SlideShare une entreprise Scribd logo

Ch07 Managing Risk

P
phanleson
BusinessTechnologie
1  sur  22
Télécharger pour lire hors ligne
Lesson 7-Managing Risk
Overview Defining risk. Identifying the risk to an organization. Measuring risk.
Defining Risk Risk is the potential for loss that requires protection. Risk management provides a basis for valuing an organization’s information assets. Risk is the measure of vulnerabilities and threats.
Defining Risk Vulnerability Threats
Vulnerability Vulnerabilities make computer systems and networks prone to technical, non-technical, or social engineering attacks. It is characterized by the difficulty and the level of technical skill that is required to exploit it. The result of such exploitation must also be considered.
Threat A threat is an action or event that violates the security of an information system environment. It can have multiple targets. The components of threat are targets, agents, and events.
Targets The targets of threat or attack are security services such as: Confidentiality - Disclosure of classified information to unauthorized individuals. Integrity - Tampering of information. Availability - Denial-of-service attack. Accountability - Prevents organization from reconstructing past events.
Agents (1/2) The characteristics of agents who are the people who may wish to harm the organization are: Access - An agent must have direct or indirect access to system, network, facility, or information. Knowledge - An agent must have some knowledge about the target. More familiar an agent is with the target, more likely the agent will know about the vulnerabilities. Motivation - An agent may tamper with information as a challenge, greed to gain something, or purely with a malicious intent.
Agents (2/2) A threat occurs when an agent with access and knowledge gains motivation to take action. Such agents could be: Employees having necessary access and knowledge to systems. Ex-employees having any grudges. Hackers, terrorists, and criminals with a malicious intent to harm the organization. Commercial rivals who are interested in classified business information of the organization.
Events Events are the ways in which an agent of threat may cause harm to an organization. It is the extent of harm that could possibly be done if the agent gained access.
Risk and How to Identify the Risk to an Organization Risk is the combination of threat and vulnerability. Risks can be categorized as low, medium, or high-risk.
Identifying Vulnerabilities To identify specific vulnerabilities: Locate all the entry points (electronic and physical) to the organization. Identify system configurations. Identify which information and systems are accessible. Include any known vulnerabilities in operating systems and applications.
Identifying Real Threats Real or targeted threats may not show themselves until an event has occurred. All targeted threats are time-consuming and difficult.
Examining Countermeasures Countermeasures for each access point within an organization must be identified. Some of the countermeasures include firewalls, anti-virus software, access control mechanisms, and biometrics.
Identifying Risk Identify specific risks to the organization. Identify what possible harm can be done through each access point. Rate each risk as high risk, medium risk, or low risk. The same vulnerability may pose different levels of risk based on the access point.
Measuring Risk Risks can be measured in terms of: Money. Time. Resources. Reputation and lost business.
Money The cost for managing risks include: Lost productivity. Stolen equipment or money. Cost of an investigation. Cost to repair or replace systems. Cost of experts to assist. Employee overtime.
Time The amount of time taken to manage risks may include: The time a technical staff member is unavailable to perform normal tasks due to a security event. The downtime of a key system. Delay in product delivery or service.
Resources Includes people, systems, communication lines, applications, or access as resources. Computes the monetary cost of using a resource to troubleshoot.
Reputation and Lost Business Data compromise can affect the organization’s reputation. Future business is in jeopardy as people lose faith in the brand name. Losses due to system failures and production delay cannot be ruled out.
Measuring Risk To measure risk: Identify the extent of risk – best case, worst case, or most likely case. Identify the damage in terms of money, time, resources, reputation, and lost business. Identify the cost of restoration. Examine the potential results in each risk measurement area. Develop appropriate risk management approaches.
Summary Security is managing risk. To identify risks, identify vulnerabilities, and threats. Examine countermeasures for each risk. Identify the extent of risk. Measure risk in terms of money, time, resources, reputation, and lost business.

