INFORMATION RISK MANAGEMENT: a practitioner's guide.
Information risk management (IRM) is about identifying, assessing, prioritising and treating risks to keep information secure and available. This book provides practical guidance to the principles and development of a strategic approach to an IRM programme. The only textbook for the BCS Practitioner...
Gespeichert in:
1. Verfasser: | |
---|---|
Format: | Elektronisch E-Book |
Sprache: | English |
Veröffentlicht: |
[S.l.] :
BCS, THE CHARTERED INSTIT,
2021.
|
Schlagworte: | |
Online-Zugang: | Volltext |
Zusammenfassung: | Information risk management (IRM) is about identifying, assessing, prioritising and treating risks to keep information secure and available. This book provides practical guidance to the principles and development of a strategic approach to an IRM programme. The only textbook for the BCS Practitioner Certificate in Information Risk Management. |
Beschreibung: | 1 online resource |
ISBN: | 9781780175744 1780175744 |
Internformat
MARC
LEADER | 00000cam a2200000M 4500 | ||
---|---|---|---|
001 | ZDB-4-EBA-on1269317467 | ||
003 | OCoLC | ||
005 | 20240705115654.0 | ||
006 | m o d | ||
007 | cr |n||||||||| | ||
008 | 210928s2021 xx o 0|| 0 eng d | ||
040 | |a YDX |b eng |c YDX |d N$T |d OCLCF |d OCLCO |d OCLCQ |d UPM |d OCLCQ |d ESU |d OCLCO |d TMA |d OCLCQ | ||
019 | |a 1269481317 | ||
020 | |a 9781780175744 |q (electronic bk.) | ||
020 | |a 1780175744 |q (electronic bk.) | ||
020 | |z 1780175728 | ||
020 | |z 9781780175720 | ||
035 | |a (OCoLC)1269317467 |z (OCoLC)1269481317 | ||
050 | 4 | |a HD30.2 | |
082 | 7 | |a 658.4038 |2 23 | |
049 | |a MAIN | ||
100 | 1 | |a SUTTON, DAVID. | |
245 | 1 | 0 | |a INFORMATION RISK MANAGEMENT |h [electronic resource] : |b a practitioner's guide. |
260 | |a [S.l.] : |b BCS, THE CHARTERED INSTIT, |c 2021. | ||
300 | |a 1 online resource | ||
505 | 0 | |a Cover -- CONTENTS -- LIST OF FIGURES AND TABLES -- AUTHOR -- OTHER WORKS BY THE AUTHOR -- ACKNOWLEDGEMENTS -- ABBREVIATIONS -- PREFACE -- 1. THE NEED FOR INFORMATION RISK MANAGEMENT -- WHAT IS INFORMATION? -- WHO SHOULD USE INFORMATION RISK MANAGEMENT? -- THE LEGAL FRAMEWORK -- THE CONTEXT OF RISK IN THE ORGANISATION -- HOT TOPICS TO CONSIDER IN INFORMATION RISK MANAGEMENT -- THE BENEFITS OF TAKING ACCOUNT OF INFORMATION RISK -- OVERVIEW OF THE INFORMATION RISK MANAGEMENT PROCESS -- SUMMARY -- 2. REVIEW OF INFORMATION SECURITY FUNDAMENTALS -- INFORMATION CLASSIFICATION -- PLAN-DO-CHECK-ACT -- SUMMARY -- 3. THE INFORMATION RISK MANAGEMENT PROGRAMME -- GOALS, SCOPE AND OBJECTIVES -- ROLES AND RESPONSIBILITIES -- GOVERNANCE OF THE RISK MANAGEMENT PROGRAMME -- INFORMATION RISK MANAGEMENT CRITERIA -- SUMMARY -- 4. RISK IDENTIFICATION -- THE RISK IDENTIFICATION PROCESS -- THE APPROACH TO RISK IDENTIFICATION -- IMPACT ASSESSMENT -- SUMMARY -- 5. THREAT AND VULNERABILITY ASSESSMENT -- CONDUCTING THREAT ASSESSMENTS -- CONDUCTING VULNERABILITY ASSESSMENTS -- IDENTIFICATION OF EXISTING CONTROLS -- SUMMARY -- 6. RISK ANALYSIS AND RISK EVALUATION -- ASSESSMENT OF LIKELIHOOD -- RISK ANALYSIS -- RISK EVALUATION -- SUMMARY -- 7. RISK TREATMENT -- STRATEGIC RISK OPTIONS -- TACTICAL RISK MANAGEMENT CONTROLS -- OPERATIONAL RISK MANAGEMENT CONTROLS -- EXAMPLES OF CRITICAL CONTROLS AND CONTROL CATEGORIES -- SUMMARY -- 8. RISK REPORTING AND PRESENTATION -- BUSINESS CASES -- RISK TREATMENT DECISION-MAKING -- RISK TREATMENT PLANNING AND IMPLEMENTATION -- BUSINESS CONTINUITY AND DISASTER RECOVERY -- DISASTER RECOVERY FAILOVER TESTING -- SUMMARY -- 9. COMMUNICATION, CONSULTATION, MONITORING AND REVIEW -- SKILLS REQUIRED FOR AN INFORMATION RISK PROGRAMME MANAGER -- COMMUNICATION -- CONSULTATION -- RISK REVIEWS AND MONITORING -- SUMMARY. | |
