Chapter
DEFINITIONS, STANDARDS AND GLOSSARY OF TERMS
1 THE NEED FOR INFORMATION RISK MANAGEMENT
THE INFORMATION LIFE CYCLE
WHO SHOULD USE INFORMATION RISK MANAGEMENT?
THE CONTEXT OF RISK IN THE ORGANISATION
THE BENEFITS OF TAKING ACCOUNT OF INFORMATION RISK
OVERVIEW OF THE INFORMATION RISK MANAGEMENT PROCESS
2 REVIEW OF INFORMATION SECURITY FUNDAMENTALS
INFORMATION CLASSIFICATION
3 THE INFORMATION RISK MANAGEMENT PROGRAMME
GOALS, SCOPE AND OBJECTIVES
ROLES AND RESPONSIBILITIES
GOVERNANCE OF THE RISK MANAGEMENT PROGRAMME
INFORMATION RISK MANAGEMENT CRITERIA
THE APPROACH TO RISK IDENTIFICATION
QUALITATIVE AND QUANTITATIVE ASSESSMENTS
5 THREAT AND VULNERABILITY ASSESSMENT
CONDUCTING THREAT ASSESSMENTS
CONDUCTING VULNERABILITY ASSESSMENTS
IDENTIFICATION OF EXISTING CONTROLS
6 RISK ANALYSIS AND RISK EVALUATION
TACTICAL RISK MANAGEMENT CONTROLS
OPERATIONAL RISK MANAGEMENT CONTROLS
EXAMPLES OF CRITICAL CONTROLS AND CONTROL CATEGORIES
8 RISK REPORTING AND PRESENTATION
RISK TREATMENT DECISION-MAKING
RISK TREATMENT PLANNING AND IMPLEMENTATION
BUSINESS CONTINUITY AND DISASTER RECOVERY
9 COMMUNICATION, CONSULTATION, MONITORING AND REVIEW
RISK REVIEWS AND MONITORING
10 THE CESG IA CERTIFICATION SCHEME
THE CESG IA CERTIFICATION SCHEME
SKILLS FRAMEWORK FOR THE INFORMATION AGE (SFIA)
THE IISP INFORMATION SECURITY SKILLS FRAMEWORK
11 HMG SECURITY-RELATED DOCUMENTS
HMG SECURITY POLICY FRAMEWORK
UK GOVERNMENT SECURITY CLASSIFICATIONS
APPENDIX A TAXONOMIES AND DESCRIPTIONS
TYPICAL IMPACTS OR CONSEQUENCES
APPENDIX B TYPICAL THREATS AND HAZARDS
MALICIOUS INTRUSION (HACKING)
APPENDIX C TYPICAL VULNERABILITIES
PHYSICAL AND ENVIRONMENTAL SECURITY
COMMUNICATIONS AND OPERATIONS MANAGEMENT
PEOPLE-RELATED SECURITY FAILURES
APPENDIX D INFORMATION RISK CONTROLS
CRITICAL SECURITY CONTROLS VERSION 5.0
NIST SPECIAL PUBLICATION 800-53 REVISION 4
APPENDIX E METHODOLOGIES, GUIDELINES AND TOOLS
OTHER GUIDELINES AND TOOLS
APPENDIX G HMG CYBER SECURITY GUIDELINES
HMG CYBER ESSENTIALS SCHEME
10 STEPS TO CYBER SECURITY
APPENDIX H REFERENCES AND FURTHER READING
CESG CERTIFIED PROFESSIONAL SCHEME
OTHER UK GOVERNMENT PUBLICATIONS
RISK MANAGEMENT METHODOLOGIES
UK AND INTERNATIONAL STANDARDS