Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Cover Title Page Copyright Page Brief Contents Contents Dedication Preface Acknowledgments About the Authors CHAPTER 1 Risk Management Fundamentals
What Is Risk?
Compromise of Business Functions Threats, Vulnerabilities, Assets, and Impact
Classify Business Risks
Risks Posed by People Risks Posed by a Lack of Process Risks Posed by Technology
Risk Identification Techniques
Identifying Threats Identifying Vulnerabilities Assessing Impact and Likelihood
Risk Management Process
Cost-Benefit Analysis Profitability Versus Survivability
Risk-Handling Strategies
Avoiding Sharing or Transferring Mitigating Accepting Residual Risk
CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 1 ASSESSMENT
CHAPTER 2 Managing Risk: Threats, Vulnerabilities, and Exploits
Understanding and Protecting Assets Understanding and Managing Threats
Uncontrollable Nature of Threats Unintentional Threats Intentional Threats Best Practices for Managing Risk Within an IT Infrastructure EY Global Information Security Survey 2018–2019
Understanding and Managing Vulnerabilities
Threat/Vulnerability Pairs Vulnerabilities Can Be Mitigated Mitigation Techniques Best Practices for Managing Vulnerabilities Within an IT Infrastructure
Understanding and Managing Exploits
What Is an Exploit? How Do Perpetrators Initiate an Exploit? Where Do Perpetrators Find Information About Vulnerabilities and Exploits? Mitigation Techniques Best Practices for Managing Exploits Within an IT Infrastructure
U.S. Federal Government Risk Management Initiatives
National Institute of Standards and Technology Department of Homeland Security National Cybersecurity and Communications Integration Center U.S. Computer Emergency Readiness Team The MITRE Corporation and the CVE List
CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 2 ASSESSMENT
CHAPTER 3 Understanding and Maintaining Compliance
U.S. Compliance Laws
Federal Information Security Modernization Act Health Insurance Portability and Accountability Act Gramm-Leach-Bliley Act Sarbanes-Oxley Act Family Educational Rights and Privacy Act Children’s Internet Protection Act Children’s Online Privacy Protection Act
Regulations Related to Compliance
Securities and Exchange Commission Federal Deposit Insurance Corporation Department of Homeland Security Federal Trade Commission State Attorney General U.S. Attorney General
Organizational Policies for Compliance Standards and Guidelines for Compliance
Payment Card Industry Data Security Standard National Institute of Standards and Technology Generally Accepted Information Security Principles Control Objectives for Information and Related Technology International Organization for Standardization International Electrotechnical Commission Information Technology Infrastructure Library Capability Maturity Model Integration General Data Protection Regulation Department of Defense Information Assurance Certification and Accreditation Process
CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 3 ASSESSMENT
CHAPTER 4 Developing a Risk Management Plan
Objectives of a Risk Management Plan
Objectives Example: Website Objectives Example: HIPAA Compliance
Scope of a Risk Management Plan
Scope Example: Website Scope Example: HIPAA Compliance
Assigning Responsibilities
Responsibilities Example: Website Responsibilities Example: HIPAA Compliance
Describing Procedures and Schedules for Accomplishment
Procedures Example: Website Procedures Example: HIPAA Compliance
Reporting Requirements
Presenting Recommendations Documenting Management Response to Recommendations Documenting and Tracking Implementation of Accepted Recommendations
Plan of Action and Milestones Charting the Progress of a Risk Management Plan
Milestone Plan Chart Gantt Chart Critical Path Chart
Steps of the NIST Risk Management Framework CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 4 ASSESSMENT
CHAPTER 5 Defining Risk Assessment Approaches
Understanding Risk Assessments
Importance of Risk Assessments Purpose of a Risk Assessment
Critical Components of a Risk Assessment
Identifying Scope Identifying Critical Areas Identifying Team Members
Types of Risk Assessments
Quantitative Risk Assessments Qualitative Risk Assessments Comparing Quantitative and Qualitative Risk Assessments
