What do you think?
Rate this book
The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments
Conducted properly, information security risk assessments provide managers with the feedback needed to understand threats to corporate assets, determine vulnerabilities of current controls, and select appropriate safeguards. Performed incorrectly, they can provide the false sense of security that allows potential threats to develop into disastrous losses of proprietary information, capital, and corporate value.
Picking up where its bestselling predecessor left off, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Second Edition gives you detailed instruction on how to conduct a risk assessment effectively and efficiently. Supplying wide-ranging coverage that includes security risk analysis, mitigation, and risk assessment reporting, this updated edition provides the tools needed to solicit and review the scope and rigor of risk assessment proposals with competence and confidence.
Trusted to assess security for leading organizations and government agencies, including the CIA, NSA, and NATO, Douglas Landoll unveils the little-known tips, tricks, and techniques used by savvy security professionals in the field. He details time-tested methods to help you:
Better negotiate the scope and rigor of security assessments Effectively interface with security assessment teams Gain an improved understanding of final report recommendations Deliver insightful comments on draft reports
The book includes charts, checklists, and sample reports to help you speed up the data gathering, analysis, and document development process. Walking you through the process of conducting an effective security assessment, it provides the tools and up-to-date understanding you need to select the security measures best suited to your organization.
Picking up where its bestselling predecessor left off, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Second Edition gives you detailed instruction on how to conduct a risk assessment effectively and efficiently. Supplying wide-ranging coverage that includes security risk analysis, mitigation, and risk assessment reporting, this updated edition provides the tools needed to solicit and review the scope and rigor of risk assessment proposals with competence and confidence.
Trusted to assess security for leading organizations and government agencies, including the CIA, NSA, and NATO, Douglas Landoll unveils the little-known tips, tricks, and techniques used by savvy security professionals in the field. He details time-tested methods to help you:
Better negotiate the scope and rigor of security assessments Effectively interface with security assessment teams Gain an improved understanding of final report recommendations Deliver insightful comments on draft reports
The book includes charts, checklists, and sample reports to help you speed up the data gathering, analysis, and document development process. Walking you through the process of conducting an effective security assessment, it provides the tools and up-to-date understanding you need to select the security measures best suited to your organization.
495 pages, Hardcover
First published December 12, 2005
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 3 of 3 reviews
August 28, 2012
Dense, useful, not exactly "good" reading, but the book does an excellent job of wrapping together and merging risk frameworks into a useful and usable process that is not onerous.
December 19, 2024
We assess risk at every step of our life. Based on the assessment, we either remediate, mitigate, or accept the risk. Even for a routine activity like changing a lane while driving, we look in the rear view mirror, we glance in the side view mirror, and we do a shoulder check. Three different methods to assess the risk before changing lanes. Why? Because we want to make sure what we do is safe. Once we assess the risk, we decide whether to change the lane or wait. The risk assessment is so ingrained into our daily activities that we do not even realize we are doing it every day. However, our mindset is slightly different when it comes to security assessment. We, as a cybersecurity industry, are still struggling to make sure that risk assessments are performed and performed properly. Poorly conducted risk assessments can provide misleading information to the management which can result in threats to corporate assets.
Douglas J. Landoll, a cybersecurity practitioner and an industry veteran, in his book, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessment, shares a very detailed and systematic approach to risk assessment. The book is written without any unnecessary fluff and Landoll’s extensive experience is evident from the very first chapter as he dives right into the core of the subject matter. In the very first chapter, the author explains what risk assessment is, what role it plays, and the need for risk assessment.
The book is very well-organized. The first part explains the basic concepts of risk assessment. The middle part is heavily focused on data gathering. The last part of the book describes the qualitative and quantitative risk analysis techniques, examples of risk assessments and reporting methods. The section on data gathering starts with a description of RIIOT (Review, Interview, Inspect, Observe, and Test) method. This part of the book goes in-depth, explaining how to gather administrative, technical, and physical data. For each type of data gathering, the author explains how to use the RIIOT method. Additionally, the book covers project management for risk assessment tasks – very useful for managers and leaders.
Landoll clearly explains in the first chapter the need for this book. The resources available are not able to “provide a complete and detailed explanation of the security risk assessment process sufficient to assist an information security professional in actually performing the work. Sufficient process details are missing, and the information security professional is unable to gain a comfort level that they would know what to do when assessing physical security controls, interviewing the Human resources director, or writing an effective report.” The book has attempted to do just that with step-by-step descriptions, real-world examples, checklists, and other tricks of the trade.
Doug has over 30 years of experience in the field and readers will greatly benefit from his experience and the insight that he has shared in the book. This book is a great guide or reference for any security practitioner. The book is also a valuable resource for executives and leaders in the field. I highly recommend reading this book for people working on or wanting to know more about security risk assessment.
Douglas J. Landoll, a cybersecurity practitioner and an industry veteran, in his book, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessment, shares a very detailed and systematic approach to risk assessment. The book is written without any unnecessary fluff and Landoll’s extensive experience is evident from the very first chapter as he dives right into the core of the subject matter. In the very first chapter, the author explains what risk assessment is, what role it plays, and the need for risk assessment.
The book is very well-organized. The first part explains the basic concepts of risk assessment. The middle part is heavily focused on data gathering. The last part of the book describes the qualitative and quantitative risk analysis techniques, examples of risk assessments and reporting methods. The section on data gathering starts with a description of RIIOT (Review, Interview, Inspect, Observe, and Test) method. This part of the book goes in-depth, explaining how to gather administrative, technical, and physical data. For each type of data gathering, the author explains how to use the RIIOT method. Additionally, the book covers project management for risk assessment tasks – very useful for managers and leaders.
Landoll clearly explains in the first chapter the need for this book. The resources available are not able to “provide a complete and detailed explanation of the security risk assessment process sufficient to assist an information security professional in actually performing the work. Sufficient process details are missing, and the information security professional is unable to gain a comfort level that they would know what to do when assessing physical security controls, interviewing the Human resources director, or writing an effective report.” The book has attempted to do just that with step-by-step descriptions, real-world examples, checklists, and other tricks of the trade.
Doug has over 30 years of experience in the field and readers will greatly benefit from his experience and the insight that he has shared in the book. This book is a great guide or reference for any security practitioner. The book is also a valuable resource for executives and leaders in the field. I highly recommend reading this book for people working on or wanting to know more about security risk assessment.
Displaying 1 - 3 of 3 reviews