Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding the Security Vulnerability Assessment Copyright Jean Perois, CPP, PSP, FSyI.

Published byMiranda Stone Modified over 9 years ago

Similar presentations

Presentation on theme: "Understanding the Security Vulnerability Assessment Copyright Jean Perois, CPP, PSP, FSyI."— Presentation transcript:

1 Understanding the Security Vulnerability Assessment Copyright Jean Perois, CPP, PSP, FSyI

2 ‘ Have a clearer picture of what the SVA (API Methodology) is about, understand what it can do for you, but also evaluates both its strengths and limits.’ Copyright Jean Perois, CPP, PSP, FSyI Today’s objectives:

3 Security Audit Risk Assessment Security Survey Copyright Jean Perois, CPP, PSP, FSyI

4 What is an SVA? The SVA is a systematic process that evaluates the likelihood that a threat against a facility will be successful. Copyright Jean Perois, CPP, PSP, FSyI

5 What can the SVA do for you? 1. Full assessment of the security posture of your company 2. It measures vulnerabilities against threats 3. It identifies security gaps 4. Recommendations are commensurate to security risk Copyright Jean Perois, CPP, PSP, FSyI

6

7

8

9

10 * Based on Vulnerability, Threat & Attractiveness variables

11 Copyright Jean Perois, CPP, PSP, FSyI

12 Vague, unscientific and outdated Vague, unscientific and outdated R = P x C versus R = P A * (1 - P E ) * C R = P x C versus R = P A * (1 - P E ) * C where P A is the likelihood of adversary attack,, P E is security system effectiveness,1 - P E is adversary success, and C is consequence of loss of the asset.But The SVA addresses the full spectrum of mitigation measures The SVA addresses the full spectrum of mitigation measures Security remains a conceptual exercise and about educated guesses and probabilities Security remains a conceptual exercise and about educated guesses and probabilities Using equations will not change the reality of Risk Using equations will not change the reality of Risk

13 Copyright Jean Perois, CPP, PSP, FSyI

Download ppt "Understanding the Security Vulnerability Assessment Copyright Jean Perois, CPP, PSP, FSyI."

Similar presentations

Risk Analysis Fundamentals and Application Robert L. Griffin International Plant Protection Convention Food and Agriculture Organization of the UN.

Risk Analysis Fundamentals and Application Robert L. Griffin International Plant Protection Convention Food and Agriculture Organization of the UN.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
1.  FHWA Climate Change Resilience Program ◦ Assessment Framework ◦ Transportation Vulnerability  Flash Flood Vulnerability project ◦ Background ◦ Objectives.

1.  FHWA Climate Change Resilience Program ◦ Assessment Framework ◦ Transportation Vulnerability  Flash Flood Vulnerability project ◦ Background ◦ Objectives.
Presented at the 2007 CUPA Conference by SRM Associates, Inc. PO Box 891993 Temecula, CA 92589-1993 (951) 764-3626 Chemical Site Security and Chemical.

Presented at the 2007 CUPA Conference by SRM Associates, Inc. PO Box Temecula, CA (951) Chemical Site Security and Chemical.
1 www.vita.virginia.gov Evolving the Cyber Security Program Michael Watson Chief Information Security Officer ISACA 3/12/2015 www.vita.virginia.gov 1.

1 Evolving the Cyber Security Program Michael Watson Chief Information Security Officer ISACA 3/12/
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
By: Ashwin Vignesh Madhu

By: Ashwin Vignesh Madhu
Randy Marchany VA Tech Computing Center

Randy Marchany VA Tech Computing Center
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Application Threat Modeling Workshop

Application Threat Modeling Workshop
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
Project Risk Management

Project Risk Management
CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t ITIL and Business Continuity (Service Perspective) Hepix 2012 Conference Prague, 23-27.

CERN IT Department CH-1211 Genève 23 Switzerland t ITIL and Business Continuity (Service Perspective) Hepix 2012 Conference Prague,
Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.

Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.
1 DHS Bioterrorism Risk Assessment Background, Requirements, and Overview DHS Bioterrorism Risk Assessment Background, Requirements, and Overview Steve.

1 DHS Bioterrorism Risk Assessment Background, Requirements, and Overview DHS Bioterrorism Risk Assessment Background, Requirements, and Overview Steve.
EQAA 11th Session Jamil Kalat-Malho Jong Ho Lee

EQAA 11th Session Jamil Kalat-Malho Jong Ho Lee
1 Introduction to Security Chapter 5 Risk Management: The Foundation of Private Security.

1 Introduction to Security Chapter 5 Risk Management: The Foundation of Private Security.
1 Oppliger: Ch. 15 Risk Management. 2 Outline Introduction Formal risk analysis Alternative risk analysis approaches/technologies –Security scanning –Intrusion.

1 Oppliger: Ch. 15 Risk Management. 2 Outline Introduction Formal risk analysis Alternative risk analysis approaches/technologies –Security scanning –Intrusion.

Similar presentations

Ads by Google