Sale!

Information Technology Risk Management in Enterprise Environments A Review of Industry Practices and a Practical Guide to Risk Management Teams 1st Edition by Jake Kouns, Daniel Minoli ISBN 0470558113 9780470558119

Original price was: $50.00.Current price is: $35.00.

Information Technology Risk Management in Enterprise Environments Jake Kouns Digital Instant Download

Author(s): Jake Kouns, Daniel Minoli
ISBN(s): 9780470558119, 0470558113
Edition: Kindle
File Details: PDF, 1.76 MB
Year: 2010
Language: english
SKU: EB-1982562 Category: Tags: ,

Information Technology Risk Management in Enterprise Environments A Review of Industry Practices and a Practical Guide to Risk Management Teams 1st Edition by Jake Kouns, Daniel Minoli – Ebook PDF Instant Download/Delivery: 0470558113, 9780470558119
Full download Information Technology Risk Management in Enterprise Environments A Review of Industry Practices and a Practical Guide to Risk Management Teams 1st Edition after payment

Product details:

ISBN 10: 0470558113 
ISBN 13: 9780470558119
Author: Jake Kouns, Daniel Minoli

Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams

  • Discusses all types of corporate risks and practical means of defending against them.
  • Security is currently identified as a critical area of Information Technology management by a majority of government, commercial, and industrial organizations.
  • Offers an effective risk management program, which is the most critical function of an information security program.

Information Technology Risk Management in Enterprise Environments A Review of Industry Practices and a Practical Guide to Risk Management Teams 1st Table of contents:

PART I: INDUSTRY PRACTICES IN RISK MANAGEMENT

  1. Information Security Risk Management Imperatives and Opportunities

    • 1.1 Risk Management Purpose and Scope

      • 1.1.1 Purpose of Risk Management

      • 1.1.2 Text Scope

    • References

    • Appendix 1A: Bibliography of Related Literature

  2. Information Security Risk Management Defined

    • 2.1 Key Risk Management Definitions

      • 2.1.1 Survey of Industry Definitions

      • 2.1.2 Adopted Definitions

    • 2.2 A Mathematical Formulation of Risk

      • 2.2.1 What Is Risk? A Formal Definition

      • 2.2.2 Risk in IT Environments

      • 2.2.3 Risk Management Procedures

    • 2.3 Typical Threats/Risk Events

    • 2.4 What is an Enterprise Architecture?

    • References

    • Appendix 2A: The CISSPforum/ISO27k Implementers Forum Information Security Risk List for 2008

    • Appendix 2B: What is Enterprise Risk Management (ERM)?

  3. Information Security Risk Management Standards

    • 3.1 ISO/IEC 13335

    • 3.2 ISO/IEC 17799 (ISO/IEC 27002:2005)

    • 3.3 ISO/IEC 27000 Series

      • 3.3.1 ISO/IEC 27000

      • 3.3.2 ISO/IEC 27001:2005

      • 3.3.3 ISO/IEC 27002:2005

      • 3.3.4 ISO/IEC 27003

      • 3.3.5 ISO/IEC 27004

      • 3.3.6 ISO/IEC 27005:2008

    • 3.4 ISO/IEC 31000

    • 3.5 NIST Standards

      • 3.5.1 NIST SP 800-16

      • 3.5.2 NIST SP 800-30

      • 3.5.3 NIST SP 800-39

    • 3.6 AS/NZS 4360

    • References

    • Appendix 3A: OECD Guidelines for the Security of Information Systems and Networks

