Chapter 10: Scenario-based risk assessment; Chapter 11: Impact, including asset valuation; Impacts; Defining impact; Estimating impact; The asset valuation table; Business, legal and contractual impact values; Reputational damage; Chapter 12: Likelihood; Risk analysis; Information to support assessments; Chapter 13: Risk level; The risk scale; Boundary calculations; Mid- point calculations; Chapter 14: Risk treatment and the selection of controls; Types of controls; Risk assessment and existing controls, Residual risk; Risk sharing; Optimising the solution;
505	8		\|a Chapter 15: The Statement of Applicability; Drafting the Statement of Applicability; Chapter 16: The gap analysis and risk treatment plan; Gap analysis; Risk treatment plan; Chapter 17: Repeating and reviewing the risk assessment; Appendix 1: vs Risk Cloud; Appendix 2: ISO 27001 implementation resources; Appendix 3: Books by the same authors; Further reading.
650		0	\|a Computer security \|x Management.
650		0	\|a Computer security \|x Standards. \|0 http://id.loc.gov/authorities/subjects/sh99004226
650		0	\|a Data protection \|x Standards.
650		6	\|a Sécurité informatique \|x Gestion.
650		6	\|a Sécurité informatique \|x Normes.
650		6	\|a Protection de l'information (Informatique) \|v Normes.
650		6	\|a Protection de l'information (Informatique) \|x Normes.
650		7	\|a COMPUTERS / Security / General. \|2 bisacsh
650		7	\|a Computer security \|x Management \|2 fast
650		7	\|a Computer security \|x Standards \|2 fast
650		7	\|a Data protection \|x Standards \|2 fast
700	1		\|a Watkins, Steve, \|d 1970- \|e author. \|0 http://id.loc.gov/authorities/names/n2003002555
710	2		\|a IT Governance Publishing, \|e publisher.
758			\|i has work: \|a Information security risk management for ISO 27001/ISO 27002 (Text) \|1 https://id.oclc.org/worldcat/entity/E39PCH3BByytgVBvXMKyvjw7gX \|4 https://id.oclc.org/worldcat/ontology/hasWork
776	0	8	\|i Print version: \|a Calder, Alan. \|t Information Security Risk Management for ISO 27001/ISO 27002, Third Edition. \|b 3rd ed. \|d Ely : IT Governance Ltd, 2019 \|z 9781787781375
856	1		\|l FWS01 \|p ZDB-4-EBA \|q FWS_PDA_EBA \|u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=2247477 \|3 Volltext
856	1		\|l CBO01 \|p ZDB-4-EBA \|q FWS_PDA_EBA \|u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=2247477 \|3 Volltext
938			\|a De Gruyter \|b DEGR \|n 9781787781375
938			\|a ProQuest Ebook Central \|b EBLB \|n EBL5894007
938			\|a EBSCOhost \|b EBSC \|n 2247477
994			\|a 92 \|b GEBAY
912			\|a ZDB-4-EBA

Datensatz im Suchindex

DE-BY-FWS_katkey	ZDB-4-EBA-on1123220804
_version_	1813901661441097728
adam_text
any_adam_object
author	Calder, Alan, 1957- Watkins, Steve, 1970-
author_GND	http://id.loc.gov/authorities/names/nb2002066406 http://id.loc.gov/authorities/names/n2003002555
author_facet	Calder, Alan, 1957- Watkins, Steve, 1970-
author_role	aut aut
author_sort	Calder, Alan, 1957-
author_variant	a c ac s w sw
building	Verbundindex
bvnumber	localFWS
callnumber-first	H - Social Science
callnumber-label	HF5548
callnumber-raw	HF5548.37
callnumber-search	HF5548.37
callnumber-sort	HF 45548.37
callnumber-subject	HF - Commerce
collection	ZDB-4-EBA
contents	Cover; Title; Copyright; About The Authors; Contents; Introduction; Chapter 1: Risk management; Risk management: two phases; Enterprise risk management; Chapter 2: Risk assessment methodologies; Publicly available risk assessment standards; Qualitative versus quantitative; Quantitative risk analysis; Qualitative risk analysis; Chapter 3: Risk management objectives; Risk acceptance or tolerance; Information security risk management objectives; Risk management and process models; Chapter 4: Roles and responsibilities; Senior management commitment; The (lead) risk assessor; Other roles and responsibilities; Chapter 5: Risk assessment software; Gap analysis tools; Vulnerability assessment tools; Penetration testing; Risk assessment tools; Risk assessment tool descriptions; Chapter 6: Information security policy and scoping; Information security policy; Scope of the ISMS; Chapter 7: The ISO 27001 risk assessment; Overview of the risk assessment process; Chapter 8: Information assets; Assets within the scope; Grouping of assets; Asset dependencies; Asset owners; Sensitivity classification; Are vendors assets?; What about duplicate copies and backups? Identification of existing controls; Chapter 9: Threats and vulnerabilities; Threats; Vulnerabilities; Technical vulnerabilities; Chapter 10: Scenario-based risk assessment; Chapter 11: Impact, including asset valuation; Impacts; Defining impact; Estimating impact; The asset valuation table; Business, legal and contractual impact values; Reputational damage; Chapter 12: Likelihood; Risk analysis; Information to support assessments; Chapter 13: Risk level; The risk scale; Boundary calculations; Mid- point calculations; Chapter 14: Risk treatment and the selection of controls; Types of controls; Risk assessment and existing controls, Residual risk; Risk sharing; Optimising the solution; Chapter 15: The Statement of Applicability; Drafting the Statement of Applicability; Chapter 16: The gap analysis and risk treatment plan; Gap analysis; Risk treatment plan; Chapter 17: Repeating and reviewing the risk assessment; Appendix 1: vs Risk Cloud; Appendix 2: ISO 27001 implementation resources; Appendix 3: Books by the same authors; Further reading.
