Автор: David Sutton
Издательство: BCS, The Chartered Institute for IT
Год: 2021
Страниц: 240
Язык: английский
Формат: pdf (true), epub
Размер: 22.2 MB
Information risk management (IRM) is about identifying, assessing, prioritising and treating risks to keep information secure and available. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. It is the only textbook for the BCS Practitioner Certificate in Information Risk Management and this new edition reflects recent changes to the syllabus and to the wider discipline.
Some experts believe that the threat and vulnerability assessments should be carried out ahead of the impact assessments; others disagree and opt for the reverse arrangement. I believe that, in practice, either method will suffice as long as the information assets have been clearly identified, but that it can be extremely helpful if the threat and vulnerability assessments can be performed at the same time as impact assessments, since many of the threats and vulnerabilities will be apparent to the information asset owners. Further threat and vulnerability assessments can be conducted at a later time with other knowledgeable staff, especially with information security specialists. For every threat identified, there may well also be some data on the frequency of historical events where the threat has either been known to have been used or to have succeeded. It is also worthwhile remembering that a threat can only cause an impact on an information asset if the asset contains a vulnerability for the threat to exploit. The output of the threat assessment will include threats and hazards from a number of different sources including, but not limited to:
- malicious intrusion or hacking;
- environmental threats and hazards;
- errors and failures;
- social engineering;
- misuse and abuse;
- physical threats;
- malware.
Скачать Information Risk Management: A practitioner's guide, 2nd Edition