Figure 1.1 The information life cycle
Figure 1.2 The overall risk management process
Figure 2.1 The Plan-Do-Check-Act cycle
Figure 4.1 A general view of the risk environment
Figure 4.2 Typical types of information asset
Figure 4.3 Generic sequence of situation management
Figure 4.4 A simple threat, vulnerability and impact
Figure 4.5 Multiple threats can exploit the same vulnerability
Figure 4.6 A single threat can exploit multiple vulnerabilities
Figure 4.7 A typical chain of consequence
Figure 4.9 Potential losses over time following a disruptive event
Figure 4.10 Typical impact assessment form
Figure 5.1 Typical threats and hazards
Figure 5.2 Typical threat assessment form
Figure 5.3 Typical vulnerabilities
Figure 5.4 Typical vulnerability assessment form
Figure 5.5 The overall scheme of risk treatment options
Figure 5.6 Typical existing controls identification form
Figure 6.1 A typical risk matrix
Figure 6.2 An enhanced risk matrix
Figure 6.3 A typical risk register spreadsheet
Figure 7.1 The overall scheme of risk treatment options
Figure 7.2 The strategic risk management process
Figure 8.2 The generic business continuity incident timeline
Figure 8.3 Overall structure for disaster recovery
Figure 8.4 Cost versus availability
Figure A.1 An overall taxonomy of information risk
Figure A.2 Typical impacts or consequences
Figure B.1 Typical threats and hazards
Figure C.1 Typical vulnerabilities
Figure D.1 Information risk controls
Figure I.1 Concepts and relationships
Table 4.1 The general properties of detrimental situations