ctrlnum	(OCoLC)1123220804
dewey-full	658.15/5
dewey-hundreds	600 - Technology (Applied sciences)
dewey-ones	658 - General management
dewey-raw	658.15/5
dewey-search	658.15/5
dewey-sort	3658.15 15
dewey-tens	650 - Management and auxiliary services
discipline	Wirtschaftswissenschaften
edition	Third edition.
format	Electronic eBook
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>05521cam a2200685 i 4500</leader><controlfield tag="001">ZDB-4-EBA-on1123220804</controlfield><controlfield tag="003">OCoLC</controlfield><controlfield tag="005">20240705115654.0</controlfield><controlfield tag="006">m o d </controlfield><controlfield tag="007">cr unu\|\|\|\|\|\|\|\|</controlfield><controlfield tag="008">191017s2019 enka ob 000 0 eng d</controlfield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">UMI</subfield><subfield code="b">eng</subfield><subfield code="e">rda</subfield><subfield code="e">pn</subfield><subfield code="c">UMI</subfield><subfield code="d">OCLCF</subfield><subfield code="d">LGG</subfield><subfield code="d">WAU</subfield><subfield code="d">EBLCP</subfield><subfield code="d">CHVBK</subfield><subfield code="d">COO</subfield><subfield code="d">N$T</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCA</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">YT1</subfield><subfield code="d">OCLCO</subfield><subfield code="d">K6U</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCL</subfield><subfield code="d">DEGRU</subfield></datafield><datafield tag="019" ind1=" " ind2=" "><subfield code="a">1119624134</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781787781368</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1787781364</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781787781399</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1787781399</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781787781375</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1787781372</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1123220804</subfield><subfield code="z">(OCoLC)1119624134</subfield></datafield><datafield tag="037" ind1=" " ind2=" "><subfield code="a">CL0501000077</subfield><subfield code="b">Safari Books Online</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">HF5548.37</subfield></datafield><datafield tag="082" ind1="7" ind2=" "><subfield code="a">658.15/5</subfield><subfield code="2">23</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">MAIN</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Calder, Alan,</subfield><subfield code="d">1957-</subfield><subfield code="e">author.</subfield><subfield code="0">http://id.loc.gov/authorities/names/nb2002066406</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Information security risk management for ISO 27001/ISO 27002 /</subfield><subfield code="c">Alan Calder, Steve G. Watkins.</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">Third edition.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Ely, Cambridgeshire, United Kingdom :</subfield><subfield code="b">IT Governance Publishing,</subfield><subfield code="c">[2019]</subfield></datafield><datafield tag="264" ind1=" " ind2="4"><subfield code="c">©2019</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource :</subfield><subfield code="b">illustrations</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="504" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references.</subfield></datafield><datafield tag="588" ind1="0" ind2=" "><subfield code="a">Online resource; title from title page (Safari, viewed October 16, 2019).</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Ideal for risk managers, information security managers, lead implementers, compliance managers and consultants, as well as providing useful background material for auditors, this book will enable readers to develop an ISO 27001-compliant risk assessment framework for their organisation and deliver real, bottom-line business benefits.