CONTENTS

Introduction

Chapter 1: Risk Management

Risk management: two phases

Enterprise risk management

Chapter 2: Risk Assessment Methodologies

Publicly available risk assessment standards

Qualitative versus quantitative

Quantitative risk analysis

Qualitative risk analysis – the ISO27001 approach

Other risk assessment methodologies

Chapter 3: Risk Management Objectives

Risk acceptance or tolerance

Information security risk management objectives

Risk management and PDCA

Chapter 4: Roles and Responsibilities

Senior management commitment

The (lead) risk assessor

Other roles and responsibilities

Chapter 5: Risk Assessment Software

Gap analysis tools

Vulnerability assessment tools

Penetration testing

Risk assessment tools

Risk assessment tool descriptions

Chapter 6: Information Security Policy and Scoping

Information security policy

Scope of the ISMS

Chapter 7: The ISO27001 Risk Assessment

Overview of the risk assessment process

Chapter 8: Information Assets

Assets within the scope

Grouping of assets

Asset dependencies

Asset owners

Sensitivity classification

Are vendors assets?

What about duplicate copies and backups?

Identification of existing controls

Chapter 9: Threats and Vulnerabilities

Threats

Vulnerabilities

Technical vulnerabilities

Chapter 10: Impact and Asset Valuation

Impacts

Defining impact

Estimating impact

The asset valuation table

Business, legal and contractual impact values

Reputation damage

Chapter 11: Likelihood

Risk analysis

Information to support assessments

Chapter 12: Risk Level

The risk scale

Boundary calculations

Mid-point calculations

Chapter 13: Risk Treatment and the Selection of Controls

Types of controls

Risk assessment and existing controls

Residual risk

Risk transfer

Optimising the solution

Chapter 14: The Statement of Applicability

Drafting the Statement of Applicability

Chapter 15: The Gap Analysis and Risk Treatment Plan

Gap analysis

Risk Treatment Plan

Chapter 16: Repeating and Reviewing the Risk Assessment

Appendix 1: Carrying out an ISO27001 Risk Assessment using vsRisk™

How the tool actually works

Training requirements

Start using vsRisk™ for your risk assessment

Identify the assets

Identify the risks

Assess the risks

Identify and evaluate options for the treatment of risks

Select control objectives and controls for treatment of the risks

Appendix 2: ISO27001 Implementation Resources

Books by the Same Authors

ITG Resources

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.9.172