Measuring and managing information risk a FAIR approach
"Using the factor analysis of information risk (FAIR) methodology developed over ten years and adopted by corporations worldwide, Measuring and Managing Information Risk provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexi...
| Main Authors: | , |
|---|---|
| Format: | eBook |
| Language: | English |
| Published: |
Oxford, UK
Butterworth-Heinemann
2015
|
| Subjects: | |
| Online Access: | |
| Collection: | O'Reilly - Collection details see MPG.ReNa |
Table of Contents:
- Includes bibliographical references and index
- SUBJECTIVITY VERSUS OBJECTIVITYPRECISION VERSUS ACCURACY; Chapter 3
- The FAIR Risk Ontology; DECOMPOSING RISK; LOSS EVENT FREQUENCY; THREAT EVENT FREQUENCY; CONTACT FREQUENCY; PROBABILITY OF ACTION; VULNERABILITY; THREAT CAPABILITY; DIFFICULTY; LOSS MAGNITUDE; PRIMARY LOSS MAGNITUDE; SECONDARY RISK; SECONDARY LOSS EVENT FREQUENCY; SECONDARY LOSS MAGNITUDE; ONTOLOGICAL FLEXIBILITY; Chapter 4
- FAIR Terminology; RISK TERMINOLOGY; THREAT; THREAT COMMUNITY; THREAT PROFILING; VULNERABILITY EVENT; PRIMARY AND SECONDARY STAKEHOLDERS; LOSS FLOW; FORMS OF LOSS; Chapter 5
- Measurement
- Front Cover; Measuring and Managing Information Risk; Copyright; Contents; Acknowledgments by Jack Jones; About the Authors; Preface by Jack Jones; WHAT THIS BOOK IS NOT, AND WHAT IT IS; Preface by Jack Freund; Chapter 1
- Introduction; HOW MUCH RISK?; THE BALD TIRE; ASSUMPTIONS; TERMINOLOGY; THE BALD TIRE METAPHOR; RISK ANALYSIS VS RISK ASSESSMENT; EVALUATING RISK ANALYSIS METHODS; RISK ANALYSIS LIMITATIONS; WARNING-LEARNING HOW TO THINK ABOUT RISK JUST MAY CHANGE YOUR PROFESSIONAL LIFE; USING THIS BOOK; Chapter 2
- Basic Risk Concepts; POSSIBILITY VERSUS PROBABILITY; PREDICTION.
- MEASUREMENT AS REDUCTION IN UNCERTAINTYMEASUREMENT AS EXPRESSIONS OF UNCERTAINTY; BUT WE DON'T HAVE ENOUGH DATA ... AND NEITHER DOES ANYONE ELSE; CALIBRATION; EQUIVALENT BET TEST; Chapter 6
- Analysis Process; THE TOOLS NECESSARY TO APPLY THE FAIR RISK MODEL; HOW TO APPLY THE FAIR RISK MODEL; PROCESS FLOW; SCENARIO BUILDING; THE ANALYSIS SCOPE; EXPERT ESTIMATION AND PERT; MONTE CARLO ENGINE; LEVELS OF ABSTRACTION; Chapter 7
- Interpreting Results; WHAT DO THESE NUMBERS MEAN? (HOW TO INTERPRET FAIR RESULTS); UNDERSTANDING THE RESULTS TABLE; VULNERABILITY; PERCENTILES; UNDERSTANDING THE HISTOGRAM.
- ANALYSISBASIC ATTACKER/AVAILABILITY; Chapter 9
- Thinking about Risk Scenarios Using FAIR; THE BOYFRIEND; SECURITY VULNERABILITIES; WEB APPLICATION RISK; CONTRACTORS; PRODUCTION DATA IN TEST ENVIRONMENTS; PASSWORD SECURITY; BASIC RISK ANALYSIS; PROJECT PRIORITIZATION; SMART COMPLIANCE; Going into business; CHAPTER SUMMARY; Chapter 10
- Common Mistakes; MISTAKE CATEGORIES; CHECKING RESULTS; SCOPING; DATA; VARIABLE CONFUSION; MISTAKING TEF FOR LEF; MISTAKING RESPONSE LOSS FOR PRODUCTIVITY LOSS; CONFUSING SECONDARY LOSS WITH PRIMARY LOSS.
- UNDERSTANDING THE SCATTER PLOTQUALITATIVE SCALES; HEATMAPS; SPLITTING HEATMAPS; SPLITTING BY ORGANIZATION; SPLITTING BY LOSS TYPE; SPECIAL RISK CONDITIONS; UNSTABLE CONDITIONS; FRAGILE CONDITIONS; TROUBLESHOOTING RESULTS; Chapter 8
- Risk Analysis Examples; OVERVIEW; INAPPROPRIATE ACCESS PRIVILEGES; PRIVILEGED INSIDER/SNOOPING/CONFIDENTIALITY; PRIVILEGED INSIDER/MALICIOUS/CONFIDENTIALITY; CYBER CRIMINAL/MALICIOUS/CONFIDENTIALITY; UNENCRYPTED INTERNAL NETWORK TRAFFIC; PRIVILEGED INSIDER/CONFIDENTIALITY; NONPRIVILEGED INSIDER/MALICIOUS; CYBER CRIMINAL/MALICIOUS; WEBSITE DENIAL OF SERVICE.