Book Image

Information Security Handbook - Second Edition

By : Darren Death
Book Image

Information Security Handbook - Second Edition

By: Darren Death

Overview of this book

Information Security Handbook is a practical guide that’ll empower you to take effective actions in securing your organization’s assets. Whether you are an experienced security professional seeking to refine your skills or someone new to the field looking to build a strong foundation, this book is designed to meet you where you are and guide you toward improving your understanding of information security. Each chapter addresses the key concepts, practical techniques, and best practices to establish a robust and effective information security program. You’ll be offered a holistic perspective on securing information, including risk management, incident response, cloud security, and supply chain considerations. This book has distilled years of experience and expertise of the author, Darren Death, into clear insights that can be applied directly to your organization’s security efforts. Whether you work in a large enterprise, a government agency, or a small business, the principles and strategies presented in this book are adaptable and scalable to suit your specific needs. By the end of this book, you’ll have all the tools and guidance needed to fortify your organization’s defenses and expand your capabilities as an information security practitioner.
Table of Contents (16 chapters)

Information Security Risk Management

This chapter will discuss information security risks, beginning with a review of the foundational concepts, which will lead to a detailed understanding of risk ownership and management. It will offer insights into identifying and safeguarding your organization’s vital data and provide guidelines for conducting risk assessments. We will explore the significance of information classification and the steps involved in the data classification process. Drawing on these building blocks, we will discuss establishing impact, choosing suitable security controls, and calculating risk using qualitative and quantitative assessments.

The following topics will be covered in this chapter:

  • What is information security risk?
  • Understanding the ownership and management of information security risk
  • Identifying and protecting your organization’s valuable data
  • Conducting a quick risk assessment
  • Risk management is an organizational...