Presentation is loading. Please wait.

Presentation is loading. Please wait.

Randy Marchany VA Tech Computing Center

Published byBerenice Theodora Mason Modified over 8 years ago

Similar presentations

Presentation on theme: "Randy Marchany VA Tech Computing Center"— Presentation transcript:

1 Randy Marchany VA Tech Computing Center
NIPC: Risk Management Randy Marchany VA Tech Computing Center Copyright 2003, Marchany

2 Introduction Risk avoidance focuses on preventing loss or damage without reference to the degree of risk. Risk Management is a systematic and analytical process by which an organization identifies, reduces and controls its potential risks and losses. Copyright 2003, Marchany

3 Introduction Risk is a function of assets, threats and vulnerabilities. Risk is the potential for some unwanted event to occur. Threat is the capability and intention of an adversary to undertake actions that are detrimental to an org’s interests. Copyright 2003, Marchany

4 Introduction Vulnerability is any weakness in an asset or countermeasures that can be exploited by an adversary to cause damage to an org’s interests. Asset is anything of value People, info, HW, SW, facilities, reputation, activities. Copyright 2003, Marchany

5 5 step Risk Assessment Model
Asset assessment Threat assessment Vulnerability assessment Risk assessment Countermeasure identification Risk = consequence X threat X vulnerability Copyright 2003, Marchany

6 Assessment, Threat Examples
Key personnel File Servers Customer data Production facility pipeline Injury, death DOS attack Disclosure Natural disaster Sabotage Copyright 2003, Marchany

7 Assessment, Vulnerability Examples
Key personnel File Servers Customer data Production facility pipeline No access controls Patch mgt Unchecked 3rd party Physical access No roving guard force Copyright 2003, Marchany

8 Reference “Risk Management: An Essential Guide to Protecting Critical Assets”, NIPC, 11/2002 Copyright 2003, Marchany

Download ppt "Randy Marchany VA Tech Computing Center"

Similar presentations

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.
OCTAVESM Process 4 Create Threat Profiles

OCTAVESM Process 4 Create Threat Profiles
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
GSA Office of Emergency Response and Recovery Risk Based Continuity Planning Darren J. Blue, Director, Policy and Plans, Office of Emergency Response.

GSA Office of Emergency Response and Recovery Risk Based Continuity Planning Darren J. Blue, Director, Policy and Plans, Office of Emergency Response.
Topic Outline — Information security? — Security Why? — Security approach — Vocabulary — The weakest link — Real life security sample.

Topic Outline — Information security? — Security Why? — Security approach — Vocabulary — The weakest link — Real life security sample.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.

CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Disasters How to Plan Ahead to Minimize Damage Before, During, and After Disaster Strikes.

Disasters How to Plan Ahead to Minimize Damage Before, During, and After Disaster Strikes.
Critical Infrastructure Protection (and Policy) H. Scott Matthews March 5, 2003.

Critical Infrastructure Protection (and Policy) H. Scott Matthews March 5, 2003.
Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.

Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Author: Andy Reedftp://topsurf.co.uk/reed FdSc IT/Computer Networking & IT(e-commerce) Communications Network Management An Introduction to Security.

Author: Andy Reedftp://topsurf.co.uk/reed FdSc IT/Computer Networking & IT(e-commerce) Communications Network Management An Introduction to Security.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.

Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework

Similar presentations

Ads by Google