Risk Management for Computer Security,
Edition 1 Protecting Your Network and Information Assets
By Andy Jones and Debi Ashenden

Publication Date: 15 Mar 2005

Risk Management for Computer Security provides IT professionals with an integrated plan to establish and implement a corporate risk assessment and management program. The book covers more than just the fundamental elements that make up a good risk program for computer security. It presents an integrated how-to approach to implementing a corporate program, complete with tested methods and processes, flowcharts, and checklists that can be used by the reader and immediately implemented into a computer and overall corporate security program. The challenges are many and this book will help professionals in meeting their challenges as we progress through the twenty-first century.

This book is organized into five sections. Section I introduces the reader to the theories of risk management and describes the field's changing environment as well as the art of managing risks. Section II deals with threat assessment and its input to risk assessment; topics covered include the threat assessment method and an example of threat assessment. Section III focuses on operating system vulnerabilities and discusses application vulnerabilities; public domain vs. COTS; and connectivity and dependence. Section IV explains what risk assessment is and Section V explores qualitative vs. quantitative tools and types of risk assessment and concludes with an assessment of the future of risk management.

Corporate security professionals around the world will find this book a highly valuable source of information.

Key Features

  • Presents material in an engaging, easy-to-follow manner that will appeal to both advanced INFOSEC career professionals and network administrators entering the information security profession
  • Addresses the needs of both the individuals who are new to the subject as well as of experienced professionals
  • Provides insight into the factors that need to be considered and fully explains the numerous methods, processes and procedures of risk management
About the author
By Andy Jones, A Research Group Leader at the Security Research Centre for British Telecommunications where he is conducting research into the security of information and communication systems. and Debi Ashenden, Senior Research Fellow in Information Assurance at the Royal Military College of Science, Cranfield University, UK
Table of Contents
Section I: An Introduction to Risk Management: Introduction to the Theories of Risk Management; The Changing Environment; The Art of Managing Risks; Section II: The Threat Assessment Process: Threat Assessment and its Input to Risk Assessment; Threat Assessment Method; Example Threat Assessment; Section III: Vulnerability Issues: Operating System Vulnerabilities; Application Vulnerabilities; Public Domain or Commercial Off-the-Shelf Software?; Connectivity and Dependence; Section IV: The Risk Process: What is Risk Assessment?; Risk Analysis; Who is Responsible?; Section V: Tools and Types of Risk Assessment: Qualitative and Quantitative Rrisk Assessment; Policies, Procedures, Plans, and Processes of Risk Management; Tools and Techniques; Integrated Risk Management; Section VI: Future Directions: The Future of the Risk Management
Book details
ISBN: 9780750677950
Page Count: 296
Retail Price : £38.99
Corporate security professionals around the world