Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.

Slides:



Advertisements
Similar presentations
Bridging the gap between software developers and auditors.
Advertisements

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Session 3: Security Risk Management Eduardo Rivadeneira IT Pro Microsoft Mexico.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Intaver Institute Inc. 303, 6707, Elbow Drive S.W., Calgary AB Canada T2V 0E5 Quantitative Risk Analysis for Aerospace Industry.
Mitigating Risk of Out-of-Specification Results During Stability Testing of Biopharmaceutical Products Jeff Gardner Principal Consultant 36 th Annual Midwest.
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Information Security Risk.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 General Policy and Law Issues.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Project Risk Management
A Framework for Comparing Different Information Security Risk Analysis Methodologies Anita Vorster, Les Labuschagne Ajay Kumar Iduri Sushma Sachidanand.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline General Policy.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Creation of Policies, Part.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Creation of Policies, Part.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
By: Ashwin Vignesh Madhu
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Quantitative Risk Analysis.
Managing Project Risk.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Chapter Extension 22 Managing Computer Security Risk © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Robert M. Saltzman © DS 851: 4 Main Components 1.Applications The more you see, the better 2.Probability & Statistics Computer does most of the work.
Decision analysis and Risk Management course in Kuopio
Security Risk Management Paula Kiernan Ward Solutions.
PMI Knowledge Areas Risk Management.
Department of Business Information & Analytics MSMESB: Experience with Adding Analytics to the Academic Program Kellie Keeling University of Denver.
Chapter 11: Project Risk Management
Conostix S.A. Sensible defence.
INSuRE HUBbub 2014 September 29, 2014 Courtney Falk PhD Student Lauren Stuart PhD Student.
1 Oppliger: Ch. 15 Risk Management. 2 Outline Introduction Formal risk analysis Alternative risk analysis approaches/technologies –Security scanning –Intrusion.
Bilingual Russian-English Online Cyber Security Curriculum Sanjay Goel, Damira Pon, & Kevin Williams University at Albany, State University of New York.
Risk Management Project Management Digital Media Department Unit Credit Value : 4 Essential Learning time : 120 hours.
INFORMATION SECURITY MANAGEMENT L ECTURE 7: R ISK M ANAGEMENT I DENTIFYING AND A SSESSING R ISK You got to be careful if you don’t know where you’re going,
MGS3100_01.ppt/Aug 25, 2015/Page 1 Georgia State University - Confidential MGS 3100 Business Analysis Introduction - Why Business Analysis Aug 25 and 26,
MBA7020_01.ppt/June 13, 2005/Page 1 Georgia State University - Confidential MBA 7020 Business Analysis Foundations Introduction - Why Business Analysis.
Mathematical Sciences MA206 Probability and Statistics Program Director: LTC John Jackson Course Director: MAJ Kevin Cummiskey Assistant CD:MAJ Nick Howard.
INFORMATION SECURITY MANAGEMENT L ECTURE 8: R ISK M ANAGEMENT C ONTROLLING R ISK You got to be careful if you don’t know where you’re going, because you.
Introduction to Project Management Chapter 9 Managing Project Risk
Chap 8: Administering Security.  Security is a combination Technical – covered in chap 1 Administrative Physical controls SE571 Security in Computing.
Information Security Governance and Risk Chapter 2 Part 2 Pages 69 to 100.
INFORMATION SECURITY MANAGEMENT L ECTURE 7: R ISK M ANAGEMENT I DENTIFYING AND A SSESSING R ISK You got to be careful if you don’t know where you’re going,
CST 481/598 Many thanks to Jeni Li.  Risk matrix or cube  Cost effectiveness analysis  Annualized Loss Expectancy  Multi-Attribute Risk Assessment.
INFORMATION SECURITY MANAGEMENT L ECTURE 8: R ISK M ANAGEMENT C ONTROLLING R ISK You got to be careful if you don’t know where you’re going, because you.
INFORMATION SECURITY MANAGEMENT L ECTURE 8: R ISK M ANAGEMENT C ONTROLLING R ISK You got to be careful if you don’t know where you’re going, because you.
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)
Risk Management.
Chapter 8 – Administering Security
Chapter 11: Project Risk Management
Quantitative Risk Analysis for Aerospace Industry
Monte Carlo Simulation Managing uncertainty in complex environments.
Quantitative Project Risk Analysis
TERRORIST PROTECTION PLANNING USING A RELATIVE RISK REDUCTION APPROACH
Chapter 7: RISK ASSESSMENT, SECURITY SURVEYS, AND PLANNING
Project Risk Analysis and Management: L3
Risk Management Part I Dr. Zahi Yaseen Contact Us
Integration and Decision-Making Frameworks for Climate Change Policy
Information Security Risks; All-in-One Terminology
Introduction to Decision Sciences
Presentation transcript:

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative Risk Analysis Module 1: Quantitative Risk Analysis and ALE Module 2: Case Study Module 3: Cost Benefit Analysis and Regression Testing Module 4: Modeling Uncertainties  Module 5: Summary

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 2 Summary Quantitative Risk Analysis Risk Exposure – RISK EXPOSURE = RISK IMPACT x RISK PROBABILITY Annual Loss Expectancy (ALE) – Identify and determine the value of assets – Determine vulnerabilities – Estimate likelihood of exploitation – Compute ALE – Survey applicable controls and their costs – Perform a cost-benefit analysis

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 3 Summary Qualitative Risk Analysis Risk Aggregation: Optimization – simple formulation Cost Benefit Analysis LEVERAGE = (RISK EXPOSURE before reduction – RISK EXPOSURE after reduction ) ________________________________________________ COST OF REDUCTION Decision Tree – Graphical method for cost-benefit analysis Monte Carlo Simulation – 1)Develop risk model, 2) Define the shape and parameters, 3)Run simulation, 4)Build histogram, 5)Compute summary statistics, 6)Perform sensitivity analysis, 7)Analyze potential dependency relationship

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 4 Suggested Reading Quantitative Risk Analysis Alberts, C., & Dorofee, A. (2003). Managing Information Security Risks: The OCTAVE SM Approach. New York, NY: Addison-Wesley. Barber, B. and Davey, J. (1992). The use of the CCTA risk analysis and management methodology CRAMM. Proc. MEDINFO92, North Holland, 1589 –1593. Stolen, K., den Braber, F. & Dimitrakos T. (2002). Model- based Risk Assessment – The CORAS Approach.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 5 Acknowledgements Grants and Personnel Support for this work has been provided through grants from the following agencies –National Science Foundation (NSF ) –Department of Education (FIPSE) Damira Pon, from the Center of Information Forensics and Assurance contributed extensively by reviewing and editing the material Robert Bangert-Drowns from the School of Education reviewed the material from a pedagogical view. Melissa Dark & Ting Zhuang from Purdue University provided a critique of the material and facilitated creation of a distance delivery version of the course.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.