1 / 4

Information Security Fundamentals: Risk and Cost Assessment, Main Approaches

information security risk management and how to identify and achieve an acceptable level of information security risk at your organization.<br>

briskinfosec
Download Presentation

Information Security Fundamentals: Risk and Cost Assessment, Main Approaches

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. https://www.briskinfosec.com Briskinfosec Technology and Consulting Pvt Ltd Mobile: 8608634123 https://www.briskinfosec.com https://www.facebook.com/briskinfosec https://twitter.com/briskinfosec Information security fundamentals: risk and cost assessment, main approaches

  2. https://www.briskinfosec.com Information Security Fundamentals: Risk & Cost Assessment, Main Approaches Information security - ensuring the confidentiality, integrity and availability of information. Confidentiality - providing exclusively authorized access to information: information should not and should not be disclosed to unauthorized individuals, organizations or processes. Integrity - Maintaining and ensuring the accuracy and completeness of data throughout the entire life cycle: data should not be altered in an unauthorized or invisible way. Accessibility - ensuring unhindered access to information for authorized users: information storage and processing systems, interfaces for working with information, systems for providing authorized access and communication channels must function correctly. The Feasibility Of Investing In Information Security Realized information security risks entail losses for the business. At the same time, work on ensuring information security requires both one-time and regular expenditures of time and money, and there is also a need for appropriate expertise. The need to improve security and resiliency is driven by the proportionality of costs and the anticipated mitigation of risks. Risk Assessment The easiest way to assess the risks is based on the following checklist: 1. likelihood of problems 2. losses in case of inoperability 3. the commercial value of the stored data 4. reputational risks

  3. https://www.briskinfosec.com 5. legal risks 6. restoration costs Cost Estimation Work on information security is guaranteed to increase the project budget, the main items of expenditure: 1. examination costs 2. rise in development costs 3. increase in the cost of service 4. additional hardware costs 5. audit cost Basic Approaches To Information Security Information security is a whole range of measures aimed at ensuring the confidentiality, integrity and availability of information. The most common classification is by level: Physical control - security, access control, locks, and so on. In theory, this level also refers to information security, but in practice it is usually not the information security department that deals with it, but other departments. Nevertheless, information security officers often supplement physical security requirements based on their professional knowledge of possible threats.

  4. https://www.briskinfosec.com Procedural control - formalization and regulation of business processes, risk communication, training, etc. Information security specialists work not only with programs and servers, but also with people. In fact, the human factor is one of the most significant risks in information security. Technical control - software and hardware: access control systems, encryption, firewalls, antivirus software, intrusion detection and prevention systems, and so on. Implementation of the technical outline of information security is a very voluminous issue and a topic for a separate article. Legal control - the level of the legal field: laws, contracts, NDA, labor contracts, and so on. Within the legal framework, there are legislative norms that must be followed, and this level also provides additional opportunities to reduce information security risks, establishing responsibility for violation of the rules. Also, IB uses a classification by the time of events: Preventive measures - prevention of incidents. It is this type of event that should be the main occupation of information security specialists. Detective measures - identification and analysis of an ongoing incident: the complex of measures includes identifying a problem, searching for causes of occurrence, determining an attack vector, collecting and analyzing primary data on damage. Corrective actions - incident resolution, damage limitation, system recovery. Usually run in parallel with detective events. The goal is to stop an attack or data leak, mitigate damage, restore system functionality, and eliminate opportunities for a recurrence of the incident.

More Related