Risk Analysis and the Security Survey



Similar documents
Metrics and Methods for Security Risk Management

Computing. Federal Cloud. Service Providers. The Definitive Guide for Cloud. Matthew Metheny ELSEVIER. Syngress is NEWYORK OXFORD PARIS SAN DIEGO

Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER

Job Hazard Analysis. A Guide for Voluntary Compliance and Beyond. From Hazard to Risk: Transforming the JHA from a Tool to a Process

Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso

Network Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor

Customer Relationship Management

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier

IMPROVEMENT THE PRACTITIONER'S GUIDE TO DATA QUALITY DAVID LOSHIN

CIMA'S Official Learning System

Measuring Data Quality for Ongoing Improvement

Measuring and. Communicating. Security's Value. A Compendium of Metrics. for Enterprise Protection

for the Entire Organization

Configuration. Management for. Senior Managers. Essential Product Configuration. and Lifecycle Management

Financial Statement Analysis

Virtualization and Forensics

SECOND EDITION THE SECURITY RISK ASSESSMENT HANDBOOK. A Complete Guide for Performing Security Risk Assessments DOUGLAS J. LANDOLL

Master Data Management

Managing Data in Motion

Agile Development & Business Goals. The Six Week Solution. Joseph Gee. George Stragand. Tom Wheeler

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier

How To Write A Diagram

Private Equity and Venture Capital in Europe

Open Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier

Valvation. Theories and Concepts. Rajesh Kumar. Professor of Finance, Institute of Management Technology, Dubai, UAE

IT Manager's Handbook

Data Warehousing in the Age of Big Data

Human Performance Improvement

Electricity for the Entertainment Electrician Ef Technician

Big Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph

INTERNATIONAL MONEY AND FINANCE

Relationship marketing

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO

TABLE OF CONTENTS CHAPTER TITLE PAGE

Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER

Rapid System Prototyping with FPGAs

Digital Forensics with Open Source Tools

Network Security: A Practical Approach. Jan L. Harrington

Engineering DOCUMENTATION CONTROL HANDBOOK

QUANTITATIVE METHODS. for Decision Makers. Mik Wisniewski. Fifth Edition. FT Prentice Hall

Private Cloud Computing

Practical Text Mining and Statistical Analysis for Non-structured Text Data Applications

Practical Web Analytics for User Experience

Supply Chain Strategies

superseries FIFTH EDITION

Software Security. Building Security In. Gary McGraw. A Addison-Wesley

Security Metrics. A Beginner's Guide. Caroline Wong. Mc Graw Hill. Singapore Sydney Toronto. Lisbon London Madrid Mexico City Milan New Delhi San Juan

Molecular Biology Techniques: A Classroom Laboratory Manual THIRD EDITION

Compensating the Sales Force

Eye Tracking in User Experience Design

Macroeconomics. Manfred Gartner. Prentice Hall THIRD EDITION. University of St Gallen, Switzerland. An imprint of Pearson Education

Contents. Assessing Social Media Security. Chapter! The Social Media Security Process 3

Supply Chain Risk. An Emerging Discipline. Gregory L. Schlegel. Robert J. Trent

International Investments

Cloud Computing. Theory and Practice. Dan C. Marinescu. Morgan Kaufmann is an imprint of Elsevier HEIDELBERG LONDON AMSTERDAM BOSTON

Eleventh Hour Security+

Public Relations in Schools

Business Finance. Theory and Practica. Eddie McLaney PEARSON

Fixed/Mobile Convergence and Beyond AMSTERDAM BOSTON. HEIDELBERG LONDON

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS

INCIDENT RESPONSE CHECKLIST

Practical Intrusion Analysis

Emergency Incident Management Systems

for Research and Guiding Innovation for Positive R&D Outcomes Lory Mitchell Wingate

CAREER DEVELOPMENT INTERVENTIONS IN THE 21 ST CENTURY

Working Memory and Education

SOFTWARE TESTING AS A SERVICE

Managing the Unmanageable

Winning the Hardware-Software Game

Silent Safety: Best Practices for Protecting the Affluent

Developer's Handbook

VALUATION The Art and Science of Corporate Investment Decisions

Architectures, and. Service-Oriented. Cloud Computing. Web Services, The Savvy Manager's Guide. Second Edition. Douglas K. Barry. with.

Platform Ecosystems. Aligning Architecture, Governance, and Strategy. Amrit Tiwana AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO

Advertising Research

IIB. Complete PCB Design Using OrCAD Capture and PCB Editor. Kraig Mitzner. ~»* ' AMSTERDAM BOSTON HEIDELBERG LONDON ^ i H

Financial Times Prentice Hall is an imprint of

Audio Over IP. Building Pro AolP Systems. with Livewire. Skip Pizzi. Steve Church. Focal. Press ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON

Obj ect-oriented Construction Handbook

STATE UNIVERSITY OF NEW YORK COLLEGE OF TECHNOLOGY CANTON, NEW YORK COURSE OUTLINE EADM 220 DISASTER MANAGEMENT AND PREPAREDNESS

MIKE COHN. Software Development Using Scrum. VAddison-Wesley. Upper Saddle River, NJ Boston Indianapolis San Francisco

