Managing Risk in Information Systems, Second Edition

Managing Risk in Information Systems, Second Edition

Darril Gibson
ISBN-13: 978-1-2840-5595-5
Paperback
450 pages
© 2015

Learn More
Request a Review Copy

  • Description
  • Applied Labs
  • Table of Contents
  • Course Objectives
  • Resources

PART OF THE JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES

Revised and updated with the latest data in the field, the Second Edition of Managing Risk in Information Systems provides a comprehensive overview of the SSCP® Risk, Response, and Recovery Domain in addition to providing a thorough overview of risk management and its implications on IT infrastructures and compliance. Written by industry experts, and using a wealth of examples and exercises, this book incorporates hands-on activities to walk the reader through the fundamentals of risk management, strategies and approaches for mitigating risk, and the anatomy of how to create a plan that reduces risk.

Key Features

  • Provides a modern and comprehensive view of information security policies and frameworks
  • Examines the technical knowledge and software skills required for policy implementation
  • Explores the creation of an effective IT security policy framework
  • Discusses the latest governance, regulatory mandates, business drives, legal considerations, and much more.

Applicable Courses

Ideal for use in Information Security courses or programs.

This title is available with a lab manual that allows students to put their classroom skills to work through numerous laboratory exercises.
 

Lab #1: Identifying Threats and Vulnerabilities in an IT Infrastructure
Lab #2: Aligning Risks, Threats, & Vulnerabilities to the COBIT P09 Risk Management Controls
Lab #3: Defining the Scope and Structure for an IT Risk Management Plan
Lab #4: Performing a Qualitative Risk Assessment for an IT
Infrastructure
Lab #5: Identifying Risks, Threats, and Vulnerabilities in an IT
Infrastructure Using Zenmap® GUI (Nmap) & Nessus® Reports
Lab #6: Developing a Risk-Mitigation Plan Outline for an IT
Infrastructure
Lab #7: Performing a Business Impact Analysis for a Mock IT
Infrastructure
Lab #8: Developing an Outline for a Business Continuity Plan for an IT Infrastructure
Lab #9: Developing Disaster Recovery Backup Procedures and Recovery Instructions
Lab #10: Creating a CIRT Response Plan for a Typical IT Infrastructure
Part 1: Risk Management Business Challenges
Chapter 1: Risk Management Fundamentals
Chapter 2: Managing Risk: Threats, Vulnerabilities, and Exploits
Chapter 3: Maintaining Compliance
Chapter 4: Developing a Risk Management Plan
Part 2: Mitigating Risk
Chapter 5: Defining Risk Assessment Approaches
Chapter 6: Performing a Risk Assessment
Chapter 7: Identifying Assets and Activities to Be Protected
Chapter 8: Identifying and Analyzing Threats, Vulnerabilities, and Exploits
Chapter 9: Identifying and Analyzing Risk Mitigation Security Controls
Chapter 10: Planning Risk Mitigation Throughout the Organization
Chapter 11: Turning Your Risk Assessment into a Risk Mitigation Plan
Part 3: Risk Mitigation Plans
Chapter 12: Mitigating Risk with a Business Impact Analysis
Chapter 13: Mitigating Risk with a Business Continuity Plan
Chapter 14: Mitigating Risk with a Disaster Recovery Plan
Chapter 15: Mitigating Risk with a Computer Incident Response Team Plan
  1. Explain the basic concepts of and need for risk management.
  2. Identify compliancy laws, standards, best practices, and policies of risk management.
  3. Describe the components of an effective organizational risk management program.
  4. Describe techniques for identifying relevant threats, vulnerabilities, and exploits.
  5. Identify risk mitigation security controls.
  6. Describe concepts for implementing risk mitigation throughout an organization.
  7. Perform a business impact analysis for a provided scenario.
  8. Create a business continuity plan (BCP) based on the findings of a given risk assessment for an organization.
  9. Create a disaster recovery plan (DRP) based on the findings of a given risk assessment for an organization.
  10. Create a Computer Incident Response Team (CIRT) plan for an organization in a given scenario.

Instructor Resources include:

  • PowerPoint Lectures
  • Instructor’s Guide
  • Test and Quiz Items
  • Sample Syllabus
  • Case Scenarios/Handouts
  • Handouts
  • Projects
  • Study Guide
  • Time on Task
  • Content Map