The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments

— —

Douglas Landoll (Lantego, LLC, Austin, Texas, USA)

The Security Risk Assessment Handbook

A Complete Guide for Performing Security Risk Assessments

Douglas Landoll (Lantego, LLC, Austin, Texas, USA)

$126

Paperback

Not in-store but you can order this
How long will it take?

Availability Information

We source books from suppliers in Australia and overseas. For books we don't currently have in stock, the time it takes to get them from our suppliers can vary widely - from a few days to a few months - so we check each book with each supplier to determine the expected time it will take to be supplied to us.

We then advise you accordingly. If the time taken to get any book is too long for you, you can let us know and we will cancel or adjust your order, and refund as required.

To find out the anticipated arrival time for specific items prior to ordering, please contact us by phone or email:

Phone +61 2 9264 3111, or 1800 4 BOOKS (1800 4 26657) if outside Sydney:
option 1 Abbey's Bookshop (Crime, History, Science, Kids & more) • info@abbeys.com.au
option 2 Language Book Centre (ESL & Foreign Languages) • language@abbeys.com.au
option 3 Galaxy Bookshop (Sci-fi, Fantasy, Romance, Graphic Novels) • sf@galaxybooks.com.au

QTY:

English

CRC Press
28 September 2021

Communication studies; Business strategy; Security services; Computer security; Network management

Conducted properly, information security risk assessments provide managers with the feedback needed to manage risk through the understanding of threats to corporate assets, determination of current control vulnerabilities, and appropriate safeguards selection. Performed incorrectly, they can provide the false sense of security that allows potential threats to develop into disastrous losses of proprietary information, capital, and corporate value. Picking up where its bestselling predecessors left off, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Third Edition gives you detailed instruction on how to conduct a security risk assessment effectively and efficiently, supplying wide-ranging coverage that includes security risk analysis, mitigation, and risk assessment reporting.

The third edition has expanded coverage of essential topics, such as threat analysis, data gathering, risk analysis, and risk assessment methods, and added coverage of new topics essential for current assessment projects (e.g., cloud security, supply chain management, and security risk assessment methods). This handbook walks you through the process of conducting an effective security assessment, and it provides the tools, methods, and up-to-date understanding you need to select the security measures best suited to your organization.

Trusted to assess security for small companies, leading organizations, and government agencies, including the CIA, NSA, and NATO, Douglas J. Landoll unveils the little-known tips, tricks, and techniques used by savvy security professionals in the field. It includes features on how to

Better negotiate the scope and rigor of security assessments

Effectively interface with security assessment teams

Gain an improved understanding of final report recommendations

Deliver insightful comments on draft reports

This edition includes detailed guidance on gathering data and analyzes over 200 administrative, technical, and physical controls using the RIIOT data gathering method; introduces the RIIOT FRAME (risk assessment method), including hundreds of tables, over 70 new diagrams and figures, and over 80 exercises; and provides a detailed analysis of many of the popular security risk assessment methods in use today. The companion website (infosecurityrisk.com) provides downloads for checklists, spreadsheets, figures, and tools.

By: Douglas Landoll (Lantego LLC Austin Texas USA)
Imprint: CRC Press
Country of Publication: United Kingdom
Edition: 3rd edition
Dimensions: Height: 254mm, Width: 178mm,
Weight: 879g
ISBN: 9781032041650
ISBN 10: 103204165X
Pages: 490
Publication Date: 28 September 2021
Audience: Professional and scholarly , Undergraduate
Format: Paperback
Publisher's Status: Active

Foreword 1. Introduction 2. Information Security Risk Assessment Basics 3. Project Definition 4. Security Risk Assessment Preparation 5. Data Gathering 6. Administrative Data Gathering 7. Technical Data Gathering 8. Physical Data Gathering 9. Security Risk Analysis 10. Security Risk Mitigation 11. Security Risk Assessment Reporting 12. Security Risk Assessment Project Management 13. Cloud Security Risk Assessment 14. Vendor Security Risk Assessment 15. Very small and very large assessments 16. Security Risk Assessment Approaches Appendix. Relevant Standards and Regulations

Douglas Landoll has over two decades of information security experience. He has led security risk assessments and established security programs for top corporations and government agencies. He is an expert in security risk assessment, security risk management, security criteria, and building corporate security programs. His background includes evaluating security at the National Security Agency (NSA), North Atlantic Treaty Organization (NATO), Central Intelligence Agency (CIA), and other government agencies; co-founding the Arca Common Criteria Testing Laboratory, co-authoring the systems security engineering capability maturity model (SSE-CMM); teaching at NSA’s National Cryptologic School; and running the southwest security services division for Exodus Communications. Doug is currently the CEO of Lantego, specializing in risk assessment, policy and training. He is a certified information systems security professional (CISSP) and certified information systems auditor (CISA). He holds a BS degree from James Madison University and an MBA from the University of Texas at Austin. He has published numerous information security articles, speaks regularly at conferences, and serves as an advisor for several high-tech companies.