Information Security Risks AllinOne Terminology Information Security Risk

  • Slides: 12
Download presentation
Information Security Risks; All-in-One Terminology

Information Security Risks; All-in-One Terminology

Information Security Risk Management Lifecycle with some Basic Elements (controls)

Information Security Risk Management Lifecycle with some Basic Elements (controls)

Qualitative Risk Analysis (Nitel Risk Analizi) > Generally used in Information Security • Hard

Qualitative Risk Analysis (Nitel Risk Analizi) > Generally used in Information Security • Hard to make meaningful valuations and meaningful probabilities • Relative ordering is faster and more important > Many approaches to performing qualitative risk analysis > Same basic steps as quantitative analysis • Still identifying asserts, threats, vulnerabilities, and controls • Just evaluating importance differently

Qual. Risk Analysis in 10 steps > Step 1: Identify Scope • Bound the

Qual. Risk Analysis in 10 steps > Step 1: Identify Scope • Bound the problem > Step 2: Assemble team • Include subject matter experts, management in charge of implementing, users > Step 3: Identify Threats • Pick from lists of known threats • Brainstorm new threats • Mixing threats and vulnerabilities here. . .

Step 4: Threat prioritization > Prioritize threats for each assert • Likelihood of occurrence

Step 4: Threat prioritization > Prioritize threats for each assert • Likelihood of occurrence (note that this is likelihood because it is not a statistical probability value) > Define a fixed threat rating • E. g. , Low(1) … High(5) > Associate a rating with each threat > Note: Approximation to the risk probability in quantitative approach

Step 5: Loss Impact > With each threat determine loss impact > Define a

Step 5: Loss Impact > With each threat determine loss impact > Define a fixed ranking • E. g. , Low(1) … High(5) > Used to prioritize damage to asset from threat

Step 6: Total impact > Example 2: Another alternative method, where the scaled qualitative

Step 6: Total impact > Example 2: Another alternative method, where the scaled qualitative values are multiplied) Threat Fire Threat Priority 3 Impact Priority 5 Risk Factor 15 Water 2 5 10 Theft 2 3 6

Step 7: Identify Controls/Safeguards > Potentially come into the analysis with an initial set

Step 7: Identify Controls/Safeguards > Potentially come into the analysis with an initial set of possible controls > Associate controls with each threat > Starting with high priority risks • Do cost-benefits and coverage analysis (Step 8) • Rank controls (Step 9)

Step 8: Safeguard (Control) Evaluation Step 9: Rank these Controls !

Step 8: Safeguard (Control) Evaluation Step 9: Rank these Controls !

Step 10: Communicate Results > Most risk analysis projects result in a written report

Step 10: Communicate Results > Most risk analysis projects result in a written report • Generally not read • Make a good executive summary • Beneficial to track decisions. > Real communication done in meetings an presentations

Another Qualitative Inf. Sec. Risk Assessment Example (by multiplying the scaled values)

Another Qualitative Inf. Sec. Risk Assessment Example (by multiplying the scaled values)

Allinone Projector Kit Allinone Projector Kits 22 KGAllinone Projector Kit Allinone Projector Kits 22 KG
Allinone Projector Kit Allinone Projector Kits 22 KGAllinone Projector Kit Allinone Projector Kits 22 KG
Introducing the NEW Sharp AllinOne Sharp AllInOne FAQsIntroducing the NEW Sharp AllinOne Sharp AllInOne FAQs
Terminology 3 Terminology management Managing the terminology projectTerminology 3 Terminology management Managing the terminology project
Terminology and concepts Terminology and concepts Using terminologyTerminology and concepts Terminology and concepts Using terminology
MEDICAL TERMINOLOGY 1 Using medical terminology Medical terminologyMEDICAL TERMINOLOGY 1 Using medical terminology Medical terminology
MEDICAL TERMINOLOGY CHAPTER 5 MEDICAL TERMINOLOGY Medical terminologyMEDICAL TERMINOLOGY CHAPTER 5 MEDICAL TERMINOLOGY Medical terminology
Security AllInOne Edition Chapter 17 Risk Management BrianSecurity AllInOne Edition Chapter 17 Risk Management Brian
Title The Internet LO Security risks Security risksTitle The Internet LO Security risks Security risks
Information Society Security Risks RISKS Attacks Origin ConsequencesInformation Society Security Risks RISKS Attacks Origin Consequences
Security AllInOne Edition Chapter 8 Infrastructure Security BrianSecurity AllInOne Edition Chapter 8 Infrastructure Security Brian