Measuring and Managing Information Risk: A FAIR Approach, Second Edition provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity using the Factor Analysis of Information Risk (FAIR) methodology developed over ten years and adopted by corporations worldwide. This new edition covers such key areas as risk theory, risk calculation, scenario modeling, and communicating risk within the organization, and also includes new chapters and essays from industry professionals. It provides a step-by-step guide to help managers make better business decisions by understanding their organizational risk. The field has advanced significantly in the past 10 years and this all-new edition reiterates the importance of the foundations of risk measurement but adds information about modern methods to integrate quantitative risk assessment methods into your security programs. This includes the integration of security telemetry data, outside data sources, approaches to automating FAIR assessments, and how to align methods and programs to security standards and regulations. Further discussed is how such approaches are being used by third-party agencies to provide CRQ data to the investors, underwriters, and regulators. This book is a valuable resource for all those who need the foundations, methods, and techniques for measuring, assessing, and communicating cyber risk to enable an organization to build an organizational IT risk management program. It serves as both a practical how-to guide for those new to the industry as well as tenured professionals that need a formalized guide for implementation. Uses factor analysis of information risk (FAIR) as a methodology for measuring and managing risk in any organization, with insights on how to apply the FAIR methodology based on over 15 years of applied experienceCarefully balances theory with practical applicability and relevant stories of successful implementationIncludes examples from a wide variety of businesses and situations presented in an accessible writing styleIncludes new chapters on Standards and Regulatory Alignment, Building Quantitative Risk Programs, Assessment Automation, and Risk Measurement Red Flags, as well as significant revisions to cover the new FAIR-CAM standard and short essays from others in the industry INDICE: 1. Introduction2. Risk Concepts3. FAIR Risk Ontology4. FAIR Terminology5. Measurement6. Analysis Process7. Interpreting Results8. Risk Analysis Examples9. Common Problems10. Controls11. Standards and Regulatory Alignment12. Organizational Risk Decision Making13. Metrics14. Implementing Risk Management15. Building Quantitative Risk Programs16. Assessment Automation17. Risk Measurement Red Flags18. Invited Contribution
- ISBN: 978-0-443-13484-5
- Editorial: Butterworth-Heinemann
- Encuadernacion: Rústica
- Páginas: 460
- Fecha Publicación: 01/12/2024
- Nº Volúmenes: 1
- Idioma: Inglés