Information Security Risk Assessment Toolkit

Information Security Risk Assessment Toolkit, 1st Edition

Practical Assessments through Data Collection and Data Analysis

Information Security Risk Assessment Toolkit, 1st Edition,Mark Talabis,Jason Martin,ISBN9781597497350






235 X 191

Practical, achievable and sustainable information security risk assessment methodology.


Additional materials for this book are available on the following website. Please copy and paste this URL on your browser: http://securitytoolk.it/

Print Book + eBook

USD 59.94
USD 99.90

Buy both together and save 40%

Print Book


In Stock

Estimated Delivery Time
USD 49.95

eBook Overview

VST (VitalSource Bookshelf) format

DRM-free included formats : EPUB, Mobi (for Kindle), PDF

USD 49.95
Add to Cart

Key Features

    • Based on authors’ experiences of real-world assessments, reports, and presentations
    • Focuses on implementing a process, rather than theory, that allows you to derive a quick and valuable assessment
    • Includes a companion web site with spreadsheets you can utilize to create and maintain the risk assessment


    In order to protect company’s information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments.  Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored.  Information Security Risk Assessments gives you the tools and skills to get a quick, reliable, and thorough risk assessment for key stakeholders.


    Information Security Officers, IT Auditors, IT Professionals, Chief Information Officers, Privacy Officers, Risk Officers, IT Enterprise Architects

    Mark Talabis

    Mark Ryan Talabis is the Chief Threat Scientist of Zvelo Inc. Previously he was the Director of the Cloud Business Unit of FireEye Inc. He was also the Lead Researcher and VP of Secure DNA and was an Information Technology Consultant for the Office of Regional Economic Integration (OREI) of the Asian Development Bank (ADB). ? He is co-author of the book "Information Security Risk Assessment Toolkit: Practical Assessments through Data Collection and Data Analysis" from Syngress. He has presented in various security and academic conferences and organizations around the world including Blackhat, Defcon, Shakacon, INFORMS, INFRAGARD, ISSA, and ISACA. He has a number of published papers to his name in various peer-reviewed journals and is also an alumni member of the Honeynet Project. He has a Master of Liberal Arts Degree (ALM) in Information Technology from Harvard University and a Master of Science (MS) degree in Information Technology from Ateneo de Manila University. He holds several certifications including a Certified Information Systems Security Professional (CISSP); Certified Information Systems Auditor (CISA); and Certified in Risk and Information Systems Control (CRISC).

    Affiliations and Expertise

    Chief Threat Scientist of Zvelo Inc

    Jason Martin

    Jason Martin is Vice President of Cloud Business for FireEye, Inc. the global leader in advanced threat detection technology. Prior to joining FireEye Jason was the President and CEO of Secure DNA (acquired by FireEye), a company that provided innovative security products and solutions to companies throughout Asia-Pacific and the US Mainland. Customers included Fortune 1000 companies, global government agencies, state and local governments, and private organizations of all sizes. Mr. Martin has over fifteen years of experience in Information Security, is a published author and speaker, and is the co-founder of the Shakacon Security Conference.

    Affiliations and Expertise

    is the Vice President of Cloud Business for FireEye, Inc.

    Information Security Risk Assessment Toolkit, 1st Edition



    About the Technical Editor

    About the Authors


    Chapter 1. Information Security Risk Assessments


    What is Risk?

    What is an Information Security Risk Assessment?

    Drivers, Laws, and Regulations



    Chapter 2. Information Security Risk Assessment: A Practical Approach


    A Primer on Information Security Risk Assessment Frameworks


    Chapter 3. Information Security Risk Assessment: Data Collection


    The Sponsor

    The Project Team

    Data Collection Mechanisms

    Executive Interviews

    Document Requests

    IT Asset Inventories

    Asset Scoping

    The Asset Profile Survey

    The Control Survey

    Survey Support Activities and Wrap-Up


    Chapter 4. Information Security Risk Assessment: Data Analysis


    Compiling Observations from Organizational Risk Documents

    Preparation of Threat and Vulnerability Catalogs

    Overview of the System Risk Computation

    Designing the Impact Analysis Scheme

    Designing the Control Analysis Scheme

    Designing the Likelihood Analysis Scheme

    Putting it Together and the Final Risk Score

    Chapter 5. Information Security Risk Assessment: Risk Assessment


    System Risk Analysis

    Chapter 6. Information Security Risk Assessment: Risk Prioritization and Treatment


    Organizational Risk Prioritization and Treatment

    System Specific Risk Prioritization and Treatment

    Issues Register

    Chapter 7. Information Security Risk Assessment: Reporting



    Risk Analysis Executive Summary



    Risk Register



    Chapter 8. Information Security Risk Assessment: Maintenance and Wrap Up


    Process Summary

    Key Deliverables

    Post Mortem


    Free Shipping
    Shop with Confidence

    Free Shipping around the world
    ▪ Broad range of products
    ▪ 30 days return policy

    Contact Us