CHAPTER 1: Introduction
CHAPTER 2: Information Security Risk Management
CHAPTER 3: Definitions
CHAPTER 4: Asset Owners
CHAPTER 5: Overview of the Risk Assessment Process
CHAPTER 6: Asset Identification
Asset classes
Grouping of assets
Asset dependencies
Sensitivity classification
CHAPTER 7: Threats and Vulnerabilities
Threats
Vulnerabilities
CHAPTER 8: Asset Valuation
The asset valuation table
Likelihood
CHAPTER 9: Risk Level
CHAPTER 10: Risk Treatment and Control Selection
Types of controls
Risk reduction
Risk assessment and existing controls
Residual risk
CHAPTER 11: Statement of Applicability and Risk Treatment Plan
The Statement of Applicability
Risk Treatment Plan
CHAPTER 12: Reviewing the Risk Assessment