Digital Asset Valuation and Cyber Risk Measurement

Digital Asset Valuation and Cyber Risk Measurement
Author: Keyun Ruan
Publsiher: Academic Press
Total Pages: 200
Release: 2019-05-29
ISBN 10: 0128123281
ISBN 13: 9780128123287
Language: EN, FR, DE, ES & NL

Digital Asset Valuation and Cyber Risk Measurement Book Review:

Digital Asset Valuation and Cyber Risk Measurement: Principles of Cybernomics is a book about the future of risk and the future of value. It examines the indispensable role of economic modeling in the future of digitization, thus providing industry professionals with the tools they need to optimize the management of financial risks associated with this megatrend. The book addresses three problem areas: the valuation of digital assets, measurement of risk exposures of digital valuables, and economic modeling for the management of such risks. Employing a pair of novel cyber risk measurement units, bitmort and hekla, the book covers areas of value, risk, control, and return, each of which are viewed from the perspective of entity (e.g., individual, organization, business), portfolio (e.g., industry sector, nation-state), and global ramifications. Establishing adequate, holistic, and statistically robust data points on the entity, portfolio, and global levels for the development of a cybernomics databank is essential for the resilience of our shared digital future. This book also argues existing economic value theories no longer apply to the digital era due to the unique characteristics of digital assets. It introduces six laws of digital theory of value, with the aim to adapt economic value theories to the digital and machine era. Comprehensive literature review on existing digital asset valuation models, cyber risk management methods, security control frameworks, and economics of information security Discusses the implication of classical economic theories under the context of digitization, as well as the impact of rapid digitization on the future of value Analyzes the fundamental attributes and measurable characteristics of digital assets as economic goods Discusses the scope and measurement of digital economy Highlights cutting-edge risk measurement practices regarding cybersecurity risk management Introduces novel concepts, models, and theories, including opportunity value, Digital Valuation Model, six laws of digital theory of value, Cyber Risk Quadrant, and most importantly, cyber risk measures hekla and bitmort Introduces cybernomics, that is, the integration of cyber risk management and economics to study the requirements of a databank in order to improve risk analytics solutions for (1) the valuation of digital assets, (2) the measurement of risk exposure of digital assets, and (3) the capital optimization for managing residual cyber risK Provides a case study on cyber insurance

Managing Cyber Risk

Managing Cyber Risk
Author: Ariel Evans
Publsiher: Routledge
Total Pages: 118
Release: 2019-03-28
ISBN 10: 0429614268
ISBN 13: 9780429614262
Language: EN, FR, DE, ES & NL

Managing Cyber Risk Book Review:

Cyber risk is the second highest perceived business risk according to U.S. risk managers and corporate insurance experts. Digital assets now represent over 85% of an organization’s value. In a survey of Fortune 1000 organizations, 83% surveyed described cyber risk as an organizationally complex topic, with most using only qualitative metrics that provide little, if any insight into an effective cyber strategy. Written by one of the foremost cyber risk experts in the world and with contributions from other senior professionals in the field, Managing Cyber Risk provides corporate cyber stakeholders – managers, executives, and directors – with context and tools to accomplish several strategic objectives. These include enabling managers to understand and have proper governance oversight of this crucial area and ensuring improved cyber resilience. Managing Cyber Risk helps businesses to understand cyber risk quantification in business terms that lead risk owners to determine how much cyber insurance they should buy based on the size and the scope of policy, the cyber budget required, and how to prioritize risk remediation based on reputational, operational, legal, and financial impacts. Directors are held to standards of fiduciary duty, loyalty, and care. These insights provide the ability to demonstrate that directors have appropriately discharged their duties, which often dictates the ability to successfully rebut claims made against such individuals. Cyber is a strategic business issue that requires quantitative metrics to ensure cyber resiliency. This handbook acts as a roadmap for executives to understand how to increase cyber resiliency and is unique since it quantifies exposures at the digital asset level.

