Ch08 - Management of Information Security, 2nd ed. 8-1...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
Management of Information Security, 2 nd ed. 8-1 Chapter 8 Risk Management: Controlling Risk At a Glance Instructor’s Manual Table of Contents Chapter Overview Chapter Outline Chapter Objectives Setup Notes Lecture Notes and Teaching Tips with Quick Quizzes Key Terms
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Management of Information Security, 2 nd ed. 8-2 Chapter Overview The eighth chapter of the text presents essential risk mitigation strategy options and opens the discussion of how to control risk. This will include identifying risk control classification categories, using existing conceptual frameworks to evaluate risk controls, and formulating a cost benefit analysis. Readers will learn how to maintain and perpetuate risk controls. As a method to contrast the approach presented in the earlier parts of the chapter, the OCTAVE approach to managing risk is introduced. Chapter Outline Lecture Topics Page # Introduction 296 Risk Control Strategies 297 Managing Risk 302 Feasibility Studies and Cost-Benefit Analysis 305 Recommended Risk Control Practices 315 The OCTAVE Method 317 Microsoft Risk Management Approach 324 Chapter Objectives When you complete this chapter, you will be able to: Recognize and select from the risk mitigation strategy options to control risk Evaluate the risk control classification categories Understand how to maintain and perpetuate risk controls Understand the OCTAVE Method and other approaches to managing risk
Background image of page 2
Management of Information Security, 2 nd ed. 8-3 Setup Notes This chapter could be completed in a single class session, if there is sufficient time to cover the material. Unless the students have not had the opportunity to read the material in advance (in some settings, the textbooks are not made available until the first class meeting), it may be prudent to have a general discussion of the topic, with detailed lecture to follow at the next class meeting. The subject matter can be covered in 1.25 to 2.5 hours. Lecture Notes and Teaching Tips with Quick Quizzes Introduction To keep up with the competition, organizations must design and create a safe environment in which business processes and procedures can function. This environment must maintain confidentiality and privacy and assure the integrity and availability of organizational data. These objectives are met via the application of the principles of risk management. Quick Quiz 1. What are the main responsibilities of a proper business environment? ANSWER: This environment must maintain confidentiality and privacy and assure the integrity and availability of organizational data.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Management of Information Security, 2 nd ed. 8-4 Risk Control Strategies An organization must choose one of four basic strategies to control risks: 1. Avoidance: Applying safeguards that eliminate or reduce the remaining uncontrolled risks for the vulnerability 2. Transference: Shifting the risk to other areas or to outside entities 3. Mitigation: Reducing the impact should the vulnerability be exploited
Background image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 06/19/2009 for the course ITCS ITCS937 taught by Professor Watfa during the Summer '09 term at University of Warsaw.

Page1 / 18

Ch08 - Management of Information Security, 2nd ed. 8-1...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online