Information security risk management for ISO27001/ISO27002

Information security risk management for ISO27001/ISO27002

Weitere Versionen anzeigen (3)
Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Calder, Alan (VerfasserIn)
Format: Elektronisch E-Book
Sprache:English
Veröffentlicht: Cambridgeshire IT Governance Pub. c2010
Schlagworte:
COMPUTERS / Internet / Security
COMPUTERS / Networking / Security
COMPUTERS / Security / General
Computer networks / Security measures
Risk management
Computer networks > Security measures
Online-Zugang:FAW01
FAW02
Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!

MARC

LEADER 00000nmm a2200000zc 4500
001 BV043120146
003 DE-604
005 00000000000000.0
007 cr|uuu---uuuuu
008 151126s2010 |||| o||u| ||||||eng d
020 |a 1282737066  |9 1-282-73706-6 
020 |a 1849280436  |9 1-84928-043-6 
020 |a 1849280444  |c electronic bk.  |9 1-84928-044-4 
020 |a 9781282737068  |9 978-1-282-73706-8 
020 |a 9781849280433  |9 978-1-84928-043-3 
020 |a 9781849280440  |c electronic bk.  |9 978-1-84928-044-0 
035 |a (OCoLC)742516936 
035 |a (DE-599)BVBBV043120146 
040 |a DE-604  |b ger  |e aacr 
041 0 |a eng 
049 |a DE-1046  |a DE-1047 
082 0 |a 005.8 
100 1 |a Calder, Alan  |e Verfasser  |4 aut 
245 1 0 |a Information security risk management for ISO27001/ISO27002  |c Alan Calder, Steve G. Watkins 
264 1 |a Cambridgeshire  |b IT Governance Pub.  |c c2010 
300 |a 1 Online-Ressource (186 p.) 
336 |b txt  |2 rdacontent 
337 |b c  |2 rdamedia 
338 |b cr  |2 rdacarrier 
500 |a Includes bibliographical references 
500 |a Cover13; -- Contents -- Introduction -- Chapter 1: Risk Management -- Risk management: two phases -- Enterprise risk management -- Chapter 2: Risk Assessment Methodologies -- Publicly available risk assessment standards -- Qualitative versus quantitative -- Quantitative risk analysis -- Qualitative risk analysis 8211; the ISO27001 approach -- Other risk assessment methodologies -- Chapter 3: Risk Management Objectives -- Risk acceptance or tolerance -- Information security risk management objectives -- Risk management and PDCA -- Chapter 4: Roles and Responsibilities -- Senior management commitment -- The (lead) risk assessor -- Other roles and responsibilities -- Chapter 5: Risk Assessment Software -- Gap analysis tools -- Vulnerability assessment tools -- Penetration testing -- Risk assessment tools -- Risk assessment tool descriptions -- Chapter 6: Information Security Policy and Scoping -- Information security policy -- Scope of the ISMS --  
500 |a  - Chapter 7: The ISO27001 Risk Assessment -- Overview of the risk assessment process -- Chapter 8: Information Assets -- Assets within the scope -- Grouping of assets -- Asset dependencies -- Asset owners -- Sensitivity classification -- Are vendors assets? -- What about duplicate copies and backups? -- Identification of existing controls -- Chapter 9: Threats and Vulnerabilities -- Threats -- Vulnerabilities -- Technical vulnerabilities -- Chapter 10: Impact and Asset Valuation -- Impacts -- Defining impact -- Estimating impact -- The asset valuation table -- Business, legal and contractual impact values -- Reputation damage -- Chapter 11: Likelihood -- Risk analysis -- Information to support assessments -- Chapter 12: Risk Level -- The risk scale -- Boundary calculations -- Mid-point calculations -- Chapter 13: Risk Treatment and the Selection of Controls -- Types of controls -- Risk assessment and existing controls -- Residual risk -- Risk transfer -- Optimising the solution --  
500 |a  - Chapter 14: The Statement of Applicability -- Drafting the Statement of Applicability -- Chapter 15: The Gap Analysis and Risk Treatment Plan -- Gap analysis -- Risk Treatment Plan -- Chapter 16: Repeating and Reviewing the Risk Assessment -- Appendix 1: Carrying out an ISO27001 Risk Assessment using vsRisk8482; -- Appendix 2: ISO27001 Implementation Resources -- Books by the Same Authors -- ITG Resources 
500 |a Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software 
650 7 |a COMPUTERS / Internet / Security  |2 bisacsh 
650 7 |a COMPUTERS / Networking / Security  |2 bisacsh 
650 7 |a COMPUTERS / Security / General  |2 bisacsh 
650 7 |a Computer networks / Security measures  |2 local 
650 7 |a Risk management  |2 local 
650 7 |a Computer networks / Security measures  |2 fast 
650 4 |a Computer networks  |x Security measures 
700 1 |a Watkins, Steve G.  |e Sonstige  |4 oth 
856 4 0 |u http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=391096  |x Aggregator  |3 Volltext 
912 |a ZDB-4-EBA 
999 |a oai:aleph.bib-bvb.de:BVB01-028544337 
966 e |u http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=391096  |l FAW01  |p ZDB-4-EBA  |q FAW_PDA_EBA  |x Aggregator  |3 Volltext 
966 e |u http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=391096  |l FAW02  |p ZDB-4-EBA  |q FAW_PDA_EBA  |x Aggregator  |3 Volltext 