Cybersecurity in the Digital Age

Cybersecurity in the Digital Age
Author: Gregory A. Garrett
Publsiher: Aspen Publishers
Total Pages: 554
Release: 2018-12-17
ISBN 10: 1543808808
ISBN 13: 9781543808803
Language: EN, FR, DE, ES & NL

Cybersecurity in the Digital Age Book Review:

Produced by a team of 14 cybersecurity experts from five countries, Cybersecurity in the Digital Age is ideally structured to help everyone—from the novice to the experienced professional—understand and apply both the strategic concepts as well as the tools, tactics, and techniques of cybersecurity. Among the vital areas covered by this team of highly regarded experts are: Cybersecurity for the C-suite and Board of Directors Cybersecurity risk management framework comparisons Cybersecurity identity and access management – tools & techniques Vulnerability assessment and penetration testing – tools & best practices Monitoring, detection, and response (MDR) – tools & best practices Cybersecurity in the financial services industry Cybersecurity in the healthcare services industry Cybersecurity for public sector and government contractors ISO 27001 certification – lessons learned and best practices With Cybersecurity in the Digital Age, you immediately access the tools and best practices you need to manage: Threat intelligence Cyber vulnerability Penetration testing Risk management Monitoring defense Response strategies And more! Are you prepared to defend against a cyber attack? Based entirely on real-world experience, and intended to empower you with the practical resources you need today, Cybersecurity in the Digital Age delivers: Process diagrams Charts Time-saving tables Relevant figures Lists of key actions and best practices And more! The expert authors of Cybersecurity in the Digital Age have held positions as Chief Information Officer, Chief Information Technology Risk Officer, Chief Information Security Officer, Data Privacy Officer, Chief Compliance Officer, and Chief Operating Officer. Together, they deliver proven practical guidance you can immediately implement at the highest levels.

Security in the Digital World

Security in the Digital World
Author: Graham Day
Publsiher: Itgp
Total Pages: 228
Release: 2017-11-28
ISBN 10: 9781849289610
ISBN 13: 1849289611
Language: EN, FR, DE, ES & NL

Security in the Digital World Book Review:

This must-have guide features simple explanations, examples and advice to help you be security-aware online in the digital age.

Cybersecurity Readiness

Cybersecurity Readiness
Author: Dave Chatterjee
Publsiher: SAGE Publications
Total Pages: 336
Release: 2021-02-09
ISBN 10: 1071837354
ISBN 13: 9781071837351
Language: EN, FR, DE, ES & NL

Cybersecurity Readiness Book Review:

Cybersecurity has traditionally been the purview of information technology professionals, who possess specialized knowledge and speak a language that few outside of their department can understand. In our current corporate landscape, however, cybersecurity awareness must be an organization-wide management competency in order to mitigate major threats to an organization’s well-being—and be prepared to act if the worst happens. With rapidly expanding attacks and evolving methods of attack, organizations are in a perpetual state of breach and have to deal with this existential threat head-on. Cybersecurity preparedness is a critical and distinctive competency, and this book is intended to help students and practitioners develop and enhance this capability, as individuals continue to be both the strongest and weakest links in a cyber defense system. In addition to providing the non-specialist with a jargon-free overview of cybersecurity threats, Dr. Chatterjee focuses most of the book on developing a practical and easy-to-comprehend management framework and success factors that will help leaders assess cybersecurity risks, address organizational weaknesses, and build a collaborative culture that is informed and responsive. Through brief case studies, literature review, and practical tools, he creates a manual for the student and professional alike to put into practice essential skills for any workplace.

Digital Security Risk Management for Economic and Social Prosperity OECD Recommendation and Companion Document

Digital Security Risk Management for Economic and Social Prosperity OECD Recommendation and Companion Document
Author: OECD
Publsiher: OECD Publishing
Total Pages: 72
Release: 2015-10-01
ISBN 10: 9264245472
ISBN 13: 9789264245471
Language: EN, FR, DE, ES & NL

Digital Security Risk Management for Economic and Social Prosperity OECD Recommendation and Companion Document Book Review:

This OECD Recommendation and its Companion Document provide guidance for all stakeholders on the economic and social prosperity dimensions of digital security risk.

