lecture_risk

lecture_risk - IS 2150 / TEL 2810 Risk Management Nathalie...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
1 IS 2150 / TEL 2810 Risk Management Nathalie Baracaldo Teaching Assistant, SIS December 6, 2011
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Agenda Introduction to risk management  Cost-benefit analysis 
Background image of page 2
Before we start…  What is risk? What is risk management?  Why is it important for us? 
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Risk The  likelihood  that a particular  threat            using a specific  attack , will exploit a particular  vulnerability  of a system that results in an  undesirable  consequence  (NIST) likelihood  of the threat occurring is the estimation  of the probability that a threat will succeed in  achieving an undesirable event
Background image of page 4
What is risk management?  The process concerned with:  identification,  measurement,  control and  minimization  of security risks in information systems to a level  commensurate with the value of the assets  protected (NIST)
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Risk Assessment/Analysis A process of analyzing  threats  to and  vulnerabilities  of an  information system and the  potential impact  the loss of  information or capabilities of a system would have  List the threats and vulnerabilities List possible controls and their costs Do cost-benefit analysis  Is cost of control more than the expected cost of loss?
Background image of page 6
The final objective The resulting analysis is used as a basis for  identifying appropriate and cost-effective counter- measures Leads to proper security plan We don’t want to spend too much money covering risks that  are not going to impact our business  We don’t want to leave uncovered some relevant risks
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security plan A security plan may include Physical security  Establishment of controls and mechanisms  E.g. One time password devices  Division of responsibilities  E.g. Separation of duty  Contingency plan  E.g. Alternate data center
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 32

lecture_risk - IS 2150 / TEL 2810 Risk Management Nathalie...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online