Presentation is loading. Please wait.

Presentation is loading. Please wait.

March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today HomeworkHomework Risk assessment processRisk assessment process –Identify.

Similar presentations


Presentation on theme: "March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today HomeworkHomework Risk assessment processRisk assessment process –Identify."— Presentation transcript:

1 March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today HomeworkHomework Risk assessment processRisk assessment process –Identify resources –Identify attacks –Estimate the risks AssignmentAssignment

2 March 2005 2R. Smith - University of St Thomas - Minnesota How did the homework go? Let’s draw an easy perimeterLet’s draw an easy perimeter Let’s draw a paranoid perimeterLet’s draw a paranoid perimeter

3 March 2005 3R. Smith - University of St Thomas - Minnesota Risk assessment process Identify resourcesIdentify resources –Look at goals and expectations –Look at computing resources needed Identify attacksIdentify attacks –Identify threats –Identify attacks those threats might use Estimate the risksEstimate the risks –How often might an attack succeed –How must will it cost to recover?

4 March 2005 4R. Smith - University of St Thomas - Minnesota Identify resources Look at goals and expectationsLook at goals and expectations –Enterprise goals or personal goals –LL Bean: they sell clothes Running a server is incidentalRunning a server is incidental Look at computing resources neededLook at computing resources needed

5 March 2005 5R. Smith - University of St Thomas - Minnesota Potential computing resources Computer hardwareComputer hardware Proprietary softwareProprietary software Computer customizationComputer customization Work dataWork data Financial dataFinancial data Student or work activitiesStudent or work activities Financial activitiesFinancial activities Social activitiesSocial activities Research activitiesResearch activities

6 March 2005 6R. Smith - University of St Thomas - Minnesota Identify attacks Identify threatsIdentify threats Identify attacks those threats might useIdentify attacks those threats might use

7 March 2005 7R. Smith - University of St Thomas - Minnesota Identify Threats and Attacks Threats Property thievesProperty thieves Identity thievesIdentity thieves Script kiddiesScript kiddies Botnet buildersBotnet builders EmbezzlersEmbezzlers CompetitorsCompetitors Roommates/familyRoommates/family Malicious acquaintancesMalicious acquaintances Maintenance peopleMaintenance people AdministratorsAdministrators Potential Attacks Physical theft Data loss Disclosure Subversion Masquerade Forgery “CIA” risks Physical risks –Power, weather, etc.

8 March 2005 8R. Smith - University of St Thomas - Minnesota Estimate the risks How must will it cost to recover?How must will it cost to recover? –Option: use a relative scale 1-10, 1-100 –Option: use #days to recover (working, earning, etc) –Option: estimate the financial cost How often might an attack succeed?How often might an attack succeed? –Option: Number of times per year, or fraction –Option: a relative scale Once done, we can sort and compareOnce done, we can sort and compare –Identify the most important risks –Prioritize other risks

9 March 2005 9R. Smith - University of St Thomas - Minnesota Assignment Identify an ‘interesting” systemIdentify an ‘interesting” system –Computer preferred but not necessary Do a risk assessmentDo a risk assessment –Should be at least as complex as the Personal Risk Assessment example.

10 March 2005 10R. Smith - University of St Thomas - Minnesota Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by- sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.


Download ppt "March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today HomeworkHomework Risk assessment processRisk assessment process –Identify."

Similar presentations


Ads by Google