چه کسانی این کتاب را می‌خوانند

دانشجوعلاقه‌مند یادگیری
کتابخوان حرفه‌ایلذت مطالعه
نویسندهالهام‌گیری

Information Risk Management, Second edition

under the direction of Pierre Nora، English language edition edited، with a foreword by Lawrence D. Kritzman، translated by Arthur Goldhammer، David Sutton, (Information security practitioner)

قیمت نهایی

۴۴٬۰۰۰ تومان۴۹٬۰۰۰ تومان۱۰٪ تخفیف
  • تخفیف زمان‌دار−۵٬۰۰۰ تومان

۵٬۰۰۰ تومان صرفه‌جویی نسبت به قیمت اصلی

نسخه اصلی و اورجینال

بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.

تحویل فوری
پرداخت امن
ضمانت فایل
پشتیبانی

مشخصات کتاب

ناشر
BCS
سال انتشار
۲۰۲۱
فرمت
PDF
زبان
انگلیسی
حجم فایل
۳٫۰ مگابایت
شابک
9780231084048، 9780231106344، 9780231109260، 0231084048، 0231106343، 0231109261، 9781780175720، 9781780175744، 9781780175751، 1780175728، 1780175744، 1780175752

دربارهٔ کتاب

Information risk management (IRM) is about identifying, assessing, prioritising and treating risks to keep information secure and available. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. It is the only textbook for the BCS Practitioner Certificate in Information Risk Management and this new edition reflects recent changes to the syllabus and to the wider discipline. Cover 1 CONTENTS 9 LIST OF FIGURES AND TABLES 12 AUTHOR 13 OTHER WORKS BY THE AUTHOR 13 ACKNOWLEDGEMENTS 14 ABBREVIATIONS 15 PREFACE 18 1. THE NEED FOR INFORMATION RISK MANAGEMENT 21 WHAT IS INFORMATION? 21 WHO SHOULD USE INFORMATION RISK MANAGEMENT? 24 THE LEGAL FRAMEWORK 26 THE CONTEXT OF RISK IN THE ORGANISATION 27 HOT TOPICS TO CONSIDER IN INFORMATION RISK MANAGEMENT 29 THE BENEFITS OF TAKING ACCOUNT OF INFORMATION RISK 32 OVERVIEW OF THE INFORMATION RISK MANAGEMENT PROCESS 34 SUMMARY 36 2. REVIEW OF INFORMATION SECURITY FUNDAMENTALS 40 INFORMATION CLASSIFICATION 42 PLAN-DO-CHECK-ACT 46 SUMMARY 47 3. THE INFORMATION RISK MANAGEMENT PROGRAMME 48 GOALS, SCOPE AND OBJECTIVES 49 ROLES AND RESPONSIBILITIES 50 GOVERNANCE OF THE RISK MANAGEMENT PROGRAMME 50 INFORMATION RISK MANAGEMENT CRITERIA 51 SUMMARY 56 4. RISK IDENTIFICATION 57 THE RISK IDENTIFICATION PROCESS 57 THE APPROACH TO RISK IDENTIFICATION 59 IMPACT ASSESSMENT 62 SUMMARY 73 5. THREAT AND VULNERABILITY ASSESSMENT 74 CONDUCTING THREAT ASSESSMENTS 74 CONDUCTING VULNERABILITY ASSESSMENTS 80 IDENTIFICATION OF EXISTING CONTROLS 86 SUMMARY 89 6. RISK ANALYSIS AND RISK EVALUATION 91 ASSESSMENT OF LIKELIHOOD 91 RISK ANALYSIS 94 RISK EVALUATION 96 SUMMARY 100 7. RISK TREATMENT 101 STRATEGIC RISK OPTIONS 102 TACTICAL RISK MANAGEMENT CONTROLS 105 OPERATIONAL RISK MANAGEMENT CONTROLS 106 EXAMPLES OF CRITICAL CONTROLS AND CONTROL CATEGORIES 107 SUMMARY 110 8. RISK REPORTING AND PRESENTATION 111 BUSINESS