Chapter 4 - Learning Objectives Upon completion of this material you should be able to Define risk management risk identification and risk control

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd Edition 2 Define risk management, risk identification, and risk control Understand how risk is identified and assessed Assess risk based on probability of occurrence and impact on an organization Grasp the fundamental aspects of documenting risk through the creation of a Learning Objectives Upon completion of this material, you should be able to:
Background image of page 2
Principles of Information Security, 3rd Edition 3 Learning Objectives (continued) L Describe the risk mitigation strategy options for controlling risks Identify the categories that can be used to classify controls Recognize the conceptual frameworks that exist for evaluating risk controls and be able to formulate a cost benefit analysis Understand how to maintain and perpetuate risk controls
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd Edition 4 Introduction Risk management: process of identifying and controlling risks facing an organization Risk identification: process of examining an organization’s current information technology security situation Risk control: applying controls to reduce risks to an organization’s data and information systems
Background image of page 4
Principles of Information Security, 3rd Edition 5 An Overview of Risk Management Know yourself: identify, examine, and understand the information and systems currently in place Know the enemy: identify, examine, and understand threats facing the organization Responsibility of each community of interest within an organization to manage risks that are encountered
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd Edition 6 The Roles of the Communities of Interest Information security, management and users, and information technology all must work together Management review: Verify completeness/accuracy of asset inventory Review and verify threats as well as controls and mitigation strategies Review cost effectiveness of each control Verify effectiveness of controls deployed
Background image of page 6
Principles of Information Security, 3rd Edition 7 Risk Identification Assets are targets of various threats and threat agents Risk management involves identifying organization’s assets and identifying threats/vulnerabilities Risk identification begins with identifying organization’s assets and assessing their value
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd Edition 8
Background image of page 8
Principles of Information Security, 3rd Edition 9 Asset Identification, Valuation, and Prioritization Iterative process; begins with identification of assets, including all elements of an organization’s system (people, procedures, data and information, software, hardware, networking) n Assets are then classified and categorized
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd Edition 10 Table 4-1 - Categorizing Components
Background image of page 10
11 People, Procedures, & Data Asset Identification Human resources, documentation, and data information assets are more difficult to identify People with knowledge, experience, and good
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 12
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/31/2010 for the course IS 425 taught by Professor Lemon during the Spring '10 term at University of Maryland Baltimore.

Page1 / 60

Chapter 4 - Learning Objectives Upon completion of this material you should be able to Define risk management risk identification and risk control

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online