Chapter 4

Chapter 4 - Principles of Information Security, 3rd Edition...

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Principles of Information Security, 3rd Edition 2 Define risk management, risk identification, and risk control Understand how risk is identified and assessed Assess risk based on probability of occurrence and impact on an organization Grasp the fundamental aspects of documenting risk through the creation of a risk assessment Learning Objectives Upon completion of this material, you should be able to: Principles of Information Security, 3rd Edition 3 Learning Objectives (continued) Describe the risk mitigation strategy options for controlling risks Identify the categories that can be used to classify controls Recognize the conceptual frameworks that exist for evaluating risk controls and be able to formulate a cost benefit analysis Understand how to maintain and perpetuate risk controls Principles of Information Security, 3rd Edition 4 Introduction Risk management: process of identifying and controlling risks facing an organization Risk identification: process of examining an organizations current information technology security situation Risk control: applying controls to reduce risks to an organizations data and information systems Principles of Information Security, 3rd Edition 5 An Overview of Risk Management Know yourself: identify, examine, and understand the information and systems currently in place Know the enemy: identify, examine, and understand threats facing the organization Responsibility of each community of interest within an organization to manage risks that are encountered Principles of Information Security, 3rd Edition 6 The Roles of the Communities of Interest Information security, management and users, information technology all must work together Management review: Verify completeness/accuracy of asset inventory Review and verify threats as well as controls and mitigation strategies Review cost effectiveness of each control Verify effectiveness of controls deployed Principles of Information Security, 3rd Edition 7 Risk Identification Assets are targets of various threats and threat agents Risk management involves identifying organizations assets and identifying threats/vulnerabilities Risk identification begins with identifying organizations assets and assessing their value Principles of Information Security, 3rd Edition 8 Principles of Information Security, 3rd Edition 9 Asset Identification, Valuation, and Prioritization Iterative process; begins with identification of assets, including all elements of an organizations system (people, procedures, data and information, software, hardware, networking) Assets are then classified and categorized Principles of Information Security, 3rd Edition 10 Table 4-1 - Categorizing Components Principles of Information Security, 3rd Edition 11 People, Procedures, and Data Asset Identification Human resources, documentation, and data information assets are more difficult to identify...
View Full Document

Page1 / 59

Chapter 4 - Principles of Information Security, 3rd Edition...

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online