Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk assessment - TSD Gard Thomassen, PhD USIT, UIO.

Published bySherman Stephens Modified over 9 years ago

Similar presentations

Presentation on theme: "Risk assessment - TSD Gard Thomassen, PhD USIT, UIO."— Presentation transcript:

1 Risk assessment - TSD Gard Thomassen, PhD USIT, UIO

2 When to think of risks ? Before design During design When redesigning Basicly – always Who is responsible for the risk evaluation – The Institution responsible for the data

3 System outline Gateway HPC - ColossusVM-server Storage Internet Secure encrypted network to special high volume data production sites 1 (project) 1 (storage area) n 1 Gard Thomassen,TSD 2.0

4 Doing risk assessment Three axis : – Data confidenciality (only those with access get access) – Data integrity (data manipulation, deletion) – Data accessibility (users get to data when they want from where they want) Level of detail – As easily read as possible, detailed where needed to describe neccessary functions

5 Risk evaluation method Define the level of security needed based on data handled Based on technical solution and risk brainstorming we listed all risk elements and evaluated them based on – probability (1 -> 4) – consequence (1 -> 4) Risks with sum (probability x consequene) – [1-4) : Accepted or underlaid some extra routine – [4-8) : Must be taken into account, can exist in a production environment for a short time and fixes have been planned – [8-16] : Unacceptable risk. Production stop, or compensated immideately by manual controls and routines that brings the level of risk down below 8. Risk evaluation details all risks > 3

6 Typical method would then be Brainstorm on all components and possible issues – Authentication – Authorization – Network / firewall – Virus / malware – Data import and export – Storage – HPC – Computers – Software / virtual machinges – Data harvesting

7 Who does risk assessment IT-security personell & System developers TSD has a “Change Advisory Board” Risk evaluation must be done when changes to the system effect the risk-assessment All users must be informed of there is a change in the risk asessment

8 When designing (secure) systems What are the laws and regulations for all involved parties Who are typical data owner Who are the stakeholders Where do we get the funding Who has the final decision autorithy

9 Thank you Questions ?

Download ppt "Risk assessment - TSD Gard Thomassen, PhD USIT, UIO."

Similar presentations

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
4 Information Security.

4 Information Security.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Chapter 1: The Context of SA&D Methods

Chapter 1: The Context of SA&D Methods
Module 1: Microsoft Windows 2000 Networking Services Infrastructure Overview.

Module 1: Microsoft Windows 2000 Networking Services Infrastructure Overview.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
Fundamentals of Information Systems, Second Edition 1 Information and Decision Support Systems Chapter 6.

Fundamentals of Information Systems, Second Edition 1 Information and Decision Support Systems Chapter 6.
IPhone Security: Understanding the KeyChain Nicholis Bufmack and Ryan Thomas CS 691 Summer 2009.

IPhone Security: Understanding the KeyChain Nicholis Bufmack and Ryan Thomas CS 691 Summer 2009.
Unit 28- Website Development Assignment 1- THEORY P3

Unit 28- Website Development Assignment 1- THEORY P3
1 Pertemuan 9 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >

1 Pertemuan 9 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >
Lecture 4 Title: Shopping Cart By: Mr Hashem Alaidaros MIS 326.

Lecture 4 Title: Shopping Cart By: Mr Hashem Alaidaros MIS 326.
By Drudeisha Madhub Data Protection Commissioner Date: 12.08.14.

By Drudeisha Madhub Data Protection Commissioner Date:
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Similar presentations

Ads by Google