Register now to access 7 million high quality study materials (What's Course Hero?) Course Hero is the premier provider of high quality online educational resources. With millions of study documents, online tutors, digital flashcards and free courseware, Course Hero is helping students learn more efficiently and effectively. Whether you're interested in exploring new subjects or mastering key topics for your next exam, Course Hero has the tools you need to achieve your goals.

18 Pages

Risk Management

Course: CIS 480, Fall 2008
School: University of Louisville
Rating:

Word Count: 812

Document Preview

Unformatted Document Excerpt

Coursehero >> Kentucky >> University of Louisville >> CIS 480

Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.

Course Hero has millions of student submitted documents similar to the one below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.

Management 1 Risk Risk Management Risk controls Control categories Cost-benefit analysis Risk control methods 2 Risk Controls There are four main types: Avoidance Transference Mitigation Acceptance Strategy selection methods: Evaluation Assessment Maintenance 3 Risk Controls Avoidance refers to either reducing or eliminating threats posed by identified vulnerabilities Methods available are: Apply policy already in place Provide training to key personnel Educate all involved about the vulnerability Implement security controls 4 Risk Controls Transference refers to shifting the risk to other entities of the organizations Example: When the inventory system is under attack, move the inventory update process to another server where the partners have access to update. Using additional validation techniques the data is then transferred to the main server connected to the sales terminals. 5 Risk Controls Mitigation refers to minimizing the impact of an attack or the exposure to a known threat Methods for mitigation are: Incident response plan Disaster recovery plan Business continuity plan Incident response plan involves: An identified set of steps to be taken during a disaster Acquire intelligence on the nature of attack Analyze information 6 Risk Controls Disaster recovery plan involves: Procedures for recovering lost data Procedures for resumption of service Take systems offline to assess damage and protect data Business continuity plan involves: Procedures to activate the backup site (hot, warm, or cold) Procedures for resumption of telecommunication among the key personnel 7 Risk Controls Acceptance involves: Knowing the level of risk assumed from an attack Estimate the potential loss Perform a cost-benefit analysis Evaluate controls in place Cost required to protect an asset does not justify the damage caused by an attack 8 Control Categories Rules of thumb: Implement security controls to address known vulnerabilities (e.g., people sharing passwords. Security control could be only one login per userid) Cost of protection exceeds cost of asset being protected (e.g., sales information is confidential but not critical. Slow the response rate on dial-in lines, drop connections periodically). Goal is to make it inconvenient for the hacker to keep trying Potential loss is significant (e.g., check processing system could be exposed. Augment procedures for check issuance and limit the check value under normal conditions to less than $1,000) 9 Control Categories Control function Preventive (policy change, access control) Detective (IDS, audit trail) Architectural control Connection between internal and external networks Access to extranets Use of DMZs Allowed applications 10 Control Categories Information control Security involves: Confidentiality Integrity Availability Authentication Authorization Accountability Privacy 11 Cost Benefit Analysis Difficult to evaluate value of information Consequently, difficult to evaluate value of cost of protection Cost includes: Equipment Software Training Implementation Maintenance 12 Cost Benefit Analysis Benefit is the value to the organization coming from the security system Value could be intrinsic or acquired due to the security provided to information Value could also be calculated by the cost of replacing the information system in place Value to owners Value to competitors Loss of productivity Loss of revenue 13 Cost Benefit Analysis Single loss expectancy (SLE) is the loss from a single attack SLE = AV * EF where AV denotes asset value and EF denotes exposure factor Annual Loss Expectancy (ALE) is the loss expected from all threats during one year ALE = SLE * ARO where ARO denotes annual rate of occurrence (i.e. the number of times a particular type of loss is likely to occur in one year) 14 Cost Benefit Analysis Example: AV is $100,000. EF is 10% (i.e. that a hacker would disable 10% of the services on the company's website). Hence, SLE = 100000 * .1 = 10000. Assume that the loss due to the vulnerability is likely to occur once in two years. Hence ARO = = 0.5 and so ALE = 10000 * .5 = 5000 The above example shows that unless the protection is increased to address the vulnerability, the business is expected to lose $5,000 per year This amount is then used in calculating the cost of protection to see if there is a benefit in protecting the system or not. 15 Cost Benefit Analysi...

Textbooks related to the document above:

Game Theoretic Risk Analysis of Security Threats

Vulnerability Assessment of Physical Protection Systems

Business Continuity and Disaster Recovery Planning for IT Professionals

Development in Disaster-Prone Places: Studies of Vulnerability

Find millions of documents on Course Hero - Study Guides, Lecture Notes, Reference Materials, Practice Exams and more. Course Hero has millions of course specific materials providing students with the best way to expand their education.

Below is a small sample set of documents:

proj4.pdf

Georgia Tech - MATH - 2605

Project 3 for Math 2605 You may use any language you like to do the programming. Java, C and MATLAB are good choices, but use whatever you like. Turn in source code with your results. You may discuss the project with others, but may not copy code or

ass11so.pdf

UWO - DSMITH - 223

Assignment 11, due in class Monday, April. 9th 1. Let G be a graph on 6 vertices with an adjacency list: v1 : { v2 , v3 , v4 , v5 } v2 : { v1 , v3 } v3 : { v1 , v2 , v4 } v4 : { v1 , v3 , v5 } v5 : { v1 , v4 , v6 } v6 : { v5 } Compute PG (k). What is

ass10s.pdf

UWO - DSMITH - 223

Assignment 10, due in class Monday, April. 2nd 1. Let G be a graph on 12 vertices with an adjacency list: v1 : { v2 , v3 , v4 , v5 , v9 } v2 : { v1 , v3 , v5 , v6 , v7 } v3 : { v1 , v2 , v7 , v8 , v9 } v4 : { v1 , v5 , v9 , v10 , v12 } v5 : { v1 , v2

ass9so.pdf

UWO - DSMITH - 223

Assignment 9, due in class Monday, Mar. 26 1. Let G be a connected simple plane graph on n 4 vertices in which every face has degree 3. Suppose that G has no vertices of degree 3 or 4. Prove that G must have at least 12 vertices of degree at least 5

ass8s.pdf

UWO - DSMITH - 223

Assignment 8, due in class Monday, Mar. 19th 1. Let G be a simple 4-regular planar graph. Prove that fG = 1 + G + G . Then prove that G has at least 4(1 + G ) faces of degree 3. Show all your work (15 marks).Solution: Let G be a simple 4-regular pla

223mt207.pdf

UWO - DSMITH - 223

Mathematics 223b Second Midterm Exam March 10, 2007 Instructions: Print your name and your instructor's name on the SCANTRON answer sheet. Sign the SCANTRON answer sheet, and mark your student number and section on the SCANTRON answer sheet. Use a PE

solass6.pdf

UWO - DSMITH - 223

Assignment 6, due in class Monday, Feb. 19th 1. Let K10 be the complete graph on 10 vertices. Determine the number of Ki , i = 1, 2, . . . , 10 in K10 . Justify your count for full credit.Solution: Let Vj VK10 . Claim: The induced subgraph K10 [Vj

soluass5.pdf

UWO - DSMITH - 223

Assignment 5 (due class time, Monday, February 12, 2007) 1. Determine whether or not the following two graphs are isomorphic. To prove that they are isomorphic, give a permutation of J8 and show that when is applied to an adjacency list for G1 , th

223mtsol07.pdf

UWO - DSMITH - 223

April 11, 2007 Instructions: Print your name and your instructor's name on the SCANTRON answer sheet. Sign the SCANTRON answer sheet, and mark your student number and section on the SCANTRON answer sheet. Use a PENCIL to mark your answers to question

missing_solution.pdf

UWO - DSMITH - 223

Mathematics for Computer ScientistsSolutions to Selected Exercises from Volume II: Number Theory, Modular Arithmetic and Graph TheoryTwelfth Edition, and 2004, 2005, 2006 Quizzes, Midterm Exams, and Final Exams with SolutionsS. A. Rankin & I. J.

midtermsol.pdf

UWO - MATH - 208

The University of Western Ontario London Canada Department of Mathematics Mathematics 208a - MIDTERM TESTSolutions The test has two parts, A and B. You must do both parts. All questions have equal value, 10 marks. Work must be shown, and answers mus

ComprehensiveExercises.pdf

U. Houston - ISAM - 5339

1Comprehensive Exercise Questions Assume that all 0 and all 1 subnets are NOT usable unless otherwise stated!1- UDP Means: (a) User Datagram Protocol (b) Useless Digital Procedures (c) Ultrafast Data Packing (d) Unclear Design Principle 2- Which on

Cff3im16a.doc

U. Houston - FINC - 3331

ANSWERS TO END-OF-CHAPTER 16 QUESTIONS16-1The U.S. dollar. The primary reason for using the dollar was that it provided a relatively stable benchmark, and it was accepted universally for transactions. Under the fixed exchange rate system, the flu

08.11.06.experimentalDesign.ppt.pdf

U. Houston - PSYC - 6036

Experiments-DesignOverview Administrative Review from last week Experimental DesignAdministrative Introductions graded by next week As soon as your groups is graded, I will give it to the suite secretary for you to pick up and share with the

08.11.20.CozCh.11.ppt.pdf

U. Houston - PSYC - 6036

11/20/08ProgramEvalua1on& SingleSubjectDesignNovember20,2008ForToday Quiz Administra1ve ProgramEvalua1ons SingleSubjectDesignAdministra1ve NoClassnextweek;) December4th Methodsdue Homework#6due Readchapter3andCPHSapplica1on hUp:/prt