505 | 8 | |a 10. THE NCSC CERTIFIED PROFESSIONAL SCHEME -- SFIA -- THE CIISEC SKILLS FRAMEWORK -- SUMMARY -- 11. HMG SECURITY-RELATED DOCUMENTS -- HMG SECURITY POLICY FRAMEWORK -- THE NATIONAL SECURITY STRATEGY -- CONTEST, THE UNITED KINGDOM'S STRATEGY FOR COUNTERING TERRORISM -- THE MINIMUM CYBER SECURITY STANDARD -- THE UK CYBER SECURITY STRATEGY 2016-2021 -- UK GOVERNMENT SECURITY CLASSIFICATIONS -- SUMMARY -- APPENDIX A -- TAXONOMIES AND DESCRIPTIONS -- INFORMATION RISK -- TYPICAL IMPACTS OR CONSEQUENCES -- APPENDIX B -- TYPICAL THREATS AND HAZARDS -- MALICIOUS INTRUSION (HACKING) -- ENVIRONMENTAL THREATS -- ERRORS AND FAILURES -- SOCIAL ENGINEERING -- MISUSE AND ABUSE -- PHYSICAL THREATS -- MALWARE -- APPENDIX C -- TYPICAL VULNERABILITIES -- ACCESS CONTROL -- POOR PROCEDURES -- PHYSICAL AND ENVIRONMENTAL SECURITY -- COMMUNICATIONS AND OPERATIONS MANAGEMENT -- PEOPLE-RELATED SECURITY FAILURES -- APPENDIX D -- INFORMATION RISK CONTROLS -- STRATEGIC CONTROLS -- TACTICAL CONTROLS -- OPERATIONAL CONTROLS -- THE CENTRE FOR INTERNET SECURITY CONTROLS VERSION 8 -- ISO/IEC 27001:2017 CONTROLS -- NIST SPECIAL PUBLICATION 800-53 REVISION 5 -- APPENDIX E -- METHODOLOGIES, GUIDELINES AND TOOLS -- METHODOLOGIES -- OTHER GUIDELINES AND TOOLS -- APPENDIX F -- TEMPLATES -- APPENDIX G -- HMG CYBERSECURITY GUIDELINES -- HMG CYBER ESSENTIALS SCHEME -- 10 STEPS TO CYBER SECURITY -- APPENDIX H -- REFERENCES AND FURTHER READING -- PRIMARY UK LEGISLATION -- GOOD PRACTICE GUIDELINES -- OTHER REFERENCE MATERIAL -- NCSC CERTIFIED PROFESSIONAL SCHEME -- OTHER UK GOVERNMENT PUBLICATIONS -- RISK MANAGEMENT METHODOLOGIES -- UK AND INTERNATIONAL STANDARDS -- APPENDIX I -- DEFINITIONS, STANDARDS AND GLOSSARY OF TERMS -- DEFINITIONS AND GLOSSARY OF TERMS -- INFORMATION RISK MANAGEMENT STANDARDS -- INDEX -- Back cover. | |
520 | |a Information risk management (IRM) is about identifying, assessing, prioritising and treating risks to keep information secure and available. This book provides practical guidance to the principles and development of a strategic approach to an IRM programme. The only textbook for the BCS Practitioner Certificate in Information Risk Management. | ||
650 | 0 | |a Information technology |x Management. |0 http://id.loc.gov/authorities/subjects/sh2008006980 | |
650 | 0 | |a Risk management. |0 http://id.loc.gov/authorities/subjects/sh85114200 | |
650 | 6 | |a Technologie de l'information |x Gestion. | |
650 | 6 | |a Gestion du risque. | |
650 | 7 | |a risk management. |2 aat | |
650 | 7 | |a Information technology |x Management |2 fast | |
650 | 7 | |a Risk management |2 fast | |
776 | 0 | 8 | |i Print version: |z 1780175728 |z 9781780175720 |w (OCoLC)1263287470 |
856 | 1 | |l FWS01 |p ZDB-4-EBA |q FWS_PDA_EBA |u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=3043915 |3 Volltext | |
856 | 1 | |l CBO01 |p ZDB-4-EBA |q FWS_PDA_EBA |u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=3043915 |3 Volltext | |
938 | |a YBP Library Services |b YANK |n 17644153 | ||
938 | |a EBSCOhost |b EBSC |n 3043915 | ||
994 | |a 92 |b GEBAY | ||
912 | |a ZDB-4-EBA |
Datensatz im Suchindex
DE-BY-FWS_katkey | ZDB-4-EBA-on1269317467 |
---|---|
_version_ | 1813901706848632832 |
adam_text | |
any_adam_object | |
author | SUTTON, DAVID |
author_facet | SUTTON, DAVID |
author_role | |
author_sort | SUTTON, DAVID |
author_variant | d s ds |
building | Verbundindex |
bvnumber | localFWS |
callnumber-first | H - Social Science |
callnumber-label | HD30 |
callnumber-raw | HD30.2 |
callnumber-search | HD30.2 |
callnumber-sort | HD 230.2 |
callnumber-subject | HD - Industries, Land Use, Labor |
collection | ZDB-4-EBA |
contents | Cover -- CONTENTS -- LIST OF FIGURES AND TABLES -- AUTHOR -- OTHER WORKS BY THE AUTHOR -- ACKNOWLEDGEMENTS -- ABBREVIATIONS -- PREFACE -- 1. THE NEED FOR INFORMATION RISK MANAGEMENT -- WHAT IS INFORMATION? -- WHO SHOULD USE INFORMATION RISK MANAGEMENT? -- THE LEGAL FRAMEWORK -- THE CONTEXT OF RISK IN THE ORGANISATION -- HOT TOPICS TO CONSIDER IN INFORMATION RISK MANAGEMENT -- THE BENEFITS OF TAKING ACCOUNT OF INFORMATION RISK -- OVERVIEW OF THE INFORMATION RISK MANAGEMENT PROCESS -- SUMMARY -- 2. REVIEW OF INFORMATION SECURITY FUNDAMENTALS -- INFORMATION CLASSIFICATION -- PLAN-DO-CHECK-ACT -- SUMMARY -- 3. THE INFORMATION RISK MANAGEMENT PROGRAMME -- GOALS, SCOPE AND OBJECTIVES -- ROLES AND RESPONSIBILITIES -- GOVERNANCE OF THE RISK MANAGEMENT PROGRAMME -- INFORMATION RISK MANAGEMENT CRITERIA -- SUMMARY -- 4. RISK IDENTIFICATION -- THE RISK IDENTIFICATION PROCESS -- THE APPROACH TO RISK IDENTIFICATION -- IMPACT ASSESSMENT -- SUMMARY -- 5. THREAT AND VULNERABILITY ASSESSMENT -- CONDUCTING THREAT ASSESSMENTS -- CONDUCTING VULNERABILITY ASSESSMENTS -- IDENTIFICATION OF EXISTING CONTROLS -- SUMMARY -- 6. RISK ANALYSIS AND RISK EVALUATION -- ASSESSMENT OF LIKELIHOOD -- RISK ANALYSIS -- RISK EVALUATION -- SUMMARY -- 7. RISK TREATMENT -- STRATEGIC RISK OPTIONS -- TACTICAL RISK MANAGEMENT CONTROLS -- OPERATIONAL RISK MANAGEMENT CONTROLS -- EXAMPLES OF CRITICAL CONTROLS AND CONTROL CATEGORIES -- SUMMARY -- 8. RISK REPORTING AND PRESENTATION -- BUSINESS CASES -- RISK TREATMENT DECISION-MAKING -- RISK TREATMENT PLANNING AND IMPLEMENTATION -- BUSINESS CONTINUITY AND DISASTER RECOVERY -- DISASTER RECOVERY FAILOVER TESTING -- SUMMARY -- 9. COMMUNICATION, CONSULTATION, MONITORING AND REVIEW -- SKILLS REQUIRED FOR AN INFORMATION RISK PROGRAMME MANAGER -- COMMUNICATION -- CONSULTATION -- RISK REVIEWS AND MONITORING -- SUMMARY. 10. THE NCSC CERTIFIED PROFESSIONAL SCHEME -- SFIA -- THE CIISEC SKILLS FRAMEWORK -- SUMMARY -- 11. HMG SECURITY-RELATED DOCUMENTS -- HMG SECURITY POLICY FRAMEWORK -- THE NATIONAL SECURITY STRATEGY -- CONTEST, THE UNITED KINGDOM'S STRATEGY FOR COUNTERING TERRORISM -- THE MINIMUM CYBER SECURITY STANDARD -- THE UK CYBER SECURITY STRATEGY 2016-2021 -- UK GOVERNMENT SECURITY CLASSIFICATIONS -- SUMMARY -- APPENDIX A -- TAXONOMIES AND DESCRIPTIONS -- INFORMATION RISK -- TYPICAL IMPACTS OR CONSEQUENCES -- APPENDIX B -- TYPICAL THREATS AND HAZARDS -- MALICIOUS INTRUSION (HACKING) -- ENVIRONMENTAL THREATS -- ERRORS AND FAILURES -- SOCIAL ENGINEERING -- MISUSE AND ABUSE -- PHYSICAL THREATS -- MALWARE -- APPENDIX C -- TYPICAL VULNERABILITIES -- ACCESS CONTROL -- POOR PROCEDURES -- PHYSICAL AND ENVIRONMENTAL SECURITY -- COMMUNICATIONS AND OPERATIONS MANAGEMENT -- PEOPLE-RELATED SECURITY FAILURES -- APPENDIX D -- INFORMATION RISK CONTROLS -- STRATEGIC CONTROLS -- TACTICAL CONTROLS -- OPERATIONAL CONTROLS -- THE CENTRE FOR INTERNET SECURITY CONTROLS VERSION 8 -- ISO/IEC 27001:2017 CONTROLS -- NIST SPECIAL PUBLICATION 800-53 REVISION 5 -- APPENDIX E -- METHODOLOGIES, GUIDELINES AND TOOLS -- METHODOLOGIES -- OTHER GUIDELINES AND TOOLS -- APPENDIX F -- TEMPLATES -- APPENDIX G -- HMG CYBERSECURITY GUIDELINES -- HMG CYBER ESSENTIALS SCHEME -- 10 STEPS TO CYBER SECURITY -- APPENDIX H -- REFERENCES AND FURTHER READING -- PRIMARY UK LEGISLATION -- GOOD PRACTICE GUIDELINES -- OTHER REFERENCE MATERIAL -- NCSC CERTIFIED PROFESSIONAL SCHEME -- OTHER UK GOVERNMENT PUBLICATIONS -- RISK MANAGEMENT METHODOLOGIES -- UK AND INTERNATIONAL STANDARDS -- APPENDIX I -- DEFINITIONS, STANDARDS AND GLOSSARY OF TERMS -- DEFINITIONS AND GLOSSARY OF TERMS -- INFORMATION RISK MANAGEMENT STANDARDS -- INDEX -- Back cover. |
ctrlnum | (OCoLC)1269317467 |
dewey-full | 658.4038 |
dewey-hundreds | 600 - Technology (Applied sciences) |
dewey-ones | 658 - General management |
dewey-raw | 658.4038 |
dewey-search | 658.4038 |
dewey-sort | 3658.4038 |
dewey-tens | 650 - Management and auxiliary services |
discipline | Wirtschaftswissenschaften |
format | Electronic eBook |
fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>05574cam a2200445M 4500</leader><controlfield tag="001">ZDB-4-EBA-on1269317467</controlfield><controlfield tag="003">OCoLC</controlfield><controlfield tag="005">20240705115654.0</controlfield><controlfield tag="006">m o d </controlfield><controlfield tag="007">cr |n|||||||||</controlfield><controlfield tag="008">210928s2021 xx o 0|| 0 eng d</controlfield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">YDX</subfield><subfield code="b">eng</subfield><subfield code="c">YDX</subfield><subfield code="d">N$T</subfield><subfield code="d">OCLCF</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">UPM</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">ESU</subfield><subfield code="d">OCLCO</subfield><subfield code="d">TMA</subfield><subfield code="d">OCLCQ</subfield></datafield><datafield tag="019" ind1=" " ind2=" "><subfield code="a">1269481317</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781780175744</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1780175744</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">1780175728</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">9781780175720</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1269317467</subfield><subfield code="z">(OCoLC)1269481317</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">HD30.2</subfield></datafield><datafield tag="082" ind1="7" ind2=" "><subfield code="a">658.4038</subfield><subfield code="2">23</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">MAIN</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">SUTTON, DAVID.</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">INFORMATION RISK MANAGEMENT</subfield><subfield code="h">[electronic resource] :</subfield><subfield code="b">a practitioner's guide.</subfield></datafield><datafield tag="260" ind1=" " ind2=" "><subfield code="a">[S.l.] :</subfield><subfield code="b">BCS, THE CHARTERED INSTIT,</subfield><subfield code="c">2021.</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">Cover -- CONTENTS -- LIST OF FIGURES AND TABLES -- AUTHOR -- OTHER WORKS BY THE AUTHOR -- ACKNOWLEDGEMENTS -- ABBREVIATIONS -- PREFACE -- 1. THE NEED FOR INFORMATION RISK MANAGEMENT -- WHAT IS INFORMATION? -- WHO SHOULD USE INFORMATION RISK MANAGEMENT? -- THE LEGAL FRAMEWORK -- THE CONTEXT OF RISK IN THE ORGANISATION -- HOT TOPICS TO CONSIDER IN INFORMATION RISK MANAGEMENT -- THE BENEFITS OF TAKING ACCOUNT OF INFORMATION RISK -- OVERVIEW OF THE INFORMATION RISK MANAGEMENT PROCESS -- SUMMARY -- 2. REVIEW OF INFORMATION SECURITY FUNDAMENTALS -- INFORMATION CLASSIFICATION -- PLAN-DO-CHECK-ACT -- SUMMARY -- 3. THE INFORMATION RISK MANAGEMENT PROGRAMME -- GOALS, SCOPE AND OBJECTIVES -- ROLES AND RESPONSIBILITIES -- GOVERNANCE OF THE RISK MANAGEMENT PROGRAMME -- INFORMATION RISK MANAGEMENT CRITERIA -- SUMMARY -- 4. RISK IDENTIFICATION -- THE RISK IDENTIFICATION PROCESS -- THE APPROACH TO RISK IDENTIFICATION -- IMPACT ASSESSMENT -- SUMMARY -- 5. THREAT AND VULNERABILITY ASSESSMENT -- CONDUCTING THREAT ASSESSMENTS -- CONDUCTING VULNERABILITY ASSESSMENTS -- IDENTIFICATION OF EXISTING CONTROLS -- SUMMARY -- 6. RISK ANALYSIS AND RISK EVALUATION -- ASSESSMENT OF LIKELIHOOD -- RISK ANALYSIS -- RISK EVALUATION -- SUMMARY -- 7. RISK TREATMENT -- STRATEGIC RISK OPTIONS -- TACTICAL RISK MANAGEMENT CONTROLS -- OPERATIONAL RISK MANAGEMENT CONTROLS -- EXAMPLES OF CRITICAL CONTROLS AND CONTROL CATEGORIES -- SUMMARY -- 8. RISK REPORTING AND PRESENTATION -- BUSINESS CASES -- RISK TREATMENT DECISION-MAKING -- RISK TREATMENT PLANNING AND IMPLEMENTATION -- BUSINESS CONTINUITY AND DISASTER RECOVERY -- DISASTER RECOVERY FAILOVER TESTING -- SUMMARY -- 9. COMMUNICATION, CONSULTATION, MONITORING AND REVIEW -- SKILLS REQUIRED FOR AN INFORMATION RISK PROGRAMME MANAGER -- COMMUNICATION -- CONSULTATION -- RISK REVIEWS AND MONITORING -- SUMMARY.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">10. THE NCSC CERTIFIED PROFESSIONAL SCHEME -- SFIA -- THE CIISEC SKILLS FRAMEWORK -- SUMMARY -- 11. HMG SECURITY-RELATED DOCUMENTS -- HMG SECURITY POLICY FRAMEWORK -- THE NATIONAL SECURITY STRATEGY -- CONTEST, THE UNITED KINGDOM'S STRATEGY FOR COUNTERING TERRORISM -- THE MINIMUM CYBER SECURITY STANDARD -- THE UK CYBER SECURITY STRATEGY 2016-2021 -- UK GOVERNMENT SECURITY CLASSIFICATIONS -- SUMMARY -- APPENDIX A -- TAXONOMIES AND DESCRIPTIONS -- INFORMATION RISK -- TYPICAL IMPACTS OR CONSEQUENCES -- APPENDIX B -- TYPICAL THREATS AND HAZARDS -- MALICIOUS INTRUSION (HACKING) -- ENVIRONMENTAL THREATS -- ERRORS AND FAILURES -- SOCIAL ENGINEERING -- MISUSE AND ABUSE -- PHYSICAL THREATS -- MALWARE -- APPENDIX C -- TYPICAL VULNERABILITIES -- ACCESS CONTROL -- POOR PROCEDURES -- PHYSICAL AND ENVIRONMENTAL SECURITY -- COMMUNICATIONS AND OPERATIONS MANAGEMENT -- PEOPLE-RELATED SECURITY FAILURES -- APPENDIX D -- INFORMATION RISK CONTROLS -- STRATEGIC CONTROLS -- TACTICAL CONTROLS -- OPERATIONAL CONTROLS -- THE CENTRE FOR INTERNET SECURITY CONTROLS VERSION 8 -- ISO/IEC 27001:2017 CONTROLS -- NIST SPECIAL PUBLICATION 800-53 REVISION 5 -- APPENDIX E -- METHODOLOGIES, GUIDELINES AND TOOLS -- METHODOLOGIES -- OTHER GUIDELINES AND TOOLS -- APPENDIX F -- TEMPLATES -- APPENDIX G -- HMG CYBERSECURITY GUIDELINES -- HMG CYBER ESSENTIALS SCHEME -- 10 STEPS TO CYBER SECURITY -- APPENDIX H -- REFERENCES AND FURTHER READING -- PRIMARY UK LEGISLATION -- GOOD PRACTICE GUIDELINES -- OTHER REFERENCE MATERIAL -- NCSC CERTIFIED PROFESSIONAL SCHEME -- OTHER UK GOVERNMENT PUBLICATIONS -- RISK MANAGEMENT METHODOLOGIES -- UK AND INTERNATIONAL STANDARDS -- APPENDIX I -- DEFINITIONS, STANDARDS AND GLOSSARY OF TERMS -- DEFINITIONS AND GLOSSARY OF TERMS -- INFORMATION RISK MANAGEMENT STANDARDS -- INDEX -- Back cover.</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Information risk management (IRM) is about identifying, assessing, prioritising and treating risks to keep information secure and available. This book provides practical guidance to the principles and development of a strategic approach to an IRM programme. The only textbook for the BCS Practitioner Certificate in Information Risk Management.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Information technology</subfield><subfield code="x">Management.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh2008006980</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Risk management.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh85114200</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Technologie de l'information</subfield><subfield code="x">Gestion.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Gestion du risque.</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">risk management.</subfield><subfield code="2">aat</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Information technology</subfield><subfield code="x">Management</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Risk management</subfield><subfield code="2">fast</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Print version:</subfield><subfield code="z">1780175728</subfield><subfield code="z">9781780175720</subfield><subfield code="w">(OCoLC)1263287470</subfield></datafield><datafield tag="856" ind1="1" ind2=" "><subfield code="l">FWS01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=3043915</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="856" ind1="1" ind2=" "><subfield code="l">CBO01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=3043915</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">YBP Library Services</subfield><subfield code="b">YANK</subfield><subfield code="n">17644153</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBSCOhost</subfield><subfield code="b">EBSC</subfield><subfield code="n">3043915</subfield></datafield><datafield tag="994" ind1=" " ind2=" "><subfield code="a">92</subfield><subfield code="b">GEBAY</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield></record></collection> |
id | ZDB-4-EBA-on1269317467 |
illustrated | Not Illustrated |
indexdate | 2024-10-25T15:51:10Z |
institution | BVB |
isbn | 9781780175744 1780175744 |
language | English |
oclc_num | 1269317467 |
open_access_boolean | |
owner | MAIN |
owner_facet | MAIN |
physical | 1 online resource |
psigel | ZDB-4-EBA |
publishDate | 2021 |
publishDateSearch | 2021 |
publishDateSort | 2021 |
publisher | BCS, THE CHARTERED INSTIT, |
record_format | marc |
spelling | SUTTON, DAVID. INFORMATION RISK MANAGEMENT [electronic resource] : a practitioner's guide. [S.l.] : BCS, THE CHARTERED INSTIT, 2021. 1 online resource Cover -- CONTENTS -- LIST OF FIGURES AND TABLES -- AUTHOR -- OTHER WORKS BY THE AUTHOR -- ACKNOWLEDGEMENTS -- ABBREVIATIONS -- PREFACE -- 1. THE NEED FOR INFORMATION RISK MANAGEMENT -- WHAT IS INFORMATION? -- WHO SHOULD USE INFORMATION RISK MANAGEMENT? -- THE LEGAL FRAMEWORK -- THE CONTEXT OF RISK IN THE ORGANISATION -- HOT TOPICS TO CONSIDER IN INFORMATION RISK MANAGEMENT -- THE BENEFITS OF TAKING ACCOUNT OF INFORMATION RISK -- OVERVIEW OF THE INFORMATION RISK MANAGEMENT PROCESS -- SUMMARY -- 2. REVIEW OF INFORMATION SECURITY FUNDAMENTALS -- INFORMATION CLASSIFICATION -- PLAN-DO-CHECK-ACT -- SUMMARY -- 3. THE INFORMATION RISK MANAGEMENT PROGRAMME -- GOALS, SCOPE AND OBJECTIVES -- ROLES AND RESPONSIBILITIES -- GOVERNANCE OF THE RISK MANAGEMENT PROGRAMME -- INFORMATION RISK MANAGEMENT CRITERIA -- SUMMARY -- 4. RISK IDENTIFICATION -- THE RISK IDENTIFICATION PROCESS -- THE APPROACH TO RISK IDENTIFICATION -- IMPACT ASSESSMENT -- SUMMARY -- 5. THREAT AND VULNERABILITY ASSESSMENT -- CONDUCTING THREAT ASSESSMENTS -- CONDUCTING VULNERABILITY ASSESSMENTS -- IDENTIFICATION OF EXISTING CONTROLS -- SUMMARY -- 6. RISK ANALYSIS AND RISK EVALUATION -- ASSESSMENT OF LIKELIHOOD -- RISK ANALYSIS -- RISK EVALUATION -- SUMMARY -- 7. RISK TREATMENT -- STRATEGIC RISK OPTIONS -- TACTICAL RISK MANAGEMENT CONTROLS -- OPERATIONAL RISK MANAGEMENT CONTROLS -- EXAMPLES OF CRITICAL CONTROLS AND CONTROL CATEGORIES -- SUMMARY -- 8. RISK REPORTING AND PRESENTATION -- BUSINESS CASES -- RISK TREATMENT DECISION-MAKING -- RISK TREATMENT PLANNING AND IMPLEMENTATION -- BUSINESS CONTINUITY AND DISASTER RECOVERY -- DISASTER RECOVERY FAILOVER TESTING -- SUMMARY -- 9. COMMUNICATION, CONSULTATION, MONITORING AND REVIEW -- SKILLS REQUIRED FOR AN INFORMATION RISK PROGRAMME MANAGER -- COMMUNICATION -- CONSULTATION -- RISK REVIEWS AND MONITORING -- SUMMARY. 10. THE NCSC CERTIFIED PROFESSIONAL SCHEME -- SFIA -- THE CIISEC SKILLS FRAMEWORK -- SUMMARY -- 11. HMG SECURITY-RELATED DOCUMENTS -- HMG SECURITY POLICY FRAMEWORK -- THE NATIONAL SECURITY STRATEGY -- CONTEST, THE UNITED KINGDOM'S STRATEGY FOR COUNTERING TERRORISM -- THE MINIMUM CYBER SECURITY STANDARD -- THE UK CYBER SECURITY STRATEGY 2016-2021 -- UK GOVERNMENT SECURITY CLASSIFICATIONS -- SUMMARY -- APPENDIX A -- TAXONOMIES AND DESCRIPTIONS -- INFORMATION RISK -- TYPICAL IMPACTS OR CONSEQUENCES -- APPENDIX B -- TYPICAL THREATS AND HAZARDS -- MALICIOUS INTRUSION (HACKING) -- ENVIRONMENTAL THREATS -- ERRORS AND FAILURES -- SOCIAL ENGINEERING -- MISUSE AND ABUSE -- PHYSICAL THREATS -- MALWARE -- APPENDIX C -- TYPICAL VULNERABILITIES -- ACCESS CONTROL -- POOR PROCEDURES -- PHYSICAL AND ENVIRONMENTAL SECURITY -- COMMUNICATIONS AND OPERATIONS MANAGEMENT -- PEOPLE-RELATED SECURITY FAILURES -- APPENDIX D -- INFORMATION RISK CONTROLS -- STRATEGIC CONTROLS -- TACTICAL CONTROLS -- OPERATIONAL CONTROLS -- THE CENTRE FOR INTERNET SECURITY CONTROLS VERSION 8 -- ISO/IEC 27001:2017 CONTROLS -- NIST SPECIAL PUBLICATION 800-53 REVISION 5 -- APPENDIX E -- METHODOLOGIES, GUIDELINES AND TOOLS -- METHODOLOGIES -- OTHER GUIDELINES AND TOOLS -- APPENDIX F -- TEMPLATES -- APPENDIX G -- HMG CYBERSECURITY GUIDELINES -- HMG CYBER ESSENTIALS SCHEME -- 10 STEPS TO CYBER SECURITY -- APPENDIX H -- REFERENCES AND FURTHER READING -- PRIMARY UK LEGISLATION -- GOOD PRACTICE GUIDELINES -- OTHER REFERENCE MATERIAL -- NCSC CERTIFIED PROFESSIONAL SCHEME -- OTHER UK GOVERNMENT PUBLICATIONS -- RISK MANAGEMENT METHODOLOGIES -- UK AND INTERNATIONAL STANDARDS -- APPENDIX I -- DEFINITIONS, STANDARDS AND GLOSSARY OF TERMS -- DEFINITIONS AND GLOSSARY OF TERMS -- INFORMATION RISK MANAGEMENT STANDARDS -- INDEX -- Back cover. Information risk management (IRM) is about identifying, assessing, prioritising and treating risks to keep information secure and available. This book provides practical guidance to the principles and development of a strategic approach to an IRM programme. The only textbook for the BCS Practitioner Certificate in Information Risk Management. Information technology Management. http://id.loc.gov/authorities/subjects/sh2008006980 Risk management. http://id.loc.gov/authorities/subjects/sh85114200 Technologie de l'information Gestion. Gestion du risque. risk management. aat Information technology Management fast Risk management fast Print version: 1780175728 9781780175720 (OCoLC)1263287470 FWS01 ZDB-4-EBA FWS_PDA_EBA https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=3043915 Volltext CBO01 ZDB-4-EBA FWS_PDA_EBA https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=3043915 Volltext |
spellingShingle | SUTTON, DAVID INFORMATION RISK MANAGEMENT a practitioner's guide. Cover -- CONTENTS -- LIST OF FIGURES AND TABLES -- AUTHOR -- OTHER WORKS BY THE AUTHOR -- ACKNOWLEDGEMENTS -- ABBREVIATIONS -- PREFACE -- 1. THE NEED FOR INFORMATION RISK MANAGEMENT -- WHAT IS INFORMATION? -- WHO SHOULD USE INFORMATION RISK MANAGEMENT? -- THE LEGAL FRAMEWORK -- THE CONTEXT OF RISK IN THE ORGANISATION -- HOT TOPICS TO CONSIDER IN INFORMATION RISK MANAGEMENT -- THE BENEFITS OF TAKING ACCOUNT OF INFORMATION RISK -- OVERVIEW OF THE INFORMATION RISK MANAGEMENT PROCESS -- SUMMARY -- 2. REVIEW OF INFORMATION SECURITY FUNDAMENTALS -- INFORMATION CLASSIFICATION -- PLAN-DO-CHECK-ACT -- SUMMARY -- 3. THE INFORMATION RISK MANAGEMENT PROGRAMME -- GOALS, SCOPE AND OBJECTIVES -- ROLES AND RESPONSIBILITIES -- GOVERNANCE OF THE RISK MANAGEMENT PROGRAMME -- INFORMATION RISK MANAGEMENT CRITERIA -- SUMMARY -- 4. RISK IDENTIFICATION -- THE RISK IDENTIFICATION PROCESS -- THE APPROACH TO RISK IDENTIFICATION -- IMPACT ASSESSMENT -- SUMMARY -- 5. THREAT AND VULNERABILITY ASSESSMENT -- CONDUCTING THREAT ASSESSMENTS -- CONDUCTING VULNERABILITY ASSESSMENTS -- IDENTIFICATION OF EXISTING CONTROLS -- SUMMARY -- 6. RISK ANALYSIS AND RISK EVALUATION -- ASSESSMENT OF LIKELIHOOD -- RISK ANALYSIS -- RISK EVALUATION -- SUMMARY -- 7. RISK TREATMENT -- STRATEGIC RISK OPTIONS -- TACTICAL RISK MANAGEMENT CONTROLS -- OPERATIONAL RISK MANAGEMENT CONTROLS -- EXAMPLES OF CRITICAL CONTROLS AND CONTROL CATEGORIES -- SUMMARY -- 8. RISK REPORTING AND PRESENTATION -- BUSINESS CASES -- RISK TREATMENT DECISION-MAKING -- RISK TREATMENT PLANNING AND IMPLEMENTATION -- BUSINESS CONTINUITY AND DISASTER RECOVERY -- DISASTER RECOVERY FAILOVER TESTING -- SUMMARY -- 9. COMMUNICATION, CONSULTATION, MONITORING AND REVIEW -- SKILLS REQUIRED FOR AN INFORMATION RISK PROGRAMME MANAGER -- COMMUNICATION -- CONSULTATION -- RISK REVIEWS AND MONITORING -- SUMMARY. 