Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Title page Table of Contents Copyright Acknowledgments by Jack Jones About the Authors Preface by Jack Jones Preface by Jack Freund Chapter 1. Introduction
How much risk? The bald tire Assumptions Terminology The bald tire metaphor Risk analysis vs risk assessment Evaluating risk analysis methods Risk analysis limitations Warning—learning how to think about risk just may change your professional life Using this book
Chapter 2. Basic Risk Concepts
Possibility versus probability Prediction Subjectivity versus objectivity Precision versus accuracy
Chapter 3. The FAIR Risk Ontology
Decomposing risk Loss event frequency Threat event frequency Contact frequency Probability of action Vulnerability Threat capability Difficulty Loss magnitude Primary loss magnitude Secondary risk Secondary loss event frequency Secondary loss magnitude Ontological flexibility
Chapter 4. FAIR Terminology
Risk terminology Threat Threat community Threat profiling Vulnerability event Primary and secondary stakeholders Loss flow Forms of loss
Chapter 5. Measurement
Measurement as reduction in uncertainty Measurement as expressions of uncertainty But we don’t have enough data…and neither does anyone else Calibration Equivalent bet test
Chapter 6. Analysis Process
The tools necessary to apply the FAIR risk model How to apply the FAIR risk model Process flow Scenario building The analysis scope Expert estimation and PERT Monte Carlo engine Levels of abstraction
Chapter 7. Interpreting Results
What do these numbers mean? (How to interpret FAIR results) Understanding the results table Vulnerability Percentiles Understanding the histogram Understanding the scatter plot Qualitative scales Heatmaps Splitting heatmaps Splitting by organization Splitting by loss type Special risk conditions Unstable conditions Fragile conditions Troubleshooting results
Chapter 8. Risk Analysis Examples
Overview Inappropriate access privileges Privileged insider/snooping/confidentiality Privileged insider/malicious/confidentiality Cyber criminal/malicious/confidentiality Unencrypted internal network traffic Privileged insider/confidentiality Nonprivileged insider/malicious Cyber criminal/malicious Website denial of service Analysis Basic attacker/availability
Chapter 9. Thinking about Risk Scenarios Using FAIR
The boyfriend Security vulnerabilities Web application risk Contractors Production data in test environments Password security Basic Risk Analysis Project prioritization Smart compliance Going into business Chapter summary
Chapter 10. Common Mistakes
Mistake categories Checking results Scoping Data Variable confusion Mistaking TEF for LEF Mistaking response loss for productivity loss Confusing secondary loss with primary loss Confusing reputation damage with Competitive Advantage loss Vulnerability analysis
Chapter 11. Controls
Overview High-level control categories Asset-level controls Variance controls Decision-making controls Control wrap up
Chapter 12. Risk Management
Common questions What we mean by “risk management” Decisions, decisions Solution selection A systems view of risk management
Chapter 13. Information Security Metrics
Current state of affairs Metric value proposition Beginning with the end in mind Missed opportunities
Chapter 14. Implementing Risk Management
Overview A FAIR-based risk management maturity model Governance, risks, and compliance Risk frameworks Root cause analysis Third-party risk Ethics In closing
Index
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion