Understanding the Security Vulnerability Assessment Copyright Jean Perois, CPP, PSP, FSyI.

Slides:

Advertisements

Similar presentations

Risk Analysis Fundamentals and Application Robert L. Griffin International Plant Protection Convention Food and Agriculture Organization of the UN.

Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

1.  FHWA Climate Change Resilience Program ◦ Assessment Framework ◦ Transportation Vulnerability  Flash Flood Vulnerability project ◦ Background ◦ Objectives.

Presented at the 2007 CUPA Conference by SRM Associates, Inc. PO Box Temecula, CA (951) Chemical Site Security and Chemical.

1 Evolving the Cyber Security Program Michael Watson Chief Information Security Officer ISACA 3/12/

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

The Australian/New Zealand Standard on Risk Management

By: Ashwin Vignesh Madhu

Randy Marchany VA Tech Computing Center

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Application Threat Modeling Workshop

1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

Project Risk Management

CERN IT Department CH-1211 Genève 23 Switzerland t ITIL and Business Continuity (Service Perspective) Hepix 2012 Conference Prague,

Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.

1 DHS Bioterrorism Risk Assessment Background, Requirements, and Overview DHS Bioterrorism Risk Assessment Background, Requirements, and Overview Steve.

EQAA 11th Session Jamil Kalat-Malho Jong Ho Lee

1 Introduction to Security Chapter 5 Risk Management: The Foundation of Private Security.

1 Oppliger: Ch. 15 Risk Management. 2 Outline Introduction Formal risk analysis Alternative risk analysis approaches/technologies –Security scanning –Intrusion.

Lecture 32 Risk Management (Cont’d)

CAIRA is a quantitative vulnerability assessment tool for examining the physical security of energy systems (electrical, natural gas, steam and water)

International Security Technology, Inc. New York City TerrorismRisk.Doc Terrorism How To Manage This New Risk. Robert V. Jacobson CISSP CPP.

CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 5 Tom Olzak, MBA, CISSP.

Risk Assessment Farrokh Alemi, Ph.D. Monday, July 07, 2003.

Risk Management for Technology Projects Geography 463 : GIS Workshop May

State Homeland Security Assessment and Strategy Program Develop Planning Factors for CBRNE Scenarios.

Dr. Benjamin Khoo New York Institute of Technology School of Management.

Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.

Pinkerton C&I Eric Davis-Fernald Director.

Securing Critical Chemical Assets: The Responsible Care ® Security Code Protection of Hazardous Installations from Intentional Adversary Acts European.

19 March 2008Assessment workshop1 Assessment methodology.

What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.

Defense Security Service Joint Industrial Security Awareness Council March 20, 2015.

Visual 1. 1 Lesson 1 Overview and and Risk Management Terminology.

Information Security Governance and Risk Chapter 2 Part 2 Pages 69 to 100.

Cyber Insurance Collecting and Storing Cyber attack data using a Cyber Security Surveillance System (CS3) Presenter: Kasturi Balakrishnan.

Title: Port Security Risk Assessment Tool (PSRAT) Author:Tony Regalbuto Chief, Office of International & Domestic Port Security Assessments United States.

OCTAVE By Matt White. OCTAVE  OCTAVE® (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a risk-based strategic assessment and planning.

Chapter 13 Risk Management. Chapter Objectives 1.Define risk and risk management 2.Outline key risk issues and types of risk 3.Identify concrete methods.

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-I)

Computer Science / Risk Management and Risk Assessment Nathan Singleton.

Primary Steps for Achieving ISO Certification.

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)

Table of contents: Preliminary concepts Why proofing legislation against crime? The CRAM Final remarks 1 PROOFING LEGISLATION AGAINST CRIME: THE RESULTS.

Cybersecurity: Risk Management

An Overview on Risk Management

Security Risk Analysis & Management

and Security Management: ISO 28000

Risk Management for Technology Projects

Figure 3: TSN Analysis Methodology

Evolving the Cyber Security Program

RISK MANAGEMENT An Overview: NIPC Model

SEC 400 Competitive Success/snaptutorial.com

SEC 400 Education for Service-- snaptutorial.com.

CMGT 431 Education for Service/tutorialrank.com

CMGT 431 STUDY Education for Service- -cmgt431study.com.

SEC 400 Teaching Effectively-- snaptutorial.com

سيستم مديريت امنيت اطلاعات

Hazard and Vulnerability Assessment

Chemical Facilities Vulnerability Assessment

TERRORIST PROTECTION PLANNING USING A RELATIVE RISK REDUCTION APPROACH

Information Security Risk Management

Risk Analysis and HIPAA Security

CMD LOGO Operations Security (OPSEC) Assessment in-brief Presenter

FATF/GIABA Mutual Evaluation Process and the Role of the NGOs in the Successful Conduct of the Mutual Evaluation Review (MER) Abdul Rahman Mustapha Head,

Securing Critical Chemical Assets: The Responsible Care® Security Code

Security Assessments Offered

Awareness and Auditor training kit

Presentation transcript:

Understanding the Security Vulnerability Assessment Copyright Jean Perois, CPP, PSP, FSyI

‘ Have a clearer picture of what the SVA (API Methodology) is about, understand what it can do for you, but also evaluates both its strengths and limits.’ Copyright Jean Perois, CPP, PSP, FSyI Today’s objectives:

Security Audit Risk Assessment Security Survey Copyright Jean Perois, CPP, PSP, FSyI

What is an SVA? The SVA is a systematic process that evaluates the likelihood that a threat against a facility will be successful. Copyright Jean Perois, CPP, PSP, FSyI

What can the SVA do for you? 1. Full assessment of the security posture of your company 2. It measures vulnerabilities against threats 3. It identifies security gaps 4. Recommendations are commensurate to security risk Copyright Jean Perois, CPP, PSP, FSyI

* Based on Vulnerability, Threat & Attractiveness variables

Copyright Jean Perois, CPP, PSP, FSyI

Vague, unscientific and outdated Vague, unscientific and outdated R = P x C versus R = P A * (1 - P E ) * C R = P x C versus R = P A * (1 - P E ) * C where P A is the likelihood of adversary attack,, P E is security system effectiveness,1 - P E is adversary success, and C is consequence of loss of the asset.But The SVA addresses the full spectrum of mitigation measures The SVA addresses the full spectrum of mitigation measures Security remains a conceptual exercise and about educated guesses and probabilities Security remains a conceptual exercise and about educated guesses and probabilities Using equations will not change the reality of Risk Using equations will not change the reality of Risk

Copyright Jean Perois, CPP, PSP, FSyI