Information Risk Management Brittney Berry Kris Collum Jessica
Information Risk Management Brittney Berry Kris Collum Jessica Grant
Outline • • • Information Risk Management Challenges of Information Security People Involved The Risks Involved Threats to Risk Management Risk Mitigation Options
What is Information Risk Management? • Definition • Goal • Two Main Elements ▫ Risk Analysis ▫ Risk Management
Why is Information Security so Challenging? • Adversary vs. Defender • Ever-changing • Resources
Who is involved in Information Risk Management? • CISO, CPSO, CCPO • Chief Information Risk Officer • Risk Management Roles and Responsibilities ▫ ▫ ▫ BOD IT strategy committee CEO Business executives CIO
What are the risks? • • Investment or expense risk Access or security risk Integrity risk Relevance risk Availability risk Infrastructure risk Project ownership risk
What are threats to risk management? • Natural threats • Human Threats • Environmental Threats
Risk Mitigation Options • Risk Assumptions • Risk Avoidance • Risk Limitation • Risk Planning • Risk Transference
Sources • IT Governance Institute. Information Risks: Whose Business Are They? 2008. • Pironti, John. Key Elements of an Information Risk Management Program: Transforming Information Security Into Information Risk Management. 2008 • National Institute of Standards and Technology. Risk Management Guide for Information Technology Systems. 2002
- Slides: 9