Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Security and Cryptology, IV Risk Management and its Methods September 24th, 2014 Valdo Praust Lecture Course in Estonian IT College Autumn.

Published byGervais Harris Modified over 9 years ago

Similar presentations

Presentation on theme: "Data Security and Cryptology, IV Risk Management and its Methods September 24th, 2014 Valdo Praust Lecture Course in Estonian IT College Autumn."— Presentation transcript:

1 Data Security and Cryptology, IV Risk Management and its Methods September 24th, 2014 Valdo Praust mois@mois.ee Lecture Course in Estonian IT College Autumn 2014 September 24th, 2014 Valdo Praust mois@mois.ee Lecture Course in Estonian IT College Autumn 2014

2 Components of Information Security Infortmation security (infoturve) or data security (andmeturve) is a complex concept consisting of following three properties (security goals): information availability (käideldavus) information integrity (terviklus) information confidentiality (konfidentsiaalsus) Infortmation security (infoturve) or data security (andmeturve) is a complex concept consisting of following three properties (security goals): information availability (käideldavus) information integrity (terviklus) information confidentiality (konfidentsiaalsus) These three properties – called branches or goals of secrity – must be maintained for all information/data items we possess and process

3 Standard Model of Security Harming 1.Threats (ohud) influence the data (via IT assets) 2.Threats use the vulnerabilities (nõrkused, turvaaugud) of IT assets or components of IT system 3.Threats with co-influence the vulnerabilites will determine the risk or security risk (risk, turvarisk) 4.When a certain risk realises, there will appear a security loss or security breach or security incident (turvakadu, turvarike, turvaintsident) 5.In order to minimize the risks there’s necessary to minimise vulnerabilities using safeguards of security measures (turvameetmeid)

4 Security and Residual Risk Instead of absolute security usually the concept acceptable residual risk by the business process ((äriprotsessi jaoks) aktsepteeritav jääkrisk) is used NB! It does not matter how many safeguards we implement, we never achieve the absolute security. If we implement more safeguards we only minimise the probability that security (availability, integrity of confidentiality) will be harmed but it will never fall into zero An acceptable residual risk is a situation where the total price of all implemented safeguards is approximately equal to the forecasted total loss of security (measured by the amount of money)

5 Economical View of Data Security

6 Vulnerabilities Vulnerabilities (nõrkused ehk turvaaugud) are all such a properties of a protectable object through which (security) threats can be realised Can be divied to: infrastructure vulnerabilities IT vulnerabilities personal-related vulnerabilities organisational vulnerabilities

7 Safeguards (Security Measures) Safeguards (turvameetmed): enable to minimize vulnerabilities through minimizing of vulnerabilities enable to minimize the residual risk

8 Harming of Security

9 Influence of Safeguard(s)

10 Classification of Safeguards by purpose (prevents threat, frightens attask, repairs defect etc) by influented security component/goal (availability, integrity, confidentiality) by type of (harmable) IT asset mean of implementation or realisation (procedure, technical equipment, program, building construction etc) by strength of security Safeguards (turvameetmed) can by classified using different approaches:

11 Purpose of Safeguards By purpose the safeguards are divided to: preventive safeguards (profülaktilised meetmed) identifying safeguards (tuvastusmeetmed) reconstructive safeguards (taastemeetmed) Several safeguards are polyfunctional (for example error correcting codes)

12 Preventive Safeguards Preventive safeguards (profülaktilised turvameetmed) enable to prevent security incidents: to minimize vulnerabilities to prevent attacks to minimize security risk probabilities to decrease the influence of security incidents to IT assets to facilitate site (object) restoration Can be divided into three categories: reinforcable safeguards (tugevdusmeetmed) scaring safeguards (peletusmeetmed) separative safeguards (eraldusmeetmed)

13 Identifying Safeguards By the minimization of security loss we tend towards the following queue of goals: to avoid the security incident to identify operatively the incident to registrate the incident (and identifying it later) to prove the incident later Identifying safeguards (avastavad turvameetmed) can be divided to: operative identification (operatiivtuvastus) post-identification (järeltuvastus) evidence-based identification (tõendtuvastus)

14 Reconstructive Safeguards After a security incident realizes it’s always necessary to restore the normal operability of a harmed object. It can be done as fast and to a greater extent as the more importance the object (IT asset) has for us Main branches of reconstructive safeguards (taastavad turvameetmed) are: backuping (varundamine) renovation (ennistamine) replacing (asendamine)

15 Classification of Safeguards by Realization organisational safeguards physical safeguards IT-related sefaguards The most essential branch is organisational safeguards – without them any physical or IT- related safeguards hasn’t any real influence

16 Essence of Risk Management all kind of risks - risk of availability loss, risk of integrity loss and risk of confidentiality loss - must be taken into account these acceptable risks are typically determined by the business process and given to IT specialists (IT security specialists) as existing values Main goal of risk management: to implement exactly such a set of safeguards, which lead a security risk (the significance of theats + and its realising probability through vulnerabilities) to the level of the accepted residual risk

