CONTENTS

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Previous Chapter

ABOUT THE AUTHORS

CONTENTS

Introduction

Chapter 1: Risk Management

Risk management: two phases

Enterprise risk management

Chapter 2: Risk Assessment Methodologies

Publicly available risk assessment standards

Qualitative versus quantitative

Quantitative risk analysis

Qualitative risk analysis – the ISO27001 approach

Other risk assessment methodologies

Chapter 3: Risk Management Objectives

Risk acceptance or tolerance

Information security risk management objectives

Risk management and PDCA

Chapter 4: Roles and Responsibilities

Senior management commitment

The (lead) risk assessor

Other roles and responsibilities

Chapter 5: Risk Assessment Software

Gap analysis tools

Vulnerability assessment tools

Penetration testing

Risk assessment tools

Risk assessment tool descriptions

Chapter 6: Information Security Policy and Scoping

Information security policy

Scope of the ISMS

Chapter 7: The ISO27001 Risk Assessment

Overview of the risk assessment process

Chapter 8: Information Assets

Assets within the scope

Grouping of assets

Asset dependencies

Sensitivity classification

Are vendors assets?

What about duplicate copies and backups?

Identification of existing controls

Chapter 9: Threats and Vulnerabilities

Vulnerabilities

Technical vulnerabilities

Chapter 10: Impact and Asset Valuation

Defining impact

Estimating impact

The asset valuation table

Business, legal and contractual impact values

Reputation damage

Chapter 11: Likelihood

Information to support assessments

Chapter 12: Risk Level

Boundary calculations

Mid-point calculations

Chapter 13: Risk Treatment and the Selection of Controls

Types of controls

Risk assessment and existing controls

Optimising the solution

Chapter 14: The Statement of Applicability

Drafting the Statement of Applicability

Chapter 15: The Gap Analysis and Risk Treatment Plan

Risk Treatment Plan

Chapter 16: Repeating and Reviewing the Risk Assessment

Appendix 1: Carrying out an ISO27001 Risk Assessment using vsRisk™

How the tool actually works

Training requirements

Start using vsRisk™ for your risk assessment

Identify the assets

Identify the risks

Assess the risks

Identify and evaluate options for the treatment of risks

Select control objectives and controls for treatment of the risks

Appendix 2: ISO27001 Implementation Resources

Books by the Same Authors

ITG Resources

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.