Download presentation
Presentation is loading. Please wait.
1
Classical Risk Analysis November 13, 2015
4
Classical Risk Analysis
5
Risk Fundamental Terminology Vulnerability Vulnerability Threat Threat Vulnerability + Threat = Incident Vulnerability + Threat = Incident Incident = Potential Loss Incident = Potential Loss Security Breach= Incident which overcame controls Security Breach= Incident which overcame controls Loss: Effect/Impact Loss: Effect/Impact Likelihood/Probability of Incident, Likelihood/Probability of Incident, Expected Value of the Loss Expected Value of the Loss Scope of Incident, Magnitude of Loss Scope of Incident, Magnitude of Loss Duration of the Effects Duration of the Effects
6
Starting Point for Risk Analysis Identify list of Vulnerabilities Identify list of Vulnerabilities Identify list of Threats Identify list of Threats
7
Risk Management V/T ListEvaluate Probabilities Evaluate Potential Loss
8
Risk Management V/T ListEvaluate Probabilities Evaluate Potential Loss List Controls
9
Controls
10
Forensic Restorative DirectiveDeterrent Controls PreventiveDetectiveRecoveryCorrective
11
Controls PreventiveDetectiveCorrective
12
Risk Management V/T ListEvaluate Probabilities Evaluate Potential Loss List Controls
13
Risk Management V/T ListEvaluate Probabilities Evaluate Potential Loss List ControlsEvaluate Cost of Control COMPARE
14
Risk Management V/T ListEvaluate Probabilities Evaluate Potential Loss List ControlsEvaluate Cost of Control
15
Problems, Problems…
16
Risk Management V/T ListEvaluate Probabilities Evaluate Potential Loss List ControlsEvaluate Cost of Control COMPARE
17
Risk Management V/T ListEvaluate Probabilities Evaluate Potential Loss List ControlsEvaluate Cost of Control
18
Risk Analysis Probabilities vs. Likelihoods Probabilities vs. Likelihoods Magnitude of Effect Magnitude of Effect Scope or Breadth of the Effect Scope or Breadth of the Effect The effect of Time (duration) on the loss The effect of Time (duration) on the loss Complexity of the real world Complexity of the real world Downstream effects Downstream effects Repercussions and Fallout Repercussions and Fallout
19
Risk Management V/T ListEvaluate Probabilities Evaluate Potential Loss List ControlsEvaluate Cost of Control
20
Risk Management V/T ListEvaluate Likelihood Evaluate Exposure List ControlsEvaluate Cost of Control Preventive/Detective/Corrective perspective
21
Risk Management V/T ListEvaluate Likelihood Evaluate Exposure List ControlsEvaluate Cost of Control Preventive/Detective/Corrective perspective Reduce Probability / Contain Scope / Limit Magnitude / Shorten Duration
22
Risk Management V/T ListEvaluate Likelihood Evaluate Exposure List ControlsEvaluate Cost of Control Preventive/Detective/Corrective perspective Reduce Probability / Contain Scope / Limit Magnitude / Shorten Duration Avoid the Risk … or … Transfer the Risk … or … Accept the Risk
23
Risk Management V/T ListEvaluate Likelihood Evaluate Exposure Risk ResponseEvaluate Cost of Control Preventive/Detective/Corrective perspective Reduce Probability / Contain Scope / Limit Magnitude / Shorten Duration Avoid the Risk … or … Transfer the Risk … or … Accept the Risk
24
Risk Management V/T ListEvaluate Probabilities Evaluate Potential Loss Risk ResponseEvaluate Cost of Control
25
Risk Management V/T ListEvaluate Probabilities Evaluate Potential Loss Risk ResponseEvaluate Cost of Response
26
Four Responses to Risk Mitigate Mitigate Transfer Transfer Avoid Avoid Accept Accept
27
Four Responses to Risk Mitigate the Risk Mitigate the Risk Transfer the Risk Transfer the Risk Avoid the Risk Avoid the Risk Accept the Risk Accept the Risk
28
Quantitative Risk Analysis
29
Qualitative Risk Analysis
32
Risk Management V/T ListEvaluate Probabilities Evaluate Potential Loss Risk ResponseEvaluate Cost of Response COMPARE
33
Classic Risk Analysis
34
Contingency Planning
35
Incident Response Command and Control Disaster Declaration Disaster Planning Damage Containment Loss Containment Disaster Recovery Business Continuity Planning Mission Critical …
37
Contingency Planning Incident Response Command and Control Disaster Declaration Disaster Planning Damage Containment Loss Containment Disaster Recovery Business Continuity Planning Mission Critical …
39
Monday: Question/Answer Wednesday: Examination III Friday: [ Case Two Issued ]* * Case 2 will be posted on the Materials Page by Friday Nov 20.
![Monday: Question/Answer Wednesday: Examination III Friday: [ Case Two Issued ]* * Case 2 will be posted on the Materials Page by Friday Nov 20.](http://images.slideplayer.com./32/9944522/slides/slide_39.jpg "Monday: Question/Answer Wednesday: Examination III Friday: [ Case Two Issued ]* * Case 2 will be posted on the Materials Page by Friday Nov 20.")
Similar presentations
