In order to protect companys information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments. Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored. Information Security Risk Assessments gives you the tools and skills to get a quick, reliable, and thorough risk assessment for key stakeholders. Based on authors experiences of real-world assessments, reports, and presentations Focuses on implementing a process, rather than theory, that allows you to derive a quick and valuable assessment Includes a companion web site with spreadsheets you can utilize to create and maintain the risk assessment Table of Contents Chapter 1: Information Security Risk Assessments Chapter 2: A Practical Approach Chapter 3: Data Collection Chapter 4: Data Analysis Chapter 5: Risk Assessment Chapter 6: Risk Prioritization and Treatment Chapter 7: Reporting Chapter 8: Maintenance and Wrap Up
Index Terms
- Information Security Risk Assessment Toolkit: Practical Assessments through Data Collection and Data Analysis
Recommendations
Taxonomy of information security risk assessment (ISRA)
Information is a perennially significant business asset in all organizations. Therefore, it must be protected as any other valuable asset. This is the objective of information security, and an information security program provides this kind of ...
Development of an E-Healthcare Information Security Risk Assessment Method
This paper developed a method to assess information security risks in e-healthcare. Specifically, it first developed a static E-Healthcare Information Security Risk EHISR model to present thirty-three security risk factors by identifying information ...