Information Security Risk Analysis, Second Edition

INTRODUCTION
Frequently asked questions
Conclusion

RISK MANAGEMENT
Overview
Risk Management as Part of the Business Process
Employee Roles and Responsibilities
Information Security Life Cycle
Risk Analysis Process
Risk Assessment
Cost-Benefit Analysis
Risk Mitigation
Final Thoughts

RISK ASSESSMENT PROCESS
Introduction
Risk Assessment Process
Information Is an Asset
Risk Assessment Methodology
Final Thoughts

QUANTITATIVE VERSUS QUALITATIVE RISK
ASSESSMENT
Introduction
Quantitative and Qualitative Pros and Cons
Qualitative Risk Assessment Basics
Qualitative Risk Assessment Using Tables
The 30-Minute Risk Assessment
Conclusion

OTHER FORMS OF QUALITATIVE RISK ASSESSMENT
Introduction
Hazard Impact Analysis
Questionnaires
Single Time Loss Algorithm
Conclusion

FACILITATED RISK ANALYSIS AND ASSESSMENT
PROCESS (FRAAP)
Introduction
FRAAP Overview
Why The FRAAP Was Created
Introducing the FRAAP to Your Organization
Conclusion

VARIATIONS ON THE FRAAP
Overview
Infrastructure FRAAP
Conclusion

MAPPING CONTROLS
Controls Overview
Creating Your Controls List
Control List Examples

BUSINESS IMPACT ANALYSIS (BIA)
Overview
Creating a BIA Process

CONCLUSION

Appendix A: Sample Risk Assessment Management Summary Report

Appendix B: Terms and Definitions

Appendix C: Bibliography