unit_2_p3_tech_7350_c3 - TECH 7350 – Managing Information...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: TECH 7350 – Managing Information Security The Graduate School of Management at the University of Dallas TECH 7350 MANAGING INFORMATION MANAGING INFORMATION SECURITY SECURITY Sandra Blanke, Ph.D., CISSP The Graduate School of Management at the University of Dallas Unit 2 Unit 2 Chapter 3 Part 3 Chapter 3 Part 3 Information Risk Management Information Risk Management 2 Learning Objectives ¡ IRM ¡ Risk Management Team ¡ Risk Analysis ¡ Security Countermeasures 3 Information Risk Management ¡ Risk – possibility of damage happening & the ramifications of such damage should it occur ¡ Information Risk Management (IRM) – Process of: ¢ Identifying & assessing risk ¢ Reducing it to an acceptable level ¢ Implementing Right Mechanisms to Maintain that Level TECH 7350 – Managing Information Security The Graduate School of Management at the University of Dallas 4 Information Risk Management ¡ Risk a Corporation Needs to Address Properly: ¢ Physical Damage ¡ Fire, Water, Vandalism, Power Loss & Natural Disasters) ¢ Human Interaction ¡ Accidental or intentional action to disrupt productivity ¢ Equipment Malfunction ¡ Failure of Systems & Peripheral Devices ¢ Inside and Outside Attacks ¡ Hacking, Cracking & Attacking ¢ Misuse of Data ¡ Sharing Trade Secrets, Fraud, Espionage and Theft ¢ Loss of Data ¡ Intentional or Unintentional Loss of Information Through Destructive Means ¢ Application Error ¡ Computation errors, input errors, buffer overflows 5 IRM Skills ¡ Requires Skill To: ¢ Identify Threats ¢ Assess the Probability of them Occurring ¢ Determining the Damage they Could Cause ¢ Taking the Right Steps to Reduce Overall Level of Risk to an acceptable level 6 ¡ Business is Concerned with Security if it: ¢ Threatens the Bottom Line ¡ Loss of Reputation (after credit card information loss) ¡ Loss of Dollars (computer worm) ¡ Loss of Proprietary Information (successful espionage attempt) ¡ Loss of Confidential Information (social engineering attack) Who Understands Risk Management? TECH 7350 – Managing Information Security The Graduate School of Management at the University of Dallas 7 ¡ Risk Management Requires: ¢ Strong Commitment from Sr. Management ¢ Documented Process Supporting the Company Mission ¢ IRM Policy ¢ Delegated IRM Team...
View Full Document

This note was uploaded on 02/20/2011 for the course TECH 7350 taught by Professor Lee during the Spring '11 term at University of Arkansas for Medical Sciences.

Page1 / 9

unit_2_p3_tech_7350_c3 - TECH 7350 – Managing Information...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online