Home > Information Security and System Administrators > Information Security Risk Assessments

Information Security Risk Assessments

Description

In order to protect company's information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments.  Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored.  Information Security Risk Assessments gives you the tools and skills to get a quick, reliable, and thorough risk assessment for key stakeholders.

• Contains a Web site with spreadsheets you can utilize to create and maintain the risk assessment
• Based on authors' experiences of real-world assessments, reports, and presentations
• Focuses on implementing a process, rather than theory, that allows you to derive a quick and valuable assessment

About the Authors

Mark Talabis
Mark Ryan Del Moral Talabis is a Senior Consultant within the Secure DNA Consulting practice. He has over eight years of experience in Information Security, IT Audit, and Applications Development. He has extensive experience in information security risk assessments, vulnerability assessments and penetration testing and has specialized expertise in security data analysis and incident response. Mark is a Certified Information Systems Security Professional (CISSP); Certified Information Systems Auditor (CISA); a Microsoft Certified Professional (MCP); a GIAC Certified Incident Handler Certification (GCIH); a GIAC Security Essentials Certification (GSEC); and a full member of the Honeynet Project. He has also presented in a number of conferences such as Blackhat USA, DEFCON, INFORMS International Conference, ENGAGE European Union-Southeast Asia Collaboration, and ISSA.

Jason Martin
Jason Martin is the co-Founder and President of Secure DNA Consulting and has over 12 years of Information Security experience. Prior to Secure DNA Consulting he was a manager in KPMG's Information Risk Management group providing Information Security and Risk Management consulting to KPMG clients throughout the U.S. In both his current and previous roles he has provided expert Information Security services to companies and executives all over the world and specializes in building, repairing, and operating Enterprise Information Security Programs. He has specialized experience in complex system security assessments, penetration testing/ethical hacking, and enterprise information security risk assessments. He is one of the founders of the Shakacon information security conference and holds certifications as a CISSP, CISA, CISM, and CGEIT.