chapter08

chapter08 - Management of Information Security 8-1 Chapter...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
Management of Information Security 8-1 Chapter 8 Risk Management: Assessing and Controlling Risk Chapter Overview The eighth chapter of the text presents essential risk mitigation strategy options and opens the discussion of how to control risk. This will include identifying risk control classification categories, using existing conceptual frameworks to evaluate risk controls, and formulating a cost benefit analysis. Readers will learn how to maintain and perpetuate risk controls. As a method to contrast the approach presented in the earlier parts of the chapter, the OCTAVE approach to managing risk is introduced. Chapter Objectives When you complete this chapter, you will be able to: Understand and select from the risk mitigation strategy options to control risk Identify the risk control classification categories Use existing conceptual frameworks to evaluate risk controls, and formulate a cost benefit analysis Maintain and perpetuate risk controls Understand the OCTAVE approach to managing risk, and locate more detailed information about it if and when necessary Set-up Notes This chapter could be completed in a single class session, if there is sufficient time to cover the material. Unless the students have not had the opportunity to read the material in advance (in some settings, the textbooks are not made available until the first class meeting), it may be prudent to have a general discussion of the topic, with detailed lecture to follow at the next class meeting. The subject matter can be covered in 1.25 to 2.5 hours.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Management of Information Security 8-2 Lecture Notes and Teaching Tips with Quick Quizzes Introduction To keep up with the competition, organizations must design and create a safe environment in which business processes and procedures can function. This environment must maintain confidentiality and privacy and assure the integrity and availability of organizational data. These objectives are met via the application of the principles of risk management. Quick Quiz 1. What are the main responsibilities of a proper business environment? ANSWER: This environment must maintain confidentiality and privacy and assure the integrity and availability of organizational data.
Background image of page 2
Management of Information Security 8-3 Risk Control Strategies An organization must choose one of four basic strategies to control risks: 1. Avoidance: applying safeguards that eliminate or reduce the remaining uncontrolled risks for the vulnerability 2. Transference: shifting the risk to other areas or to outside entities 3. Mitigation: reducing the impact should the vulnerability be exploited 4. Acceptance: understanding the consequences and accept the risk without control or mitigation Avoidance is the risk control strategy that attempts to prevent the exploitation of the vulnerability. Avoidance
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 18

chapter08 - Management of Information Security 8-1 Chapter...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online