What do you think?
Rate this book
The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments
The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments provides detailed insight into precisely how to conduct an information security risk assessment. Designed for security professionals and their customers who want a more in-depth understanding of the risk assessment process, this volume contains real-world advice that promotes professional development. It also enables security consumers to better negotiate the scope and rigor of a security assessment, effectively interface with a security assessment team, deliver insightful comments on a draft report, and have a greater understanding of final report recommendations.
This book can save time and money by eliminating guesswork as to what assessment steps to perform, and how to perform them. In addition, the book offers charts, checklists, examples, and templates that speed up data gathering, analysis, and document development. By improving the efficiency of the assessment process, security consultants can deliver a higher-quality service with a larger profit margin.
The text allows consumers to intelligently solicit and review proposals, positioning them to request affordable security risk assessments from quality vendors that meet the needs of their organizations.
This book can save time and money by eliminating guesswork as to what assessment steps to perform, and how to perform them. In addition, the book offers charts, checklists, examples, and templates that speed up data gathering, analysis, and document development. By improving the efficiency of the assessment process, security consultants can deliver a higher-quality service with a larger profit margin.
The text allows consumers to intelligently solicit and review proposals, positioning them to request affordable security risk assessments from quality vendors that meet the needs of their organizations.
504 pages, Hardcover
First published December 12, 2005
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 3 of 3 reviews
August 28, 2012
Dense, useful, not exactly "good" reading, but the book does an excellent job of wrapping together and merging risk frameworks into a useful and usable process that is not onerous.
December 19, 2024
We assess risk at every step of our life. Based on the assessment, we either remediate, mitigate, or accept the risk. Even for a routine activity like changing a lane while driving, we look in the rear view mirror, we glance in the side view mirror, and we do a shoulder check. Three different methods to assess the risk before changing lanes. Why? Because we want to make sure what we do is safe. Once we assess the risk, we decide whether to change the lane or wait. The risk assessment is so ingrained into our daily activities that we do not even realize we are doing it every day. However, our mindset is slightly different when it comes to security assessment. We, as a cybersecurity industry, are still struggling to make sure that risk assessments are performed and performed properly. Poorly conducted risk assessments can provide misleading information to the management which can result in threats to corporate assets.
Douglas J. Landoll, a cybersecurity practitioner and an industry veteran, in his book, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessment, shares a very detailed and systematic approach to risk assessment. The book is written without any unnecessary fluff and Landoll’s extensive experience is evident from the very first chapter as he dives right into the core of the subject matter. In the very first chapter, the author explains what risk assessment is, what role it plays, and the need for risk assessment.
The book is very well-organized. The first part explains the basic concepts of risk assessment. The middle part is heavily focused on data gathering. The last part of the book describes the qualitative and quantitative risk analysis techniques, examples of risk assessments and reporting methods. The section on data gathering starts with a description of RIIOT (Review, Interview, Inspect, Observe, and Test) method. This part of the book goes in-depth, explaining how to gather administrative, technical, and physical data. For each type of data gathering, the author explains how to use the RIIOT method. Additionally, the book covers project management for risk assessment tasks – very useful for managers and leaders.
Landoll clearly explains in the first chapter the need for this book. The resources available are not able to “provide a complete and detailed explanation of the security risk assessment process sufficient to assist an information security professional in actually performing the work. Sufficient process details are missing, and the information security professional is unable to gain a comfort level that they would know what to do when assessing physical security controls, interviewing the Human resources director, or writing an effective report.” The book has attempted to do just that with step-by-step descriptions, real-world examples, checklists, and other tricks of the trade.
Doug has over 30 years of experience in the field and readers will greatly benefit from his experience and the insight that he has shared in the book. This book is a great guide or reference for any security practitioner. The book is also a valuable resource for executives and leaders in the field. I highly recommend reading this book for people working on or wanting to know more about security risk assessment.
Douglas J. Landoll, a cybersecurity practitioner and an industry veteran, in his book, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessment, shares a very detailed and systematic approach to risk assessment. The book is written without any unnecessary fluff and Landoll’s extensive experience is evident from the very first chapter as he dives right into the core of the subject matter. In the very first chapter, the author explains what risk assessment is, what role it plays, and the need for risk assessment.
The book is very well-organized. The first part explains the basic concepts of risk assessment. The middle part is heavily focused on data gathering. The last part of the book describes the qualitative and quantitative risk analysis techniques, examples of risk assessments and reporting methods. The section on data gathering starts with a description of RIIOT (Review, Interview, Inspect, Observe, and Test) method. This part of the book goes in-depth, explaining how to gather administrative, technical, and physical data. For each type of data gathering, the author explains how to use the RIIOT method. Additionally, the book covers project management for risk assessment tasks – very useful for managers and leaders.
Landoll clearly explains in the first chapter the need for this book. The resources available are not able to “provide a complete and detailed explanation of the security risk assessment process sufficient to assist an information security professional in actually performing the work. Sufficient process details are missing, and the information security professional is unable to gain a comfort level that they would know what to do when assessing physical security controls, interviewing the Human resources director, or writing an effective report.” The book has attempted to do just that with step-by-step descriptions, real-world examples, checklists, and other tricks of the trade.
Doug has over 30 years of experience in the field and readers will greatly benefit from his experience and the insight that he has shared in the book. This book is a great guide or reference for any security practitioner. The book is also a valuable resource for executives and leaders in the field. I highly recommend reading this book for people working on or wanting to know more about security risk assessment.
Displaying 1 - 3 of 3 reviews