Home Page Icon
Home Page
Table of Contents for
Information Security Risk Management for ISO27001 / ISO27002
Close
Information Security Risk Management for ISO27001 / ISO27002
by Steve Watkins, Alan Calder
Information Security Risk Management for ISO27001/ISO27002
Information Security Risk Management for ISO27001 / ISO27002
ABOUT THE AUTHORS
CONTENTS
INTRODUCTION
CHAPTER 1: RISK MANAGEMENT9
Risk management: two phases
Enterprise risk management
Turnbull Guidance
Basel 2
COSO
CHAPTER 2: RISK ASSESSMENT METHODOLOGIES
Publicly available risk assessment standards
Qualitative versus quantitative
Quantitative risk analysis
Qualitative risk analysis – the ISO27001 approach
Other risk assessment methodologies
CRAMM
OCTAVE
IRAM, SARA, SPRINT and FIRM
Other methodologies
CHAPTER 3: RISK MANAGEMENT OBJECTIVES
Risk acceptance or tolerance
Information security risk management objectives
Information security controls and return on investment (ROI)
Risk management and PDCA
PDCA and the risk acceptance criteria
CHAPTER 4: ROLES AND RESPONSIBILITIES
Senior management commitment
The (lead) risk assessor
Other roles and responsibilities
CHAPTER 5: RISK ASSESSMENT SOFTWARE
Gap analysis tools
Vulnerability assessment tools
Penetration testing
Risk assessment tools
Risk assessment tool descriptions31
Conclusions
CHAPTER 6: INFORMATION SECURITY POLICY AND SCOPING36
Information security policy
Scope of the ISMS
CHAPTER 7: THE ISO27001 RISK ASSESSMENT
Overview of the risk assessment process
CHAPTER 8: INFORMATION ASSETS
Assets within the scope
Asset classes
Grouping of assets
Asset dependencies
Asset owners43
Sensitivity classification
Are vendors assets?
What about duplicate copies and backups?
Identification of existing controls
CHAPTER 9: THREATS AND VULNERABILITIES
Threats
Vulnerabilities
Technical vulnerabilities
CHAPTER 10: IMPACT AND ASSET VALUATION
Impacts
Defining impact
Estimating impact
The asset valuation table
Business, legal and contractual impact values
Reputation damage
Direct description approach
Coverage approach
CHAPTER 11: LIKELIHOOD
Risk analysis
Information to support assessments
CHAPTER 12: RISK LEVEL
The risk scale
Boundary calculations
Mid-point calculations
CHAPTER 13: RISK TREATMENT AND THE SELECTION OF CONTROLS
Types of controls
Risk assessment and existing controls
Residual risk
Risk transfer
Optimising the solution
CHAPTER 14: THE STATEMENT OF APPLICABILITY
Drafting the Statement of Applicability
Introduction
Statement of Applicability
A.5.1.1 Information Security Policy
A.6.1.1 Management commitment to information security
A.6.1.2 The Steering Group
A.9.2.1 Equipment siting and protection
A.10.8.4 Physical media in transit
CHAPTER 15: THE GAP ANALYSIS AND RISK TREATMENT PLAN
Gap analysis
Risk Treatment Plan
CHAPTER 16: REPEATING AND REVIEWING THE RISK ASSESSMENT
APPENDIX 1: CARRYING OUT AN ISO27001 RISK ASSESSMENT USING VSRISK™
How the tool actually works
Training requirements
Start using vsRisk™ for your risk assessment
Identify the assets
Identify the risks
Assess the risks
Identify and evaluate options for the treatment of risks
Select control objectives and controls for treatment of the risks
APPENDIX 2: ISO27001 IMPLEMENTATION RESOURCES
Information and advice
Certification bodies and other organisations
vsRisk™
The Documentation Toolkit
Information security standards ISO27001, ISO27002, ISO27005 and BS7799-3
ISO27001 consultancy
ISO27001 training courses
ISO27001 implementation manuals from ITGP
BOOKS BY THE SAME AUTHORS
Books by Alan Calder and Steve G Watkins
Books by Alan Calder
Books by Steve G Watkins
ITG RESOURCES
Other Websites
Pocket Guides
Toolkits
Best Practice Reports
Best Practice Reports
Training and Consultancy
Newsletter
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Information Security Risk Management for ISO27001 / ISO27002
Next
Next Chapter
Information Security Risk Management for ISO27001 / ISO27002
Information Security Risk Management for ISO27001 / ISO27002
ALAN CALDER
STEVE G WATKINS
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset