Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. Benjamin Khoo New York Institute of Technology School of Management.

Published byGregory Terry Modified over 8 years ago

Similar presentations

Presentation on theme: "Dr. Benjamin Khoo New York Institute of Technology School of Management."— Presentation transcript:

1 Dr. Benjamin Khoo kkhoo@nyit.edu New York Institute of Technology School of Management

2 1. Why should a Risk Assessment be conducted? 2. When should a Risk Analysis be conducted? 3. Who should conduct the Risk Analysis and Risk Assessment? 4. Who within the organization should conduct the Risk Analysis and Risk Assessment? 5. How long should a Risk Analysis or Risk Assessment take? 6. What can a Risk Analysis or Risk Assessment Analyze?

3 7. What can the results of Risk Management tell an Organization? 8. Who should review the results of a Risk Analysis? 9. How is the success of the Risk Analysis measured?

4 1. Overview - RM used to balance operational & economic costs of protective measures (IS) and achieve gains in mission capability. - made up of: 1. risk analysis 2. risk assessment 3. risk mitigation 4. vulnerability assessment & controls evaluation. See Table 2.1 for definitions.

5 2. Risk Assessment as part of the business process See Figure 2.1 Risk Management Activities mapped to the SDLC See Table 2.2

6 3. Employee Roles and Responsibilities See Table 2.3, Table 2.4 & Table 2.5 for examples. 4. Information Security Life Cycle See Figure 2.2 5. Risk Analysis Process

7 6. Risk Assessment 1.Asset Definition 2.Threat Identification (See Table 2.6) 3. Determine Probability of Occurrence 4.Determine the Impact of the Threat (See Figure 2.3 and Figure 2.4) 5.Controls Recommended 6.Documentation

Download ppt "Dr. Benjamin Khoo New York Institute of Technology School of Management."

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Jump to first page NIST 800-30 Risk Management Guide for Information Technology Systems Reference:

Jump to first page NIST Risk Management Guide for Information Technology Systems Reference:
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
Producer Risk Assessment in Plant Biosecurity Management.

Producer Risk Assessment in Plant Biosecurity Management.
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
P449. p450 Figure 15-1 p451 Figure 15-2 p453 Figure 15-2a p453.

P449. p450 Figure 15-1 p451 Figure 15-2 p453 Figure 15-2a p453.
Overview of Key Rule Features

Overview of Key Rule Features
© MIT 2002 Supply Chain Response to Global Terrorism: Synthesis of Feedback Potential MIT Roles December 6, 2002.

© MIT 2002 Supply Chain Response to Global Terrorism: Synthesis of Feedback Potential MIT Roles December 6, 2002.
Module 2 Segregation of Duties Case Study Individual Assignment

Module 2 Segregation of Duties Case Study Individual Assignment
Crisis Management in Organizations

Crisis Management in Organizations
COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.

COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
By: Ashwin Vignesh Madhu

By: Ashwin Vignesh Madhu
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Risk Management.

Risk Management.
Chapter Extension 22 Managing Computer Security Risk © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 22 Managing Computer Security Risk © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Risk Assessment Frameworks

Risk Assessment Frameworks
Introduction to Network Defense

Introduction to Network Defense

Similar presentations

Ads by Google