Information Security Risk Analysis

Risk is a cost of doing business. The question is "What are the risks, and what are their costs?" Knowing the vulnerabilities and threats that face your organization's information systems is the first essential step in risk management. Information Security Risk Analysis shows you how to use cost-effective risk analysis techniques to identify and quantify the threats - both accidental and purposeful - your organization faces. The book steps you through the qualitative risk analysis process - using techniques such as PARA (Practical Application of Risk Analysis) and FRAP (Facilitated Risk Analysis Process) to: • Evaluate tangible and intangible risks • Use the qualitative risk analysis process • Identify elements that make up a strong Business Impact Analysis FEATURES • Provides the knowledge and practical application of the method necessary to implement an effective subject analysis process • Allows organizations to "pre-screen" application systems or other subjects to determine if a risk analysis is needed • Uses format qualitative risk analysis methods to determine cost-effective solutions • Shows how to evaluate tangible and intangible risks and conduct risk analysis with confidence • Covers using the qualitative risk analysis process