The Impact of Corporate Venture Capital

United States and European Union Auditor Independence Regulation

THE COMPLETE PROJECT MANAGEMENT METHODOLOGY AND TOOLKIT

STANDARD. Risk Assessment. Supply Chain Risk Management: A Compilation of Best Practices

Phil Holmes/ Robert Tate. Security Training

Implementing Database Security and Auditing

Business to Business Marketing Management

Manager's Guide to Crisis Management

Quality Management. Theory and Application PETER D. MAUCH. Ltfi) CRC Press. \ V J Taylor & Francis Group. ^ ^ Boca Raton London New York

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

Purchasing and Supply Chain Management

The Data Access Handbook

Business Valuation Discounts and Premiums

The Unified Software Development Process

Transcription:

Risk Analysis and the Security Survey Fourth Edition James F. Broder Eugene Tucker ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Butterworth-Heinemann is an imprint of Elsevier

Contents About the Authors xv Acknowledgments xvii Introduction xix Part 1. The Treatment and Analysis of Risk 1 1. Risk 3 What Is Risk? 3 What Is Risk Analysis? 4 Risk Assessment 4 Risk Exposure Assessment 6 2. Vulnerability and Threat Identification 9 Risk Identification 9 Examples of the Problems of Identification 11 Security Checklist 12 3. Risk Measurement 21 Cost Valuation and Frequency of Occurrence 21 Principles of Probability 23 Probability, Risk, and Security 25 Estimating Frequency of Occurrence 27 4. Quantifying and Prioritizing Loss Potential 29 Assessing Criticality or Severity 30 The Decision Matrix 31

x CONTENTS 5. Cost/Benefit Analysis 33 System Design Engineering 33 Building Redundancy into the System 36 A Security Countermeasure 37 6. Other Risk Analysis Methodologies 39 National Infrastructure Protection Plan, 40 Review 44 7. The Security Survey: An Overview 45 Why Are Security Surveys Needed? 45 Who Needs Security Surveys? 46 Attitude of Business Toward Security 48 What Can a Security Survey Accomplish? 49 Why the Need for a Security Professional? 50 How Do You Sell Security? 50 8. Management Audit Techniques and the Preliminary Survey 53 Audit Guide and Procedures 53 The Preliminary Survey 58 Summary 63 9. The Survey Report 69 "I Must Write, Therefore I Shall" 69 Five Criteria of Good Reporting 72 Format 75 Summary 78 10. Crime Prediction 79 Analysis of Internal Crime 80 Analysis of External Crime 81 Inadequate Security 85

CONTENTS xi How to Establish Notice 87 Review 89 11. Determining Insurance Requirements 91 Risk Management Defined 91 Risk Control 92 Crime Insurance 92 K & R (Kidnap and Ransom) Coverage 94 Part 2. Emergency Management and Business Continuity Planning 99 12. Emergency Management - A Brief Introduction 101 Comprehensive Emergency Management 101 Standards 103 Private Sector Preparedness Accreditation and Certification Program 104 National Incident Management System (NIMS) 104 The Incident Command System (ICS) 104 Unified Command 109 Emergency Operations Center 110 Summary 112 13. Mitigation and Preparedness 113 Mitigation 113 Preparedness 130 Summary 133 14. Response Planning 135 Emergency Response Planning and Response Plans 136 Emergency Response Team 139

xii CONTENTS Emergency Procedures 141 Summary 199 15. Business Impact Analysis 201 Risk Analysis versus Business Impact Analysis 203 Business Impact Analysis Methodology 204 Other Questions for the Impact Analysis 214 Resource Questionnaires and Forms 215 Summary 221 16. Business Continuity Planning 223 Why Plan? 224 The Planning Process 225 Project Management 226 Summary 245 17. Plan Documentation 247 Required Elements of the Plan 247 Multihazard Functional Planning 248 Plan Organization and Structure 249 Summary 257 18. Crisis Management Planning for Kidnap, Ransom, and Extortion 259 Threat Identification 261 Plan Documentation 262 Plan Activation 263 Crisis Management Team 264 Handling the Initial Contact 266 Ransom Considerations 267

CONTENTS xiii Preventive Security 268 Suggestions for Kidnapped Individuals 269 Media Control 270 Summary 271 Bibliography 271 19. Monitoring Safeguards 273 Monitoring or Testing the Existing System 273 The Scientific Method 274 Five Basic Types of Testing 274 Avoid Predictable Failure 275 Some Audit Guidelines 276 Develop a Plan of Action 277 20. The Security Consultant 279 In-House versus Outside Advice 279 Why Use Outside Security Consultants? 281 Security Proposals (Writing and Costing) 283 Summary 288 Evaluation of Proposals and Reports 288 Appendices 289 Appendix A Security Survey Work Sheets 291 General Questions before Starting a Survey 291 Number of Employees 291 Cafeteria 292 Credit Union 292 Custodial Service 292 Company Store 292

xiv CONTENTS Petty Cash or Funds on Hand 293 Classified Operations 293 Theft Experience 293 Some Reference Materials 303 Annex A: Hospital Surveys 303 Annex B: University and College Surveys 306 Appendix B Sample Kidnap and Ransom Contingency Plan 309 I. Introduction 309 II. Basic Plan 309 Appendix C Security Systems Specifications 323 Introduction 323 Example: Requirements Specification for an Integrated Electronic Security System 325 Conclusion 327 Index 329

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information