Risk Assessment Challenges
Using a Static Process to Evaluate a Moving Target Availability of Resources and Data Data Consistency Estimating Impact Effects Providing Results That Support Resource Allocation and Risk Acceptance
Best Practices for Risk Assessment CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 5 ASSESSMENT
CHAPTER 6 Performing a Risk Assessment
Selecting a Risk Assessment Methodology
Defining the Assessment Reviewing Previous Findings
Identifying the Management Structure Identifying Assets and Activities Within Risk Assessment Boundaries
System Access and Availability System Functions Hardware and Software Assets Personnel Assets Data and Information Assets Facilities and Supplies
Identifying and Evaluating Relevant Threats
Reviewing Historical Data Performing Threat Modeling
Identifying and Evaluating Relevant Vulnerabilities
Vulnerability Assessments Exploit Assessments
Identifying and Evaluating Controls
In-Place and Planned Controls Control Categories
Selecting a Methodology Based on Assessment Needs
Quantitative Method Qualitative Method
Developing Mitigating Recommendations
Threat/Vulnerability Pairs Estimate of Cost and Time to Implement Estimate of Operational Impact Cost-Benefit Analysis
Presenting Risk Assessment Results Best Practices for Performing Risk Assessments CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 6 ASSESSMENT
CHAPTER 7 Identifying Assets and Activities to Be Protected
System Access and Availability System Functions: Manual and Automated
Manual Methods Automated Methods
Hardware Assets Software Assets Personnel Assets Data and Information Assets
Organization Customer Intellectual Property Data Warehousing and Data Mining
Asset and Inventory Management Within the Seven Domains of a Typical IT Infrastructure
User Domain Workstation Domain LAN Domain LAN-to-WAN Domain WAN Domain Remote Access Domain System/Application Domain
Identifying Facilities and Supplies Needed to Maintain Business Operations
Mission-Critical Systems and Applications Identification Business Impact Analysis Planning Business Continuity Planning Disaster Recovery Planning Business Liability Insurance Planning Asset Replacement Insurance Planning
CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 7 ASSESSMENT
CHAPTER 8 Identifying and Analyzing Threats, Vulnerabilities, and Exploits
Threat Assessments
Techniques for Identifying Threats Best Practices for Threat Assessments Within the Seven Domains of a Typical IT Infrastructure
Vulnerability Assessments
Review of Documentation Review of System Logs, Audit Trails, and Intrusion Detection and Prevention System Outputs Vulnerability Scans and Other Assessment Tools Audits and Personnel Interviews Process Analysis and Output Analysis System Testing Best Practices for Performing Vulnerability Assessments Within the Seven Domains of a Typical IT Infrastructure
Exploit Assessments
Identifying Exploits Mitigating Exploits with a Gap Analysis and Remediation Plan Implementing Configuration or Change Management Verifying and Validating the Exploit Has Been Mitigated Best Practices for Performing Exploit Assessments Within an IT Infrastructure
CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 8 ASSESSMENT
CHAPTER 9 Identifying and Analyzing Risk Mitigation Security Controls
In-Place Controls Planned Controls
Control Categories NIST Control Families
Procedural Control Examples
Policies and Procedures Security Plans Insurance and Bonding Background and Financial Checks Data Loss Prevention Program Education, Training, and Awareness Rules of Behavior Software Testing
Technical Control Examples
Logon Identifier Session Time-Out System Logs and Audit Trails Data Range and Reasonableness Checks Firewalls and Routers Encryption Public Key Infrastructure
Physical Control Examples
Locked Doors, Guards, Access Logs, and Closed-Circuit Television Fire Detection and Suppression Water Detection Temperature and Humidity Detection Electrical Grounding and Circuit Breakers
Best Practices for Risk Mitigation Security Controls CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 9 ASSESSMENT
CHAPTER 10 Planning Risk Mitigation Throughout an Organization
Where Should an Organization Start with Risk Mitigation? What Is the Scope of Risk Management for an Organization?
Critical Business Operations Customer Service Delivery Mission-Critical Business Systems, Applications, and Data Access Seven Domains of a Typical IT Infrastructure Information Systems Security Gap
Understanding and Assessing the Impact of Legal and Compliance Issues on an Organization
Legal Requirements, Compliance Laws, Regulations, and Mandates Assessing the Impact of Legal and Compliance Issues on an Organization’s Business Operations
Translating Legal and Compliance Implications for an Organization Assessing the Impact of Legal and Compliance Implications on the Seven Domains of a Typical IT Infrastructure Assessing How Security Countermeasures, Controls, and Safeguards Can Assist With Risk Mitigation Understanding the Operational Implications of Legal and Compliance Requirements Identifying Risk Mitigation and Risk Reduction Elements for the Entire Organization Performing a Cost-Benefit Analysis Best Practices for Planning Risk Mitigation Throughout an Organization CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 10 ASSESSMENT
CHAPTER 11 Turning a Risk Assessment into a Risk Mitigation Plan
Reviewing the Risk Assessment for the IT Infrastructure
Overlapping Countermeasures Risk Assessments: Understanding Threats and Vulnerabilities Identifying Countermeasures
Translating a Risk Assessment into a Risk Mitigation Plan
Cost to Implement Time to Implement Operational Impact
Prioritizing Risk Elements That Require Risk Mitigation
Using a Threat Likelihood/Impact Matrix Prioritizing Countermeasures
Verifying Risk Elements and How They Can Be Mitigated Performing a Cost-Benefit Analysis on the Identified Risk Elements
Calculating the CBA A CBA Report
Implementing a Risk Mitigation Plan
Staying Within Budget Staying on Schedule
Following Up on the Risk Mitigation Plan
Ensuring Countermeasures Have Been Implemented Ensuring Security Gaps Have Been Closed
Best Practices for Enabling a Risk Mitigation Plan from the Risk Assessment CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 11 ASSESSMENT
CHAPTER 12 Mitigating Risk with a Business Impact Analysis
What Is a Business Impact Analysis?
Collecting Data Varying Data Collection Methods
Defining the Scope of the Business Impact Analysis Objectives of a Business Impact Analysis
Identifying Critical Business Functions Identifying Critical Resources Identifying the MAO and Impact Identifying Recovery Requirements
Steps of a Business Impact Analysis Process
Identifying the Environment Identifying Stakeholders Identifying Critical Business Functions Identifying Critical Resources Identifying the MAO Identifying Recovery Priorities Developing the BIA Report
Identifying Mission-Critical Business Functions and Processes Mapping Business Functions and Processes to IT Systems Best Practices for Performing a BIA for an Organization CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 12 ASSESSMENT
CHAPTER 13 Mitigating Risk with a Business Continuity Plan
What Is a Business Continuity Plan? Elements of a BCP
Purpose Scope Assumptions and Planning Principles System Description and Architecture Responsibilities Notification and Activation Phase Recovery Phase Reconstitution Phase (Return to Normal Operations) Plan Training, Testing, and Exercises Plan Maintenance
How Does a BCP Mitigate an Organization’s Risk? Best Practices for Implementing a BCP for an Organization CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 13 ASSESSMENT
CHAPTER 14 Mitigating Risk with a Disaster Recovery Plan
What Is a Disaster Recovery Plan?
Need for a DRP Purpose of a DRP
Critical Success Factors
What Management Must Provide What DRP Developers Need Primary Concerns Disaster Recovery Financial Budget
Elements of a DRP
Purpose Scope Disaster/Emergency Declaration Communications Emergency Response Activities Recovery Procedures Critical Operations, Customer Service, and Operations Recovery Restoration and Normalization Testing Maintenance and DRP Update
How Does a DRP Mitigate an Organization’s Risk? Best Practices for Implementing a DRP for an Organization CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 14 ASSESSMENT
CHAPTER 15 Mitigating Risk with a Computer Incident Response Team Plan
What Is a Computer Incident Response Team Plan? Purpose of a CIRT Plan Elements of a CIRT Plan
CIRT Members CIRT Policies Incident Handling Process Communication Escalation Procedures Incident Handling Procedures
How Does a CIRT Plan Mitigate an Organization’s Risk? Best Practices for Implementing a CIRT Plan for an Organization CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 15 ASSESSMENT
APPENDIX A Answer Key APPENDIX B Standard Acronyms Glossary of Key Terms References Index
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion