Ernie Hayden, MIPM, CISSP, CEH, GICSP(Gold), PSP

Critical Infrastructure Risk Assessment


Скачать книгу

Thought and Discussion

       REFERENCES

       Chapter 2 Risk and Risk Management 2.1 What is Risk?

       2.1.1 Threat

       2.1.2 Vulnerability

       2.1.3 Probability

       2.1.4 Consequences or Impact

       2.1.5 Nuances of Risk

       2.1.6 Risk Appetite and Tolerance

       2.1.7 Risk Velocity

       2.2 Risk Management

       2.2.1 Risk Management Principles

       2.2.2 Addressing Risk

       2.2.3 Risk Management Process

       2.2.4 Risk Management Focus — Component or System

       2.2.5 Risk Management Focus — Defensive and Offensive

       2.2.6 Risk Management Focus — Checklist Approach

       2.2.7 Risk Management — Convenience vs Liability or Risk

       2.2.8 Risk Management — Summary Guidance

       2.3 The Next Chapter — Risk Assessment

       2.4 Questions for Further Thought and Discussion

       REFERENCES

       Chapter 3 Risk Assessment

       In this chapter you will:

       3.1 Definitions of Risk Assessment

       3.2 Assessment Foundational Principles, Scope, and Applicability

       3.3 Application of Risk Assessments

       3.4 Risk Assessment Techniques

       3.4.1 Ad-hoc Risk Assessment

       3.4.2 Deductive Risk Assessment

       3.4.3 Inductive Risk Assessment

       3.4.4 Targeted Risk Assessment

       3.5 Assessment Approaches — Qualitative vs Quantitative

       3.6 Dynamic Risk Assessment

       3.7 Difference Between Assessment and Audit57

       3.8 Assessment Models

       3.8.1 ISO 31000

       3.8.2 NIST SP 800-30, R1 — Guide for Conducting Risk Assessments

       3.8.3 NIST SP 800-30, R0 — Risk Management Guide for Information Technology Systems

       3.8.4 Cyber Security Assessments of Industrial Control Systems — Good Practice Guide

       3.8.5 Hybrid Risk Assessment Flow Chart

       3.9 Assessment Process

       3.9.1 Pre-assessment/Planning

       3.9.2 Conducting the Assessment

       3.9.3 Reporting

       3.10 Questions for Further Thought and Discussion

       REFERENCES

       PART II HANDBOOK Chapter 4 Pre-Assessment

       In this chapter you will discover:

       4.1 Planning

       4.2 Identify Team Members

       4.3 Identify Assessment Goals

       4.4 Collect Artifacts, Templates, Preliminary Documentation

       4.5 Define the Assessment Plan