slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Download Presentation

Loading in 2 Seconds...

play fullscreen
1 / 17


  • Uploaded on

INFORMATION SECURITY MANAGEMENT. Lecture 7: Risk Management Identifying and Assessing Risk. You got to be careful if you don’t know where you’re going, because you might not get there. – Yogi Berra. Risk Management.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'INFORMATION SECURITY MANAGEMENT' - lars

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript


Lecture 7: Risk Management

Identifying and Assessing Risk

You got to be careful if you don’t know where you’re going,

because you might not get there. – Yogi Berra

risk management
Risk Management

“The process of determining the maximumacceptable level of overall risk to and from a proposed activity, then using risk assessment techniques to determine the initial level of risk and, if this is excessive, developing a strategy to ameliorate appropriate individual risks until the overall level of risk is reduced to an acceptable level.”

risk identification
Risk Identification

Figure 8-1 Risk identification process

Source: Course Technology/Cengage Learning

threat identification cont d
Threat Identification (cont’d.)

Source: Adapted from M. E. Whitman. Enemy at the gates: Threats to information security. Communications of the ACM, August

2003. Reprinted with permission

Weighted ranks of threats to information security

vulnerability assessment
Vulnerability Assessment

Table 8-4 Vulnerability assessment of a DMZ router

Management of Information Security, 3rd ed.

Source: Course Technology/Cengage Learning

the tva worksheet cont d
The TVA Worksheet (cont’d.)

Table 8-5 Sample TVA spreadsheet

Source: Course Technology/Cengage Learning

introduction to risk assessment
Introduction to Risk Assessment
  • The goal is to create a method to evaluate the relative risk of each listed vulnerability

Figure 8-3 Risk identification estimate factors

Source: Course Technology/Cengage Learning

risk determination example 1
Risk Determination – Example 1

Asset A has a value of 50 and has one vulnerability, which has a likelihood of 1.0 with no current controls. Your assumptions and data are 90% accurate

risk determination example 2
Risk Determination – Example 2

Asset B has a value of 100 and has two vulnerabilities:

  • vulnerability #1 has a likelihood of 0.5 with a current control that addresses 50% of its risk
  • vulnerability # 2 has a likelihood of 0.1 with no current controls.

Your assumptions and data are 80% accurate