Datensatz im Suchindex

_version_ 1804175548764651520
any_adam_object
author Calder, Alan
author_facet Calder, Alan
author_role aut
author_sort Calder, Alan
author_variant a c ac
building Verbundindex
bvnumber BV043120146
collection ZDB-4-EBA
ctrlnum (OCoLC)742516936
(DE-599)BVBBV043120146
dewey-full 005.8
dewey-hundreds 000 - Computer science, information, general works
dewey-ones 005 - Computer programming, programs, data, security
dewey-raw 005.8
dewey-search 005.8
dewey-sort 15.8
dewey-tens 000 - Computer science, information, general works
discipline Informatik
format Electronic
eBook
fullrecord <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>04830nmm a2200529zc 4500</leader><controlfield tag="001">BV043120146</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">00000000000000.0</controlfield><controlfield tag="007">cr|uuu---uuuuu</controlfield><controlfield tag="008">151126s2010 |||| o||u| ||||||eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1282737066</subfield><subfield code="9">1-282-73706-6</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1849280436</subfield><subfield code="9">1-84928-043-6</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1849280444</subfield><subfield code="c">electronic bk.</subfield><subfield code="9">1-84928-044-4</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781282737068</subfield><subfield code="9">978-1-282-73706-8</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781849280433</subfield><subfield code="9">978-1-84928-043-3</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781849280440</subfield><subfield code="c">electronic bk.</subfield><subfield code="9">978-1-84928-044-0</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)742516936</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV043120146</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-1046</subfield><subfield code="a">DE-1047</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Calder, Alan</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Information security risk management for ISO27001/ISO27002</subfield><subfield code="c">Alan Calder, Steve G. Watkins</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Cambridgeshire</subfield><subfield code="b">IT Governance Pub.</subfield><subfield code="c">c2010</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 Online-Ressource (186 p.)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Cover13; -- Contents -- Introduction -- Chapter 1: Risk Management -- Risk management: two phases -- Enterprise risk management -- Chapter 2: Risk Assessment Methodologies -- Publicly available risk assessment standards -- Qualitative versus quantitative -- Quantitative risk analysis -- Qualitative risk analysis 8211; the ISO27001 approach -- Other risk assessment methodologies -- Chapter 3: Risk Management Objectives -- Risk acceptance or tolerance -- Information security risk management objectives -- Risk management and PDCA -- Chapter 4: Roles and Responsibilities -- Senior management commitment -- The (lead) risk assessor -- Other roles and responsibilities -- Chapter 5: Risk Assessment Software -- Gap analysis tools -- Vulnerability assessment tools -- Penetration testing -- Risk assessment tools -- Risk assessment tool descriptions -- Chapter 6: Information Security Policy and Scoping -- Information security policy -- Scope of the ISMS -- </subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a"> - Chapter 7: The ISO27001 Risk Assessment -- Overview of the risk assessment process -- Chapter 8: Information Assets -- Assets within the scope -- Grouping of assets -- Asset dependencies -- Asset owners -- Sensitivity classification -- Are vendors assets? -- What about duplicate copies and backups? -- Identification of existing controls -- Chapter 9: Threats and Vulnerabilities -- Threats -- Vulnerabilities -- Technical vulnerabilities -- Chapter 10: Impact and