</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">Cover; Title; Copyright; About The Authors; Contents; Introduction; Chapter 1: Risk management; Risk management: two phases; Enterprise risk management; Chapter 2: Risk assessment methodologies; Publicly available risk assessment standards; Qualitative versus quantitative; Quantitative risk analysis; Qualitative risk analysis; Chapter 3: Risk management objectives; Risk acceptance or tolerance; Information security risk management objectives; Risk management and process models; Chapter 4: Roles and responsibilities; Senior management commitment; The (lead) risk assessor; Other roles and responsibilities;</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Chapter 5: Risk assessment software; Gap analysis tools; Vulnerability assessment tools; Penetration testing; Risk assessment tools; Risk assessment tool descriptions; Chapter 6: Information security policy and scoping; Information security policy; Scope of the ISMS; Chapter 7: The ISO 27001 risk assessment; Overview of the risk assessment process; Chapter 8: Information assets; Assets within the scope; Grouping of assets; Asset dependencies; Asset owners; Sensitivity classification; Are vendors assets?; What about duplicate copies and backups? Identification of existing controls;</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Chapter 9: Threats and vulnerabilities; Threats; Vulnerabilities; Technical vulnerabilities; Chapter 10: Scenario-based risk assessment; Chapter 11: Impact, including asset valuation; Impacts; Defining impact; Estimating impact; The asset valuation table; Business, legal and contractual impact values; Reputational damage; Chapter 12: Likelihood; Risk analysis; Information to support assessments; Chapter 13: Risk level; The risk scale; Boundary calculations; Mid- point calculations; Chapter 14: Risk treatment and the selection of controls; Types of controls; Risk assessment and existing controls, Residual risk; Risk sharing; Optimising the solution;</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Chapter 15: The Statement of Applicability; Drafting the Statement of Applicability; Chapter 16: The gap analysis and risk treatment plan; Gap analysis; Risk treatment plan; Chapter 17: Repeating and reviewing the risk assessment; Appendix 1: vs Risk Cloud; Appendix 2: ISO 27001 implementation resources; Appendix 3: Books by the same authors; Further reading.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer security</subfield><subfield code="x">Management.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer security</subfield><subfield code="x">Standards.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh99004226</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Data protection</subfield><subfield code="x">Standards.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Sécurité informatique</subfield><subfield code="x">Gestion.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Sécurité informatique</subfield><subfield code="x">Normes.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Protection de l'information (Informatique)</subfield><subfield code="v">Normes.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Protection de l'information (Informatique)</subfield><subfield code="x">Normes.</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Security / General.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer security</subfield><subfield code="x">Management</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer security</subfield><subfield code="x">Standards</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Data protection</subfield><subfield code="x">Standards</subfield><subfield code="2">fast</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Watkins, Steve,</subfield><subfield code="d">1970-</subfield><subfield code="e">author.</subfield><subfield code="0">http://id.loc.gov/authorities/names/n2003002555</subfield></datafield><datafield tag="710" ind1="2" ind2=" "><subfield code="a">IT Governance Publishing,</subfield><subfield code="e">publisher.</subfield></datafield><datafield tag="758" ind1=" " ind2=" "><subfield code="i">has work:</subfield><subfield code="a">Information security risk management for ISO 27001/ISO 27002 (Text)</subfield><subfield code="1">https://id.oclc.org/worldcat/entity/E39PCH3BByytgVBvXMKyvjw7gX</subfield><subfield code="4">https://id.oclc.org/worldcat/ontology/hasWork</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Print version:</subfield><subfield code="a">Calder, Alan.</subfield><subfield code="t">Information Security Risk Management for ISO 27001/ISO 27002, Third Edition.</subfield><subfield code="b">3rd ed.</subfield><subfield code="d">Ely : IT Governance Ltd, 2019</subfield><subfield code="z">9781787781375</subfield></datafield><datafield tag="856" ind1="1" ind2=" "><subfield code="l">FWS01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=2247477</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="856" ind1="1" ind2=" "><subfield code="l">CBO01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=2247477</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">De Gruyter</subfield><subfield code="b">DEGR</subfield><subfield code="n">9781787781375</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">ProQuest Ebook Central</subfield><subfield code="b">EBLB</subfield><subfield code="n">EBL5894007</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBSCOhost</subfield><subfield code="b">EBSC</subfield><subfield code="n">2247477</subfield></datafield><datafield tag="994" ind1=" " ind2=" "><subfield code="a">92</subfield><subfield code="b">GEBAY</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield></record></collection>
