Measuring and managing information risk : a FAIR approach / Jack Freund and Jack Jones.

Format:

Book

Author/Creator:

Freund, Jack, author.

Jones, Jack (Risk management executive), author.

Language:

English

Subjects (All):

Risk management.

Information technology--Management.

Information technology.

Data protection.

Physical Description:

1 online resource (411 pages)

Edition:

1st edition

Other Title:

FAIR approach

Factor analysis of information risk approach

Place of Publication:

Burlington : Butterworth-Heinemann., 2014.

Language Note:

English

System Details:

text file

Summary:

Using the factor analysis of information risk (FAIR) methodology developed over ten years and adopted by corporations worldwide, Measuring and Managing Information Risk provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity. Intended for organizations that need to either build a risk management program from the ground up or strengthen an existing one, this book provides a unique and fresh perspective on how to do a basic quantitative risk analysis. Covering such key areas as risk theory, risk calculation, scenario mode

Contents:

Front Cover; Measuring and Managing Information Risk; Copyright; Contents; Acknowledgments by Jack Jones; About the Authors; Preface by Jack Jones; WHAT THIS BOOK IS NOT, AND WHAT IT IS; Preface by Jack Freund; Chapter 1 - Introduction; HOW MUCH RISK?; THE BALD TIRE; ASSUMPTIONS; TERMINOLOGY; THE BALD TIRE METAPHOR; RISK ANALYSIS VS RISK ASSESSMENT; EVALUATING RISK ANALYSIS METHODS; RISK ANALYSIS LIMITATIONS; WARNING-LEARNING HOW TO THINK ABOUT RISK JUST MAY CHANGE YOUR PROFESSIONAL LIFE; USING THIS BOOK; Chapter 2 - Basic Risk Concepts; POSSIBILITY VERSUS PROBABILITY; PREDICTION

SUBJECTIVITY VERSUS OBJECTIVITYPRECISION VERSUS ACCURACY; Chapter 3 - The FAIR Risk Ontology; DECOMPOSING RISK; LOSS EVENT FREQUENCY; THREAT EVENT FREQUENCY; CONTACT FREQUENCY; PROBABILITY OF ACTION; VULNERABILITY; THREAT CAPABILITY; DIFFICULTY; LOSS MAGNITUDE; PRIMARY LOSS MAGNITUDE; SECONDARY RISK; SECONDARY LOSS EVENT FREQUENCY; SECONDARY LOSS MAGNITUDE; ONTOLOGICAL FLEXIBILITY; Chapter 4 - FAIR Terminology; RISK TERMINOLOGY; THREAT; THREAT COMMUNITY; THREAT PROFILING; VULNERABILITY EVENT; PRIMARY AND SECONDARY STAKEHOLDERS; LOSS FLOW; FORMS OF LOSS; Chapter 5 - Measurement

MEASUREMENT AS REDUCTION IN UNCERTAINTYMEASUREMENT AS EXPRESSIONS OF UNCERTAINTY; BUT WE DON'T HAVE ENOUGH DATA...AND NEITHER DOES ANYONE ELSE; CALIBRATION; EQUIVALENT BET TEST; Chapter 6 - Analysis Process; THE TOOLS NECESSARY TO APPLY THE FAIR RISK MODEL; HOW TO APPLY THE FAIR RISK MODEL; PROCESS FLOW; SCENARIO BUILDING; THE ANALYSIS SCOPE; EXPERT ESTIMATION AND PERT; MONTE CARLO ENGINE; LEVELS OF ABSTRACTION; Chapter 7 - Interpreting Results; WHAT DO THESE NUMBERS MEAN? (HOW TO INTERPRET FAIR RESULTS); UNDERSTANDING THE RESULTS TABLE; VULNERABILITY; PERCENTILES; UNDERSTANDING THE HISTOGRAM

UNDERSTANDING THE SCATTER PLOTQUALITATIVE SCALES; HEATMAPS; SPLITTING HEATMAPS; SPLITTING BY ORGANIZATION; SPLITTING BY LOSS TYPE; SPECIAL RISK CONDITIONS; UNSTABLE CONDITIONS; FRAGILE CONDITIONS; TROUBLESHOOTING RESULTS; Chapter 8 - Risk Analysis Examples; OVERVIEW; INAPPROPRIATE ACCESS PRIVILEGES; PRIVILEGED INSIDER/SNOOPING/CONFIDENTIALITY; PRIVILEGED INSIDER/MALICIOUS/CONFIDENTIALITY; CYBER CRIMINAL/MALICIOUS/CONFIDENTIALITY; UNENCRYPTED INTERNAL NETWORK TRAFFIC; PRIVILEGED INSIDER/CONFIDENTIALITY; NONPRIVILEGED INSIDER/MALICIOUS; CYBER CRIMINAL/MALICIOUS; WEBSITE DENIAL OF SERVICE

ANALYSISBASIC ATTACKER/AVAILABILITY; Chapter 9 - Thinking about Risk Scenarios Using FAIR; THE BOYFRIEND; SECURITY VULNERABILITIES; WEB APPLICATION RISK; CONTRACTORS; PRODUCTION DATA IN TEST ENVIRONMENTS; PASSWORD SECURITY; BASIC RISK ANALYSIS; PROJECT PRIORITIZATION; SMART COMPLIANCE; Going into business; CHAPTER SUMMARY; Chapter 10 - Common Mistakes; MISTAKE CATEGORIES; CHECKING RESULTS; SCOPING; DATA; VARIABLE CONFUSION; MISTAKING TEF FOR LEF; MISTAKING RESPONSE LOSS FOR PRODUCTIVITY LOSS; CONFUSING SECONDARY LOSS WITH PRIMARY LOSS

CONFUSING REPUTATION DAMAGE WITH COMPETITIVE ADVANTAGE LOSS

Notes:

Includes index.

Includes bibliographical references and index.

Description based on print version record.

ISBN:

9780124202313

9780127999326

0127999329

OCLC:

889675365