Fundamentals of Enterprise Risk Management

Fundamentals of Enterprise Risk Management
Author: John Hampton
Publsiher: AMACOM
Total Pages: 320
Release: 2009-08-05
ISBN 10: 0814414931
ISBN 13: 9780814414934
Language: EN, FR, DE, ES & NL

Fundamentals of Enterprise Risk Management Book Review:

Using examples from companies such as Home Depot, Airbus, Boeing, and Nokia, Fundamentals of Enterprise Risk Management takes a fresh look at one of the hottest topics in business today. Showing readers in charge of monitoring operational exposures in corporations, nonprofit organizations, and government agencies how they can best determine and balance opportunities against the possibilities of loss, this book provides clear strategies to help readers: • recognize both internal and external exposures • understand important concepts such as risk mapping and risk identification • recognize the weaknesses of current ERM systems • align risk opportunities with their organization’s business model • stay in line with Sarbanes-Oxley compliance The book introduces innovative new concepts such as hierarchical risk structures, alignment of risks with the business model, creation of a central risk function, and the role of an ERM knowledge warehouse. Featuring enlightening case studies and practical exercises, this essential book shows readers how they can implement ERM the right way at their organizations.

The Cyber Risk Handbook

The Cyber Risk Handbook
Author: Domenic Antonucci
Publsiher: John Wiley & Sons
Total Pages: 448
Release: 2017-05
ISBN 10: 1119308801
ISBN 13: 9781119308805
Language: EN, FR, DE, ES & NL

The Cyber Risk Handbook Book Review:

Actionable guidance and expert perspective for real-world cybersecurity The Cyber Risk Handbook is the practitioner's guide to implementing, measuring and improving the counter-cyber capabilities of the modern enterprise. The first resource of its kind, this book provides authoritative guidance for real-world situations, and cross-functional solutions for enterprise-wide improvement. Beginning with an overview of counter-cyber evolution, the discussion quickly turns practical with design and implementation guidance for the range of capabilities expected of a robust cyber risk management system that is integrated with the enterprise risk management (ERM) system. Expert contributors from around the globe weigh in on specialized topics with tools and techniques to help any type or size of organization create a robust system tailored to its needs. Chapter summaries of required capabilities are aggregated to provide a new cyber risk maturity model used to benchmark capabilities and to road-map gap-improvement. Cyber risk is a fast-growing enterprise risk, not just an IT risk. Yet seldom is guidance provided as to what this means. This book is the first to tackle in detail those enterprise-wide capabilities expected by Board, CEO and Internal Audit, of the diverse executive management functions that need to team up with the Information Security function in order to provide integrated solutions. Learn how cyber risk management can be integrated to better protect your enterprise Design and benchmark new and improved practical counter-cyber capabilities Examine planning and implementation approaches, models, methods, and more Adopt a new cyber risk maturity model tailored to your enterprise needs The need to manage cyber risk across the enterprise—inclusive of the IT operations—is a growing concern as massive data breaches make the news on an alarmingly frequent basis. With a cyber risk management system now a business-necessary requirement, practitioners need to assess the effectiveness of their current system, and measure its gap-improvement over time in response to a dynamic and fast-moving threat landscape. The Cyber Risk Handbook brings the world's best thinking to bear on aligning that system to the enterprise and vice-a-versa. Every functional head of any organization must have a copy at-hand to understand their role in achieving that alignment.

How to Measure Anything in Cybersecurity Risk

How to Measure Anything in Cybersecurity Risk
Author: Douglas W. Hubbard,Richard Seiersen
Publsiher: John Wiley & Sons
Total Pages: 304
Release: 2016-07-25
ISBN 10: 1119085292
ISBN 13: 9781119085294
Language: EN, FR, DE, ES & NL

How to Measure Anything in Cybersecurity Risk Book Review:

A ground shaking exposé on the failure of popular cyber risk management methods How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security. In his bestselling book How to Measure Anything, author Douglas W. Hubbard opened the business world's eyes to the critical need for better measurement. This book expands upon that premise and draws from The Failure of Risk Management to sound the alarm in the cybersecurity realm. Some of the field's premier risk management approaches actually create more risk than they mitigate, and questionable methods have been duplicated across industries and embedded in the products accepted as gospel. This book sheds light on these blatant risks, and provides alternate techniques that can help improve your current situation. You'll also learn which approaches are too risky to save, and are actually more damaging than a total lack of any security. Dangerous risk management methods abound; there is no industry more critically in need of solutions than cybersecurity. This book provides solutions where they exist, and advises when to change tracks entirely. Discover the shortcomings of cybersecurity's "best practices" Learn which risk management approaches actually create risk Improve your current practices with practical alterations Learn which methods are beyond saving, and worse than doing nothing Insightful and enlightening, this book will inspire a closer examination of your company's own risk management practices in the context of cybersecurity. The end goal is airtight data protection, so finding cracks in the vault is a positive thing—as long as you get there before the bad guys do. How to Measure Anything in Cybersecurity Risk is your guide to more robust protection through better quantitative processes, approaches, and techniques.