  4. A Survey of Available Information Security Risk Management Methods and Tools

    • 4.1 Overview

    • 4.2 Risk Management/Risk Analysis Methods

      • 4.2.1 Austrian IT Security Handbook

      • 4.2.2 CCTA CRAMM

      • 4.2.3 Dutch A&K Analysis

      • 4.2.4 EBIOS

      • 4.2.5 ETSI TVRA Method

      • 4.2.6 FAIR

      • 4.2.7 FIRM

      • 4.2.8 FMEA

      • 4.2.9 FRAP

      • 4.2.10 ISAMM

      • 4.2.11 ISO/IEC Baselines

      • 4.2.12 ISO 31000 Methodology

      • 4.2.13 IT-Grundschutz

      • 4.2.14 MAGERIT

      • 4.2.15 MEHARI

      • 4.2.16 Microsoft’s Security Risk Management Guide

      • 4.2.17 MIGRA

      • 4.2.18 NIST

      • 4.2.19 NSA IAM / IEM / IA-CMM

      • 4.2.20 Open Source Approach

      • 4.2.21 PTA

      • 4.2.22 SOMAP

      • 4.2.23 Summary

    • References

  5. Methodologies Examples: COBIT and OCTAVE

    • 5.1 Overview

    • 5.2 COBIT

      • 5.2.1 COBIT Framework

      • 5.2.2 Need for a Control Framework for IT Governance

      • 5.2.3 How COBIT Meets the Need

      • 5.2.4 Information Criteria

      • 5.2.5 Business Goals and IT Goals

      • 5.2.6 COBIT Framework

      • 5.2.7 IT Resources

      • 5.2.8 Plan and Organize (PO)

      • 5.2.9 Acquire and Implement (AI)

      • 5.2.10 Deliver and Support (DS)

      • 5.2.11 Monitor and Evaluate (ME)

      • 5.2.12 Processes Need Controls

      • 5.2.13 COBIT Framework

      • 5.2.14 Business and IT Controls

      • 5.2.15 IT General Controls and Application Controls

      • 5.2.16 Maturity Models

      • 5.2.17 Performance Measurement

    • 5.3 OCTAVE

      • 5.3.1 The OCTAVE Approach

      • 5.3.2 The OCTAVE Method

    • References

PART II: DEVELOPING RISK MANAGEMENT TEAMS

  1. Risk Management Issues and Organization Specifics

    • 6.1 Purpose and Scope

    • 6.2 Risk Management Policies

    • 6.3 Snapshot of Risk Management in the Corporate World

      • 6.3.1 Motivations for Risk Management

      • 6.3.2 Justifying Risk Management Financially

      • 6.3.3 The Human Factors

      • 6.3.4 Priority-Oriented Rational Approach

    • 6.4 Overview of Pragmatic Risk Management Process

      • 6.4.1 Creation of a Risk Management Team

      • 6.4.2 Iterative Procedure for Ongoing Risk Management

    • 6.5 Roadmap to Pragmatic Risk Management

    • References

    • Appendix 6A: Example of a Security Policy

  2. Assessing Organization and Establishing Risk Management Scope

    • 7.1 Assessing the Current Enterprise Environment

    • 7.2 Soliciting Support From Senior Management

    • 7.3 Establishing Risk Management Scope and Boundaries

    • 7.4 Defining Acceptable Risk for Enterprise

    • 7.5 Risk Management Committee

    • 7.6 Organization-Specific Risk Methodology

      • 7.6.1 Quantitative Methods

      • 7.6.2 Qualitative Methods

      • 7.6.3 Other Approaches

    • 7.7 Risk Waivers Programs

    • References

    • Appendix 7A: Summary of Applicable Legislation

  3. Identifying Resources and Implementing the Risk Management Team

    • 8.1 Operating Costs and Staffing Requirements

    • 8.2 Organizational Models

    • 8.3 Staffing Requirements

      • 8.3.1 Specialized Skills Required

      • 8.3.2 Sourcing Options

    • 8.4 Risk Management Tools

    • 8.5 Risk Management Services

      • 8.5.1 Alerting and Analysis Services

      • 8.5.2 Assessments, Audits, and Consulting

    • 8.6 Developing and Implementing the Team

      • 8.6.1 Creating Security Standards

      • 8.6.2 Defining Subject Matter Experts

      • 8.6.3 Determining Information Sources

People also search for Information Technology Risk Management in Enterprise Environments A Review of Industry Practices and a Practical Guide to Risk Management Teams 1st:

technology risk management job description
    
technology risk management jobs
    
information security and it risk management pdf free download
    
risk management in information technology pdf
    
risk management framework rmf for dod information technology it

Tags: Jake Kouns, Daniel Minoli, Technology Risk, Industry Practices