Information Security Risk Analysis, Third Edition

Successful security professionals have had to modify the process of responding to new threats in the high-profile, ultra-connected business environment. But just because a threat exists does not mean that your organization is at risk. This is what risk assessment is all about. Information Security Risk Analysis, Third Edition demonstrates how to identify threats your company faces and then determine if those threats pose a real risk to your organization.

Providing access to more than 350 pages of helpful ancillary materials, this volume:

• Presents and explains the key components of risk management
• Demonstrates how the components of risk management are absolutely necessary and work in your organization and business situation
• Shows how a cost-benefit analysis is part of risk management and how this analysis is performed as part of risk mitigation
• Explains how to draw up an action plan to protect the assets of your organization when the risk assessment process concludes
• Examines the difference between a Gap Analysis and a Security or Controls Assessment
• Presents case studies and examples of all risk management components

Authored by renowned security expert and certification instructor, Thomas Peltier, this authoritative reference provides you with the knowledge and the skill-set needed to achieve a highly effective risk analysis assessment in a matter of days. Supplemented with online access to user-friendly checklists, forms, questionnaires, sample assessments, and other documents, this work is truly a one-stop, how-to resource for industry and academia professionals.

About the Author

Thomas R. Peltier is the president of Thomas R. Peltier Associates, LCC, an information security training and consulting firm that conducts training on topics such as risk analysis, policies, standards, procedures, network vulnerability assessments, fundamentals of information security, and Certified Information Systems Security Professional (CISSP®) prep courses in North America as well as on four other continents. He is also the founder of the Southeast Michigan Computer Security Special Interest Group, one of the largest information security professional organizations in the United States, and has taught the information security curriculum for a master’s certificate at Eastern Michigan University. Currently he is an adjunct professor at Norwich University in the Information Assurance master’s program.