What do you think?
Rate this book
Information Security Risk Analysis
Risk is a cost of doing business. The question is, "What are the risks, and what are their costs?" Knowing the vulnerabilities and threats that face your organization's information and systems is the first essential step in risk management. Information Security Risk Analysis shows you how to use cost-effective risk analysis techniques to identify and quantify the threats--both accidental and purposeful--that your organization faces. The book steps you through the qualitative risk analysis process using techniques such as PARA (Practical Application of Risk Analysis) and FRAP (Facilitated Risk Analysis Process) to:oEvaluate tangible and intangible risksoUse the qualitative risk analysis processoIdentify elements that make up a strong Business Impact AnalysisoConduct risk analysis with confidenceManagement looks to you, its information security professional, to provide a process that allows for the systematic review of risk, threats, hazards, and concerns, and to provide cost-effective measures to lower risk to an acceptable level.; You can find books that cover risk analysis for financial, environmental, and even software projects, but you will find none that apply risk analysis to information technology and business continuity planning or deal with issues of loss of systems configuration, passwords, information loss, system integrity, CPU cycles, bandwidth, and more. Information Security Risk Analysis shows you how to determine cost effective solutions for your organization's information technology.
Kindle Edition
First published January 1, 2001
4 people are currently reading
45 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 of 1 review
April 10, 2007
Although it is called information security risk analysis, this books also covers the adjacent physical risks.
Even if you don't agree with the techniques, it will expose you to the language used in the formal risk management domains.
Mr Peltier is a speaker at many conferences and I am sure he is up to date on the current state of affairs. This book was published in 2001 and represents the state of the art back then.
Even if you don't agree with the techniques, it will expose you to the language used in the formal risk management domains.
Mr Peltier is a speaker at many conferences and I am sure he is up to date on the current state of affairs. This book was published in 2001 and represents the state of the art back then.
Displaying 1 of 1 review