Risk Management for Computer Security

Risk Management for Computer Security
Author: Andy Jones,Debi Ashenden
Publsiher: Butterworth-Heinemann
Total Pages: 274
Release: 2005
ISBN 10: 0750677953
ISBN 13: 9780750677950
Language: EN, FR, DE, ES & NL

Risk Management for Computer Security Book Review:

The information systems security (InfoSec) profession remains one of the fastest growing professions in the world today. With the advent of the Internet and its use as a method of conducting business, even more emphasis is being placed on InfoSec. However, there is an expanded field of threats that must be addressed by today's InfoSec and information assurance (IA) professionals. Operating within a global business environment with elements of a virtual workforce can create problems not experienced in the past. How do you assess the risk to the organization when information can be accessed, remotely, by employees in the field or while they are traveling internationally? How do you assess the risk to employees who are not working on company premises and are often thousands of miles from the office? How do you assess the risk to your organization and its assets when you have offices or facilities in a nation whose government may be supporting the theft of the corporate "crown jewels" in order to assist their own nationally owned or supported corporations? If your risk assessment and management program is to be effective, then these issues must be assessed. Personnel involved in the risk assessment and management process face a much more complex environment today than they have ever encountered before. This book covers more than just the fundamental elements that make up a good risk program. It provides an integrated "how to" approach to implementing a corporate program, complete with tested methods and processes; flowcharts; and checklists that can be used by the reader and immediately implemented into a computer and overall corporate security program. The challenges are many and this book will help professionals in meeting their challenges as we progress through the 21st Century. *Presents material in an engaging, easy-to-follow manner that will appeal to both advanced INFOSEC career professionals and network administrators entering the information security profession *Addresses the needs of both the individuals who are new to the subject as well as of experienced professionals *Provides insight into the factors that need to be considered & fully explains the numerous methods, processes & procedures of risk management

Ten Strategies of a World Class Cybersecurity Operations Center

Ten Strategies of a World Class Cybersecurity Operations Center
Author: Carson Zimmerman
Publsiher: Unknown
Total Pages: 329
Release: 2014-07-01
ISBN 10: 9780692243107
ISBN 13: 0692243100
Language: EN, FR, DE, ES & NL

Ten Strategies of a World Class Cybersecurity Operations Center Book Review:

Ten Strategies of a World-Class Cyber Security Operations Center conveys MITRE's accumulated expertise on enterprise-grade computer network defense. It covers ten key qualities of leading Cyber Security Operations Centers (CSOCs), ranging from their structure and organization, to processes that best enable smooth operations, to approaches that extract maximum value from key CSOC technology investments. This book offers perspective and context for key decision points in structuring a CSOC, such as what capabilities to offer, how to architect large-scale data collection and analysis, and how to prepare the CSOC team for agile, threat-based response. If you manage, work in, or are standing up a CSOC, this book is for you. It is also available on MITRE's website, www.mitre.org.

Principles and Practice of Information Security

Principles and Practice of Information Security
Author: Linda Volonino,Stephen R. Robinson,Charles P. Volonino
Publsiher: Prentice Hall
Total Pages: 232
Release: 2004
ISBN 10:
ISBN 13: UOM:39015057595376
Language: EN, FR, DE, ES & NL

Principles and Practice of Information Security Book Review:

This book provides professionals with the necessary managerial, technical, and legal background to support investment decisions in security technology. It discusses security from the perspective of hackers (i.e., technology issues and defenses) and lawyers (i.e., legal issues and defenses). This cross-disciplinary book is designed to help users quickly become current on what has become a fundamental business issue. This book covers the entire range of best security practices—obtaining senior management commitment, defining information security goals and policies, transforming those goals into a strategy for monitoring intrusions and compliance, and understanding legal implications. Topics also include computer crime, electronic evidence, cyber terrorism, and computer forensics. For professionals in information systems, financial accounting, human resources, health care, legal policy, and law. Because neither technical nor legal expertise is necessary to understand the concepts and issues presented, this book can be required reading for everyone as part of an enterprise-wide computer security awareness program.

