ABOUT THE AUTHOR
TABLE OF CONTENTS
1.1 Who should read this book?
1.2 How to read this book?
1.3 What this book is not
1.4 Why is risk management the central philosophy in ISO 27001?
1.5 Relationship between enterprise risk management and information security management
1.6 ISO 27001 vs. ISO 27005 vs. ISO 31000
1.7 Additional resources
2 STEPS IN THE RISK MANAGEMENT
2.1 Addressing risks and opportunities (clause 6.1.1)
2.2 Five steps in the risk management process (clause 6.1)
2.3 Writing the risk assessment methodology (clause 6.1.2)
2.4 Risk assessment part I: Identifying the risks (clauses 6.1.2 and 8.2)
2.5 Risk assessment part II: Analyzing and evaluating the risks (clauses 6.1.2 and 8.2)
2.6 Performing risk treatment (clauses 6.1.3 and 8.3)
2.7 Statement of Applicability: The central document of the whole ISMS (clause 6.1.3 d)
2.8 Developing the Risk treatment plan (clauses 6.1.3, 6.2, and 8.3)
2.9 Regular review of the risk assessment and treatment (clause 8.2)
2.10 Success factors
3 MINI CASE STUDY: PERFORMING RISK ASSESSMENT IN A SMALL HOSPITAL
APPENDIX - Catalog of threats and vulnerabilities
累计评论(0条) 0个书友正在讨论这本书 发表评论