Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk management.

Published byGiles Anthony Atkins Modified over 6 years ago

Similar presentations

Presentation on theme: "Risk management."— Presentation transcript:

1 Risk management

2 Risk management Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level

3 Risk management - Risk is the likelihood that something bad will happen that causes harm to an informational asset (or the loss of the asset). - the vulnerability is risk that could be used to endanger or cause harm to an informational asset. - the threat is anything (man made or act of nature) that has the potential to cause harm

4 The Code of practice for information security management
recommends the following during a risk assessment: 1- security policy, 2- organization of information security, 3- asset management, 4- human resources security, 5- physical and environmental security, 6- communications and operations management, 7- access control, 8- information systems acquisition, development and maintenance, 9- information security incident management, 10- business continuity management 11- regulatory compliance.

5 The risk management process consists of:-
1. Identification of assets and estimating their value. Include: people, buildings, hardware, software, data (electronic, print, other), supplies. 2. Conduct a threat assessment. Include: Acts of nature, acts of war, accidents, malicious acts originating from inside or outside the organization. 3. Conduct a vulnerability assessment, and for each vulnerability, calculate the probability that it will be exploited. Evaluate policies, procedures, standards, training, physical security, quality control, technical security. 4. Calculate the impact that each threat would have on each asset. Use qualitative analysis or quantitative analysis. 5. Identify, select and implement appropriate controls. Provide a proportional response. Consider productivity, cost effectiveness, and value of the asset. 6 .Evaluate the effectiveness of the control measures. Ensure the controls provide the required cost effective protection without discernible loss of productivity

6 the types of controls in the Risk management
1-Administrative 2- Logical 3- Physical

7 1-Administrative Administrative controls (also called procedural controls)it is of approved written policies, procedures, standards and guidelines -- Administrative controls form the framework for running the business and managing people. examples of administrative controls it is the corporate security policy, password policy, hiring policies, and disciplinary policies.

8 2- Logical Logical controls (also called technical controls) use software and data to monitor and control access to information and computing systems. - example of Logical controls : passwords, network and host based firewalls, network intrusion detection systems, access control lists, and data encryption are logical controls.

9 3- Physical Physical controls monitor and control the environment of the work place and computing facilities. They also monitor and control access to and from such facilities. For example: doors, locks, heating and air conditioning, smoke and fire alarms, fire suppression systems, cameras, barricades, fencing, security guards, cable locks, etc. .

Download ppt "Risk management."

Similar presentations

Security Presented by: Mark Davis & Shahein Moussavi.

Security Presented by: Mark Davis & Shahein Moussavi.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.

CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
Introducing Computer and Network Security

Introducing Computer and Network Security
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.

IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.
Unit # 3: Information Security and Risk Management

Unit # 3: Information Security and Risk Management
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Introduction to Network Defense

Introduction to Network Defense
AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES.

AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)
G53SEC Computer Security Introduction to G53SEC 1.

G53SEC Computer Security Introduction to G53SEC 1.
Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.

Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.

Similar presentations

Ads by Google