{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

IS09-RM and BCP - Risk Management and Business Business...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
Risk Management and Business Continuity Planning Pintu R Shah
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
In this unit.. Risk analysis Various terminologies associated with risk management Risk assessment techniques Managing risk Pintu R Shah MPSTME SVKM's NMiMS Steps for risk management Business impact analysis Various terminologies associated with BIA Different types of continuity planning, testing and revising the plan
Background image of page 2
Introduction Risk is defined as the effect of uncertainty on objectives (whether positive or negative). CMU’s SEI defines continuous risk management as, processes, methods and tools for managing risks in a project. It provides a disciplined environment for pro active decision making to Pintu R Shah MPSTME SVKM's NMiMS Assess continuously what could go wrong Determine which risk are important to deal with Implement strategies to deal with those risks Risk management is the process of identifying vulnerabilities and threats to an organization’s resources and assets and deciding what countermeasures, if any, to take to reduce the level of risk to an acceptable level based on the value of the asset to an organization.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Risk analysis To effectively identify and deal with the many threats facing their systems, security 'professionals must perform several distinct actions, as follows: – Determine which of an organization's assets are most Pintu R Shah MPSTME SVKM's NMiMS valuable. – Identify any risks to those assets. – Determine how likely each risk is to occur. – Take some action to manage the risk. Collectively, these actions are referred to as the risk analysis process.
Background image of page 4
Identifying and Valuing Assets The first step in the risk analysis process is to identify the information assets in your organization (hardware, software, and data) and place values on them. You may choose from several valuation methods. Some of the more common techniques include the following: Replacement cost valuation puts a dollar value on an asset corresponding to the cost the organization would incur if the Pintu R Shah MPSTME SVKM's NMiMS asset had to be replaced at market prices. Original cost valuation uses the original purchase price of an asset as that asset's value. Depreciated valuation techniques use the original cost less some allowance for the deterioration in value of the asset since the time it was purchased. Qualitative valuation techniques don't use dollar values but rather assign priorities to assets based upon their value to the organization.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Identifying and Assessing Risks After you identify and value your assets, the next step is to identify the risks facing those assets. Some key risk assessment terms: – A vulnerability is a weakness in a system that may be exploited to degrade or bypass standard security mechanisms. For example, the fact that a system does not have antivirus software would constitute vulnerability.
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}