Peltier, who heads an information security training and consulting firm and teaches information assurance at Norwich U., explains how to identify information security threats to a company,
determine the risks they pose, and improve the risk assessment process. He discusses each step in the Facilitated Risk Analysis and Assessment Process, and other concepts like risk analysis and
how it relates to assessment and the system development life cycle and project management processes. He addresses risk mitigation and vulnerability assessment, gap analysis process and quality
control objectives of the assessment process, and the difference between a gap analysis and a security or controls assessment, as well as the cost-benefit analysis process and using these
concepts to implement a business impact analysis process and information classification methodology. He ends with a pre-screening methodology to help organizations determine what needs
analysis. More than half of the book is devoted to appendices containing such information as laws, regulations, and standards; the difference between analysis and assessment; frequently asked
questions; sample checklists, reports, and questionnaires; and gap analysis examples. There is no bibliography. Annotation 穢2010 Book News, Inc., Portland, OR (booknews.com)
