Risk Analysis and Ethical Issues CSCI 283 172
- Slides: 11
Risk Analysis and Ethical Issues CSCI 283 -172 Fall 2006 GWU Draws extensively from Pfleeger text, Chapters 8 and 9 CS 283 -172/Fall 06/GWU/Vora/Risk. Analysis. Etc
Security planning CS 283 -172/Fall 06/GWU/Vora/Risk. Analysis. Etc
Security plan contains • Policy: – – goals (who, to what resources, what type of access) who is responsible what is the organizational commitment available resources • Current state, including identifying vulnerabilities 11/24/2020 CS 283 -172/Fall 06/GWU/Vora/Risk. Analysis. Etc 3
Security plan contains • Requirements, to get to goals from current state (what, not how) – Address: confidentiality, integrity, availability – correct, consistent, complete, implementable, not unnecessarily restrictive – Verifiability and traceability • Recommended controls – through identified vulnerabilities • Accountability/responsibility for implementation • Timetable • Way to continually assess 11/24/2020 CS 283 -172/Fall 06/GWU/Vora/Risk. Analysis. Etc 4
Functioning during a computer security incident: business continuity plan • Deals with catastrophic situations, often of a long duration • Consists of: – Business impact assessment (Essential assets? Disruption of use? ) – Strategy to control impact – Plan to implement strategy (who is in charge, what to do, who does it) 11/24/2020 CS 283 -172/Fall 06/GWU/Vora/Risk. Analysis. Etc 5
Incident response plans • Does not pay attention to business issues • Would address security incidents even if not catastrophic • Consists of: – Definition – Response Team – Considers: legal issues, preserving evidence/records/log files, PR • After incident: – Determine if need security fix – Assess if plan worked 11/24/2020 CS 283 -172/Fall 06/GWU/Vora/Risk. Analysis. Etc 6
Electronic communication between govt. and citizens 11/24/2020 CS 283 -172/Fall 06/GWU/Vora/Risk. Analysis. Etc 7
Risk analysis CS 283 -172/Fall 06/GWU/Vora/Risk. Analysis. Etc
Risk • A risk has: – A loss, called risk impact – A probability of occurrence – The degree to which we can change the outcome • Risk can be reduced by either: – Avoiding (change requirements) – Transferring (to partners, insurance companies) – Assuming (controlling it with available resources) 11/24/2020 CS 283 -172/Fall 06/GWU/Vora/Risk. Analysis. Etc 9
Risk Leverage • Risk exposure = risk probability risk impact • Risk Leverage = risk exposure before reduction – risk exposure after reduction cost of risk reduction • High risk leverage means reduction worth doing 11/24/2020 CS 283 -172/Fall 06/GWU/Vora/Risk. Analysis. Etc 10
Ethics, Legal Issues • • Copyright Patents Trade Secrets Contract Law DMCA Cryptography: key escrow, export Hacking 11/24/2020 CS 283 -172/Fall 06/GWU/Vora/Risk. Analysis. Etc 11
172+172+283+283
Ethical issues in applied behavior analysis
Liquidity measures
Ethical media issues
Law and ethics in information security
The perceived relevance or importance of an ethical issue
Legal and ethical issues in use of ict in education
Legal issues of ecommerce
Legal and ethical issues in computer security
Professional and ethical issues during internship
Social and ethical issues itgs
Ethical issues in accounting
