***** How to Complete a Risk Assessment in 5 Days or Less. By Thomas Peltier; published by Auerbach Publications, www.auerbach-publications.com (Web); 444 pages; $79.95.
Imagine a patient bleeding to death in an emergency room while doctors tell his family that they will run tests on him in a week. Similarly, many organizations operate amid critical IT security risks, absent clear knowledge about them because those answers often take far too long to obtain.
How to Complete a Risk Assessment in 5 Days or Less is a valuable guide that can help you identify the myriad threats that your organization faces. Once they are identified, the book shows how you can make the right triage decisions about whether those threats pose a real risk to your company or are innocuous.
The book is built around the concept of a Facilitated Risk Analysis and Assessment Process (FRAAP). The process is designed to be implemented by organizations without outside help. The book’s five chapters take the reader through the process from prescreening and performing a business impact analysis to the last step, the gap analysis.
The majority of the book—roughly three quarters of it—consists of appendices to be used during the FRAAP. They cover every aspect of the process from listing the team members and developing a project scope statement to completing various checklists and questionnaires.
Unfortunately, the book does not include a CD-ROM containing its various appendices and checklists, nor is it available online. The book’s planned second edition, however, is supposed to include such a disc.
Other than that, this work is a critical resource that can help an organization get up to speed with its risk management program. Readers looking to get their organizations out of the risk management “emergency room” will find this an indispensible and valuable guide.
Reviewer: Ben Rothke, CISSP (Certified Information Systems Security Professional), is a senior security consultant with BT Professional Services.