Measuring and Managing Information Risk

Measuring and Managing Information Risk
Author: Jack Freund,Jack Jones
Publsiher: Butterworth-Heinemann
Total Pages: 408
Release: 2014-08-23
ISBN 10: 0127999329
ISBN 13: 9780127999326
Language: EN, FR, DE, ES & NL

Measuring and Managing Information Risk Book Review:

Using the factor analysis of information risk (FAIR) methodology developed over ten years and adopted by corporations worldwide, Measuring and Managing Information Risk provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity. Intended for organizations that need to either build a risk management program from the ground up or strengthen an existing one, this book provides a unique and fresh perspective on how to do a basic quantitative risk analysis. Covering such key areas as risk theory, risk calculation, scenario modeling, and communicating risk within the organization, Measuring and Managing Information Risk helps managers make better business decisions by understanding their organizational risk. Uses factor analysis of information risk (FAIR) as a methodology for measuring and managing risk in any organization. Carefully balances theory with practical applicability and relevant stories of successful implementation. Includes examples from a wide variety of businesses and situations presented in an accessible writing style.

Cyber Risk Management

Cyber Risk Management
Author: Atle Refsdal,Bjørnar Solhaug,Ketil Stølen
Publsiher: Springer
Total Pages: 145
Release: 2015-10-01
ISBN 10: 3319235702
ISBN 13: 9783319235707
Language: EN, FR, DE, ES & NL

Cyber Risk Management Book Review:

This book provides a brief and general introduction to cybersecurity and cyber-risk assessment. Not limited to a specific approach or technique, its focus is highly pragmatic and is based on established international standards (including ISO 31000) as well as industrial best practices. It explains how cyber-risk assessment should be conducted, which techniques should be used when, what the typical challenges and problems are, and how they should be addressed. The content is divided into three parts. First, part I provides a conceptual introduction to the topic of risk management in general and to cybersecurity and cyber-risk management in particular. Next, part II presents the main stages of cyber-risk assessment from context establishment to risk treatment and acceptance, each illustrated by a running example. Finally, part III details four important challenges and how to reasonably deal with them in practice: risk measurement, risk scales, uncertainty, and low-frequency risks with high consequence. The target audience is mainly practitioners and students who are interested in the fundamentals and basic principles and techniques of security risk assessment, as well as lecturers seeking teaching material. The book provides an overview of the cyber-risk assessment process, the tasks involved, and how to complete them in practice.

Think Like Amazon 50 1 2 Ideas to Become a Digital Leader

Think Like Amazon  50 1 2 Ideas to Become a Digital Leader
Author: John Rossman
Publsiher: McGraw Hill Professional
Total Pages: 272
Release: 2019-05-03
ISBN 10: 1260455505
ISBN 13: 9781260455502
Language: EN, FR, DE, ES & NL

Think Like Amazon 50 1 2 Ideas to Become a Digital Leader Book Review:

The former Amazon executive who launched and scaled Amazon Marketplace delivers the ultimate playbook on how to “think like Amazon” and succeed in the digital age. “What would Jeff do?” Since leaving Amazon to advise start-ups and corporations, John Rossman has been asked this question countless times by executives who want to know “the secret” behind Amazon’s historic success. In this step-by-step guide, he provides 50 1⁄2 answers drawn from his experience as an Amazon executive—and shows today’s business leaders how to think like Amazon, strategize like Bezos, and beat the competition like nobody’s business. Learn how to: •Move forward to get back to Day 1—and change the status quo.•Become a platform company—with the right platform strategy.•Create customer obsession—and grant your customers superpowers.•Experiment, fail, rinse, and repeat.•Decentralize your way to digital greatness.•Master the magic of small autonomous teams.•Avoid the trap of past positions.•Make better and faster decisions.•Use metrics to create a culture of accountability and innovation•Use AI and the Internet of Things to reinvent customer experiences. In addition to these targeted strategies, you’ll receive a rare inside glimpse into how Jeff Bezos and Amazon take a remarkably consistent approach to innovate, explore new markets, and spark new growth. You’ll understand the unique mindset and inner workings that drive Amazon’s operational excellence, from its ground-up approach to new digital markets to its out-of-the-box attitudes on innovation. Along the way, you’ll learn specific game-changing strategies that made Amazon stand out in a crowded digital world. These include actionable ideas that you can use to transform your culture, expand your business into digital, and become the kind of platform company that customers obsess over. Rossman also offers invaluable insights into the latest technologies, e-commerce marketing, online culture, and IoT disruptions that only an Amazon insider would know. If you want to compete and win in the digital era, you have to Think Like Amazon.

