| | |  | Computer Security | Home » » Risk Analysis and Security Countermeasure Selection | | | | | | | Product Promotions: | | | | | Description: | | When properly conducted, risk analysis enlightens, informs, and illuminates, helping management organize their thinking into properly prioritized, cost-effective action. Poor analysis, on the other hand, usually results in vague programs with no clear direction and no metrics for measurement. Although there is plenty of information on risk analysis, it is rare to find a book that explains this highly complex subject with such startling clarity. Very few, if any, focus on the art of critical thinking and how to best apply it to the task of risk analysis. The first comprehensive resource to explain how to evaluate the appropriateness of countermeasures, from a cost-effectiveness perspective, Risk Analysis and Security Countermeasure Selection details the entire risk analysis process in language that is easy to understand. It guides readers from basic principles to complex processes in a step-by-step fashion, evaluating DHS–approved risk assessment methods, including CARVER, API/NPRA, RAMCAP, and various Sandia methodologies. Using numerous case illustrations, the text clearly explains the five core principles of the risk analysis lifecycle—determining assets, threats, vulnerabilities, risks, and countermeasures. It also supplies readers with a completely adaptable graphic risk analysis tool that is simple to use, can be applied in public or private industries, and works with all DHS–approved methods. This reader-friendly guide provides the tools and insight needed to effectively analyze risks and secure facilities in a broad range of industries, including DHS designated critical infrastructure in the chemical, transportation, energy, telecommunications, and public health sectors. | | | Product Details: | | | Author:
| Thomas L. Norman CPP/PSP/CSC | | Hardcover:
| 422 pages | | Publisher:
| CRC Press | | Publication Date:
| December 18, 2009 | | Language:
| English | | ISBN:
| 1420078704 | | Product Width:
| 1.75 centimeters | | Product Height:
| 2.5 centimeters | | Product Weight:
| 0.02 pounds | | Package Length:
| 10.1 inches | | Package Width:
| 7.2 inches | | Package Height:
| 1.0 inches | | Package Weight:
| 1.95 pounds | | Average Customer Rating:
|  based on 4 reviews |
| | | | Customer Reviews: | |
Average Customer Review:
 ( 4 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
2 of 3 found the following review helpful:
An Excellent Book for the Security ProfessionalJan 02, 2010
By Ross L. Johnson
I have know Tom Norman for many years, and I do not know anyone that can match him for the depth of knowledge and experience he has in the security profession. He has a gift for understanding and communicating the essence of something: he can tell you not only what is important, but why it is important, and how it relates to other components within an overall security system. I consider his books to be essential toolbox works, destined to be dog-eared, annotated, and bristling with Post-It Notes. They don't belong on the bookshelf, but in the field or on the desk, where you can reach them easily.
This book does not disappoint. It is rich in detail, filled with how-to information that will guide the reader through the risk analysis process from the beginning to the end. The section on selection of methodologies provides the reader with information on what is available and their strengths and weaknesses. The author contributes one that he developed from studying al Qaeda: called the KSM-Asset Target Value for Terrorism Matrix. Named for Khalid Shaihk Mohammed, it provides a methodology for asset target valuation that closely mirrors the apparent priorities of the foremost terrorist network in the world today, giving security professionals insight into the relative value their assets may have to a terrorist adversary.
The premise of this book is that security is a seamless process that connects threat to analysis to behavior to countermeasures to metrics and finally reporting. The author covers each topic in great detail, explaining concepts, discussing competing theories, ultimately assisting the reader in making the decision of what will work for his or her organization. The author guides, but does not preach.
This book contains excellent material on security management as well. It describes the role of security policies and how they fit the security management framework. This book takes the correct but often overlooked view that security policies are a part of the chain connecting risk analysis with the selection and implementation of appropriate countermeasures.
The discussion on countermeasures is detailed and comprehensive as well. Mr. Norman has a tremendous background in security technology, and that really shines through in this part. He explains how all the countermeasures work, how they fit into a security plan, and how to measure their performance.
There is material in this book for all levels of security professional - the beginner all the way through to the experienced practitioner. It would also make an excellent textbook for any course on security management, risk analysis, security policy development, or countermeasure planning.
 Needed for schoolApr 09, 2012
By crae773
The book was needed for school- the school wanted 74 dollars for the book, and I found it here on Amazon for 54. hat a difference... I know it will be put to good use, but for the price how could you go wrong? I think that Amazon offers great deals for items which are expensive elsewhere...
Extremely pleasedFeb 13, 2012
By J. Rodriguez
The product arrived extremely fast to the point my academic advisor was shocked I already had the book. It was just as described.
1 of 2 found the following review helpful:
Excellent Resource for the Security ProfessionalJul 02, 2010
By David A. Moore, PE, CSP
Tom Norman has made a major contribution to the practical documentation of the theory and best practices in security vulnerability assessment. His insights as a practicioner are extremely valuable to the reader. His work is current and comprehensive, and provides a thorough discussion on such topics as available methods, concepts and theory, advantages and disadvantages, and tools to make using them more effective. I highly recommend this book for the library of anyone interested in modern security management and risk analysis methods.
Congratulations on a tireless work well done!
David A. Moore, PE, CSP
President & CEO
AcuTech Consulting Group
1600 Tysons Blvd
Suite 800
McLean, VA 22102
[...]
| | |
|
