computersecurityhandbook.com
Home  >  Fourth Edition  >  Chapter 47
Chapter 47 –  Risk Assessment and Risk Management
     Robert Jacobson, CPP

Chapter Contents:

   47.1    An Introduction to Risk Management
   47.1.1    What Is Risk?
   47.1.2    What Is Risk Management?
   47.2    Objective of a Risk Assessment
   47.3    Limits of Questionnaires in Assessing Risks
   47.4    A Model of Risk
   47.4    The Two Inconsequential Risk Classes
   47.4.2    The Two Significant Risk Classes
   47.4.3    Spectrum of Real-World Risks
   47.5    Risk Mitigation
   47.5    Difficulties Applying ALE Estimates
   47.5.2    What a Risk Manager Tries to Do
   47.5.2.1    The Three Risk Management Regions
   47.5.2.1    Where ROI-Based Risk Mitigation Is Effective
   47.5.2.2    Four Reasons for Adopting a Mitigation Measure
   47.5.3    How to Mitigate Infrequent Risks
   47.5.3.1    Reduce the Magnitude of High Single-Occurrence Losses
   47.5.3.2    Mitigation Selection Process
   47.5.4    Summary of Risk Mitigation Strategies
   47.5.4.1    Risk Assessment/Risk Mitigation Summary
   47.6    Risk Assessment Techniques
   47.6.1    Aggregating Threats and Loss Potentials
   47.6.2    Basic Risk Assessment Algorithms
   47.6    Loss Potential
   47.6.3.1    Property Damage and Liability Losses
   47.6.3.2    Service Interruption Losses
   47.6.4    Risk Event Parameters
   47.6.5    Vulnerability Factors, ALE, and SOL Estimates
   47.6.6    Sensitivity Testing
   47.6.7    Selecting Risk Mitigation Measures
   47.7    Summary
   47.8    References

Please report problems to the webmaster at: webmaster@removethis.rlgsc.com
copyright 2002-2006, Robert Gezelter, All Rights Reserved