1 Introduction to Security Chapter 5 Risk Management: The Foundation of Private Security.

Slides:



Advertisements
Similar presentations
Security+ All-In-One Edition Chapter 17 – Risk Management
Advertisements

Chapter 7 Managing Risk.
Managing Risk CHAPTER SEVEN Student Version Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
Museum Presentation Intermuseum Conservation Association.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Control and Accounting Information Systems
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Project Management Gaafar 2007 / 1 This Presentation is uses information from PMBOK Guide 2000 Project Management Risk Management* Dr. Lotfi Gaafar.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Auditing Computer Systems
Chapter 7: Managing Risk
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
RISK MANAGEMENT FOR ENTERPRISES AND INDIVIDUALS Chapter 9 Fundamental Doctrines Affecting Insurance Contracts.
TERRORISM / POLITICAL VIOLENCE SOLUTIONS FAIR International Insurance Conference on "Political Violence" April 2010 – Karachi Daniel O’Connell
Introduction to Network Defense
Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems 1-1 Lecture 1 Introduction to Managerial Accounting.
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
Insurance and Managing Risk Chapter 13 Business Risks Loss of property and stock and cash caused by – Fire – Theft – Flooding, etc. Financial loss caused.
PRM 702 Project Risk Management Lecture #28
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
Chapter 13 Security Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives State the major responsibility.
Chapter 11: Project Risk Management
Basics of OHSAS Occupational Health & Safety Management System
EQAA 11th Session Jamil Kalat-Malho Jong Ho Lee
Conostix S.A. Sensible defence.
Financial literacy is defined as the ability to read, analyze, manage and communicate about the personal financial conditions that affect material well-being.
Chapter 10 Contemporary Project Management Kloppenborg
Security Risk Management
Managing Risk. Objectives  To Describe Risk Management concepts and techniques  To calculate and analyze a project using Probability of completion 
INTRODUCTION Why AIS threats are increasing
RISK MANAGEMENT. RISK IS INEVITABLE  From your research of local businesses, what Risk was unavoidable and why?  Speculative Vs. Pure Risk  Speculative=
Risk Management Project Management Digital Media Department Unit Credit Value : 4 Essential Learning time : 120 hours.
Chapter 8: An Introduction to Insurance and Risk Management Chapter 8 An Introduction to Insurance and Risk Management.
Hartley, Project Management: Integrating Strategy, Operations and Change, 3e Tilde Publishing Chapter 10 Risk Management Proactively managing the positive.
Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.
Chapter 11: Project Risk Management
Session 9 & 10. Definition of risk assessment and pre condition for risk assessment Establishment of clear, consistent agency objectives. Risk assessment.
Chapter 6 – Personal Risk Management Lesson 6
Insurance and Risk. Meaning of Insurance Requirements of an Insurable Risk Description of Insurable and Uninsurable Risks Insurance Distinguished from.
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.
 Is the process of conducting an exhaustive physical examination and thorough inspection of all operational systems and procedures of a facility.
Managing Risk CHAPTER SEVEN Student Version Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
Introducing Project Management Update December 2011.
SOFTWARE PROJECT MANAGEMENT
Introduction to Information Security
Project Risk Management Planning Stage
Division of Risk Management State of Florida Loss Prevention Program.
karRKb;RKghaniP½yrbs;KMerag Project Risks Management
Engineering | Architecture | Design-Build | Surveying | Planning | GeoSpatial Solutions November 16, 2015 THE AWWA J100 - WHAT IT IS, WHY IT IS BEING UPDATED,
Module 2 Analyze Capabilities, Risks, & Vulnerabilities Planning for Emergencies – For Small Business –
1 Project Management C53PM Session 4 Russell Taylor Staff Work-base – 1 st Floor
Information Security Governance and Risk Chapter 2 Part 2 Pages 69 to 100.
INFORMATION SECURITY MANAGEMENT L ECTURE 8: R ISK M ANAGEMENT C ONTROLLING R ISK You got to be careful if you don’t know where you’re going, because you.
Company LOGO. Company LOGO PE, PMP, PgMP, PME, MCT, PRINCE2 Practitioner.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Risk Assessment and Risk Management James Taylor COSC 316 Spring 2008.
INFORMATION DISASTER PREPAREDNESS PLANNING (IDPP).
Principles of Information Security, Fourth Edition Risk Management Ch4 Part II.
INFORMATION SECURITY MANAGEMENT L ECTURE 8: R ISK M ANAGEMENT C ONTROLLING R ISK You got to be careful if you don’t know where you’re going, because you.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
SEC 480 assist Expect Success/sec480assistdotcom FOR MORE CLASSES VISIT
Computer Science / Risk Management and Risk Assessment Nathan Singleton.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)
Managing Project Risk – A simplified approach Presented by : Damian Leonard.
Internal Control Principles
Risk Management Definition
The Importance of Project Risk Management
Chapter 7: RISK ASSESSMENT, SECURITY SURVEYS, AND PLANNING
Presentation transcript:

