1Preface
1305.3.1 Data Classification
2Chapter
1315.3.2 Roles and Responsibility
31 Security Management
1325.3.3 Security Controls
41.1 Introduction
1335.4 Training and Education
51.2 The Risk of Poor Security Management
1345.4.1 Security Awareness
61.3 The role of the CIA
1355.4.2 Auditing Your Security Infrastructure
71.3.1 Confidentiality
1365.5 Exercise
81.3.2 Integrity
137Chapter
91.3.3 Availability
1386 Business Law
101.4 Exercise
1396.1 Introduction
11Chapter
1406.2 Categories of Law
122 Risk Management
1416.3 Systems of Law: Civil Law and Common Law
132.1 Categories of risks
1426.4 Law of Contract
142.1.1 Category I: Preventable Risks
1436.4.1 What is a Contract?
152.1.2 Category II: Strategy Risks
1446.4.2 Agreement Section
162.1.3 Category III: External Risks
1456.4.3 Classification of contracts
172.2 Risk Identification and Risk Assessment
1466.5 Business Entity Law
182.2.1 Objective-based Risk Assessment model
1476.5.1 Agency Relationships
192.2.2 Scenario Planning
1486.5.2 The Scope of an Agent’s Authority
202.2.3 Environmental Scanning
1496.5.3 Responsibilities of Agent to Principal
212.2.4 Cross Impact Analysis
1506.5.4 Responsibilities of Principal to Agent
222.2.5 Structural Analysis
1516.5.5 Termination of Agency Relationship
232.3 Risk Assessment
1526.6 Exercise
242.3.1 Risk Analysis
153Chapter
252.3.2 Risk Evaluation
1547 Legal Forms of Business
262.3.3 Risk identification tool and techniques
1557.1 Proprietorship
272.4 Risk treatment
1567.1.1 Sole Proprietorships
282.4.1 Assignment of Risk Ownership
1577.1.2 General Partnerships
292.4.2 Determination of Risk Response Strategies
1587.1.3 Limited Partnerships
302.4.3 Development of Risk Treatment Plans
1597.1.4 Limited Liability Partnerships
312.4.4 Implementing Treatment Plans
1607.2 Exercise
322.5 Monitoring and review
161Chapter
332.5.1 Monitoring
1628 Elements of Company Law
342.5.2 Review
1638.1 Meaning and Characteristics
352.6 Risk Management Roles & Responsibilities
1648.1.1 Corporate Personality
362.6.1 Risk Management Implementers
1658.1.2 Limited Liability
372.6.2 Management Responsibilities for Risk Management
1668.1.3 Perpetual Succession
382.6.3 Other Officials
1678.1.4 Transferability of Shares
392.7 Risk Management Support
1688.1.5 Separate Property
402.7.1 Risk Champions
1698.1.6 Common Seal
412.7.2 Risk Owners
1708.1.7 Capacity to Sue and Be Sued
422.7.3 The Chief Risk Officer
1718.2 Incorporation
432.8 Risk Management Assurance Providers
1728.2.1 Incorporation
442.8.1 Internal Audit Function
1738.2.2 Distinction between Company and Hindu Joint Family Business
452.8.2 External Audit (Auditor-General)
1748.2.3 Distinction between a Company and a Club
462.8.3 Combined Assurance
1758.2.4 Distinction between a Company and a Corporation
472.9 Risk Management Oversight
1768.2.5 Advantages of Incorporation
482.9.1 Ethics Committee
1778.2.6 Disadvantages of Incorporation
492.9.2 Risk Management Committee
1788.3 Kinds of company
502.9.3 Audit & Risk Committee
1798.3.1 Private Company
512.9.4 The Accounting Authority (The Board)
1808.3.2 Public Company
522.9.5 The Executive Authority (Minister: Science & Technology)
1818.3.3 A Company Limited by Shares
532.10 Exercise
1828.3.4 A Company Limited by Guarantee
54Chapter
1838.3.5 An Unlimited Company
553 Qualitative and Quantitative Analysis
1848.3.6 Government Companies (Section 617)
563.1 Qualitative risk analysis
1858.3.7 Foreign Companies
573.1.1 Delphi method
1868.3.8 Holding and Subsidiary Companies (Section 4)
583.1.2 Brainstorming
1878.4 Promotion and incorporation of a company
593.1.3 SWOT Analysis
1888.4.1 Promotion
603.2 Quantitative Risk Analysis
1898.4.2 Promoters
613.2.1 Estimate Potential Losses (SLE)
1908.4.3 Registration and Incorporation of Companies
623.2.2 Conduct a Threat Analysis (ARO)
1918.5 Exercise
633.2.3 Determine Annual Loss Expectancy (ALE)
192Chapter
643.2.4 Benefits
1939 Corporate Law
