Critical Infrastructure Risk Assessment. Ernie Hayden, MIPM, CISSP, CEH, GICSP(Gold), PSP
Thought and Discussion
Chapter 2 Risk and Risk Management 2.1 What is Risk?
2.1.6 Risk Appetite and Tolerance
2.2.1 Risk Management Principles
2.2.4 Risk Management Focus — Component or System
2.2.5 Risk Management Focus — Defensive and Offensive
2.2.6 Risk Management Focus — Checklist Approach
2.2.7 Risk Management — Convenience vs Liability or Risk
2.2.8 Risk Management — Summary Guidance
2.3 The Next Chapter — Risk Assessment
2.4 Questions for Further Thought and Discussion
3.1 Definitions of Risk Assessment
3.2 Assessment Foundational Principles, Scope, and Applicability
3.3 Application of Risk Assessments
3.4 Risk Assessment Techniques
3.4.2 Deductive Risk Assessment
3.4.3 Inductive Risk Assessment
3.4.4 Targeted Risk Assessment
3.5 Assessment Approaches — Qualitative vs Quantitative
3.7 Difference Between Assessment and Audit57
3.8.2 NIST SP 800-30, R1 — Guide for Conducting Risk Assessments
3.8.3 NIST SP 800-30, R0 — Risk Management Guide for Information Technology Systems
3.8.4 Cyber Security Assessments of Industrial Control Systems — Good Practice Guide
3.8.5 Hybrid Risk Assessment Flow Chart
3.9.2 Conducting the Assessment
3.10 Questions for Further Thought and Discussion
PART II HANDBOOK Chapter 4 Pre-Assessment
In this chapter you will discover:
4.4 Collect Artifacts, Templates, Preliminary Documentation
4.5 Define the Assessment Plan