Mehr lesen
Zusatztext ? this book! now in its second edition! covers a lot of ground for its 450 or so pages: information security! physical and environmental exposures! personnel risk and business continuity. Its author! a one-time senior analyst at the NSA! is clearly highly experienced in managing very large-scale risk assessment exercises. ? a valuable guide for those commissioning or planning risk assessment exercises.- Michael Barwise! BSc! CEng! CITP! MBCS! in InfoSec Reviews! July 2011 Informationen zum Autor Douglas Landoll has nearly two decadesof information security experience. He has ledsecurity risk assessments and establishedsecurity programsfor top corporations and government agencies. He is an expert in security risk assessment! security risk management! security criteria! and building corporate security programs. His background includes evaluating security at the National Security Agency (NSA)! North Atlantic Treaty Organization (NATO)! Central Intelligence Agency (CIA)! and other government agencies; co-founding the Arca Common Criteria Testing Laboratory! co-authoring the systems security engineering capability maturity model (SSE-CMM); teaching at NSA's National Cryptologic School; and running the southwest security services division for Exodus Communications. Mr. Landoll is currently the president of Veridyn! a provider of network security solutions. He is a certified information systems security professional (CISSP) and certified information systems auditor (CISA). He holds a BS degree from James Madison University and an MBA from the University of Texas at Austin. He has published numerous information security articles! speaks regularly at conferences! and serves as an advisor for several high-tech companies. Klappentext "The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments provides detailed insight into precisely how to conduct an information security risk assessment from a practical point of view. Designed for security professionals who want a more in-depth understanding of the risk assessment process, this volume contains real-world advice that promotes professional development and experience. It also enables security consumers to better negotiate the scope and rigor of a security assessment, effectively interface with a security assessment team, deliver insightful comments on a draft report, and have a greater understanding of final report recommendations"-- Zusammenfassung Conducted properly, information security risk assessments provide managers with the feedback needed to understand threats to corporate assets, determine vulnerabilities of current controls, and select appropriate safeguards. Performed incorrectly, they can provide the false sense of security that allows potential threats to develop into disastrous losses of proprietary information, capital, and corporate value. Picking up where its bestselling predecessor left off, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Second Edition gives you detailed instruction on how to conduct a risk assessment effectively and efficiently. Supplying wide-ranging coverage that includes security risk analysis, mitigation, and risk assessment reporting, this updated edition provides the tools needed to solicit and review the scope and rigor of risk assessment proposals with competence and confidence. Trusted to assess security for leading organizations and government agencies, including the CIA, NSA, and NATO, Douglas Landoll unveils the little-known tips, tricks, and techniques used by savvy security professionals in the field. He details time-tested methods to help you:Better negotiate the scope and rigor of security assessmentsEffectively interface with security assessment teamsGain an improved understanding of final report recommendationsDeliver insightful comments on draft reportsThe book i...