Enhancing the Role of Insurance in Cyber Risk Management

Enhancing the Role of Insurance in Cyber Risk Management
Author: OECD
Publsiher: OECD Publishing
Total Pages: 140
Release: 2017-12-08
ISBN 10: 9264282149
ISBN 13: 9789264282148
Language: EN, FR, DE, ES & NL

Enhancing the Role of Insurance in Cyber Risk Management Book Review:

This report provides an overview of the financial impact of cyber incidents, the coverage of cyber risk available in the insurance market, the challenges to market development and initiatives to address those challenges.

Cyber Risk Market Failures and Financial Stability

Cyber Risk  Market Failures  and Financial Stability
Author: Emanuel Kopp,Lincoln Kaffenberger,Christopher Wilson
Publsiher: International Monetary Fund
Total Pages: 36
Release: 2017-08-07
ISBN 10: 148431378X
ISBN 13: 9781484313787
Language: EN, FR, DE, ES & NL

Cyber Risk Market Failures and Financial Stability Book Review:

Cyber-attacks on financial institutions and financial market infrastructures are becoming more common and more sophisticated. Risk awareness has been increasing, firms actively manage cyber risk and invest in cybersecurity, and to some extent transfer and pool their risks through cyber liability insurance policies. This paper considers the properties of cyber risk, discusses why the private market can fail to provide the socially optimal level of cybersecurity, and explore how systemic cyber risk interacts with other financial stability risks. Furthermore, this study examines the current regulatory frameworks and supervisory approaches, and identifies information asymmetries and other inefficiencies that hamper the detection and management of systemic cyber risk. The paper concludes discussing policy measures that can increase the resilience of the financial system to systemic cyber risk.

Investment Valuation

Investment Valuation
Author: Aswath Damodaran
Publsiher: John Wiley & Sons
Total Pages: 992
Release: 2002-01-31
ISBN 10: 9780471414902
ISBN 13: 0471414905
Language: EN, FR, DE, ES & NL

Investment Valuation Book Review:

Valuation is a topic that is extensively covered in business degree programs throughout the country. Damodaran's revisions to "Investment Valuation" are an addition to the needs of these programs.

Security Risk Assessment

Security Risk Assessment
Author: John M. White
Publsiher: Butterworth-Heinemann
Total Pages: 230
Release: 2014-07-22
ISBN 10: 0128009179
ISBN 13: 9780128009178
Language: EN, FR, DE, ES & NL

Security Risk Assessment Book Review:

Security Risk Assessment is the most up-to-date and comprehensive resource available on how to conduct a thorough security assessment for any organization. A good security assessment is a fact-finding process that determines an organization’s state of security protection. It exposes vulnerabilities, determines the potential for losses, and devises a plan to address these security concerns. While most security professionals have heard of a security assessment, many do not know how to conduct one, how it’s used, or how to evaluate what they have found. Security Risk Assessment offers security professionals step-by-step guidance for conducting a complete risk assessment. It provides a template draw from, giving security professionals the tools needed to conduct an assessment using the most current approaches, theories, and best practices. Discusses practical and proven techniques for effectively conducting security assessments Includes interview guides, checklists, and sample reports Accessibly written for security professionals with different levels of experience conducting security assessments

Risk Assessment for Asset Owners

Risk Assessment for Asset Owners
Author: Alan Calder
Publsiher: IT Governance Ltd
Total Pages: 46
Release: 2007
ISBN 10: 1905356293
ISBN 13: 9781905356294
Language: EN, FR, DE, ES & NL

Risk Assessment for Asset Owners Book Review:

This book is apocket guide to the ISO27001 risk assessment, and designed to assist asset owners and others who are working within an ISO27001/ISO17799 framework to deliver a qualitative risk assessment. It conforms with the guidance provided in BS7799-3:2006 and NIST SP 800-30.