Chapter04 - Learning Objectives Upon completion of this...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 2nd Edition 2 Define risk management, risk identification, and risk control Understand risk analysis and how risk is identified and assessed Assess risk based on probability of occurrence and impact on an organization Learning Objectives Upon completion of this material, you should be able to:
Background image of page 2
Principles of Information Security, 2nd Edition 3 Learning Objectives (continued) Describe the risk mitigation strategy options for controlling risks Identify the categories that can be used to classify controls Recognize the conceptual frameworks that exist for evaluating risk controls and be able to formulate a cost benefit analysis Understand how to maintain and perpetuate risk controls
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 2nd Edition 4 Introduction Risk Management : process of identifying and controlling risks facing an organization. Encompasses risk assessment, risk mitigation, and continual evaluation. Risk Identification : process of examining an organization’s current information technology security situation Risk Control : applying controls to reduce risks to an organizations data and information systems
Background image of page 4
Principles of Information Security, 2nd Edition 5 An Overview of Risk Management Know yourself : identify, examine, and understand the information and systems currently in place Know the enemy : identify, examine, and understand threats facing the organization It is the responsibility of each community of interest within an organization to manage risks that are encountered Organizations should form a cross-functional risk management team to ensure the company is protected in the most cost effective manner (Stakeholders represent the communities of interest)
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Risk Management Team Goals to address key components: Established risk acceptance level Document risk assessment governance Procedures for identifying and mitigating risks Secure appropriate resource and funding allocations from senior management Documented contingency plans Security awareness training for all staff Mapping of legal and regulation compliance requirements Performance indicators and metrics Ability to identify and assets, new vulnerabilities and risks as the environment and company changes Establish a diverse risk management team serving key community of interests (internal and external business partners) Principles of Information Security, 2nd Edition 6
Background image of page 6
Principles of Information Security, 2nd Edition 7 The Roles of the Communities of Interest Information security, management, users, business partners, and information technology all must work together Management review: Verify completeness/accuracy of asset inventory Review and verify threats as well as controls and mitigation strategies Review cost and value add of each control Verify effectiveness of controls deployed Verify effectiveness of COB and DR plans
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/15/2012 for the course CIS CIS120 taught by Professor Zales during the Spring '12 term at Harrisburg Area Community College.

Page1 / 72

Chapter04 - Learning Objectives Upon completion of this...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online