id	ZDB-4-EBA-on1123220804
illustrated	Illustrated
indexdate	2024-10-25T15:50:26Z
institution	BVB
isbn	9781787781368 1787781364 9781787781399 1787781399 9781787781375 1787781372
language	English
oclc_num	1123220804
open_access_boolean
owner	MAIN
owner_facet	MAIN
physical	1 online resource : illustrations
psigel	ZDB-4-EBA
publishDate	2019
publishDateSearch	2019
publishDateSort	2019
publisher	IT Governance Publishing,
record_format	marc
spelling	Calder, Alan, 1957- author. http://id.loc.gov/authorities/names/nb2002066406 Information security risk management for ISO 27001/ISO 27002 / Alan Calder, Steve G. Watkins. Third edition. Ely, Cambridgeshire, United Kingdom : IT Governance Publishing, [2019] ©2019 1 online resource : illustrations text txt rdacontent computer c rdamedia online resource cr rdacarrier Includes bibliographical references. Online resource; title from title page (Safari, viewed October 16, 2019). Ideal for risk managers, information security managers, lead implementers, compliance managers and consultants, as well as providing useful background material for auditors, this book will enable readers to develop an ISO 27001-compliant risk assessment framework for their organisation and deliver real, bottom-line business benefits. Cover; Title; Copyright; About The Authors; Contents; Introduction; Chapter 1: Risk management; Risk management: two phases; Enterprise risk management; Chapter 2: Risk assessment methodologies; Publicly available risk assessment standards; Qualitative versus quantitative; Quantitative risk analysis; Qualitative risk analysis; Chapter 3: Risk management objectives; Risk acceptance or tolerance; Information security risk management objectives; Risk management and process models; Chapter 4: Roles and responsibilities; Senior management commitment; The (lead) risk assessor; Other roles and responsibilities; Chapter 5: Risk assessment software; Gap analysis tools; Vulnerability assessment tools; Penetration testing; Risk assessment tools; Risk assessment tool descriptions; Chapter 6: Information security policy and scoping; Information security policy; Scope of the ISMS; Chapter 7: The ISO 27001 risk assessment; Overview of the risk assessment process; Chapter 8: Information assets; Assets within the scope; Grouping of assets; Asset dependencies; Asset owners; Sensitivity classification; Are vendors assets?; What about duplicate copies and backups? Identification of existing controls; Chapter 9: Threats and vulnerabilities; Threats; Vulnerabilities; Technical vulnerabilities; Chapter 10: Scenario-based risk assessment; Chapter 11: Impact, including asset valuation; Impacts; Defining impact; Estimating impact; The asset valuation table; Business, legal and contractual impact values; Reputational damage; Chapter 12: Likelihood; Risk analysis; Information to support assessments; Chapter 13: Risk level; The risk scale; Boundary calculations; Mid- point calculations; Chapter 14: Risk treatment and the selection of controls; Types of controls; Risk assessment and existing controls, Residual risk; Risk sharing; Optimising the solution; Chapter 15: The Statement of Applicability; Drafting the Statement of Applicability; Chapter 16: The gap analysis and risk treatment plan; Gap analysis; Risk treatment plan; Chapter 17: Repeating and reviewing the risk assessment; Appendix 1: vs Risk Cloud; Appendix 2: ISO 27001 implementation resources; Appendix 3: Books by the same authors; Further reading. Computer security Management. Computer security Standards. http://id.loc.gov/authorities/subjects/sh99004226 Data protection Standards. Sécurité informatique Gestion. Sécurité informatique Normes. Protection de l'information (Informatique) Normes. COMPUTERS / Security / General. bisacsh Computer security Management fast Computer security Standards fast Data protection Standards fast Watkins, Steve, 1970- author. http://id.loc.gov/authorities/names/n2003002555 IT Governance Publishing, publisher. has work: Information security risk management for ISO 27001/ISO 27002 (Text) https://id.oclc.org/worldcat/entity/E39PCH3BByytgVBvXMKyvjw7gX https://id.oclc.org/worldcat/ontology/hasWork Print version: Calder, Alan. Information Security Risk Management for ISO 27001/ISO 27002, Third Edition. 3rd ed. Ely : IT Governance Ltd, 2019 9781787781375 FWS01 ZDB-4-EBA FWS_PDA_EBA https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=2247477 Volltext CBO01 ZDB-4-EBA FWS_PDA_EBA https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=2247477 Volltext
