- A Model to Reduce Your Enterprise’s Exposures from All Types of Vulnerabilities - A multi-volume compendium
By Management Advisory Services & Publications Consulting Group
Background
Business organizations of all types live in a world of threats and risks. These threats and risks are increasingly changing both in number and in severity. The recent events of global terrorism, cyber terrorism and critical infrastructure attacks have significantly added to the already large number of conventional Acts of God and nature and accidental sources of exposure. Management and risk management professionals need to constantly address the risk management issues derived from the world of threats and exposures they live in.
One of the first steps in risk management is to conduct thorough, comprehensive and time-consuming risk assessments to identify both the cadre of threats that are likely to impact your organization and the most vulnerable assets, information and human resources that can be adversely impacted and cause irreparable damage to your organization.
In this effort, organizations worldwide simultaneously spend millions of person-hours of effort in identifying and cataloguing threats and vulnerabilities that their organization might be subject to and that need to be addressed.
However, many of these individual threats are quite common to many organizations. Thus, it is possible to compile the most commonly known threats that can be used by managers, risk managers, business continuity and audit professionals to develop the profile of threats that is of immediate interest to them in their particular organizations' environment. When this cadre of already identified threats is combined with the set of threats that are uniquely applicable or peculiar to their enterprises, all concerned can greatly simplify the "threat analysis" portion of an aggregate risk management program.
Publication MAP-53 provides a foundation for risk management applicable to identifying threats and risks. Subsequently, this publication presents, through a series of volumes, compendiums of commonly applicable threats that organizations may extract from to develop their own particular cadre of threats and risks. In turn, this set of threats can next be used in preparing their organization's response and the development of an effective risk management and control program.
The key contribution of MAP-53 is to reduce the costly effort involved in conducting the "threat identification" phase of the risk management program.
The first of volume of MAP-53 presents the fundamentals of threat and risk management which provides a common foundation for the subsequent volumes that will contain the threat compendiums for a number of risk domain or areas. In addition, the first volume presents a comprehensive compendium of threats for a select area which is of interest to virtually all enterprises. Future volumes can be obtained as published.
Who Would Benefit from the Compendium Series
Senior management, line management, risk management professionals, contingency and business continuity professionals, auditors, risk and infrastructure protection managers, and any individual that needs to operate any aspect of business processes and operations.
--------------------------------------------------------------------
THREAT AND RISK COMPENDIUM FOR ENTERPRISE RISK MANAGEMENT
Volume 1 - TC1 - PHYSICAL ACCESS PERIMETER
ISBN 0-940706-62-8
CONTENTS -
1. THREATS, RISKS AND EXPOSURES TO ENTERPRISES FROM THE CURRENT GLOBAL ENVIRONMENT
1.1 The Real World of Threats and Exposures
1.2 Dealing with Adverse Events and Their Exposure Begins with an Identification of Threats and Vulnerabilities
1.3 Purpose of this Manual
1.4
The Need to
Economically Conduct Threat and Risk
1.5 Using a Threat and Risk Compendium to Save Time and Cost In Risk Assessments
2. A GENERALIZED MODEL FOR
2.1 An Overall Risk Analysis and Risk Management Program
2.2 Hierarchical Nature of the Risk Management Program Structure and Architecture
2.3
The
Need for a Generalized Methodology for Risk Analysis
2.4 Description of a General Risk Analysis Methodology and Its Relationship to Risk Management
2.5 Description of the Methodology for Risk and Business Impact Analysis
3. A COMPENDIUM OF THREATS AND RISKS THAT ORGANIZATIONS ARE VULNERABLE TO
3.1 Threat Classification
3.2 Controllable vs. Non-controllable Threats
3.3 Dealing with Adverse Events and Their Exposure Begins with an Identification of Threats and Vulnerable Points
3.4 The Compendium of Threats
3.5 A List of Threat Compendiums to Be Developed
4. HOW TO USE THE INFORMATION IN THE THREAT AND RISK COMPENDIUM
4.1
Using
The Threat And Risk Compendium As a Basis For
4.2
Identifying
The Cadre of Vulnerable Points that Pertain to
4.3 Utilizing Risk Matrices to Document Threats, Risks and Exposures
4.4
General
Procedure to Use the Threat Compendium
4.5 Summary
5. DOCUMENTING THREATS, RISK AND VULNERABILITIES TO DEVELOP PROTECTION PLANS
5.1 Importance of Documenting Threats, Risks and Exposures
5.2 Approaches to Document Threats and Risks
1. Narrative Description Approach
2.
Narrative
Scenario Approach
3. Simple Table Approach
4. Threat, Risk and Impact Matrix Approach
5. Risk Assessment and Safeguards Approach
5.3 Summary
A-1. References
A-2 Glossary of Terms
A-3 Index
PRICE: First volume: $125 in North America
- $ 155 overseas, including air postage
Click below for ORDER FORM
---------------------------------------------------------------------------------------------------------------------------------------------------------------
VOLUME 2 - TC2 - THREATS AND RISKS TO BUSINESS CONTINUITY
ISBN 0-940706-63-6
Preface
1.
BACKGROUND AND
COMPENDIUM FORMAT
TC2-1.1 The Importance of Threat and Risk assessment Business Continuity Preservation
TC2-1.2 New Compelling Reasons for Conducting Threat and Risk
TC2-1.3 An Increasing Array of Threats
that Can Cause Business
TC2-1.4 A compendium of Threats Related to Contingency and Business Continuity Issues
TC2-1-5 What the Compendium Covers
2.
THE DOMAIN OF
THREATS TO BUSINESS CONTINUITY
TC2-2.1
The Importance of Threat and Risk Assessment for
TC2-2.2 The Domain of Threats to Business Continuity
TC2-2.3
Interpreting the Overall Domain of Business Continuity
TC2-2.4
The Composite of Threats Connected with Business
TC2-2.5 Compendium of Threats Related to Business Continuity
3.
CLASSES OF
THREATS TO BUSINESS CONTINUITY
TC2-3.1 Classes of Threats
TC2-3.2 Acts of God and Nature
TC2-3.3 Accidental Threats
TC2-3.4 Human source Threats
TC2-3.5 Dealing With Controllable vs. Uncontrollable Threats
TC2-3.6 Significance of dealing With Non-Controllable vs. Controllable Threats
4.
MAJOR AND MINOR
BUSINESS DISCONTINUITY EVENTS
TC2-4.1 Distinguishing Between Major and
Minor Business
TC2-4.2
Threat that Can Precipitate Major Business Discontinuity
TC2-4.3
Threats that Can Cause Minor Business Disruption Events
5. COMPENDIUM OF THREATS TO BUSINESS CONTINUITY
TC2-5.1
Compendium of Threats and Risks that Impact Business
TC2-5.2 Format for Threat Compendium tables
TC2-5-3 Threat Compendium Tables and How
to Use The
APPENDIX
A. References
B.
Glossary of Terms
C.
Index
PRICE: Second Volume - TC2: $125 in North America - $ 155 overseas, including air postage
Click below for ORDER FORM
INQUIRE FOR FUTURE VOLUMES FOR OTHER THREAT COMPENDIUMS