The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Second Edition

Conducted properly, information security risk assessments provide managers with the feedback needed to understand threats to corporate assets, determine vulnerabilities of current controls, and select appropriate safeguards. Performed incorrectly, they can provide the false sense of security that allows potential threats to develop into disastrous losses of proprietary information, capital, and corporate value.

Picking up where its bestselling predecessor left off, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Second Edition gives you detailed instruction on how to conduct a risk assessment effectively and efficiently. Supplying wide-ranging coverage that includes security risk analysis, mitigation, and risk assessment reporting, this updated edition provides the tools needed to solicit and review the scope and rigor of risk assessment proposals with competence and confidence.

Trusted to assess security for leading organizations and government agencies, including the CIA, NSA, and NATO, Douglas Landoll unveils the little-known tips, tricks, and techniques used by savvy security professionals in the field. He details time-tested methods to help you:

• Better negotiate the scope and rigor of security assessments
• Effectively interface with security assessment teams
• Gain an improved understanding of final report recommendations
• Deliver insightful comments on draft reports

The book includes charts, checklists, and sample reports to help you speed up the data gathering, analysis, and document development process. Walking you through the process of conducting an effective security assessment, it provides the tools and up-to-date understanding you need to select the security measures best suited to your organization.

About the Author

Douglas Landoll has over 20 years of information security experience. He has led security risk assessments establishing security programs within top corporations and government agencies. He is an expert in security risk assessment, security risk management, security criteria/compliance and building corporate security programs.

As a senior analyst at NSA, Mr. Landoll was responsible for evaluating security for NATO, the CIA, DoD, FBI and other government agencies. He co-founded the Arca Common Criteria Testing Laboratory, and co-authored the Systems Security Engineering - Capability Maturity Model (SSE-CMM - ISO 21827), taught at NSA's National Cryptologic School, and ran Exodus Communications' southwest security services division. Landoll has led security risk assessments and established security programs within top corporations and government agencies. He is an expert in security risk assessment, management, criteria, and building corporate security programs.

Mr. Landoll is current the Practice Director for Risk and Compliance Management at Accuvant. Previously he has served as the founder and president of Veridyn Inc. prior to their acquisition by En Pointe Technologies and the founder of Lantego Security. He also holds a CISSP, CISA, a Computer Science degree from James Madison University, and an MBA from the University of Texas, Austin. Mr. Landoll has published dozens of information security articles, speaks regularly at conferences, and serves as an advisor for several high-tech companies.