|
 |
|
 |
 |
Information Security Risk Analysis, Second Edition
|
by Thomas R. Peltier
Sales Rank: 385493
|
List Price: $79.95
$63.96
At Amazon
|
|
Hardcover: 360 pages
Publisher: Auerbach Publications; 2 edition April 26, 2005
Language: English
ISBN-10: 0849333466
ISBN-13: 978-0849333460
Product Dimensions:
9.1 x 6.2 x 0.9 inches
Shipping Weight: 1.4 pounds
Product Review
Introduces risk analysis techniques that can be used to identify and quantify both accidental and malicious threats to computer systems within an organization.
-Sci Tech Book News, Vol. 25, No. 3, September 2001
This book has radically influenced my approach to security risk management…From the beginning this book grabs your attention…if you purchase this book for the tables and checklists alone you would be getting a bargain…If you perform security risk analysis, or business continuity or disaster recovery planning this book is 'must reading'…earns a solid 5 stars and Mr. Peltier earns my gratitude for showing me a better way.
--Mike Tarrani, on Amazon.com
--This text refers to an out of print or unavailable edition of this title.
Product Description
The risk management process supports executive decision-making, allowing managers and owners to perform their fiduciary responsibility of protecting the assets of their enterprises. This crucial process should not be a long, drawn-out affair. To be effective, it must be done quickly and efficiently. Information Security Risk Analysis, Second Edition enables CIOs, CSOs, and MIS managers to understand when, why, and how risk assessments and analyses can be conducted effectively. This book discusses the principle of risk management and its three key elements: risk analysis, risk assessment, and vulnerability assessment. It examines the differences between quantitative and qualitative risk assessment, and details how various types of qualitative risk assessment can be applied to the assessment process. The text offers a thorough discussion of recent changes to FRAAP and the need to develop a pre-screening method for risk assessment and business impact analysis.
Customer Reviews & Comments
This review is from: Information Security Risk Analysis (Paperback)
This book has radically influenced my approach to security risk management. In the past I had nothing but disdain for any qualitative approach to risk assessment, whether it was for security, project management or disaster recovery. My philosophy was that if you couldn't produce a probability curve you didn't have the full picture. The problem with that philosophy is the very people for whom you are doing the assessment typically do not care about probability curves - if they understand them at all. Mr. Peltier's approach, while not as scientific, is far more powerful because it involves all stakeholders through his unique facilitated risk analysis process (FRAP), and produces findings and assessments that are clear and easy for non-technical people to understand. His approach is also thorough and business-focused. From the beginning this book grabs your attention. By page four I was completely drawn in by his use of a life cycle of the risk analysis process, and how he closely tied it to tasks and deliverables, and quality. He explains the strengths and weaknesses of qualitative analysis, then moves into a chapter that describes his approach to performing it. This is where I became sold. The approach is comprehensive and task-oriented. Every key factor, from financial loss to legal implications, are covered and qualitatively assessed using a valuation score. This section also has numerous checklists, tables and data with which to perform the analysis. These are augmented in the next chapter on value analysis, and by the time I finished it I was not only "sold", but a proponent of this approach. The heart of this book and approach is the facilitated risk analysis process that extends the process to a team of stakeholders. The value is that the business itself is an active participant and assumes ownership of the findings, deliverables and action plan. I contrasted this with my past approach and saw that one of the reasons why assessments done by "experts" were difficult to move into the implementation phase is because the so-called beneficiaries of the work couldn't relate to the reasons or importance. Using Mr. Peltier's approach, information security becomes everyone's responsibility - an ideal situation in the eyes of any security professional. The remainder of the book is filled with case studies and more tables and checklists. In fact, if you purchased this book for the tables and checklists alone you would be getting a bargain. My only complaint is these were not provided in electronic format as well. If you perform information security risk analysis, or business continuity or disaster recovery planning this book is "must reading". Others outside of the primary audience who will find this book valuable include project managers (the qualitative risk approach will be equally effective in project planning and control), and facilities managers. This book earns a solid 5 stars and Mr. Peltier earns my gratitude for showing me a better way.
|
Information Security Risk Analysis, Second Edition
List Price: $79.95
Available from Amazon
Price: $63.96
| |
|
|
|
|
