Information Security Risks; All-in-One Terminology

Slides:



Advertisements
Similar presentations
Bridging the gap between software developers and auditors.
Advertisements

Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.
Project Management Gaafar 2007 / 1 This Presentation is uses information from PMBOK Guide 2000 Project Management Risk Management* Dr. Lotfi Gaafar.
1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN.
Introducing Computer and Network Security
COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.
Heuristic Evaluation IS 485, Professor Matt Thatcher.
CS498IA – Information Assurance Spring 2007
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Chapter Extension 22 Managing Computer Security Risk © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Introduction to Network Defense
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
1 Security Risk Management Liping Cai 02/01/2006.
PRM 702 Project Risk Management Lecture #28
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
Conostix S.A. Sensible defence.
1 Introduction to Security Chapter 5 Risk Management: The Foundation of Private Security.
WMD & Emergency Planning Steps Session 12. Emergency Planning Steps Vulnerability Assessment Mitigation Efforts Emergency Response Planning Recovery.
Security Risk Management
Lecture 32 Risk Management (Cont’d)
CAIRA is a quantitative vulnerability assessment tool for examining the physical security of energy systems (electrical, natural gas, steam and water)
© 2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.
Chapter 11: Project Risk Management
Proposed Supply Chain Risk Management Process Flow Supply Chain Risk Leadership Council 20 April 2009 DRAFT.
INFORMATION SECURITY MANAGEMENT L ECTURE 7: R ISK M ANAGEMENT I DENTIFYING AND A SSESSING R ISK You got to be careful if you don’t know where you’re going,
CC3020N Fundamentals of Security Management CC3020N Fundamentals of Security Management Lecture 2 Risk Identification and Risk Assessment.
Assessing Current Network Concerns Lesson 5. CERT/CC Stats.
Lecture 7 Risk Analysis CSCI – 3350 Software Engineering II Fall 2014 Bill Pine.
THE LOW DOWN ON RISK ASSESSMENT HOW SAFE ARE OUR CITIES?
Slide #1 Security Planning and Risk Analysis CS461/ECE422 Computer Security I Fall 2009.
PMP Study Guide Chapter 6: Risk Planning. Chapter 6 Risk Planning Planning for Risks Plan Risk Management Identifying Potential Risk Analyzing Risks Using.
Project Risk Management Planning Stage
INFORMATION SECURITY MANAGEMENT L ECTURE 8: R ISK M ANAGEMENT C ONTROLLING R ISK You got to be careful if you don’t know where you’re going, because you.
1 Figure 11-3: Risk Analysis Financially Sensible Protections  Risk analysis: Balance risks and countermeasture costs Enumeration of Assets  Assets:
Information Technology Project Management Managing IT Project Risk.
1 Project Management C53PM Session 4 Russell Taylor Staff Work-base – 1 st Floor
Information Security Governance and Risk Chapter 2 Part 2 Pages 69 to 100.
INFORMATION SECURITY MANAGEMENT L ECTURE 7: R ISK M ANAGEMENT I DENTIFYING AND A SSESSING R ISK You got to be careful if you don’t know where you’re going,
Classical Risk Analysis November 13, Classical Risk Analysis.
Assessing Current Network Concerns Lesson 5. The Assessment Two important elements you will need to determine in order to produce a valuable assessment.
Networks ∙ Services ∙ People Mark Johnston SIG ISM - Copenhagen Changing GÉANT’s Security Future GÉANT Feb 22, 2016 CNOO – Head of IIS Fotis.
INFORMATION SECURITY MANAGEMENT L ECTURE 8: R ISK M ANAGEMENT C ONTROLLING R ISK You got to be careful if you don’t know where you’re going, because you.
ON “SOFTWARE ENGINEERING” SUBJECT TOPIC “RISK ANALYSIS AND MANAGEMENT” MASTER OF COMPUTER APPLICATION (5th Semester) Presented by: ANOOP GANGWAR SRMSCET,
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Principles of Information Security, Fourth Edition Risk Management Ch4 Part I.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-I)
Objectives We’ll answer the following: What is a FRAP? Why a FRAP?
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)
Managing Project Risk – A simplified approach Presented by : Damian Leonard.
PMP Study Guide Chapter 6: Risk Planning (Unit 8).
Identifying and Assessing Risk
Risk management.
Risk Management.
Risk Assessment in NORDUnet
Project Based Risk Management Defusing a potential ticking time bomb
Identifying and Assessing Risk
8 Managing Risk (Premium).
Risk Management for Technology Projects
CHAPTER11 Project Risk Management
Identify hazards to the force
Air Carrier Continuing Analysis and Surveillance System (CASS)
Decision Making A quick and simple system for decision making.
Chapter 7: RISK ASSESSMENT, SECURITY SURVEYS, AND PLANNING
Probable Impact on Corporation Probability of Occurrence
11. Steps 2.1 – 2.3 Identify and prioritize issues and goals
Risk Management Part I Dr. Zahi Yaseen Contact Us
A New Concept for Laboratory Quality Management Systems
Presentation transcript:

Information Security Risks; All-in-One Terminology

Information Security Risk Management Lifecycle with some Basic Elements (controls)

Qualitative Risk Analysis (Nitel Risk Analizi) Generally used in Information Security Hard to make meaningful valuations and meaningful probabilities Relative ordering is faster and more important Many approaches to performing qualitative risk analysis Same basic steps as quantitative analysis Still identifying asserts, threats, vulnerabilities, and controls Just evaluating importance differently 3

Qual. Risk Analysis in 10 steps Step 1: Identify Scope Bound the problem Step 2: Assemble team Include subject matter experts, management in charge of implementing, users Step 3: Identify Threats Pick from lists of known threats Brainstorm new threats Mixing threats and vulnerabilities here... 4

Step 4: Threat prioritization Prioritize threats for each assert Likelihood of occurrence (note that this is likelihood because it is not a statistical probability value) Define a fixed threat rating E.g., Low(1) … High(5) Associate a rating with each threat Note: Approximation to the risk probability in quantitative approach 5

Step 5: Loss Impact With each threat determine loss impact Define a fixed ranking E.g., Low(1) … High(5) Used to prioritize damage to asset from threat 6

Step 6: Total impact 6 3 2 Theft 10 5 Water 15 Fire Risk Factor Example 2: Another alternative method, where the scaled qualitative values are multiplied) 6 3 2 Theft 10 5 Water 15 Fire Risk Factor Impact Priority Threat Priority Threat 7

Step 7: Identify Controls/Safeguards Potentially come into the analysis with an initial set of possible controls Associate controls with each threat Starting with high priority risks Do cost-benefits and coverage analysis (Step 8) Rank controls (Step 9) 8

Step 8: Safeguard (Control) Evaluation Step 9: Rank these Controls ! 9

Step 10: Communicate Results Most risk analysis projects result in a written report Generally not read Make a good executive summary Beneficial to track decisions. Real communication done in meetings an presentations 10

Another Qualitative Inf. Sec Another Qualitative Inf. Sec. Risk Assessment Example (by multiplying the scaled values)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.