American National Standards Institute eStandards Store Home page Shopping Cart Alert me My account Download Frequently asked questions Help
eStandards Store Home page ANSI eStandards Store
Browse Standards

Browse ISO Standards
Browse IEC Standards

View all publishers
 
 

View All Standards Packages
Follow ANSI on Facebook      
Follow ANSI on LinkedIn    
Follow ANSI on Twitter      
Get Adobe Acrobat Reader      
Get File Open Plug-In
     
 
 Document Number  Keyword   News  
Search Tips
 

The Financial Impact of Cyber Risk   The Financial Impact of Cyber Risk

Published by the American National Standards Institute (ANSI) and the Internet Security Alliance (ISA)

Download your free copy here

. Registration is required for new users

The Financial Impact of Cyber Risk, an action guide for C-Suite executives, is the first known document that provides guidance to help CFOs and executives responsible for legal issues, business operations and technology, privacy and compliance, risk assessment and insurance, and corporate communications mitigate the impact of cyber attacks.

The Financial Impact of Cyber Risk,an action guide for C-Suite executives, helps businesses in every sector plan for the multi-dimensional components of risk management.

Applicable Standards, Frameworks and Guidance Documents

The following list of standards and reference documents is included in Appendix E of The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask.

The following documents are resources excerpted from the InterNational Committee for Information Technology Standards (INCITS) document, Recommendation for Creating a Comprehensive Framework for Risk Management and Compliance in the Financial Services and Insurance Industries.
ISO/IEC 27001 and 27002 IT Security Techniques Package
The ISO/IEC 27001 and 27002 IT Security Techniques Package provides the requirements and code of practice to initiate, implement, maintain and improve an information security management system in any size organization. This package helps to identify an organization's security requirements, risks and selecting controls for the requirements and risks using the "Plan-Do-Check-Act" model.
ISO/IEC 2nd FCD 27004
Information Security Management Measurement (draft standard – not yet available for public download)
ISO/IEC 27005:2008
Information technology – Security techniques – Information Security Risk Management
ISO/IED FDIS 21827
Information technology – Security techniques – Systems security engineering – Capability maturity model (SSE-CMM®) to address cyber threats (draft standard – not yet available for public download)
NIST 800-53
Recommended Security Controls For Federal Information Systems
NIST 800-30
Risk Management Guide For Information Technology Systems
NIST 800-55 Rev 1
Performance Measurement Guide For Information Security
NIST SP 800-100
Information Security Handbook – A Guide For Managers
Control Objectives for Information Technology (CobiT ®)
OCTAVE Allegro: Improving the Information Security Risk Assessment Process
FFIEC IT Examination Handbook
Information Security Management Maturity Model (ISM3)
An Introduction to Factor Analysis of Information Risk (FAIR)
Other useful reference standards, documents, and guidance include:
ISO/IEC 13335-1:2204, Information technology – Security techniques – Management of information and communications technology security – Part 1:Concepts and models for information and communications technology security management
ISO/IEC 15408-1:2005
Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model
ISO/IEC 15408-2:2005
Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements
ISO/IEC 15408-3:2005
Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance requirements
Internet Security Alliance (ISA) – Common Sense Guide for Senior Managers – Top Ten Recommended Information Security Practices
The US Cyber Consequences Unit (CCU) Cyber Security Checklist (2007)
Federal Information Security Management Act (FISMA) Implementation Project
NFPA 1600
Standard on Disaster/Emergency Management and Business Continuity Programs (2007)
CERT Resiliency Engineering Framework (REF)
CERT Insider Threat Research
ANSI-Better Business Bureau Identity Theft Prevention and Identity Management Standards Panel (IDSP) Report (2008)

The Financial Impact of Cyber Risk is a publication of the
American National Standards Institute (ANSI) and the Internet Security Alliance (ISA)

The Financial Impact of Cyber Risk

 

ANSI Copyright
eStandards Store home page Cart Alert Account Download Frequently Asked Questions Privacy Policy Contact Us Help