CASES 112 RISK TREATMENT DECISION-MAKING 113 RISK TREATMENT PLANNING AND IMPLEMENTATION 114 BUSINESS CONTINUITY AND DISASTER RECOVERY 115 DISASTER RECOVERY FAILOVER TESTING 124 SUMMARY 124 9. COMMUNICATION, CONSULTATION, MONITORING AND REVIEW 125 SKILLS REQUIRED FOR AN INFORMATION RISK PROGRAMME MANAGER 125 COMMUNICATION 127 CONSULTATION 129 RISK REVIEWS AND MONITORING 130 SUMMARY 132 10. THE NCSC CERTIFIED PROFESSIONAL SCHEME 133 SFIA 135 THE CIISEC SKILLS FRAMEWORK 136 SUMMARY 139 11. HMG SECURITY-RELATED DOCUMENTS 140 HMG SECURITY POLICY FRAMEWORK 140 THE NATIONAL SECURITY STRATEGY 140 CONTEST, THE UNITED KINGDOM’S STRATEGY FOR COUNTERING TERRORISM 141 THE MINIMUM CYBER SECURITY STANDARD 141 THE UK CYBER SECURITY STRATEGY 2016–2021 141 UK GOVERNMENT SECURITY CLASSIFICATIONS 142 SUMMARY 143 APPENDIX A – TAXONOMIES AND DESCRIPTIONS 144 INFORMATION RISK 144 TYPICAL IMPACTS OR CONSEQUENCES 146 APPENDIX B – TYPICAL THREATS AND HAZARDS 150 MALICIOUS INTRUSION (HACKING) 150 ENVIRONMENTAL THREATS 153 ERRORS AND FAILURES 155 SOCIAL ENGINEERING 157 MISUSE AND ABUSE 158 PHYSICAL THREATS 159 MALWARE 160 APPENDIX C – TYPICAL VULNERABILITIES 163 ACCESS CONTROL 163 POOR PROCEDURES 166 PHYSICAL AND ENVIRONMENTAL SECURITY 167 COMMUNICATIONS AND OPERATIONS MANAGEMENT 169 PEOPLE-RELATED SECURITY FAILURES 171 APPENDIX D – INFORMATION RISK CONTROLS 174 STRATEGIC CONTROLS 174 TACTICAL CONTROLS 175 OPERATIONAL CONTROLS 175 THE CENTRE FOR INTERNET SECURITY CONTROLS VERSION 8 176 ISO/IEC 27001:2017 CONTROLS 178 NIST SPECIAL PUBLICATION 800-53 REVISION 5 183 APPENDIX E – METHODOLOGIES, GUIDELINES AND TOOLS 191 METHODOLOGIES 191 OTHER GUIDELINES AND TOOLS 196 APPENDIX F – TEMPLATES 201 APPENDIX G – HMG CYBERSECURITY GUIDELINES 207 HMG CYBER ESSENTIALS SCHEME 207 10 STEPS TO CYBER SECURITY 209 APPENDIX H – REFERENCES AND FURTHER READING 212 PRIMARY UK LEGISLATION 212 GOOD PRACTICE GUIDELINES 213 OTHER REFERENCE MATERIAL 213 NCSC CERTIFIED PROFESSIONAL SCHEME 214 OTHER UK GOVERNMENT PUBLICATIONS 215 RISK MANAGEMENT METHODOLOGIES 216 UK AND INTERNATIONAL STANDARDS 216 APPENDIX I – DEFINITIONS, STANDARDS AND GLOSSARY OF TERMS 224 DEFINITIONS AND GLOSSARY OF TERMS 225 INFORMATION RISK MANAGEMENT STANDARDS 233 INDEX 236 Back cover 240 Information Risk Management (irm) Is About Identifying, Assessing, Prioritising And Treating Risks To Keep Information Secure And Available. This Book Provides Practical Guidance To The Principles And Development Of A Strategic Approach To An Irm Programme. The Only Textbook For The Bcs Practitioner Certificate In Information Risk Management. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. -- Edited summary from book

قیمت نهایی

۴۴٬۰۰۰ تومان