Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative."— Presentation transcript:

1 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative Risk Analysis Module 1: Qualitative Risk Analysis Module 2: Determine Assets and Vulnerabilities Module 3: Determine Threats and Controls Module 4: Matrix Based Approach Module 5: Case Study  Module 6: Summary

2 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 2 Summary Qualitative Risk Analysis Qualitative risk analysis involves using relative values of assets, threats, vulnerabilities to: – Determine the relative exposure of different assets of the organization – Determine the relative effectiveness of different controls The methodology developed here uses a series of matrices to collect the data on assets, vulnerabilities, threats and controls Data from the matrices is integrated to determine the relative importance of controls This approach is suitable when precise data for different elements is unavailable Most organizations start with a qualitative analysis and gradually migrate to a quantitative analysis

3 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 3 Suggested Reading Qualitative Risk Analysis Backhouse, J. and Dhillon, G. (1996). Structures of responsibility and security of information systems. European Journal of Information Systems, 5(1), 2-9. Baskerville, R. (1993). An Analytical Survey of Information System Security Design Methods: Implications for Information Systems Development. ACM Computing Surveys, 375-414. Parker, D.B. (1981). Managers Guide to Computer Security. Prentice-Hall, Inc, Reston, VA, USA.

4 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 4 Acknowledgements Grants and Personnel Support for this work has been provided through grants from the following agencies –National Science Foundation (NSF 0210379) –Department of Education (FIPSE) Damira Pon, from the Center of Information Forensics and Assurance contributed extensively by reviewing and editing the material Robert Bangert-Drowns from the School of Education reviewed the material from a pedagogical view. Melissa Dark & Ting Zhuang from Purdue University provided a critique of the material and facilitated creation of a distance delivery version of the course.

Download ppt "Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative."

Similar presentations

DIScovery SciEnce through Computational Thinking (DISSECT) Enrico Pontelli.

DIScovery SciEnce through Computational Thinking (DISSECT) Enrico Pontelli.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Lero© 2010 Software Process & Quality Improvement Dr. Ita Richardson Lero – the Irish Software Engineering Research Centre and Department of Computer Science.

Lero© 2010 Software Process & Quality Improvement Dr. Ita Richardson Lero – the Irish Software Engineering Research Centre and Department of Computer Science.
Cyber Education Project Accreditation Committee November 2014.

Cyber Education Project Accreditation Committee November 2014.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Information Security Risk.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Information Security Risk.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 General Policy and Law Issues.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 General Policy and Law Issues.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Qualitative Risk Analysis.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Qualitative Risk Analysis.
Using G.I.S. to Bridge the Gap Between Regional and Local Industrial Analyses Towards a cooperative framework within local communities in northeast Ohio.

Using G.I.S. to Bridge the Gap Between Regional and Local Industrial Analyses Towards a cooperative framework within local communities in northeast Ohio.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Similar presentations

Ads by Google