Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Slides:



Advertisements
Similar presentations
DIScovery SciEnce through Computational Thinking (DISSECT) Enrico Pontelli.
Advertisements

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Lero© 2010 Software Process & Quality Improvement Dr. Ita Richardson Lero – the Irish Software Engineering Research Centre and Department of Computer Science.
Cyber Education Project Accreditation Committee November 2014.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Information Security Risk.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 General Policy and Law Issues.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Qualitative Risk Analysis.
Using G.I.S. to Bridge the Gap Between Regional and Local Industrial Analyses Towards a cooperative framework within local communities in northeast Ohio.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline General Policy.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Creation of Policies, Part.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline General Policy.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Creation of Policies, Part.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Quantitative Risk Analysis.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Using Soft Systems Methodology to Understand how to Exploit Learning Technologies in Developing Countries C. Sanga, & I.M. Venter, Computer Science Department.
Integrating Occupational Hygiene and Medical Programs Using Occupational Health Manager (OHM) Tom Polton Pfizer Inc.
Virtual Tutor Application Madhuri Somarapu Dr. Jie Yan Bowie State University Computer Science Department.
Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.
China 2006 Fellowship by Yuliang Liu, Ph. D.1 Experiences for Effectively Designing and Teaching Online Courses Yuliang Liu, Ph. D.
Security 1  26 Modules  CS0, CS1, CS2 o Buffer Overflow o Integer Error o Input Validation  Computer Literacy o Phishing o Cryptography.
INSuRE HUBbub 2014 September 29, 2014 Courtney Falk PhD Student Lauren Stuart PhD Student.
ONLINE VS. FACE-TO-FACE: EDUCATOR OPINIONS ON PROFESSIONAL DEVELOPMENT DELIVERY METHODS BY TERESA SCRUGGS THOMAS Tamar AvineriEMS 792x.
Bilingual Russian-English Online Cyber Security Curriculum Sanjay Goel, Damira Pon, & Kevin Williams University at Albany, State University of New York.
Preservation Strategies: Sponsor or Institutional Requirements Ronald Weaver National Snow and Ice Data Center Version 1.0 Review Date.
CREATING SHAREABLE SECURITY MODULES Kara Nance, University of Alaska Fairbanks, Fairbanks, AK, USA Blair Taylor, Towson University, Towson, MD, USA Ronald.
Information Security Research and Education Network INSuRE Dr. Melissa Dark Purdue University Award #
A Set of Tools for Map Use in a Digital Environment Barbara Hofer Institute for Geoinformation
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
Educational Research: Competencies for Analysis and Application, 9 th edition. Gay, Mills, & Airasian © 2009 Pearson Education, Inc. All rights reserved.
NOAA Administrative Order : Management of Environmental and Geospatial Data and Information Jeff Arnfield NOAA’s National Climatic Data Center Version.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
IT Acquisitions from the Risk Manager’s Perspective Jeffrey Posluns, CRMP,CGEIT, CISM, CISSP-ISSMP Chairman Governance Risk Compliance Security International.
Literature Reviews Lora Leligdon Engineering Research Librarian CSEL L166 /
Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.
Center for Distance Learning Status Report On Distance Learning Preliminary findings on technology and academic validity of distance learning techniques.
© st Century Systems, Inc. All rights reserved. AEDGE, AgentKind, and Unique Tools for Complex Systems are registered trademarks of 21 st Century.
IT Security CS5493(74293). IT Security Q: Why do you need security? A: To protect assets.
WFP/Vulnerability Analysis and Mapping (VAM) 25 November 2012.
Assessment of Your Program Why is it Important? What are the Key Elements?
Interdisciplinary MS in Information Assurance Jim Wolfe Computer Science Department Indiana University of Pennsylvania EPASEC 2006.
1 Modelling of scenarios for credit risk: establishing stress test methodologies European Central Bank Risk Management Division Strategy Unit Ken Nyholm.
CYSM RISK ASSESSMENT TOOLKIT PROCEDURES I David Calduch Project Manager Port planning and Development Dept. VALENCIAPORT FOUNDATION.
NUR 703 Enthusiastic Studysnaptutorial.com
Antiterrorism / Force Protection (AT/FP) Assessment Tool Training
TERRORIST PROTECTION PLANNING USING A RELATIVE RISK REDUCTION APPROACH
العنف الأسري: رجالٌ يتكلّمون
People Who Did the Study Universities they are affiliated with
بسم الله الرحمن الرحیم.
CSCI N207 Data Analysis Using Spreadsheet
Department of Information Systems
Data Analytics course.
Presentation transcript:

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative Risk Analysis Module 1: Qualitative Risk Analysis Module 2: Determine Assets and Vulnerabilities Module 3: Determine Threats and Controls Module 4: Matrix Based Approach Module 5: Case Study  Module 6: Summary

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 2 Summary Qualitative Risk Analysis Qualitative risk analysis involves using relative values of assets, threats, vulnerabilities to: – Determine the relative exposure of different assets of the organization – Determine the relative effectiveness of different controls The methodology developed here uses a series of matrices to collect the data on assets, vulnerabilities, threats and controls Data from the matrices is integrated to determine the relative importance of controls This approach is suitable when precise data for different elements is unavailable Most organizations start with a qualitative analysis and gradually migrate to a quantitative analysis

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 3 Suggested Reading Qualitative Risk Analysis Backhouse, J. and Dhillon, G. (1996). Structures of responsibility and security of information systems. European Journal of Information Systems, 5(1), 2-9. Baskerville, R. (1993). An Analytical Survey of Information System Security Design Methods: Implications for Information Systems Development. ACM Computing Surveys, Parker, D.B. (1981). Managers Guide to Computer Security. Prentice-Hall, Inc, Reston, VA, USA.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 4 Acknowledgements Grants and Personnel Support for this work has been provided through grants from the following agencies –National Science Foundation (NSF ) –Department of Education (FIPSE) Damira Pon, from the Center of Information Forensics and Assurance contributed extensively by reviewing and editing the material Robert Bangert-Drowns from the School of Education reviewed the material from a pedagogical view. Melissa Dark & Ting Zhuang from Purdue University provided a critique of the material and facilitated creation of a distance delivery version of the course.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.