08.10.30.SummarizingDistributions.ppt

U. Houston - PSYC - 6036

Graphing & SummarizingOctober 30, 2008QuizOutline Administrative Help on Homework #4 Lecture on Summarizing DistributionsAdministrative Introductions due today HW #4 due November 13thHomework #4 Chapter 2Question #3Nonplayers 22.1

inher.pdf

Old Dominion - CS - 330

2 0 Q u e s tio n s O bje ctsV e g e ta bleA n im a lM in e ra lC a rn iv o re sHe rbiv o re sO m n iv o re sR u m in a n tsHu m a n sC o ws

aggrCheck.pdf

Old Dominion - CS - 330

A cco u n t1re g is t e r{ fo r a ll t ra n s a c t io n s T in t ra n , t .a c c o u n t = = c h e c kb o o k.re c o rd O f}re c o rd O f1 C h e ck bo o kt ra n s1account re c o rd e d In*Tra n s a ctio n s

checknavig.pdf

Old Dominion - CS - 330

A cco u n tC h e ck bo o kTra n s a ctio n s

figMaster.pdf

Old Dominion - CS - 330

Fig u re Edito r 1 1 1 W in do wd is p la y s d is p la y e d InPictu re 1 1 1 To o lba rcen ter1in s t a lle d0 .1 S tra te g yo p e ra t in g O n1 1 Me nu1*S h a pe 1 C re a tio n S tra te g ie s Editin g S tra te g ie sPo in t

figWindow.pdf

Old Dominion - CS - 330

Fig u re Edito r 1 1 1 W in do wd is p la y s d is p la y e d InPictu re 1 1 1 To o lba r 11 1 Me nu*S h a pe

rolecheck.pdf

Old Dominion - CS - 330

A cco u n t1re g is t e r re c o rd O f1 C h e ck bo o kt ra n s re c o rd e d In1*Tra n s a ctio n s

transclass.pdf

Old Dominion - CS - 330

Tra n s a ctio nacco u n t: A cco u n t d ate: D ate amo u n t: M o n ey a p p ly (b a la n c e ) u n a p p ly (b a la n c e )

transinher.pdf

Old Dominion - CS - 330

Tra n s a ctio nacco u n t: A cco u n t d ate: D ate amo u n t: M o n ey a p p ly (b a la n c e ) u n a p p ly (b a la n c e )C h e ckW ith dra wlD e po s it

sol1.pdf

Duke - STA - 113

Solution for HW1STA113 ISDS September 5, 200413.a. A1 A2 = {awarded project 1 or 2} P (A1 A2 ) = P (A1 ) + P (A2 ) P (A1 A2 ) = 0.22 + 0.25 0.11 = 0.36b. A1 A2 ={awarded neither project 1 nor 2} P (A1 A2 ) = P (A1 A2 ) ) = 1 P (A1 A2

sp500y88toy03dateclosings.txt

Duke - STA - 113

31/12/2003 1111.9230/12/2003 1109.6429/12/2003 1109.4826/12/2003 1095.8924/12/2003 1094.0423/12/2003 1096.0222/12/2003 1092.9419/12/2003 1088.6718/12/2003 1089.1817/12/2003 1076.4816/12/2003 1075.1315/12/2003 1068.0412/12/2003 1074.1411/

interconnect-table.pdf

UC Riverside - CS - 120

Digilent Board Interconnect TableDigilent, Inc.D2SB to DIO4 Interconnect TablesDio4 Pinout Connector P1Pin 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 SignalD2SB Pinout Connec

cheme390_description.pdf

Cornell - WEB - 390

ChemE 3900 - Chemical Kinetics & Reactor DesignChemical Engineers design and analyze processes and products based on chemical change. The chemical reactor is the essence of any chemical process. The chemical reaction is the essence of any chemical p

Quiz1-09.pdf

Cornell - WEB - 390

Quiz3-09.pdf

Cornell - WEB - 390

Hmwk2soln.pdf

Cornell - WEB - 390

ChemE 3900 - Chemical Kinetics & Reactor Design - Spring 2009 Solution to Homework Assignment 21. Devise a progression of steps that includes all the species needed for each reaction. Let M be CO2.CH 4 + CO 2 CH 3 + H + CO 2 CH 3 + OH + CO C

CalcSession2soln.pdf

Cornell - WEB - 390

ChemE 3900 - Chemical Kinetics & Reactor Design Solutions to Exercises for Calculation Session 21. As derived in lecture, the activation energy may be extracted from the slope of a straight line drawn through a plot of log10k vs. 1/T.slope = Ea 2.