17 Main Alternatives of Risk Management 1. Detailed risk analysis (detailne riskianalüüs). An ideal case 2. Baseline approach (etalonturve metoodika). A convenient way in a lot of practical cases 3. Mixed approach (segametoodika). Takes the best elements from both baseline and detailed risk analysis combining them 4. Informal approach (mitteformaalne metoodika). A real practical alternative to systematic (formal) approaches

18 Detailed Risk Analysis Detailed Risk Analysis 2.Founding areas where it’s necessary to reduce the residual risk 3.Implementing appropriate safeguards in these areas 4.Finding new residual risks with comparing them to accepted residual risk 5.Repeating the above-mentioned procedure until we fit to the accepted residual risk limits 1. Residual risk evaluating with the using of either qualitative or quantitative risk analysis methodology

19 Quantitative and Qualitative Risk Analysis Quantitative risk analysis is based on the calculation of quantitative values (often measured by the amount of money, other units are often reduced to money Qualitative risk analysis is based in the calculation of some pre-agreed relative values (scales) There are two main possibilities to perform the detailed risk analysis: a quantitative risk analysis (kvantitatiivne riskianalüüs) or a qualitative risk analysis (kvalitatiivne riskianalüüs)

20 Quantitative Risk Analysis Typically involves: the detailed specification of all IT assets the specification of all threats and their’ realizing frequency the evaluating of all vulnerabilities of all IT assets by the amount of money necessary for a performing a successful attack (successful realisation of accidential threat) the calculation of co-influences of all vulnerabilities and threats in the probability units for all IT assets the actual risk calculations, reduced to security risk (availability, integrity and confidentiality risk) of all data and other essential assets Often, the special questionnaire and/or software is used for it

21 Properties of Quantitative Risk Analysis Advantage: if we have actual data for both the vulnerabilities’ utilisability by threats and the threats’ frequency, there’s always possible to calculate the actual residual risks correctly in the money and probability units Disadvantages: a very huge amount of work (hundreds of different IT assets, threats and vulnerabilities) the actual information about threats and vulnerabilities is usually missing or incorrect (unusable) which rigidly excludes the usage of quantitative risk analysis

22 Qualitative Risk Analysis Also the known exact monetary values ​​ will be transferred to such a relative gradient/scale form Difficultly measurable values ​​ are usually replaced by the empirical and subjective (expert- based) evaluations of them Instead of precise probabilities and money values we use several notional values ​​ and the coarse gradients and scales. Usually 3-4 steps are used (such as a high-average-low)

23 Part of Qualitative Risk Analysis – the Evaluation of Threat’s Influence As a rule, the following factors are taking into account (using some subjective scale): enticement of an asset - for a case of an attack) easyness of transforming of an asset into amenity (money) - for a case of an attack technical possibilities of a typical attacker the rate of utilization of (different) vulnerabilities frequency of threat actual realization

24 A Typical Method of Qualitative Risk Analysis: A Risk Matrix Threats and vulnerabilities are evaluated on 3-magnitude scale Values of IT assets are evaluated on 5- magnitude relative scale Risk is presented using 9-magnitude scale

25 Example of Qualitative Risk Analysis: Finding Intolerable Risks Damage range is evaluated on 5-magnitude scale Damage frequency is also evaluated on 5- magnitude scale T is tolerable risk, M intolerable risk

26 Properties of Detailed Risk Analysis (in general) Properties of Detailed Risk Analysis (in general) Advantages: we got a realistic overview of situation a calculated residual risk is very likely the actual residual risk systematic methodology takes into account all possible vulnerabilities and threats (“we do not miss them”) A serious disadvantage: detailed risk analysis is an extremly resource- consuming process (work, time, money, specialists)

27 Detailed Risk Analysis in Practice Detailed Risk Analysis in Practice In the case of limited resources the detailed risk analysis is always an unsuitable method Conclusion: Detailed risk analysis is usuallyimplemented only in a few critical information systems when we have sufficient resources to perfom it (less than 1% of real systems) Therefore, we must implement other alternative risk management methods

28 Essence of Baseline Approach Baseline approach is a main alternative of detailed security analysis for the cases of limited resources (used for 99% practical systems) In the case of baseline methodology (etalonturbe metoodika) we have a given (fixed) set of mandatory safeguards for a certain (early determined) security level. We assume that implementing of these safeguards is sufficient to reach the mentioned security level (to reach to the limits of accepted residual risk)

29 Main Idea of Baseline Approach 1.All typical components of the typical information system (buildings, office, servers, hardware, software, communications, users, organization, access control, etc.) was taken into account as an hypothetical system 2.The certain level of security was predefined 3.The detailed risk analysis was implemented (once!) for above-mentioned circumstances. The result is a certain set of safeguards 4.It is assumed that for any other information system the reaching of the same security level needs the implementing of same set of safeguards. Therefore, these safeguards can be considered as a baseline safeguards (etalonturvameetmed)

