1 / 17

Fundamentals of Information Systems Security Chapter 4 The Drivers of the

Fundamentals of Information Systems Security Chapter 4 The Drivers of the Information Security Business. Learning Objective. Describe how information security activities directly support several common business drivers. Key Concepts.

kylar
Download Presentation

Fundamentals of Information Systems Security Chapter 4 The Drivers of the

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fundamentals of Information Systems Security Chapter 4 The Drivers of the Information Security Business

  2. Learning Objective • Describe how information security activities directly support several common business drivers.

  3. Key Concepts • Risk assessment approach to securing an IT infrastructure • Risk mitigation strategies to shrink the information security gap • Business impact analysis (BIA), business continuity plan (BCP), and disaster recovery plan (DRP) • Adhere to compliance laws and governance (policies, standards, procedures, and guidelines) • Complying with A-I-C goals in an IT infrastructure

  4. DISCOVER: CONCEPTS

  5. Risks, Threats, and Vulnerabilities

  6. Overview of Risk Management

  7. Risk Assessment Approaches

  8. Quantitative Risk Assessment • Single loss expectancy (SLE) • Total loss expected from a single incident • Annual rate of occurrence (ARO) • Number of times an incident is expected to occur in a year • Annual loss expectancy (ALE) • Expected loss for a year SLE X ARO = ALE

  9. Qualitative Risk Assessment • Probability • Likelihood a threat will exploit a vulnerability • Impact • Negative result if a risk occurs Risk level = Probability X Impact

  10. BCP • A plan designed to help an organization continue to operate during and after a disruption • Covers all functions of abusiness: IT systems,facilities, and personnel • Generally includes onlymission-critical systems

  11. DRP • Includes the specific steps and procedures to recover from a disaster • Is part of a BCP • Important terms: • Critical business function (CBF) • Maximum acceptable outage (MAO) • Recovery time objectives (RTO)

  12. BIA • A study that identifies the CBFs and MAOs of a DRP • Studies include interviews, surveys, meetings, and so on. • Identifies the impact to the business if one or more IT functions fails • Identifies the priority of different critical systems

  13. DISCOVER: PROCESS

  14. Complying with A-I-C

  15. DISCOVER: ROLES

  16. Role of Compliance Laws on Business Objectives

  17. Summary • Risk assessment approach to securing an IT infrastructure • Business impact analysis (BIA), business continuity plan (BCP), and disaster recovery plan (DRP) • Adhere to compliance laws • Complying with A-I-C goals in an IT infrastructure

More Related