|
|
|||
|
||||
OverviewAll organizations face risks to information and information assets. Many organizations seek to identify and control those risks, usually as part of a structured approach to information security risk management. Risk assessment is at the heart of risk management, and the two together form the core competences of information security management. ISO27001 specifies a series of steps that must form part of the risk assessment. While a number of people in the organization will have a role to play in respect of risk assessment, these steps include a specific role for what the standard describes as asset owners . This book covers: * Information Security Risk Management * Definitions * Asset Owners * Overview of the Risk Assessment Process * Asset Identification * Threats and Vulnerabilities * Asset Valuation * Risk Level * Risk Treatment and Control * Statement of Applicability and Risk Treatment Plan * Reviewing the Risk Assessment Full Product DetailsAuthor: Alan Calder , Steve WatkinsPublisher: IT Governance Publishing Imprint: IT Governance Publishing Dimensions: Width: 9.50cm , Height: 0.20cm , Length: 16.50cm Weight: 0.045kg ISBN: 9781905356263ISBN 10: 1905356269 Pages: 42 Publication Date: 09 May 2007 Audience: Professional and scholarly , Professional & Vocational Format: Paperback Publisher's Status: Out of Print Availability: Out of stock Table of ContentsReviewsAuthor InformationAlan Calder is the founder director of IT Governance Ltd (www.itgovernance.co.uk), an information, advice and consultancy firm that helps companies tackle governance, risk management, compliance and information security issues. He has many years of senior management and board-level experience in the private and public sectors. The company's website is a 'one-stop-shop' for information, books, tools, training and consultancy on governance, risk management, compliance and information security. Steve G Watkins leads the consultancy and training services of IT Governance Ltd. In his various roles in both the public and private sectors he has been responsible for most support disciplines. He has over 17 years' experience of managing integrated management systems, including maintenance of Information Security, Quality, Environmental and Investor in People certifications. As well as being a trained ISO27001 and ISO9000 auditor Steve is a trained EFQM Assessor and holds diplomas in safety and financial management. He is Deputy Chair of the Steering Committee of the DTi ISO/IEC17799 Users Group and also sits on the Management Committee of the British Standards Society where he chairs the Management Systems Special Interest Group. Tab Content 6Author Website:Countries AvailableAll regions |