653.3 Exercise
1949.1 Nature of a Corporation
66Chapter
1959.2 Methods of Incorporation
674 Security Policies
1969.3 Types of Corporations
684.1 Need for Security Policy
1979.4 Corporate Financing
694.2 Types of Security Policies
1989.5 Share Capital
704.2.1 Governing Policy
1999.6 Corporate Governance
714.2.2 Technical Policies
2009.6.1 Internal Affairs
724.2.3 Job aids/Guidelines
2019.6.2 External Affairs
734.3 Policy Topics: 4.3.1 Outline Topic List
2029.6.3 Regulatory Protection of Creditors, Investors, and the Public
744.4 Policy Development process
2039.6.4 Criminal Liability
754.4.1 Development Process Maturity
2049.6.5 Important Indian Corporate laws
764.4.2 Top-down versus Bottom-up
2059.7 Exercise
774.4.3 Current Practice versus Preferred Future
206Chapter
784.4.4 Consider All Threat Types
20710 Property Rights
794.5 Policy development team
20810.1 Real property
804.5.1 Primary Involvement
20910.1.1 Shared Ownership
814.5.2 Secondary Involvement
21010.1.2 Tenancy in Common or Co-ownership
824.6 Policy Development Lifecycle
21110.1.3 Interests Less than Estates
834.6.1 Senior Management Buy-in
21210.1.4 Leases
844.6.2 Determine a Compliance Grace Period
21310.2 Personal Property
854.6.3 Determine Resource Involvement
21410.2.1 Acquiring Personal Property Rights
864.6.4 Review Existing Policy
21510.2.2 Bailment
874.6.5 Determine Research Materials
21610.2.3 Insurance
884.6.6 Interview SMEs
21710.3 Intellectual property
894.6.7 Write Initial Draft
21810.3.1 The Nature of Intellectual Property
904.6.8 Style Considerations
21910.3.3 Trademarks
914.6.9 Review Cycles
22010.4 Exercise
924.6.10 Review with Additional Stakeholders
221Chapter
934.6.11 Policy Gap Identification Process
22211 Contract Law
944.6.12 Develop Communication Strategy
22311.1 Entering into a contract— elements of a valid contract
954.6.13 Publish
22411.1.1 An Intention to Create Legal Relations
964.6.14 Activate Communication Strategy
22511.1.2 Acceptance of an Offer
974.6.15 Regularly Review and Update
22611.1.3 Consideration
984.7 Policy Document Outline
22711.1.4 Certainty of Terms
994.7.1 Introduction
22811.1.5 Capacity to Contract
1004.7.2 Purpose
22911.1.6 Legality of Object
1014.7.3 Scope
23011.2 Privity of contract and assignment of contractual rights
1024.7.4 Roles and Responsibilities
23111.2.1 Privity of Contract
1034.7.5 Sanctions and Violations
23211.2.2 Assignment of Rights
1044.7.6 Revisions and Updating Schedule
23311.3 The requirement of writing: 11.3.1 The Statute of Frauds
1054.7.7 Contact information
23411.4 Interpreting contracts
1064.7.8 Definitions/Glossary
23511.4.1 Interpretation of Express Terms
1074.7.9 Acronyms
23611.4.2 The Parol Evidence Rule
1084.8 Troubleshooting
23711.4.3 Implied Terms
1094.8.1 Policies Lack Weight
23811.5 Contractual defects
1104.8.2 Lack of Reviewing Feedback
23911.5.1 Mistake
1114.8.3 Resources Shortage
24011.5.2 Misrepresentation
1124.8.4 Reviews are Slow and Cumbersome
24111.5.3 Unfairness during Bargaining
1134.8.5 Legislation Compliance Queries
24211.6 The discharge of contracts
1144.8.6 Policy is Quickly Out of Date
24311.6.1 Discharge by Performance
1154.8.7 People get upset by the New Policy
24411.6.2 Discharge by Agreement
1164.9 Exercise
24511.6.3 Discharge by Frustration
117Chapter
24611.6.4 Discharge by Operation of Law
1185 Support Policies and Security Policy Framework
24711.6.5 Breach of Contract
1195.1 Support Polices
24811.7 Breach of contract
1205.1.1 Advisory Policy
24911.7.1 Essential and Non-Essential Terms
1215.1.2 Informative Policy
25011.7.2 Ways to Breach a Contract
1225.1.3 Regulatory Policy
25111.7.3 Effects of a Breach
1235.2 Security Policy Framework
25211.7.4 Exemption Clauses
1245.2.1 Standards
25311.7.5 Remedies for Breach of Contract
1255.2.2 Baselines
25411.8 Exercise
1265.2.3 Guidelines
255Glossary
1275.2.4 Procedures
256Appendix
1285.2.5 Implementations
257Index
1295.3 Data Organization