Asset Valuation -- Impacts -- Defining impact -- Estimating impact -- The asset valuation table -- Business, legal and contractual impact values -- Reputation damage -- Chapter 11: Likelihood -- Risk analysis -- Information to support assessments -- Chapter 12: Risk Level -- The risk scale -- Boundary calculations -- Mid-point calculations -- Chapter 13: Risk Treatment and the Selection of Controls -- Types of controls -- Risk assessment and existing controls -- Residual risk -- Risk transfer -- Optimising the solution -- </subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a"> - Chapter 14: The Statement of Applicability -- Drafting the Statement of Applicability -- Chapter 15: The Gap Analysis and Risk Treatment Plan -- Gap analysis -- Risk Treatment Plan -- Chapter 16: Repeating and Reviewing the Risk Assessment -- Appendix 1: Carrying out an ISO27001 Risk Assessment using vsRisk8482; -- Appendix 2: ISO27001 Implementation Resources -- Books by the Same Authors -- ITG Resources</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Internet / Security</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Networking / Security</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Security / General</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networks / Security measures</subfield><subfield code="2">local</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Risk management</subfield><subfield code="2">local</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networks / Security measures</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Watkins, Steve G.</subfield><subfield code="e">Sonstige</subfield><subfield code="4">oth</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">http://search.ebscohost.com/login.aspx?direct=true&amp;scope=site&amp;db=nlebk&amp;db=nlabk&amp;AN=391096</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-028544337</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">http://search.ebscohost.com/login.aspx?direct=true&amp;scope=site&amp;db=nlebk&amp;db=nlabk&amp;AN=391096</subfield><subfield code="l">FAW01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FAW_PDA_EBA</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">http://search.ebscohost.com/login.aspx?direct=true&amp;scope=site&amp;db=nlebk&amp;db=nlabk&amp;AN=391096</subfield><subfield code="l">FAW02</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FAW_PDA_EBA</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield></record></collection>
id DE-604.BV043120146
illustrated Not Illustrated
indexdate 2024-07-10T07:18:03Z
institution BVB
isbn 1282737066
1849280436
1849280444
9781282737068
9781849280433
9781849280440
language English
oai_aleph_id oai:aleph.bib-bvb.de:BVB01-028544337
oclc_num 742516936
open_access_boolean
owner DE-1046
DE-1047
owner_facet DE-1046
DE-1047
physical 1 Online-Ressource (186 p.)
psigel ZDB-4-EBA
ZDB-4-EBA FAW_PDA_EBA
publishDate 2010
publishDateSearch 2010
publishDateSort 2010
publisher IT Governance Pub.
record_format marc
spelling Calder, Alan Verfasser aut
Information security risk management for ISO27001/ISO27002 Alan Calder, Steve G. Watkins
Cambridgeshire IT Governance Pub. c2010
1 Online-Ressource (186 p.)
txt rdacontent
c rdamedia
cr rdacarrier
Includes bibliographical references
Cover13; -- Contents -- Introduction -- Chapter 1: Risk Management -- Risk management: two phases -- Enterprise risk management -- Chapter 2: Risk Assessment Methodologies -- Publicly available risk assessment standards -- Qualitative versus quantitative -- Quantitative risk analysis -- Qualitative risk analysis 8211; the ISO27001 approach -- Other risk assessment methodologies -- Chapter 3: Risk Management Objectives -- Risk acceptance or tolerance -- Information security risk management objectives -- Risk management and PDCA -- Chapter 4: Roles and Responsibilities -- Senior management commitment -- The (lead) risk assessor -- Other roles and responsibilities -- Chapter 5: Risk Assessment Software -- Gap analysis tools -- Vulnerability assessment tools -- Penetration testing -- Risk assessment tools -- Risk assessment tool descriptions -- Chapter 6: Information Security Policy and Scoping -- Information security policy -- Scope of the ISMS --
