Dr. Benjamin Khoo New York Institute of Technology School of Management.

Slides:



Advertisements
Similar presentations
Museum Presentation Intermuseum Conservation Association.
Advertisements

Jump to first page NIST Risk Management Guide for Information Technology Systems Reference:
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
Producer Risk Assessment in Plant Biosecurity Management.
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
P449. p450 Figure 15-1 p451 Figure 15-2 p453 Figure 15-2a p453.
Overview of Key Rule Features
© MIT 2002 Supply Chain Response to Global Terrorism: Synthesis of Feedback Potential MIT Roles December 6, 2002.
Module 2 Segregation of Duties Case Study Individual Assignment
Crisis Management in Organizations
COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
By: Ashwin Vignesh Madhu
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Risk Management.
Chapter Extension 22 Managing Computer Security Risk © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Risk Assessment Frameworks
Introduction to Network Defense
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
SEC835 Database and Web application security Information Security Architecture.
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
The IS risk analysis based on a business model Vincent Boekholtz.
Conostix S.A. Sensible defence.
1 Introduction to Security Chapter 5 Risk Management: The Foundation of Private Security.
© 2001 by Carnegie Mellon University PSM-1 OCTAVE SM : Senior Management Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh,
Lecture 32 Risk Management (Cont’d)
Growing the Value of Your Firm through Supplemental Architectural Services May 2011.
CAIRA is a quantitative vulnerability assessment tool for examining the physical security of energy systems (electrical, natural gas, steam and water)
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (1) Information Security.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Dr. Charles W. Beadling Central Asia Regional Health Security Conference April 2012 Garmisch-Partenkirchen, Germany.
Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Chapter 11: Project Risk Management
Risk Management, FUIEMS, 30 December 2009 Engineering Economics Risk Management Lecture 16 Engineering Economics Risk Management Lecture 16.
karRKb;RKghaniP½yrbs;KMerag Project Risks Management
Visual 1. 1 Lesson 1 Overview and and Risk Management Terminology.
Information Security Governance and Risk Chapter 2 Part 2 Pages 69 to 100.
The Nature of Business McGraw-Hill  The McGraw-Hill Companies, Inc., 2001.
Risk Assessment What is good about the Microsoft approach to threat modeling? What is bad about it? OCTAVE…  Advantage: ___________  Disadvantage: ___________.
Risk Assessment What is good about the Microsoft approach to threat modeling? OCTAVE…  Advantage: ___________  Disadvantage: ___________ What is bad.
Risk Management Issues in Information Security Amanda Kershishnik COSC April 2007.
DARSHANA RAGHU MANAGEMENT. Risk Management Risk management is the identification, assessment, and prioritization of risks followed by coordinated and.
Internal Control Process at Geneseo. Objectives Understand the objectives of effective internal controls Describe Geneseo’s internal control program Accurately.
Principles of Information Security, Fourth Edition Risk Management Ch4 Part I.
Computer Science / Risk Management and Risk Assessment Nathan Singleton.
Template for CORAS Risk Analysis. The eight steps of a CORAS risk analysis.
Risk Management in Software Development Projects Roberto Torres Ph.D. 11/6/01.
The process of identifying and controlling the risks is called Risk Management.
Primary Steps for Achieving ISO Certification.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)
S7-1 © 2001 Carnegie Mellon University OCTAVE SM Process 7 Conduct Risk Analysis Software Engineering Institute Carnegie Mellon University Pittsburgh,
Campus Wide Safety Committee Initial Meeting 11/9/16
Risk management.
AUDITING BUSINESS PROCESSES Part Five. AUDITING BUSINESS PROCESSES Part Five.
Figure 3: TSN Analysis Methodology
CMGT 431 Competitive Success/snaptutorial.com
CMGT 431 STUDY Lessons in Excellence--cmgt431study.com.
SEC 240 Education on your terms/tutorialrank.com.
Libraries are in challenging times
Information Security Risk Management
Risk Analysis and HIPAA Security
Cyber Risk & Cyber Insurance - Overview
Figure 11-1.
Final Conference 18 Set 2018.
Figure Overview.
Figure Overview.
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Presentation transcript:

Dr. Benjamin Khoo New York Institute of Technology School of Management

1. Why should a Risk Assessment be conducted? 2. When should a Risk Analysis be conducted? 3. Who should conduct the Risk Analysis and Risk Assessment? 4. Who within the organization should conduct the Risk Analysis and Risk Assessment? 5. How long should a Risk Analysis or Risk Assessment take? 6. What can a Risk Analysis or Risk Assessment Analyze?

7. What can the results of Risk Management tell an Organization? 8. Who should review the results of a Risk Analysis? 9. How is the success of the Risk Analysis measured?

1. Overview - RM used to balance operational & economic costs of protective measures (IS) and achieve gains in mission capability. - made up of: 1. risk analysis 2. risk assessment 3. risk mitigation 4. vulnerability assessment & controls evaluation. See Table 2.1 for definitions.

2. Risk Assessment as part of the business process See Figure 2.1 Risk Management Activities mapped to the SDLC See Table 2.2

3. Employee Roles and Responsibilities See Table 2.3, Table 2.4 & Table 2.5 for examples. 4. Information Security Life Cycle See Figure Risk Analysis Process

6. Risk Assessment 1.Asset Definition 2.Threat Identification (See Table 2.6) 3. Determine Probability of Occurrence 4.Determine the Impact of the Threat (See Figure 2.3 and Figure 2.4) 5.Controls Recommended 6.Documentation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.