Cover image for Information security risk analysis
Information security risk analysis
Peltier, Thomas R.
Personal Author:
Publication Information:
Boca Raton, Fla. : Auerbach, [2001]

Physical Description:
xi, 281 pages : illustrations ; 26 cm
Format :


Call Number
Material Type
Home Location
Item Holds
QA76.9.A25 P429 2001 Adult Non-Fiction Central Closed Stacks

On Order



Risk is a cost of doing business. The question is, "What are the risks, and what are their costs?" Knowing the vulnerabilities and threats that face your organization's information and systems is the first essential step in risk management.

Information Security Risk Analysis shows you how to use cost-effective risk analysis techniques to identify and quantify the threats--both accidental and purposeful--that your organization faces. The book steps you through the qualitative risk analysis process using techniques such as PARA (Practical Application of Risk Analysis) and FRAP (Facilitated Risk Analysis Process) to:
Evaluate tangible and intangible risks
Use the qualitative risk analysis process
Identify elements that make up a strong Business Impact Analysis
Conduct risk analysis with confidence

Management looks to you, its information security professional, to provide a process that allows for the systematic review of risk, threats, hazards, and concerns, and to provide cost-effective measures to lower risk to an acceptable level. You can find books that cover risk analysis for financial, environmental, and even software projects, but you will find none that apply risk analysis to information technology and business continuity planning or deal with issues of loss of systems configuration, passwords, information loss, system integrity, CPU cycles, bandwidth, and more. Information Security Risk Analysis shows you how to determine cost effective solutions for your organization's information technology.

Table of Contents

Will OzierCaroline HamiltonJose Martinez
Acknowledgmentsp. ix
Introductionp. xi
Chapter 1 Effective Risk Analysisp. 1
Chapter 2 Qualitative Risk Analysisp. 23
Chapter 3 Value Analysisp. 47
Chapter 4 Other Qualitative Methodsp. 53
Chapter 5 Facilitated Risk Analysis Process (FRAP)p. 69
Chapter 6 Other Uses of Qualitative Risk Analysisp. 91
Chapter 7 Case Studyp. 101
Appendix A Questionnairep. 157
Appendix B Facilitated Risk Analysis Process (FRAP) Formsp. 183
Scope/Business Process Identificationp. 183
Action Planp. 184
Final Reportp. 189
Controls Listp. 190
Risk Listp. 193
Control/Risks Cross Reference Listp. 194
Appendix C Business Impact Analysis (BIA) Formsp. 195
Appendix D Sample of Reportp. 201
Appendix E Threat Definitionsp. 203
Appendix F Other Risk Analysis Opinionsp. 217
F1. Risk Assessment and Managementp. 221
F2. New Trends in Risk Managementp. 245
F3. Integrated Risk Management--A Concept for Risk Containmentp. 257
Indexp. 273