Information Risk Management
A practitioner's guide
Published on 26. November 2014
Book
Paperback/Softback
242 pages
978-1-78017-265-1 (ISBN)
Description
Information risk management (IRM) is about identifying, assessing and prioritising risks to keep information secure and available. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. It also includes a chapter on applying IRM in the public sector. It is the only textbook for the BCS Practitioner Certificate in Information Risk Management.
Reviews / Votes
Anyone wishing to become an InfoSec risk management practitioner MUST purchase this book. David has produced an extremely useful and readable book for those entering this discipline and indeed those practitioners wishing to have an invaluable reference resource sitting on their bookshelf. I highly recommended it. -- John Hughes * Director, SecID Consultants * Information is the 21st century's new gold and protecting such a volatile asset is a tremendous challenge. This book provides many keys to understanding important concepts and possible approaches for mitigating the associated risks. -- Lionel Dupre * Networks and Information Security Expert at ENISA * This book is a well written and illustrated throughout, covering the subject area to a sufficient level of detail for both novices and experienced practitioners requiring a refresher. A very practical and complete guide to managing risks within an organisation. -- Mehmet HurerMore details
Language
English
Place of publication
Swindon
United Kingdom
Publishing group
BCS Learning & Development Limited
Target group
Professional and scholarly
Dimensions
Height: 244 mm
Width: 170 mm
ISBN-13
978-1-78017-265-1 (9781780172651)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Other editions
New editions
Book
09/2021
2nd Edition
BCS, The Chartered Institute for IT
€47.80
Shipment within 3-4 weeks
E-Book
09/2021
2nd Edition
BCS, The Chartered Institute for IT
€51.99
Available for download
Person
David Sutton's career in IT spans nearly 50 years and includes voice and data networking, information security and critical information infrastructure protection. He delivers an annual lecture on business continuity at Royal Holloway University of London from where he holds an MSc in Information Security. He is also a co-author of Information Security Management Principles (2nd edition).
Content
Preface
Definitions, Standards and Glossary of Terms
1. The need
for information risk management
2. Review of
information security fundamentals
3. The
information risk management programme
4. Risk
identification
5. Threat
and vulnerability assessment
6. Risk analysis
and risk evaluation
7. Risk
treatment
8. Risk
reporting and presentation
9. Communication,
consultation, monitoring and review
10. The CESG
IA Certification scheme
11. HMG
Security-related documents
12. Appendix A
- Taxonomies and descriptions
13. Appendix B
- Typical threats and hazards
14. Appendix C
- Typical vulnerabilities
15. Appendix D
- Information Risk Controls
16. Appendix E
- Methodologies, guidelines and tools
17. Appendix F
- Templates
18. Appendix G
- HMG cyber security guidelines
19. References
and further reading
Definitions, Standards and Glossary of Terms
1. The need
for information risk management
2. Review of
information security fundamentals
3. The
information risk management programme
4. Risk
identification
5. Threat
and vulnerability assessment
6. Risk analysis
and risk evaluation
7. Risk
treatment
8. Risk
reporting and presentation
9. Communication,
consultation, monitoring and review
10. The CESG
IA Certification scheme
11. HMG
Security-related documents
12. Appendix A
- Taxonomies and descriptions
13. Appendix B
- Typical threats and hazards
14. Appendix C
- Typical vulnerabilities
15. Appendix D
- Information Risk Controls
16. Appendix E
- Methodologies, guidelines and tools
17. Appendix F
- Templates
18. Appendix G
- HMG cyber security guidelines
19. References
and further reading