Measuring and Managing Information Risk

Measuring and Managing Information Risk : A FAIR Approach

4.52 (21 ratings by Goodreads)
By (author) 

Free delivery worldwide

Available. Dispatched from the UK in 2 business days
When will my order arrive?

Description

Using the factor analysis of information risk (FAIR) methodology developed over ten years and adopted by corporations worldwide, Measuring and Managing Information Risk provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity. Intended for organizations that need to either build a risk management program from the ground up or strengthen an existing one, this book provides a unique and fresh perspective on how to do a basic quantitative risk analysis. Covering such key areas as risk theory, risk calculation, scenario modeling, and communicating risk within the organization, Measuring and Managing Information Risk helps managers make better business decisions by understanding their organizational risk.
show more

Product details

  • Paperback | 408 pages
  • 193.04 x 236.22 x 22.86mm | 839.14g
  • Butterworth-Heinemann Inc
  • Woburn, United States
  • English
  • Illustrated; Illustrations, unspecified
  • 0124202314
  • 9780124202313
  • 505,373

Table of contents

Chapter 1: Introduction

Chapter 2: Basic Risk Concepts

Chapter 3: The FAIR Risk Ontology

Chapter 4: FAIR Terminology

Chapter 5: Measurement

Chapter 6: Analysis Process

Chapter 7: Interpreting Results

Chapter 8: Risk Analysis Examples

Chapter 9: Thinking about Risk Scenarios Using FAIR

Chapter 10: Common Mistakes

Chapter 11: Controls

Chapter 12: Risk Management

Chapter 13: Information Security Metrics

Chapter 14: Implementing Risk Management
show more

Review Text

"...informative and insightful-and surprisingly engaging. Using examples, anecdotes, and metaphors, the writers keep this educational work from becoming difficult... Professionals new to thorough information risk analysis or using more simplified approaches will find this book extremely useful." --Security Management
show more

Review quote

"...informative and insightful-and surprisingly engaging. Using examples, anecdotes, and metaphors, the writers keep this educational work from becoming difficult... Professionals new to thorough information risk analysis or using more simplified approaches will find this book extremely useful." --Security Management
show more

About Jack Freund

Dr. Jack Freund is an expert in IT risk management specializing in analyzing and communicating complex IT risk scenarios in plain language to business executives. Jack has been conducting quantitative information risk modeling since 2007. He currently leads a team of risk analysts at TIAA-CREF. Jack has over 15 years in IT and technology consulting for organizations such as Nationwide Insurance, CVS/Caremark, Lucent Technologies, Sony Ericsson, AEP, Wendy's International, and The State of Ohio. He holds a BS in CIS, master's in telecommunication and project management, a PhD in information systems, and the CISSP, CISA, CISM, CRISC, CIPP, and PMP certifications. Jack is a visiting professor at DeVry University and a senior member of the ISSA, IEEE, and ACM. Jack chairs a CRISC subcommittee for ISACA and has participated as a member of the Open Group's risk analyst certification committee. Jack's writings have appeared in the ISSA Journal, Bell Labs Technical Journal, Columbus CEO magazine, and he currently writes a risk column for @ISACA. You can follow all Jack's work and writings at riskdr.com. Jack Jones, CISM, CISA, CRISC, CISSP, has been employed in technology for the past thirty years, and has specialized in information security and risk management for twenty-four years. During this time, he's worked in the United States military, government intelligence, consulting, as well as the financial and insurance industries. Jack has over nine years of experience as a CISO with three different companies, with five of those years at a Fortune 100 financial services company. His work there was recognized in 2006 when he received the 2006 ISSA Excellence in the Field of Security Practices award at that year's RSA conference. In 2007, he was selected as a finalist for the Information Security Executive of the Year, Central United States, and in 2012 was honored with the CSO Compass award for leadership in risk management. He is also the author and creator of the Factor Analysis of Information Risk (FAIR) framework. Currently, Jack is co-founder and president of CXOWARE, Inc.
show more

Rating details

21 ratings
4.52 out of 5 stars
5 52% (11)
4 48% (10)
3 0% (0)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X