Risk Assessment in NORDUnet

Slides:

Advertisements

Similar presentations

What to Provide to OMB History of the rule Problem to be addressed –Quantitative and qualitative analysis “Significant Regulatory Action” under 12866(3)(f)

Advertisements

Project Management Gaafar 2007 / 1 This Presentation is uses information from PMBOK Guide 2000 Project Management Risk Management* Dr. Lotfi Gaafar.

Introducing Computer and Network Security

Project Risk Management

The Australian/New Zealand Standard on Risk Management

By: Ashwin Vignesh Madhu

Marketing research and Marketing Planning at Tesco.

R-1 Project Risk Management. R-2  Qualitative Risk Analysis  Quantitative Risk Analysis  Risk Response Planning  Sticky note technique  Risk matrix.

Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.

PRM 702 Project Risk Management Lecture #28

1 Introduction to Security Chapter 5 Risk Management: The Foundation of Private Security.

Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.

CAIRA is a quantitative vulnerability assessment tool for examining the physical security of energy systems (electrical, natural gas, steam and water)

Analyze Opportunity Part 1

Centro de Estudos e Sistemas Avançados do Recife PMBOK - Chapter 11 Project Risk Management.

Hartley, Project Management: Integrating Strategy, Operations and Change, 3e Tilde Publishing Chapter 10 Risk Management Proactively managing the positive.

Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.

Chapter 11: Project Risk Management

Risk Management in the Built Environment Qualitative and Quantitative Risk Management By Professor Simon Burtonshaw-Gunn – licensed under the Creative.

PMP Study Guide Chapter 6: Risk Planning. Chapter 6 Risk Planning Planning for Risks Plan Risk Management Identifying Potential Risk Analyzing Risks Using.

Project Risk Management Planning Stage

INFORMATION SECURITY MANAGEMENT L ECTURE 8: R ISK M ANAGEMENT C ONTROLLING R ISK You got to be careful if you don’t know where you’re going, because you.

Risk Assessment What is good about the Microsoft approach to threat modeling? What is bad about it? OCTAVE…  Advantage: ___________  Disadvantage: ___________.

Company LOGO. Company LOGO PE, PMP, PgMP, PME, MCT, PRINCE2 Practitioner.

ON “SOFTWARE ENGINEERING” SUBJECT TOPIC “RISK ANALYSIS AND MANAGEMENT” MASTER OF COMPUTER APPLICATION (5th Semester) Presented by: ANOOP GANGWAR SRMSCET,

ACC 490 Entire Course For more classes visit ACC 490 Week 1 Generally Accepted Auditing Standards Paper ACC 490 Week 1 – DQ 1 ACC.

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)

Chapter 25 – Configuration Management 1Chapter 25 Configuration management.

ACC 490 EDU Deep learning/ACC490EDUdotcom. ACC 490 EDU Deep learning ACC 490 Entire Course FOR MORE CLASSES VISIT ACC 490 Week 1 Generally.

ACC 490 EDU Dreams Come True/acc490edu.com FOR MORE CLASSES VISIT

S7-1 © 2001 Carnegie Mellon University OCTAVE SM Process 7 Conduct Risk Analysis Software Engineering Institute Carnegie Mellon University Pittsburgh,

 Define and recognize risk  Define the contents of a risk management plan  Conduct a risk identification and prioritization process  Define.

Iterative Risk Management Workflow Tool

Instructional Leadership for a Professional Learning Culture:

Strategic Planning for Learning Organizations

Risk Management.

Risk and Issue Exercise Tasks

SWOT Analysis Workshop A

COSO and ERM Committee of Sponsoring Organizations (COSO) is an organization dedicated to providing thought leadership and guidance on internal control,

Managing Project Risk Chapter 7 Copyright 2012 John Wiley & Sons, Inc.

CHAPTER11 Project Risk Management

Failure mode and effect analysis

E-Commerce Strategy, Implementation

Project Risk Management

RISK ASSESSMENT TOOL PREVIEW

ACC 490 Competitive Success/snaptutorial.com

BUS 519 Education for Service-- snaptutorial.com.

ACC 490 Education for Service/snaptutorial.com

BUS 519 Teaching Effectively-- snaptutorial.com

ACC 490 Teaching Effectively-- snaptutorial.com

VeNí Service-focused Approach

بسم الله الرحمن الرحیم.

Training Officers Consortium

Must cost less than possible Impact

Risk Management CSCE 489/689 (Software Security) Fall 2018

COSO I COSO II. Meycor COSO, a Comprehensive Solution for Enterprise Risk Management (ERM)

ELC 347 project management

Chapter#8:Project Risk Management Planning

Collaboration Advisory

Project Risk Management

Lesson 2 Risk Management Issues.

Applications Development - Unit Testing

Risk Assessment PMO Briefing 31st January 2018.

Effective Risk Management in Decision Making Process

Project Risk Management

Risk Management Part I Dr. Zahi Yaseen Contact Us

Chapter#8:Project Risk Management Planning

Information Security Risks; All-in-One Terminology

Action title DUMMY SLIDE DUMMY SLIDE DUMMY SLIDE Situation

RISK MANAGEMENT.

Presentation transcript:

Risk Assessment in NORDUnet [TLP:GREEN] Jacob Wolf

Why risk assessment? Treat risks that matters Implement only necessary security Report risk correctly Assign risk responsibility Take better business decisions

Method As mentioned on our last meeting, I use OCTAVE Allegro. Benefits: Easy security-business alignment Structured, quantitative and qualitative Easy reporting Disadvantages: No good tools. I had to invent my own. Workflow: Analyze what risks management priorities Describe environment Processes Critical information (data that is key to the process) Containers (technical, human, physical artifacts that handle the information) Threats Analyze each threat Threats are scored regarding impact and likelihood. Decide actions Action (transfer, modify, accept, defer, ..) Select controls for each affected container

I talked about my tool at our last meeting Since last meeting, I have: Improved data structure Created a web application (easier to use) Soon, I will publish it on github

Example I will now show the risk tool.

The Future? I haven't migrated all my risk analysis to the new tool. This will follow very soon. I will be happy to share generic risk analysis that could benefit this group (as [TLP:Amber]).