spellingShingle	Calder, Alan, 1957- Watkins, Steve, 1970- Information security risk management for ISO 27001/ISO 27002 / Cover; Title; Copyright; About The Authors; Contents; Introduction; Chapter 1: Risk management; Risk management: two phases; Enterprise risk management; Chapter 2: Risk assessment methodologies; Publicly available risk assessment standards; Qualitative versus quantitative; Quantitative risk analysis; Qualitative risk analysis; Chapter 3: Risk management objectives; Risk acceptance or tolerance; Information security risk management objectives; Risk management and process models; Chapter 4: Roles and responsibilities; Senior management commitment; The (lead) risk assessor; Other roles and responsibilities; Chapter 5: Risk assessment software; Gap analysis tools; Vulnerability assessment tools; Penetration testing; Risk assessment tools; Risk assessment tool descriptions; Chapter 6: Information security policy and scoping; Information security policy; Scope of the ISMS; Chapter 7: The ISO 27001 risk assessment; Overview of the risk assessment process; Chapter 8: Information assets; Assets within the scope; Grouping of assets; Asset dependencies; Asset owners; Sensitivity classification; Are vendors assets?; What about duplicate copies and backups? Identification of existing controls; Chapter 9: Threats and vulnerabilities; Threats; Vulnerabilities; Technical vulnerabilities; Chapter 10: Scenario-based risk assessment; Chapter 11: Impact, including asset valuation; Impacts; Defining impact; Estimating impact; The asset valuation table; Business, legal and contractual impact values; Reputational damage; Chapter 12: Likelihood; Risk analysis; Information to support assessments; Chapter 13: Risk level; The risk scale; Boundary calculations; Mid- point calculations; Chapter 14: Risk treatment and the selection of controls; Types of controls; Risk assessment and existing controls, Residual risk; Risk sharing; Optimising the solution; Chapter 15: The Statement of Applicability; Drafting the Statement of Applicability; Chapter 16: The gap analysis and risk treatment plan; Gap analysis; Risk treatment plan; Chapter 17: Repeating and reviewing the risk assessment; Appendix 1: vs Risk Cloud; Appendix 2: ISO 27001 implementation resources; Appendix 3: Books by the same authors; Further reading. Computer security Management. Computer security Standards. http://id.loc.gov/authorities/subjects/sh99004226 Data protection Standards. Sécurité informatique Gestion. Sécurité informatique Normes. Protection de l'information (Informatique) Normes. COMPUTERS / Security / General. bisacsh Computer security Management fast Computer security Standards fast Data protection Standards fast
subject_GND	http://id.loc.gov/authorities/subjects/sh99004226
title	Information security risk management for ISO 27001/ISO 27002 /
title_auth	Information security risk management for ISO 27001/ISO 27002 /
title_exact_search	Information security risk management for ISO 27001/ISO 27002 /
title_full	Information security risk management for ISO 27001/ISO 27002 / Alan Calder, Steve G. Watkins.
title_fullStr	Information security risk management for ISO 27001/ISO 27002 / Alan Calder, Steve G. Watkins.
title_full_unstemmed	Information security risk management for ISO 27001/ISO 27002 / Alan Calder, Steve G. Watkins.
title_short	Information security risk management for ISO 27001/ISO 27002 /
title_sort	information security risk management for iso 27001 iso 27002
topic	Computer security Management. Computer security Standards. http://id.loc.gov/authorities/subjects/sh99004226 Data protection Standards. Sécurité informatique Gestion. Sécurité informatique Normes. Protection de l'information (Informatique) Normes. COMPUTERS / Security / General. bisacsh Computer security Management fast Computer security Standards fast Data protection Standards fast
topic_facet	Computer security Management. Computer security Standards. Data protection Standards. Sécurité informatique Gestion. Sécurité informatique Normes. Protection de l'information (Informatique) Normes. COMPUTERS / Security / General. Computer security Management Computer security Standards Data protection Standards
url	https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=2247477
work_keys_str_mv	AT calderalan informationsecurityriskmanagementforiso27001iso27002 AT watkinssteve informationsecurityriskmanagementforiso27001iso27002 AT itgovernancepublishing informationsecurityriskmanagementforiso27001iso27002

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Volltext öffnen

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge