|
Information Security Risk Analysis, Second Edition | 
| Author: Thomas R. Peltier
Publisher: Auerbach Publications
Category: Book
List Price: $83.95
Buy New: $60.00
You Save: $23.95 (29%)
New (17) Used (7) from $59.99
Avg. Customer Rating:  11 reviews
Sales Rank: 69477
Media: Hardcover
Edition: 2
Number Of Items: 1
Pages: 360
Shipping Weight (lbs): 1.4
Dimensions (in): 9.1 x 6.2 x 0.9
ISBN: 0849333466
Dewey Decimal Number: 005.8
EAN: 9780849333460
ASIN: 0849333466
Publication Date: April 26, 2005
Availability: Usually ships in 1-2 business days
|
| Also Available In:
|
| Accessories:
|
| Similar Items:
|
| Editorial Reviews:
Product Description
The risk management process supports executive decision-making, allowing managers and owners to perform their fiduciary responsibility of protecting the assets of their enterprises. This crucial process should not be a long, drawn-out affair. To be effective, it must be done quickly and efficiently. PInformation Security Risk Analysis, Second Edition enables CIOs, CSOs, and MIS managers to understand when, why, and how risk assessments and analyses can be conducted effectively. This book discusses the principle of risk management and its three key elements: risk analysis, risk assessment, and vulnerability assessment. It examines the differences between quantitative and qualitative risk assessment, and details how various types of qualitative risk assessment can be applied to the assessment process. The text offers a thorough discussion of recent changes to FRAAP and the need to develop a pre-screening method for risk assessment and business impact analysis. ---------------------Features--------------------- Analyzes risk analysis, risk assessment, and vulnerability assessments Introduces System Development Life Cycle (SDLC) and Business Process Life Cycle (BPLC), and integrates risk analysis and assessment into these processes Discusses the need to develop a standard set of controls, and details how to apply regulations such as GLBA, HIPPA, SOX, ISO 17799, and others Explains how to use qualitative risk assessment concepts and FRAAP to conduct business impact analyses and determine information classification requirements Contains samples of forms, controls, policies, letters, and spreadsheets needed to complete the risk analysis and assessment processes
|
| Customer Reviews: Read 6 more reviews...
 What? Are you managing risk? July 26, 2007
2 out of 3 found this review helpful
As a corporate leader and IT leader, I need proven methodlogy and opinion from experienced leadership. "This crucial process should not be a long, drawn-out affair." What?! This is an essential capability of corporate leadership. "To be effective, it must be done quickly and efficiently." Okay... Let's look at what the risk management process is and, today, consider that it transcends business and requires managers and executives who - just perhaps - grew up in the information age. They cannot rely on the work of those who did not, and/or are trying to market a product. Lead the way leaders of the future. Protect your business by understanding and managing it yourselves instead of following people who want to sell you books and make money off of your business core competence. It takes real leadership from informed management who did more than read a book. Understand issues, solve problems, hire people/leaders who know how to handle risk from all vectors and retain the talent that preserves the future of your business. Listen to them. Challenge them. Build a system that manages your risk. Maybe this book offers something, but be your best counsel.
 Great resource July 17, 2007
An excellent resource on risk analysis techniques and methodolgies. The breadth and depth of coverage fits a wide range of audience. I work in information security and found the concepts and details very very helpful and ones I could relate to in my work. The organization of the chapters and overall book is very logical and facilitates overall readability. I wuld highly recommend this book to anyone working in any aspect of risk assessment/management. br /br /2 thumbs up!
 Good... November 4, 2005
5 out of 9 found this review helpful
After reading a large number of security books and papers, you come to an uncanny realization: if an author does not misspell HIPAA in his entire work, he's gotta be good! But then again, if a guy was a CSO when I was just finishing my elementary school, I am sure he knows something about security...br /br /Here is what I have to say about this title: it is good, but pretty dry. And I happen to hate dry books. However, I am willing to make an exception for this one, since it is a management book about security risk. It won't teach you how to hack, scan, exploit or protect and firewall, but rather how to define, document, manage, organize and facilitate.br /br /I would recommend the book for those involved with formal risk assessment for organizations. Admittedly, I do not fit this profile myself, but I enjoyed it since the author presents a somewhat novel approach to security risk assessment (called FRAAP) and I was curious about it. I also liked the section on mapping controls, such as HIPAA to ISO17799, etc.br /br /Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior" and a contributor to "Know Your Enemy II" and the upcoming "Hacker's Challenge III". In his spare time, he maintains his security portal info-secure.org and his blog at O'Reilly. His next book will be about security log analysis.br /
AWESOME!!! July 7, 2005
4 out of 9 found this review helpful
This is a great book about risk. Very valuable. Written in a clear and easy to understand style.br /br /A bargain at 5 times the price. You can't get this info and data anywhere else.
 Proper content, horrible writing April 13, 2005
10 out of 11 found this review helpful
After having read the book, I was left with a mixed feeling. The content of the book is OK. Not special, just OK. If this book changed your way of thinking about risk, then this is probably one of your first books you read on the subject. I give the book content 4 stars, since it's decent, easy to follow and fairly complete. Besides that, the author included three good articles at the end of the book, one of which (by Caroline Hamilton) is particularly well-written.br /br /Now for the style. I can only agree with one of the other reviewers regarding the comment he made about proofreading the book. I wonder if the book was proofread at all. There are so many errors and annoyances in this book, it starts working on my nerves fairly quickly. To name but a few:br /br /br /The writer contradicts himself on several occasions. Sometimes this gets hilarious:br /- Page 30: [The cost/benefit analysis] is the most important step of any risk analysis process.br /- Page 35: As discussed in the previous example, the scope statement is the most important element of the risk analysis process.br /- Page 39: The most important element of any risk analysis process is the recommendations of controls and safeguards... etc etc.br /br /br /I understand that mister O'Leary is his mentor, but don't tell me five $%^$@ times that he is the Director of the Education Resource Center (pages ix, 12, 13, 65, 66).br /br /br /The spelling errors are a real pain in the butt:br /br /- page 217: "Aurebach" instead of "Auerbach" (my favorite; it's his own publisher).br /- page 16: "can shared" instead of "can be shared"br /- page 36: ".appropriate" instead of "appropriate"br /- page 43: "their role" instead of "his role"br /- page 45: "control" instead of "risk" (last word on the page)br /- page 46: "these" instead of "there"br /- page 47: "guideline" instead of "guidelines"br /- page 55: "their" instead of "its" (it refers back to "job")br /- page 64: wrong comma usagebr /- page 71: "in" instead of "it"br /- .....br /- page 162: "Originizational" instead of "Organizational"br /- page 217: "Ozierz's" instead of "Ozier's"br /br /br /The writer uses the Ctrl+C and Ctrl+V too many times. Definitions should be reworded, not blindly copied. See pages 7 and 57, pages 47 and 72 etc.br /br /Sometimes bulleted items in the same list have a trailing dot, sometimes they haven't.br /br /I can go on and on.br /br /To wrap it up, the writing gets 1 star. Equals 5 stars. Which will be rounded to 2 stars, simply because of his sloppy writing. If the writing were better, I might give it 3 or 4 stars.
|
|
|
| |
