A How to Handbook in 70 pages

Risk-based Security Review

Security Review is complicated. Done well it assures US that the systems we use and the vendors we choose are capable of protecting our valuable information. Not done well, it can result in poorly protected systems where cyberattacks are likely to result in tampering, theft, or unauthorized disclosure of data causing loss of private information, trade secrets, and customer data. This can be very expensive in terms of reputational damage, out of pocket costs of remediation, data breach notification and credit protection for data breach victims and fines for failure to protect private information.   The mission of this book is to provide the basics of risk-based security review. To explain the process and steps to take, the information needed, what should be considered, documentation to gather, questions to ask, and how to assess the answers and other information. And finally, how to determine the risk of using a system, and how to complete the Security Review to ensure the best, most secure outcome for your organization. 

Some timely topics covered in this book:

• Seven Security Essentials
• When Do You Need A Security Review?
• Raising the Bar on Cybersecurity with Risk-based Security Review
• The Process of Security Review
• Eleven Steps in Security Review 
• Identifying Security Gaps o Factoring in the Risk

While gathering the CPEs for her CISSP credential renewal Ellen looked for a series of short books targeting different facets of the work she does daily, so she could quickly build her knowledge base and gain 5 CPEs at the same time. This book is the first in what may be a series of short (50-70 page) books on timely cybersecurity topics for practitioners.