Successful security professionals have had to modify the process of responding to new threats in the high-profile, ultra-connected business environment. But just because a threat exists does not mean that your organization is at risk. This is what risk assessment is all about. Information Security Risk Analysis, Third Edition demonstrates how to id

Introduction. Risk management. Risk assessment process. Quantitative versus qualitative risk assessment. Other forms of qualitative risk assessment. Facilitated risk analysis and assessment process (FRAAP). Variations on the FRAAP. Mapping controls. Business impact analysis (BIA). Conclusion.