𝔖 Scriptorium
✦   LIBER   ✦
πŸ“

Information security risk management for ISO 27001/ISO 27002

✍ Scribed by Alan Calder

Year
2019
Tongue
English
Leaves
181
Edition
Third
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Table of Contents

Cover
Title
Copyright
About The Authors
Contents
Introduction
Chapter 1: Risk management
Risk management: two phases
Enterprise risk management
Chapter 2: Risk assessment methodologies
Publicly available risk assessment standards
Qualitative versus quantitative
Quantitative risk analysis
Qualitative risk analysis
Chapter 3: Risk management objectives
Risk acceptance or tolerance
Information security risk management objectives
Risk management and process models
Chapter 4: Roles and responsibilities
Senior management commitment
The ( lead) risk assessor
Other roles and responsibilities
Chapter 5: Risk assessment software
Gap analysis tools
Vulnerability assessment tools
Penetration testing
Risk assessment tools
Risk assessment tool descriptions
Chapter 6: Information security policy and scoping
Information security policy
Scope of the ISMS
Chapter 7: The ISO 27001 risk assessment
Overview of the risk assessment process
Chapter 8: Information assets
Assets within the scope
Grouping of assets
Asset dependencies
Asset owners
Sensitivity classification
Are vendors assets?
What about duplicate copies and backups?
Identification of existing controls
Chapter 9: Threats and vulnerabilities
Threats
Vulnerabilities
Technical vulnerabilities
Chapter 10: Scenario-based risk assessment
Chapter 11: Impact, including asset valuation
Impacts
Defining impact
Estimating impact
The asset valuation table
Business, legal and contractual impact values
Reputational damage
Chapter 12: Likelihood
Risk analysis
Information to support assessments
Chapter 13: Risk level
The risk scale
Boundary calculations
Mid- point calculations
Chapter 14: Risk treatment and the selection of controls
Types of controls
Risk assessment and existing controls
Residual risk
Risk sharing
Optimising the solution
Chapter 15: The Statement of Applicability
Drafting the Statement of Applicability
Chapter 16: The gap analysis and risk treatment plan
Gap analysis
Risk treatment plan
Chapter 17: Repeating and reviewing the risk assessment
Appendix 1: vsRisk Cloud
Appendix 2: ISO 27001 implementation resources
Appendix 3: Books by the same authors
Further reading

πŸ“œ SIMILAR VOLUMES

Information Security Risk Management: Ri
πŸ“ Information Security Risk Management: Risikomanagement mit ISO/IEC 27001, 27005 und 31010
✍ Sebastian Klipper (auth.) πŸ“‚ Library πŸ“… 2011 πŸ› Vieweg+Teubner 🌐 German

Auf dem Weg zu einer Zertifizierung nach ISO/IEC 27001 muss jedes Unternehmen ein Risikomanagementsystem einfΓΌhren. Hierzu gehΓΆrt es, Risiken festzustellen und festzulegen, wie mit ihnen umgegangen werden soll. Nicht zuletzt geht es darum, eine leistungsfΓ€hige Risikokommunikation zu etablieren. WΓ€hr

Information Security Risk Management: Ri
πŸ“ Information Security Risk Management: Risikomanagement mit ISO/IEC 27001, 27005 und 31010
✍ Sebastian Klipper (auth.) πŸ“‚ Library πŸ“… 2015 πŸ› Vieweg+Teubner Verlag 🌐 German

<p><p>Das Buch fasst alle Sachverhalte zum Risikomanagement zusammen, verbindet sie mit anderen Informationsquellen und umrahmt sie mit vielen Praxistipps, 38 Abbildungen und Tabellen und 14 Fallbeispielen. Wer mit ISO/IEC 27005 arbeiten mΓΆchte, fΓΌr den reicht der unkommentierte Blick in den Standar

[ISO/IEC 27701:2019] Security techniques
πŸ“ [ISO/IEC 27701:2019] Security techniques β€” Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management β€” Requirements and guidelines
✍ ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection πŸ“‚ Library πŸ“… 2019 πŸ› ISO, IEC 🌐 English

This document specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization