Contents

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Previous Chapter

List of figures and tables

CONTENTS

List of figures and tables

Other works by the author

Acknowledgements

1. THE NEED FOR INFORMATION RISK MANAGEMENT

What is information?

Who should use information risk management?

The legal framework

The context of risk in the organisation

Hot topics to consider in information risk management

The benefits of taking account of information risk

Overview of the information risk management process

2. REVIEW OF INFORMATION SECURITY FUNDAMENTALS

Information classification

Plan-Do-Check-Act

3. THE INFORMATION RISK MANAGEMENT PROGRAMME

Goals, scope and objectives

Roles and responsibilities

Governance of the risk management programme

Information risk management criteria

4. RISK IDENTIFICATION

The risk identification process

The approach to risk identification

Impact assessment

5. THREAT AND VULNERABILITY ASSESSMENT

Conducting threat assessments

Conducting vulnerability assessments

Identification of existing controls

6. RISK ANALYSIS AND RISK EVALUATION

Assessment of likelihood

Risk evaluation

7. RISK TREATMENT

Strategic risk options

Tactical risk management controls

Operational risk management controls

Examples of critical controls and control categories

8. RISK REPORTING AND PRESENTATION

Risk treatment decision-making

Risk treatment planning and implementation

Business continuity and disaster recovery

Disaster recovery failover testing

9. COMMUNICATION, CONSULTATION, MONITORING AND REVIEW

Skills required for an information risk programme manager

Risk reviews and monitoring

10. THE NCSC CERTIFIED PROFESSIONAL SCHEME

The CIISec skills framework

11. HMG SECURITY-RELATED DOCUMENTS

HMG Security Policy Framework

The National Security Strategy

CONTEST, the United Kingdom’s Strategy for Countering Terrorism

The Minimum Cyber Security Standard

The UK Cyber Security Strategy 2016–

UK government security classifications

APPENDIX A – TAXONOMIES AND DESCRIPTIONS

Information risk

Typical impacts or consequences

APPENDIX B – TYPICAL THREATS AND HAZARDS

Malicious intrusion (hacking)

Environmental threats

Errors and failures

Social engineering

Misuse and abuse

Physical threats

APPENDIX C – TYPICAL VULNERABILITIES

Poor procedures

Physical and environmental security

Communications and operations management

People-related security failures

APPENDIX D – INFORMATION RISK CONTROLS

Strategic controls

Tactical controls

Operational controls

The Centre for Internet Security Controls Version

ISO/IEC 27001:2017 controls

NIST Special Publication 800-53 Revision

APPENDIX E – METHODOLOGIES, GUIDELINES AND TOOLS

Other guidelines and tools

APPENDIX F – TEMPLATES

APPENDIX G – HMG CYBERSECURITY GUIDELINES

HMG Cyber Essentials Scheme

10 Steps to Cyber Security

APPENDIX H – REFERENCES AND FURTHER READING

Primary UK legislation

Good Practice Guidelines

Other reference material

NCSC Certified Professional Scheme

Other UK government publications

Risk management methodologies

UK and international standards

APPENDIX I – DEFINITIONS, STANDARDS AND GLOSSARY OF TERMS

Definitions and glossary of terms

Information risk management standards

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.