Ch07 - Management of Information Security, 2nd ed. 7-1...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
Management of Information Security, 2 nd ed. 7-1 Chapter 7 Risk Management: Identifying and Assessing Risk At a Glance Instructor’s Manual Table of Contents Chapter Overview Chapter Outline Chapter Objectives Setup Notes Lecture Notes and Teaching Tips with Quick Quizzes Key Terms
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Management of Information Security, 2 nd ed. 7-2 Chapter Overview Chapter 7 defines risk management and its role in the organization and allows the reader to begin using risk management techniques to identify and prioritize risk factors for information assets. The risk management model presented here allows the assessment of risk based on the likelihood of adverse events and the effects on information assets when events occur. The chapter concludes with a brief discussion on how to document the results of risk identification. Chapter Outline Lecture Topics Page # Introduction 258 Risk Management 259 Risk Identification 261 Risk Assessment 283 Documenting the Results of Risk Assessment 287 Chapter Objectives When you complete this chapter, you will be able to: Define risk management and its role in the organization Begin using risk management techniques to identify and prioritize risk factors for information assets Assess risk based on the likelihood of adverse events and the effects on information assets when events occur Begin to document the results of risk identification
Background image of page 2
Management of Information Security, 2 nd ed. 7-3 Setup Notes This chapter could be completed in a single class session, if there is sufficient time to cover the material. Unless the students have not had the opportunity to read the material in advance (in some settings, the textbooks are not made available until the first class meeting), it may be prudent to have a general discussion of the topic, with detailed lecture to follow at the next class meeting. The subject matter can be covered in 1.25 to 2.5 hours. Lecture Notes and Teaching Tips with Quick Quizzes Introduction Information security departments are created primarily to manage IT risk. Managing risk is one of the key responsibilities of every manager within the organization. In any well-developed risk management program, two formal processes are at work: Risk identification and assessment Risk control Risk Management “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” “If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.” “If you know neither the enemy nor yourself, you will succumb in every battle.” Sun Tzu
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Management of Information Security, 2 nd ed. 7-4 Knowing Ourselves This means identifying, examining, and understanding the information and how it is processed, stored, and transmitted. Armed with this knowledge, organizations can then initiate an in-depth risk management
Background image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 06/19/2009 for the course ITCS ITCS937 taught by Professor Watfa during the Summer '09 term at University of Warsaw.

Page1 / 16

Ch07 - Management of Information Security, 2nd ed. 7-1...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online