Risk assessment - TSD Gard Thomassen, PhD USIT, UIO.

Slides:



Advertisements
Similar presentations
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Advertisements

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
4 Information Security.
Ethics, Privacy and Information Security
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Chapter 1: The Context of SA&D Methods
Module 1: Microsoft Windows 2000 Networking Services Infrastructure Overview.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
HIPAA Security Standards What’s happening in your office?
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
Fundamentals of Information Systems, Second Edition 1 Information and Decision Support Systems Chapter 6.
IPhone Security: Understanding the KeyChain Nicholis Bufmack and Ryan Thomas CS 691 Summer 2009.
Unit 28- Website Development Assignment 1- THEORY P3
1 Pertemuan 9 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >
Lecture 4 Title: Shopping Cart By: Mr Hashem Alaidaros MIS 326.
By Drudeisha Madhub Data Protection Commissioner Date:
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
SEC835 Database and Web application security Information Security Architecture.
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
C4- Social, Legal, and Ethical Issues in the Digital Firm
Security of systems Security risks come from two areas: employees (who introduce accidental and intentional risks) and external computer crime. Unfortunately.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
TSD: a Secure and Scalable Service for Sensitive Data and eBiobanks Gard Thomassen, PhD Head of Research Support Services Group University Center for Information.
Jan 11 Encryption and Hacking. Your Answer Encryption is used to keep information safe from unauthorised users. The best way to keep the system safe is.
Chapter 6 of the Executive Guide manual Technology.
Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Electronic Health Records: Healthcare System’s Common Trends Based on Cloud Computing Group 2: OU Jin FANG Ting
OSIsoft User Conference Monterey, March 2002 Tank-to-Boardroom: Inventory Management Comes of Age! A web service strategy featuring OSIsoft Technologies.
Information Systems Security
VPN Security Policy By: Fred Cicilioni. VPN, or Virtual Private Network, is a protocol that allows remote access, allowing the user to connect to all.
The University of Georgia. /1002 Ensure that the University is appropriately managing risk to information assets and information services.
Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.
Module 4: Systems Development Chapter 14: Design And Implementation.
Principles of Information Systems, Sixth Edition 1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Project management Topic 4 Starting up a project.
Testing and Validation Kuvvet Atakan and the WP6 and WP7 Teams.
Configuring Electronic Health Records Privacy and Security in the US Lecture a This material (Comp11_Unit7a) was developed by Oregon Health & Science University.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Unit – I Presentation. Unit – 1 (Introduction to Software Project management) Definition:-  Software project management is the art and science of planning.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Strategic Agenda We want to be connected to the internet……… We may even want to host our own web site……… We must have a secure network! What are the.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Safe’n’Sec IT security solutions for enterprises of any size.
Policies and Security for Internet Access
Security risks in a network. Remote access  When you connect a computer to a network it is visible to all other computers on the network. When you connect.
TSD: a Secure and Scalable Service for Sensitive Data and eBiobanks Gard Thomassen, PhD Head of Research Support Services Group University Center for Information.
CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.
Services for Sensitive Research Data Iozzi Maria Francesca, Group Leader & Nihal D. Perera, Senior Engineer Research Support Services Group ”Services for.
Virus Removal Support Services. H OW TO K EEP Y OUR C OMPUTER F REE F ROM V IRUS T HREAT ? Virus can attack your PC any time without any.
Securing Information Systems
Lecture 5. Security Threats
CHAPTER 4 Information Security.
CIS 333Competitive Success/tutorialrank.com
CIS 333 Education for Service-- tutorialrank.com.
Prepared By : Binay Tiwari
IS4680 Security Auditing for Compliance
Keeping Member Data Safe
TSD Status and TSD API USIT
Online Learning.
Applications Development - Unit Testing
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Risk assessment - TSD Gard Thomassen, PhD USIT, UIO

When to think of risks ? Before design During design When redesigning Basicly – always Who is responsible for the risk evaluation – The Institution responsible for the data

System outline Gateway HPC - ColossusVM-server Storage Internet Secure encrypted network to special high volume data production sites 1 (project) 1 (storage area) n 1 Gard Thomassen,TSD 2.0

Doing risk assessment Three axis : – Data confidenciality (only those with access get access) – Data integrity (data manipulation, deletion) – Data accessibility (users get to data when they want from where they want) Level of detail – As easily read as possible, detailed where needed to describe neccessary functions

Risk evaluation method Define the level of security needed based on data handled Based on technical solution and risk brainstorming we listed all risk elements and evaluated them based on – probability (1 -> 4) – consequence (1 -> 4) Risks with sum (probability x consequene) – [1-4) : Accepted or underlaid some extra routine – [4-8) : Must be taken into account, can exist in a production environment for a short time and fixes have been planned – [8-16] : Unacceptable risk. Production stop, or compensated immideately by manual controls and routines that brings the level of risk down below 8. Risk evaluation details all risks > 3

Typical method would then be Brainstorm on all components and possible issues – Authentication – Authorization – Network / firewall – Virus / malware – Data import and export – Storage – HPC – Computers – Software / virtual machinges – Data harvesting

Who does risk assessment IT-security personell & System developers TSD has a “Change Advisory Board” Risk evaluation must be done when changes to the system effect the risk-assessment All users must be informed of there is a change in the risk asessment

When designing (secure) systems What are the laws and regulations for all involved parties Who are typical data owner Who are the stakeholders Where do we get the funding Who has the final decision autorithy

Thank you Questions ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.