CalcSession4soln.pdf

Cornell - WEB - 390

ChemE 3900 - Chemical Kinetics & Reactor Design Solutions to Exercises for Calculation Session 41. It is useful to sketch the time dependence of [B] on each plot. A mass balance on the reactor yields [B] = [A]0 [A] [C].[A] concentration[C][B

CalcSession6soln.pdf

Cornell - WEB - 390

ChemE 3900 - Chemical Kinetics & Reactor Design Solutions to Exercises for Calculation Session 61. The rate equation suggests an elementary step that is bi-molecular in A and is opposed by B.A + A X + Bk 1 k1The intermediate X (the unknown) the

CalcSession7soln.pdf

Cornell - WEB - 390

ChemE 3900 - Chemical Kinetics & Reactor Design Solutions to Exercises for Calculation Session 71. The mechanism involves two steps: adsorption/desorption of reactant A and the surface reaction of two adsorbed A molecules to form A2. Examine the tem

CalcSession8soln.pdf

Cornell - WEB - 390

ChemE 3900 - Chemical Kinetics & Reactor Design Solutions to Exercises for Calculation Session 81.(A) Calculate the number of red blood cells in an average person.5.6 L blood 5 10 6 cells 1000 mL = 2.8 1010 cells 1 mL blood 1LCalculate the li

CSTR-PFR_plots.pdf

Cornell - WEB - 390

ChemE 3900 - Chemical Kinetics & Reactor Design Templates for graphical analysis of CSTRs and PFRs 1st Order Reaction, k = 1/min, [A]0 = 1 mol/L108 reciprocal rate, 1/r (Lmin)/mol6420 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 fractional conv

prelim1soln.pdf

Cornell - WEB - 390

ChemE 3900 - Chemical Kinetics & Reactor Design Solution to 1st Preliminary Exam, Spring 20091. error 1. To extract a half life from the graph, one needs to subtract the initial time from the final time. For example, [A] = 2 mol/L at 2.75 min and [A

prelim2soln.pdf

Cornell - WEB - 390

ChemE 3900 - Chemical Kinetics & Reactor Design Solution to 2nd Preliminary Exam, Spring 20091. The first experiment is represented by a rectangle with one vertex at the origin and the opposite vertex at X = 0.4, y = the 1/rate line. For all four pl

elfspec_ppc.pdf

UConn - CSE - 268

SYSTEM V APPLICATION BINARY INTERFACEPowerPC Processor Supplementby Steve Zucker, SunSoft Kari Karhi, IBM September 19952550 Garcia Avenue Mountain View, CA 94043 U.S.A. Part No: 802-3334-10 Revision A, September 1995A Sun Microsystems, Inc. B

hosta.txt

Washington University in St. Louis - CSE - 522

# (Time:Info): i386_init_timers: Clock rate 3390d MHz, time diff 7156d usec, cycles 24263488d# (App:Info): Buffer: size = 16777216B (4194304 words)# (App:Info): Stride: Max = 64W, Min stride = Word Size = 4B244482284460216445223243972

peleg96mmx.pdf

UConn - CSE - 5095

ddd.pdf

Washington University in St. Louis - CSE - 361

Debugging with DDDUsers Guide and Reference Manual First Edition, for DDD Version 3.3.9 Last updated 15 January, 2004Andreas ZellerDebugging with DDD Users Guide and Reference ManualCopyright c 2004 Universitt des Saarlandes Lehrstuhl Software

concurrency1.pdf

Washington University in St. Louis - CSE - 422

Concurrency: Background and Implementation(fredk@arl.wustl.edu, http:/www.arl.wustl.edu/~fredk)Fred KuhnsDepartment of Computer Science and Engineering Washington University in St. LouisWASHINGTON UNIVERSITY IN ST LOUISWashingtonOrigins o

scheduling.pdf

Washington University in St. Louis - CSE - 422

SchedulingFred Kuhns(fredk@arl.wustl.edu, http:/www.arl.wustl.edu/~fredk)Department of Computer Science and Engineering Washington University in St. LouisWASHINGTON UNIVERSITY IN ST LOUISWashingtonCPU Scheduling Multiprogrammed Operating

vmem1.pdf

Washington University in St. Louis - CSE - 422

Virtual MemoryFred KuhnsDepartment of Computer Science and Engineering Washington University in St. Louis(fredk@arl.wustl.edu, http:/www.arl.wustl.edu/~fredk)WASHINGTON UNIVERSITY IN ST LOUISWashingtonVirtual Memory - A Preview Applicatio

ClockDriven.ppt

Washington University in St. Louis - CSE - 522

C 523 S Ope rating S m yste sFre Kuhns d Applie Re arch Laboratory d se C pute S nce om r cie Washington Unive rsityWASHINGTONUNIVERSITYINSTLOUISWashingtonC lock-Drive Approach nriodic tasks, it is possibleto statically de rm a sche : te ine

lecture1.pdf