In order to protect company's information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments. Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored. Information Security Risk Assessments gives you the tools and skills to get a quick, reliable, and thorough risk assessment for key stakeholders. Based on authors' experiences of real-world assessments, reports, and presentations Focuses on implementing a process, rather than theory, that allows you to derive a quick and valuable assessment Includes a companion web site with spreadsheets you can utilize to create and maintain the risk assessment
Information Security Analytics gives you insights into the practice of analytics and, more importantly, how you can utilize analytic techniques to identify trends and outliers that may not be possible to identify using traditional security analysis techniques. Information Security Analytics dispels the myth that analytics within the information security domain is limited to just security incident and event management systems and basic network analysis. Analytic techniques can help you mine data and identify patterns and relationships in any form of security data. Using the techniques covered in this book, you will be able to gain security insights into unstructured big data of any type. The authors of Information Security Analytics bring a wealth of analytics experience to demonstrate practical, hands-on techniques through case studies and using freely-available tools that will allow you to find anomalies and outliers by combining disparate data sets. They also teach you everything you need to know about threat simulation techniques and how to use analytics as a powerful decision-making tool to assess security control and process requirements within your organization. Ultimately, you will learn how to use these simulation techniques to help predict and profile potential risks to your organization. Written by security practitioners, for security practitioners Real-world case studies and scenarios are provided for each analytics technique Learn about open-source analytics and statistical packages, tools, and applications Step-by-step guidance on how to use analytics tools and how they map to the techniques and scenarios provided Learn how to design and utilize simulations for "what-if" scenarios to simulate security events and processes Learn how to utilize big data techniques to assist in incident response and intrusion analysis
This book deals with both actual and potential terrorist attacks on the United States as well as natural disaster preparedness and management in the current era of global climate change. The topics of preparedness, critical infrastructure investments, and risk assessment are covered in detail. The author takes the reader beyond counterterrorism statistics, better first responder equipment, and a fixation on FEMA grant proposals to a holistic analysis and implementation of mitigation, response, and recovery efforts. The recent Oklahoma tornadoes and West Texas storage tank explosion show the unpredictability of disaster patterns, and the Boston Marathon bombings expose the difficulty in predicting and preventing attacks. Egli makes a compelling case for a culture of resilience by asserting a new focus on interagency collaboration, public-private partnerships, and collective action. Building upon the lessons of the 9/11 attacks, hurricane Katrina, and the Deepwater Horizon oil spill, the basic findings are supported by a creative mix of case studies, which include superstorm Sandy, cascading power outages, GPS and other system vulnerabilities, and Japan's Fukushima disaster with its sobering aftermath. This book will help a new generation of leaders understand the need for smart resilience.
Mandated Benefits 2014 Compliance Guide is a comprehensive and practical reference manual covering key federal regulatory issues that must be addressed by human resources managers, benefits specialists, and company executives in all industries. Mandated Benefits 2014 Compliance Guide includes in-depth coverage of these and other major federal regulations: Patient Protection and Affordable Care Act (PPACA) Health Information Technology for Economic and Clinical Health (HITECH) Act Mental Health Parity and Addiction Equity Act (MHPAEA) Genetic Information Nondiscrimination Act (GINA) Americans with Disabilities Act (ADA) Employee Retirement Income Security Act (ERISA) Health Insurance Portability and Accountability Act (HIPAA) Heroes Earnings Assistance and Relief Tax Act (HEART Act) Consolidated Omnibus Budget Reconciliation Act (COBRA) Mandated Benefits 2014 Compliance Guide helps take the guesswork out of managing employee benefits and human resources by clearly and concisely describing the essential requirements and administrative processes necessary to comply with each regulation. It offers suggestions for protecting employers against the most common litigation threats and recommendations for handling various types of employee problems. Throughout the Guide are numerous exhibits, useful checklists and forms, and do's and don'ts. A list of HR audit questions at the beginning of each chapter serves as an aid in evaluating your company's level of regulatory compliance. The Mandated Benefits 2014 Compliance Guide has been updated to include: Updated best practices for organizing the human resources department Information on Federal Insurance Contributions Act (FICA) and severance pay New regulations and guidelines for health care reform as mandated by the Patient Protection and Affordable Care Act (PPACA) New information on de-identified protected health information (PHI) and the effect of the omnibus final rules on business associates and notification requirements in case of a breach of PHI Information on the revised model election notice as required under PPACA A completely revised section on the final rules implementing HIPAA's nondiscrimination requirements for wellness programs and updated information on providing employee benefits to legally married same-sex couples based on the Supreme Court's decision in United States v. Windsor A new section on the ADA's direct threat provisions Updated information on caregiver leave under military family leave and survey data regarding the FMLA's impact Updated information on completing the newest Form I-9 and the E-Verify system The OFCCP's final rules for developing and implementing AAPs for veterans and individuals with disabilities and new policy directive for compensation compliance evaluations A new section on bring your own device to work and its impact on employee privacy Information on the final rule revising the hazard communication standard, and the requirements for safety data sheets, which will replace material safety data sheets New information on medical marijuana in the workplace
Are you trying to improve performance, but find that the same problems keep getting in the way? Safety, health, environmental quality, reliability, production, and security are at stake. You need the long-term planning that will keep the same issues from recurring. Root Cause Analysis Handbook: A Guide to Effective Incident Investigation is a powerful tool that gives you a detailed step-by-step process for learning from experience. Reach for this handbook any time you need field-tested advice for investigating, categorizing, reporting and trending, and ultimately eliminating the root causes of incidents. It includes step-by-step instructions, checklists, and forms for performing an analysis and enables users to effectively incorporate the methodology and apply it to a variety of situations. Using the structured techniques in the Root Cause Analysis Handbook, you will: Understand why root causes are important. Identify and define inherent problems. Collect data for problem-solving. Analyze data for root causes. Generate practical recommendations. The third edition of this global classic is the most comprehensive, all-in-one package of book, downloadable resources, color-coded RCA map, and licensed access to online resources currently available for Root Cause Analysis (RCA). Called by users "the best resource on the subject" and "in a league of its own." Based on globally successful, proprietary methodology developed by ABS Consulting, an international firm with 50 years' experience in 35 countries. Root Cause Analysis Handbook is widely used in corporate training programs and college courses all over the world. If you are responsible for quality, reliability, safety, and/or risk management, you'll want this comprehensive and practical resource at your fingertips. The book has also been selected by the American Society for Quality (ASQ) and the Risk and Insurance Society (RIMS) as a "must have" for their members.