10. THE NCSC CERTIFIED PROFESSIONAL SCHEME -- SFIA -- THE CIISEC SKILLS FRAMEWORK -- SUMMARY -- 11. HMG SECURITY-RELATED DOCUMENTS -- HMG SECURITY POLICY FRAMEWORK -- THE NATIONAL SECURITY STRATEGY -- CONTEST, THE UNITED KINGDOM'S STRATEGY FOR COUNTERING TERRORISM -- THE MINIMUM CYBER SECURITY STANDARD -- THE UK CYBER SECURITY STRATEGY 2016-2021 -- UK GOVERNMENT SECURITY CLASSIFICATIONS -- SUMMARY -- APPENDIX A -- TAXONOMIES AND DESCRIPTIONS -- INFORMATION RISK -- TYPICAL IMPACTS OR CONSEQUENCES -- APPENDIX B -- TYPICAL THREATS AND HAZARDS -- MALICIOUS INTRUSION (HACKING) -- ENVIRONMENTAL THREATS -- ERRORS AND FAILURES -- SOCIAL ENGINEERING -- MISUSE AND ABUSE -- PHYSICAL THREATS -- MALWARE -- APPENDIX C -- TYPICAL VULNERABILITIES -- ACCESS CONTROL -- POOR PROCEDURES -- PHYSICAL AND ENVIRONMENTAL SECURITY -- COMMUNICATIONS AND OPERATIONS MANAGEMENT -- PEOPLE-RELATED SECURITY FAILURES -- APPENDIX D -- INFORMATION RISK CONTROLS -- STRATEGIC CONTROLS -- TACTICAL CONTROLS -- OPERATIONAL CONTROLS -- THE CENTRE FOR INTERNET SECURITY CONTROLS VERSION 8 -- ISO/IEC 27001:2017 CONTROLS -- NIST SPECIAL PUBLICATION 800-53 REVISION 5 -- APPENDIX E -- METHODOLOGIES, GUIDELINES AND TOOLS -- METHODOLOGIES -- OTHER GUIDELINES AND TOOLS -- APPENDIX F -- TEMPLATES -- APPENDIX G -- HMG CYBERSECURITY GUIDELINES -- HMG CYBER ESSENTIALS SCHEME -- 10 STEPS TO CYBER SECURITY -- APPENDIX H -- REFERENCES AND FURTHER READING -- PRIMARY UK LEGISLATION -- GOOD PRACTICE GUIDELINES -- OTHER REFERENCE MATERIAL -- NCSC CERTIFIED PROFESSIONAL SCHEME -- OTHER UK GOVERNMENT PUBLICATIONS -- RISK MANAGEMENT METHODOLOGIES -- UK AND INTERNATIONAL STANDARDS -- APPENDIX I -- DEFINITIONS, STANDARDS AND GLOSSARY OF TERMS -- DEFINITIONS AND GLOSSARY OF TERMS -- INFORMATION RISK MANAGEMENT STANDARDS -- INDEX -- Back cover. Information technology Management. http://id.loc.gov/authorities/subjects/sh2008006980 Risk management. http://id.loc.gov/authorities/subjects/sh85114200 Technologie de l'information Gestion. Gestion du risque. risk management. aat Information technology Management fast Risk management fast |
subject_GND | http://id.loc.gov/authorities/subjects/sh2008006980 http://id.loc.gov/authorities/subjects/sh85114200 |
title | INFORMATION RISK MANAGEMENT a practitioner's guide. |
title_auth | INFORMATION RISK MANAGEMENT a practitioner's guide. |
title_exact_search | INFORMATION RISK MANAGEMENT a practitioner's guide. |
title_full | INFORMATION RISK MANAGEMENT [electronic resource] : a practitioner's guide. |
title_fullStr | INFORMATION RISK MANAGEMENT [electronic resource] : a practitioner's guide. |
title_full_unstemmed | INFORMATION RISK MANAGEMENT [electronic resource] : a practitioner's guide. |
title_short | INFORMATION RISK MANAGEMENT |
title_sort | information risk management a practitioner s guide |
title_sub | a practitioner's guide. |
topic | Information technology Management. http://id.loc.gov/authorities/subjects/sh2008006980 Risk management. http://id.loc.gov/authorities/subjects/sh85114200 Technologie de l'information Gestion. Gestion du risque. risk management. aat Information technology Management fast Risk management fast |
topic_facet | Information technology Management. Risk management. Technologie de l'information Gestion. Gestion du risque. risk management. Information technology Management Risk management |
url | https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=3043915 |
work_keys_str_mv | AT suttondavid informationriskmanagementapractitionersguide |