Risk Management for Computer Security
:Protecting Your Network and Information Assets
Publication subTitle :Protecting Your Network and Information Assets
Author: Jones Andy;Ashenden Debi
Publisher: Elsevier Science
Publication year: 2005
E-ISBN: 9780080491554
P-ISBN(Paperback): 9780750677950
P-ISBN(Hardback): 9780750677950
Subject: F2 Economic Planning and Management;TP309 安全保密
Language: ENG
Disclaimer: Any content in publications that violate the sovereignty, the constitution or regulations of the PRC is not accepted or approved by CNPIEC.
Description
Risk Management for Computer Security provides IT professionals with an integrated plan to establish and implement a corporate risk assessment and management program. The book covers more than just the fundamental elements that make up a good risk program for computer security. It presents an integrated how-to approach to implementing a corporate program, complete with tested methods and processes, flowcharts, and checklists that can be used by the reader and immediately implemented into a computer and overall corporate security program. The challenges are many and this book will help professionals in meeting their challenges as we progress through the twenty-first century.
This book is organized into five sections. Section I introduces the reader to the theories of risk management and describes the field's changing environment as well as the art of managing risks. Section II deals with threat assessment and its input to risk assessment; topics covered include the threat assessment method and an example of threat assessment. Section III focuses on operating system vulnerabilities and discusses application vulnerabilities; public domain vs. COTS; and connectivity and dependence. Section IV explains what risk assessment is and Section V explores qualitative vs. quantitative tools and types of risk assessment and concludes with an assessment of the future of risk management.
Corporate security professionals around the world will find this book a highly va
Chapter