week07 - Week 07 ITC482 Computer Management & Security...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
ITC482 Computer Management & Security Week 07 Management of Information Security, 2nd ed. - Chapter 7 Slide 2 Learning Objectives Upon completion of this chapter, you should be able to: Define risk management and its role in the organization Begin using risk management techniques to identify and prioritize risk factors for information assets Assess risk based on the likelihood of adverse events and the effects on information assets when events occur Begin to document the results of risk identification
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Management of Information Security, 2nd ed. - Chapter 7 Slide 3 Introduction Information security departments are created primarily to manage IT risk Managing risk is one of the key responsibilities of every manager within the organization In any well-developed risk management program, two formal processes are at work: Risk identification and assessment Risk control Management of Information Security, 2nd ed. - Chapter 7 Slide 4 Risk Management If you know the enemy and know yourself, you need not fear the result of a hundred battles If you know yourself but not the enemy, for every victory gained you will also suffer a defeat If you know neither the enemy nor yourself, you will succumb in every battle -- Sun Tzu
Background image of page 2
Management of Information Security, 2nd ed. - Chapter 7 Slide 5 Knowing Ourselves This means identifying, examining, and understanding the information and how it is processed, stored, and transmitted Armed with this knowledge, initiate an in-depth risk management program Risk management is a process, which means the safeguards and controls that are devised and implemented are not install-and-forget devices Management of Information Security, 2nd ed. - Chapter 7 Slide 6 Knowing the Enemy This means identifying, examining, and understanding the threats facing the organization’s information assets Managers must be prepared to fully identify those threats that pose risks to the organization and the security of its information assets Risk management is the process of assessing the risks to an organization’s information and determining how those risks can be controlled or mitigated
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Management of Information Security, 2nd ed. - Chapter 7 Slide 7 Accountability for Risk Management All communities of interest must work together Evaluating the risk controls Determining which control options are cost- effective Acquiring or installing the appropriate controls Overseeing processes to ensure that the controls remain effective Identifying risks Assessing risks Summarizing the findings Management of Information Security, 2nd ed. - Chapter 7 Slide 8 Figure 7-1 Risk Identification Process
Background image of page 4
Management of Information Security, 2nd ed. - Chapter 7 Slide 9 Risk Identification Risk identification begins with the process of self-examination Managers identify the organization’s information assets, classify them into useful groups, and prioritize them by their overall importance
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 28

week07 - Week 07 ITC482 Computer Management & Security...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online