Security Risk Management: Building an Information Security Risk Management Program from the Ground up

  • 7h 24m
  • Evan Wheeler
  • Elsevier Science and Technology Books, Inc.
  • 2011

The goal of Security Risk Management is to teach you practical techniques that will be used on a daily basis, while also explaining the fundamentals so you understand the rationale behind these practices. Security professionals often fall into the trap of telling the business that they need to fix something, but they can't explain why. This book will help you to break free from the so-called "best practices" argument by articulating risk exposures in business terms. You will learn techniques for how to perform risk assessments for new IT projects, how to efficiently manage daily risk activities, and how to qualify the current risk level for presentation to executive level management. While other books focus entirely on risk analysis methods, this is the first comprehensive guide for managing security risks.

  • Includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment
  • Explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk
  • Presents a roadmap for designing and implementing a security risk management program

About the Author

Evan Wheeler, currently is a Director of Information Security for Omgeo (A DTCC | Thomson Reuters Company), an instructor at both Clark and Northeastern Universities, and the author of the Information Security Risk Management course for the SANS Institute. Previously he spent six years as a Security Consultant for the U.S. Department of Defense.

In this Book

  • The Security Evolution
  • Risky Business
  • The Risk Management Lifecycle
  • Risk Profiling
  • Formulating a Risk
  • Risk Exposure Factors
  • Security Controls and Services
  • Risk Evaluation and Mitigation Strategies
  • Reports and Consulting
  • Risk Assessment Techniques
  • Threat and Vulnerability Management
  • Security Risk Reviews
  • A Blueprint for Security
  • Building a Program from Scratch
SHOW MORE
FREE ACCESS

YOU MIGHT ALSO LIKE

Journey Fundamentals of Cyber Resilience and Risk Management
Course CISSP 2021: Risk Management
Rating 4.5 of 161 users Rating 4.5 of 161 users (161)
Course Security Risks: Planning for Security Risk Management
Rating 4.4 of 64 users Rating 4.4 of 64 users (64)