Rothstein Associates Inc.

INFORMATION SECURITY RISK ANALYSIS
by Thomas R. Peltier

“Risk is a cost of doing business. The question is, "What are the risks, and what are their
costs?" Knowing the vulnerabilities and threats that face your organization's information and
systems is the first essential step in risk management.

“Information Security Risk Analysis shows you how to use cost-effective risk analysis
techniques to identify and quantify the threats--both accidental and purposeful--that your
organization faces. The book steps you through the qualitative risk analysis process using
techniques such as PARA (Practical Application of Risk Analysis) and FRAP (Facilitated
Risk Analysis Process) to
Evaluate tangible and intangible risks
Use the qualitative risk analysis process
Identify elements that make up a strong Business Impact Analysis
Conduct risk analysis with confidence

“Management looks to you, its information security professional, to provide a process that
allows for the systematic review of risk, threats, hazards, and concerns, and to provide
cost-effective measures to lower risk to an acceptable level. You can find books that cover
risk analysis for financial, environmental, and even software projects, but you will find none
that apply risk analysis to information technology and business continuity planning or deal
with issues of loss of systems configuration, passwords, information loss, system integrity,
CPU cycles, bandwidth, and more. Information Security Risk Analysis shows you how to
determine cost effective solutions for your organization's information technology.”

= = = = =

FEATURES

- Provides the knowledge and practical application of the method necessary to
implement an effective subject analysis process

- Allows organizations to "pre-screen" application, systems or other subjects to
determine if a risk analysis is needed

- Uses formal qualitative risk analysis methods to determine cost effective solutions

- Shows how to evaluate tangible and intangible risks and conduct risk analysis
with
confidence

- Covers using the qualitative risk analysis process

= = = = =


FROM THE INTRODUCTION

“The dictionary defines risk as ‘someone or something that creates or suggests a hazard.” In
today’s environment, it is one of the many costs of doing business or providing a service.
Information security professionals know and understand that nothing ever runs smoothly for
very long. Any manner of internal or external hazard or risk can cause a well-running
organization to lose competitive advantage, miss deadlines, or suffer embarrassment. As
security professionals, management is looking to us to provide a process that allows for the
systematic review of risk, threats, hazards and concerns and provide cost-effective
measures
to lower risk to an acceptable level. This book will review the current practical application of
cost-effective risk analysis.”

= = = = = = = =
= = =

CONTENTS

Acknowledgments
Introduction
Effective Risk Analysis
Qualitative Risk Analysis
Value Analysis
Other Qualitative Methods
Facilitated Risk Analysis Process (FRAP)
Other Uses of Qualitative Risk Analysis
Case Study
Appendix A: Questionnaire
Appendix B: Facilitated Risk Analysis Process Forms
Scope/Business Process Identification
Action Plan
Final Report
Controls List
Risk List
Control/Risks Cross Reference List
Appendix C: Business Impact Analysis Forms
Appendix D: Sample of Report
Appendix E: Threat Definitions
Appendix F: Other Risk Analysis Opinions
Risk Assessment and Management (Will Ozier)
New Trends in Risk Management (Caroline Hamilton)
Integrated Risk Management - A Concept for Risk Containment (Jose Martinez)
Index

= = = = =
2001, 281 pages. Order #DR530.
= = = = =

4 Arapaho Rd.

Brookfield, CT 06804-3104

1-888-ROTHSTEin

Telephone: 203.740.7444; 888.768.4783

Fax: 203.740.7401

All bookstore enquiries should be sent to Rothstein Associates at the above address.

Looking for Practical Knowledge?