30 Properties of Baseline Approach Advantages: in comparison with detailed risk analysis we need dozens, hundreds or even thousands of times less resources (people, time, money, work) same set of baseline safeguards is applicable to the different information systems Disadvantages: for a high reference security level we are forced to implement more safeguards than necessary for a low reference security level it gains too high (unacceptable for us) residual risks information system components with an unique architecture may cause an enormous security risks that we can’t take into the account

31 Essence of Mixed Approach Two main branches of mixed approach (segametoodika) : 1. Sets of baseline safeguards are prepared not only for a certain (single) security level but for different security levels (for different pre-defined availability, integrity and confidentiality levels) 2. In mission-critcal and/or unique architecture components the detailed risk analysis was implemented (for other components we use widely- spread baseline approach) Overtakes the advantages from both, detailed risk analysis and baseline approach combining them in order to find a reasonable compromize

32 Properties of Mixed Approach Properties of Mixed Approach Advantages: in comparison with detailed risk analysis it is less resouce-consuming in comparison with baseline approach it enables to take into account the specific security goals (levels) determined by the protectable IT assets (protectable data) Disadvantages: in comparison with detailed risk analysis it gives the less realistic result in comparison with baseline approach it is a little more expensive

33 Informal Apporoach It is a useful method when: risk analysis must to be performed very fast we havn’t any suitable abstract risk assessment approaches or we can’t use them for some reasons existing risk management methods are too resource-consumable for us we have suitable experienced (IT) professionals Informal approach (mitteformaalne riskihaldusmetoodika) is based on risk assessment by a non-abstract methods using the existing experience of specialists (own employees, external consultants)

34 Properties of Informal Approach Advantages: there’s no necessity to learn new skills and techniques (we need only good experts) risk management process can be implemented by a smaller amout of resources (cheaper) than in the case of detailed risk analysis Serious disadvantages: if we disregard systemicness, there’s always a great risk to leave some serious vulnerabilities or risks unnoticed experience of internal/external experts both is always subjective and often absent (unsatisfiable) for some areas expenses of safeguards isn’t sufficiently justified by us for company’s management major problems will arise when some of experts terminate his/her duty

35 Examples of Risk Management Methods: BSI and ISKE BSI Baseline Security Method (in German: IT Grundschutz) is a German National baseline security method which assumes that we operate on basic level of security (basic levels of availability, integrity and confidentiality) ISKE is an Estonian public sector IT security standard where baseline safeguards are prepared for different security levels (regarding different availability, integrity and confidentiality levels determined by business process). It is a typical mixed approach. ISKE uses the classification and safeguards prepared by the BSI Baseline Security Method

Download ppt "Data Security and Cryptology, IV Risk Management and its Methods September 24th, 2014 Valdo Praust Lecture Course in Estonian IT College Autumn."

Similar presentations

Risk Management Introduction Risk Management Fundamentals

Risk Management Introduction Risk Management Fundamentals
Test process essentials Riitta Viitamäki, 14.4.2004

Test process essentials Riitta Viitamäki,
Intermediate Accounting

Intermediate Accounting
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Auditing Concepts.

Auditing Concepts.
ITIL: Service Transition

ITIL: Service Transition
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Sampling.

Sampling.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Soft. Eng. II, Spr. 2002Dr Driss Kettani, from I. Sommerville1 CSC-3325: Chapter 9 Title : Reliability Reading: I. Sommerville, Chap. 16, 17 and 18.

Soft. Eng. II, Spr. 2002Dr Driss Kettani, from I. Sommerville1 CSC-3325: Chapter 9 Title : Reliability Reading: I. Sommerville, Chap. 16, 17 and 18.
1 Risk evaluation Risk treatment. 2 Risk Management Process Risk Management Process.

1 Risk evaluation Risk treatment. 2 Risk Management Process Risk Management Process.
Software Process and Product Metrics

Software Process and Product Metrics
BA 427 – Assurance and Attestation Services

BA 427 – Assurance and Attestation Services
Non-functional requirements

Non-functional requirements
Financial Audit Autonomous Bodies Internal Control and Risk Assessment Session 1.8 1 Internal Control and Risk Assessment.

Financial Audit Autonomous Bodies Internal Control and Risk Assessment Session Internal Control and Risk Assessment.
Copyright © 2007 Pearson Education Canada 1 Chapter 12: Audit Sampling Concepts.

Copyright © 2007 Pearson Education Canada 1 Chapter 12: Audit Sampling Concepts.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
«Enhance of ship safety based on maintenance strategies by applying of Analytic Hierarchy Process» DAGKINIS IOANNIS, Dr. NIKITAKOS NIKITAS University of.

«Enhance of ship safety based on maintenance strategies by applying of Analytic Hierarchy Process» DAGKINIS IOANNIS, Dr. NIKITAKOS NIKITAS University of.
Data Security and Cryptology, III Vulnerabilities of Information Assets. Appliable Safeguards September 17th, 2014 Valdo Praust Lecture Course.

Data Security and Cryptology, III Vulnerabilities of Information Assets. Appliable Safeguards September 17th, 2014 Valdo Praust Lecture Course.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google