epoly_ism_module_2_risk

epoly_ism_module_2_risk - CS6803 Information Security...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
CS6803 Information Security Management Information System Security  Engineering and Management Module 2: Information Security Risk  Management, Part I Fall, 2009
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CS6803 Information Security Management Copyright 2009 Page 2 Module 2 Objectives To understand the general principals of risk  analysis and risk management To understand the the major steps in the  analysis of  information security  risks To introduce a second case study, this one to  be developed through this course in the  homework audio
Background image of page 2
CS6803 Information Security Management Copyright 2009 Page 3 General Concept of Risk Analysis and  Management risk  consists of something of value (an  “asset” at risk ) which may lose  value if a negative event occurs. Example: a car and its passengers are at risk in the event of an auto accident.  Other people, cars, and roadside objects are also at risk Example: Money invested in a stock is at risk in the event that the price of the  stock goes down and the owner has to sell Risk analysis is the process of Identifying the assets at risk Putting quantitative (e. g., dollars) or qualitative (e. g. low/medium/high)  measures on the potential loss ( impact ) Putting quantitative (i. e., the probability) or qualitative (e. g. low/medium/high)  measures on the likelihood of the event happening Risk Management is a process for planning on how to  control  those risks audio
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CS6803 Information Security Management Copyright 2009 Page 4 Non- IT Applications of Risk Analysis and  Management Risk Management is widely used, with books and courses devoted to it in different  application areas. The first 2 examples below often use purely quantitative methods,  the next 2 may use a mix of qualitative and quantitative methods, and the last 2 will  be use qualitative methods for impact 1. Insurance (Auto, home, health) are all based on risk management by insurance  companies 2. Financial institutions and investors use risk management to build lower risk  portfolios from risky investments Mutual funds Hedge funds Portfolio with stock and options on the same stock 3. Corporate strategies (financial risk, image risk) 4. Project Management (schedule risk) 5. Nuclear reactor control systems (risk of lives, health, environment) 6. Military strategy and tactics (risk of lives, injuries, collateral damage)
Background image of page 4
CS6803 Information Security Management Copyright 2009 Page 5 Risk and Insurance (Hollywood Style) From “Deliverance” (1972): (Burt Reynolds character): “Insurance? I never been insured in my life. There's no risk.”
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CS6803 Information Security Management Copyright 2009 Page 6 Risk Management Strategies There are four basic strategies to deal with any risk:
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/03/2010 for the course CS 6803 taught by Professor Hery during the Fall '09 term at NYU Poly.

Page1 / 64

epoly_ism_module_2_risk - CS6803 Information Security...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online