Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Management Vs Risk avoidance William Gillette.

Published byDwain Ray Modified over 8 years ago

Similar presentations

Presentation on theme: "Risk Management Vs Risk avoidance William Gillette."— Presentation transcript:

1 Risk Management Vs Risk avoidance William Gillette

2 Security System Development Life Cycle An Overview Investigation Investigation Teams of employees define the problem, scope and set goals/objectives and check feasibility of the project Teams of employees define the problem, scope and set goals/objectives and check feasibility of the project Analysis Analysis Looks at current security policies, threats, controls, and legal issues that could impact a new security policy/system. Risk management stage Looks at current security policies, threats, controls, and legal issues that could impact a new security policy/system. Risk management stage Design Design The logical and physical design of security system. Risk avoidance stage The logical and physical design of security system. Risk avoidance stage Implement Implement The purchase or development of security solutions. The purchase or development of security solutions. Maintenance Maintenance Security systems constantly need updating, modifying and testing Security systems constantly need updating, modifying and testing

3 Risk Management Defined: Defined: The process of identifying vulnerabilities in an organization’s information systems and or programs. Then taking steps to assure its confidentiality, availability, integrity, authenticity. The process of identifying vulnerabilities in an organization’s information systems and or programs. Then taking steps to assure its confidentiality, availability, integrity, authenticity.

4 Risk Management Step by Step analysis Step 1 Know yourself. Step 1 Know yourself. First, you must identify, examine, and understand the data/information and systems that interact on these elements. First, you must identify, examine, and understand the data/information and systems that interact on these elements. Second, once you know what you have you can now look at what is already being done to protect these assets. Second, once you know what you have you can now look at what is already being done to protect these assets. Third, Identify if these controls are being properly maintained and administrated. Third, Identify if these controls are being properly maintained and administrated.

5 Risk Management Step by Step analysis Step 2 know you enemy Step 2 know you enemy Now that you are informed of your organization’s assets and weaknesses you must identify, examine, understanding the treats facing your organization. Now that you are informed of your organization’s assets and weaknesses you must identify, examine, understanding the treats facing your organization. In turn you must also identify the aspects of the treats that will most directly effect you organization. In turn you must also identify the aspects of the treats that will most directly effect you organization. With your understanding of the threats you are now ready to create a list of treats prioritized by the importance of the threat and the asset. With your understanding of the threats you are now ready to create a list of treats prioritized by the importance of the threat and the asset. Remember in business, business needs come first technology (including security mainly come second) Remember in business, business needs come first technology (including security mainly come second)

6 Risk Management Step by Step analysis Step 3 know your community Step 3 know your community Information security community: theses people understand the threats the most and often take a leadership role when it comes addressing threats. Information security community: theses people understand the threats the most and often take a leadership role when it comes addressing threats. Users and managers communities: when properly trained this group plays a critical part in the area of early detection. Users and managers communities: when properly trained this group plays a critical part in the area of early detection. Both groups are also responsible for Both groups are also responsible for Evaluating risk controls Evaluating risk controls Determining which control option are cost effective Determining which control option are cost effective Acquiring or installing the needs for controls. Acquiring or installing the needs for controls. Overseeing that the controls remains effective. Overseeing that the controls remains effective.

7 Risk avoidance Defined: Defined: A risk control strategy that attempts to prevent attacks to organizational assets, through there vulnerabilities. A risk control strategy that attempts to prevent attacks to organizational assets, through there vulnerabilities. This is the most preferred risk control strategy as it seeks to avoid risk/treats entirely. This is the most preferred risk control strategy as it seeks to avoid risk/treats entirely. Avoidance is accomplish through countering treats, removing vulnerabilities in assets, limiting access to assets, and adding protective safeguards. Avoidance is accomplish through countering treats, removing vulnerabilities in assets, limiting access to assets, and adding protective safeguards.

8 Methods of risk avoidance Avoidance through application of policy. Avoidance through application of policy. Avoidance through application of training and education. Avoidance through application of training and education. Avoidance though application of technology. Avoidance though application of technology.

9 Avoidance through application of policy This mandates that procedure must be followed when dealing with a sensitive asset. This mandates that procedure must be followed when dealing with a sensitive asset. Example requiring random assigned password to access sensitive assets like customer databases. Example requiring random assigned password to access sensitive assets like customer databases.

10 Avoidance through application of training and education New policies must be communicated to employees. In addition new technology requires training. New policies must be communicated to employees. In addition new technology requires training. General security awareness issues. General security awareness issues. Awareness, education, and training are essential if employees are to exhibit safe controlled behavior. Awareness, education, and training are essential if employees are to exhibit safe controlled behavior.

11 Avoidance though application of technology. In the real world technological solutions are often required to assure that a risk is reduced. In the real world technological solutions are often required to assure that a risk is reduced. The use of countering measure to reduce or eliminating the exposure of a particular asset to a specific treat. The use of countering measure to reduce or eliminating the exposure of a particular asset to a specific treat. Implementing safeguards to defect attack on systems and therefore minimize the probability of a attack will be successful. Implementing safeguards to defect attack on systems and therefore minimize the probability of a attack will be successful.

12 Risk Management Vs Risk avoidance Risk management Risk management Identifying vulnerabilities in an organization’s information systems and or programs Identifying vulnerabilities in an organization’s information systems and or programs Risk avoidance Control strategy that attempts to prevent attacks

13 Bibliography Information Technology for Management Henry C. Lucas 7 th Edition Irwin McGraw-Hill Information Technology for Management Henry C. Lucas 7 th Edition Irwin McGraw-Hill Principles of Information Security Michael E. Whitman Thomson Course Technology. Principles of Information Security Michael E. Whitman Thomson Course Technology. Information Security Issues that Healthcare Management Must Understand Journal of Healthcare Information Management Vol 17 # Winter 2003 Information Security Issues that Healthcare Management Must Understand Journal of Healthcare Information Management Vol 17 # Winter 2003

Download ppt "Risk Management Vs Risk avoidance William Gillette."

Similar presentations

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Risk Control Strategies And Physical Security By William Gillette.

Risk Control Strategies And Physical Security By William Gillette.
Social Engineering Jero-Jewo. Case study Social engineering is the act of manipulating people into performing actions or divulging confidential information.

Social Engineering Jero-Jewo. Case study Social engineering is the act of manipulating people into performing actions or divulging confidential information.
Fundamentals of Information Systems, Second Edition

Fundamentals of Information Systems, Second Edition
Lecture 2: Planning for Security INFORMATION SECURITY MANAGEMENT

Lecture 2: Planning for Security INFORMATION SECURITY MANAGEMENT
7.2 System Development Life Cycle (SDLC)

7.2 System Development Life Cycle (SDLC)
Principles of Information Security, 2nd Edition1 Risk Management.

Principles of Information Security, 2nd Edition1 Risk Management.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Lecture 8: Risk Management Controlling Risk

Lecture 8: Risk Management Controlling Risk
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Risk Management.

Risk Management.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Introduction to Systems Analysis and Design

Introduction to Systems Analysis and Design
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Introduction to Network Defense

Introduction to Network Defense
Release & Deployment ITIL Version 3

Release & Deployment ITIL Version 3
Adaptive Processes Simpler, Faster, Better 1 Adaptive Processes Understanding Information Security ISO 17799 / BS7799.

Adaptive Processes Simpler, Faster, Better 1 Adaptive Processes Understanding Information Security ISO / BS7799.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Similar presentations

Ads by Google