- Chapter 7: The ISO27001 Risk Assessment -- Overview of the risk assessment process -- Chapter 8: Information Assets -- Assets within the scope -- Grouping of assets -- Asset dependencies -- Asset owners -- Sensitivity classification -- Are vendors assets? -- What about duplicate copies and backups? -- Identification of existing controls -- Chapter 9: Threats and Vulnerabilities -- Threats -- Vulnerabilities -- Technical vulnerabilities -- Chapter 10: Impact and Asset Valuation -- Impacts -- Defining impact -- Estimating impact -- The asset valuation table -- Business, legal and contractual impact values -- Reputation damage -- Chapter 11: Likelihood -- Risk analysis -- Information to support assessments -- Chapter 12: Risk Level -- The risk scale -- Boundary calculations -- Mid-point calculations -- Chapter 13: Risk Treatment and the Selection of Controls -- Types of controls -- Risk assessment and existing controls -- Residual risk -- Risk transfer -- Optimising the solution --
- Chapter 14: The Statement of Applicability -- Drafting the Statement of Applicability -- Chapter 15: The Gap Analysis and Risk Treatment Plan -- Gap analysis -- Risk Treatment Plan -- Chapter 16: Repeating and Reviewing the Risk Assessment -- Appendix 1: Carrying out an ISO27001 Risk Assessment using vsRisk8482; -- Appendix 2: ISO27001 Implementation Resources -- Books by the Same Authors -- ITG Resources
Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software
COMPUTERS / Internet / Security bisacsh
COMPUTERS / Networking / Security bisacsh
COMPUTERS / Security / General bisacsh
Computer networks / Security measures local
Risk management local
Computer networks / Security measures fast
Computer networks Security measures
Watkins, Steve G. Sonstige oth
http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=391096 Aggregator Volltext
spellingShingle Calder, Alan
Information security risk management for ISO27001/ISO27002
COMPUTERS / Internet / Security bisacsh
COMPUTERS / Networking / Security bisacsh
COMPUTERS / Security / General bisacsh
Computer networks / Security measures local
Risk management local
Computer networks / Security measures fast
Computer networks Security measures
title Information security risk management for ISO27001/ISO27002
title_auth Information security risk management for ISO27001/ISO27002
title_exact_search Information security risk management for ISO27001/ISO27002
title_full Information security risk management for ISO27001/ISO27002 Alan Calder, Steve G. Watkins
title_fullStr Information security risk management for ISO27001/ISO27002 Alan Calder, Steve G. Watkins
title_full_unstemmed Information security risk management for ISO27001/ISO27002 Alan Calder, Steve G. Watkins
title_short Information security risk management for ISO27001/ISO27002
title_sort information security risk management for iso27001 iso27002
topic COMPUTERS / Internet / Security bisacsh
COMPUTERS / Networking / Security bisacsh
COMPUTERS / Security / General bisacsh
Computer networks / Security measures local
Risk management local
Computer networks / Security measures fast
Computer networks Security measures
topic_facet COMPUTERS / Internet / Security
COMPUTERS / Networking / Security
COMPUTERS / Security / General
Computer networks / Security measures
Risk management
Computer networks Security measures
url http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=391096
work_keys_str_mv AT calderalan informationsecurityriskmanagementforiso27001iso27002
AT watkinssteveg informationsecurityriskmanagementforiso27001iso27002

Ähnliche Einträge