1 Introduction to Security Chapter 5 Risk Management: The Foundation of Private Security

2 Risk defined:  A known threat that has unpredictable effects in either timing or extent  2 types of Risk: 1.Pure risk 2.Dynamic Risk

3 1. Pure Risk  The potential for injury, damage or loss with no possible benefits.  Examples: Crime Terrorism Natural Disasters

4 2. Dynamic Risk  This has potential for both benefits and losses.  Examples: Accepting checks to stimulate business Hiring our own security personnel

5 Risk Management: The Big Picture  Anticipating Risk  Recognizing Risk  Analyzing Risk  Taking steps to reduce or prevent such risks  Evaluating the Results

6 Risk Management: The Big Picture  Asset Worth An important part of any risk management program is the worth of the asset being protected. 3 Factors: Overall value of the asset to the organization Immediate financial impact of losing the asset Indirect business impact of losing the asset.

7 Risk Assessment  Risk Assessment is the process of identifying and prioritizing risks to a business.  “A risk assessment serves as the foundation upon which an organization builds its physical security plan.” (Fredrick, 2006, p. 19)

8 Sources of Information on Risk Local police crime statistics UCR reports Internal organization documents Prior complaints Prior civil claims against security Industry-related information Law enforcement intelligence

9 3 Factors of Risk Analysis 1.Vulnerability – where and how could losses occur 2.Probability – analyzing those factors that favor loss 3.Criticality – deciding the consequences of a loss if it should occur

10 How to handle identified risks: 1.Risk elimination 2.Risk reduction 3.Risk spreading 4.Risk transfer 5.Risk acceptance

11 1. Risk Elimination  The best alternative, if it is realistic.  For example, we can eliminate the risk of losses from credit card fraud if we don’t take credit cards. However, the loss of business would be more than the loss from credit card fraud.

12 2. Risk Reduction  We can not eliminate all pure risk, but we can reduce it.  We reduce it by establishing control and procedures.  Lighting, installing locks and alarm systems are all examples of methods of risk reduction.

13 2. Risk Reduction – attack trees  These give us a visual representation of our risk.

14 3. Risk Spreading  Related to risk reduction  This approach uses methods that reduce the potential loss by splitting up the risk into several areas.

15 4. Risk Transfer  We can transfer the risk by either raising prices or insurance.  Insurance has a couple of important principles: Indemnity: states the insurer pays only the actual amount of the loss and no more Subrogation: substitution of the insurer in place of the insured for the purposes of claiming indemnity from a third party for a loss covered by insurance

16 5. Risk Acceptance  It is never cost effective, practical, or indeed possible, to provide 100% security, thus some risks we simply have to accept.  Some risks are simply the costs of doing business.

17 Qualitative and Quantitative Risk Assessment  Quantitative – calculate the objective values for each component during risk assessment and cost benefit analysis.  Qualitative – identifies the most important risks quickly by assigning relative values to assets, risks, control and effects. This balances cost and effectiveness.

18 Conducting the Security Survey  A survey instrument needs to be developed  A thorough, physical walk-through should be done  Walk-through should include talking to and observing personnel and observing the environment as a whole

19 Reporting the Results 1.Introduction 2.A discussion of the risk analysis 3.Strengths of the system 4.Weaknesses of the system 5.Recommendations for alternatives for managing the risks, including the estimated cost and savings, and who should be responsible for making the changes

20 Implementing the Recommendations  It is important to note that most companies will not have the money to implement all the changes at once.  It is important to establish a schedule for implementation of the recommendations, in order to accommodate budget issues and ensure items do not get overlooked.

21 Keys to Success  Executive sponsorship  Well defined list of stakeholders  Clear definition of roles and responsibilities  Atmosphere of open communication  Spirit of teamwork  Holistic view of organization  Authority throughout process

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.