Recommandé

Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
Nada G.Youssef
 
Chapter 12: Business Continuity Management
Chapter 12: Business Continuity ManagementChapter 12: Business Continuity Management
Chapter 12: Business Continuity Management
Nada G.Youssef
 
Chapter 9: Access Control Management
Chapter 9: Access Control ManagementChapter 9: Access Control Management
Chapter 9: Access Control Management
Nada G.Youssef
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
Nada G.Youssef
 
Chapter 5: Asset Management
Chapter 5: Asset ManagementChapter 5: Asset Management
Chapter 5: Asset Management
Nada G.Youssef
 
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
Haris Chughtai
 
Information risk management
Information risk managementInformation risk management
Information risk management
Akash Saraswat
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 

Recommandé

Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
Nada G.Youssef
 
Chapter 12: Business Continuity Management
Chapter 12: Business Continuity ManagementChapter 12: Business Continuity Management
Chapter 12: Business Continuity Management
Nada G.Youssef
 
Chapter 9: Access Control Management
Chapter 9: Access Control ManagementChapter 9: Access Control Management
Chapter 9: Access Control Management
Nada G.Youssef
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
Nada G.Youssef
 
Chapter 5: Asset Management
Chapter 5: Asset ManagementChapter 5: Asset Management
Chapter 5: Asset Management
Nada G.Youssef
 
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
Haris Chughtai
 
Information risk management
Information risk managementInformation risk management
Information risk management
Akash Saraswat
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Information security
Information securityInformation security
Information security
AlaaMahmoud108
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & Metrics
Marius FAILLOT DEVARRE
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
Symantec Brasil
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
R_Yanus
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
Evolve IP
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial Institutions
Colleen Beck-Domanico
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Edureka!
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
AbimbolaFisher1
 
Chapter 8: Communications and Operations Security
Chapter 8: Communications and Operations SecurityChapter 8: Communications and Operations Security
Chapter 8: Communications and Operations Security
Nada G.Youssef
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAM
BGA Cyber Security
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptx
Vivek Chauhan
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Web Security Attacks
Web Security AttacksWeb Security Attacks
Web Security Attacks
Sajid Hasan
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
Marin Ivezic
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
Govt. P.G. College Sendhwa, Barwani (M.P.)
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
Ch18 Internet Security
Ch18 Internet SecurityCh18 Internet Security
Ch18 Internet Security
phanleson
 
Ch11 Vpn
Ch11 VpnCh11 Vpn
Ch11 Vpn
phanleson
 

Contenu connexe

Tendances

Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
R_Yanus
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
 

Tendances (20)

Information security
Information securityInformation security
Information security
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & Metrics
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
Information security
Information securityInformation security
Information security
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial Institutions
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
Chapter 8: Communications and Operations Security
Chapter 8: Communications and Operations SecurityChapter 8: Communications and Operations Security
Chapter 8: Communications and Operations Security
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAM
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptx
 
Information security
Information securityInformation security
Information security
 
Web Security Attacks
Web Security AttacksWeb Security Attacks
Web Security Attacks
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 

En vedette

Ch18 Internet Security
Ch18 Internet SecurityCh18 Internet Security
Ch18 Internet Security
phanleson
 
Ch20 Wireless Security
Ch20 Wireless SecurityCh20 Wireless Security
Ch20 Wireless Security
phanleson
 
Ch14 Desktop Protection
Ch14 Desktop ProtectionCh14 Desktop Protection
Ch14 Desktop Protection
phanleson
 
Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryption
phanleson
 
Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practices
phanleson
 

En vedette (8)

Ch18 Internet Security
Ch18 Internet SecurityCh18 Internet Security
Ch18 Internet Security
 
Ch11 Vpn
Ch11 VpnCh11 Vpn
Ch11 Vpn
 
Ch20 Wireless Security
Ch20 Wireless SecurityCh20 Wireless Security
Ch20 Wireless Security
 
Ch14 Desktop Protection
Ch14 Desktop ProtectionCh14 Desktop Protection
Ch14 Desktop Protection
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.com
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryption
 
Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practices
 

Similaire à Ch07 Managing Risk

Create your own variant of both a hiring and a termination policy rela.docx
Create your own variant of both a hiring and a termination policy rela.docxCreate your own variant of both a hiring and a termination policy rela.docx
Create your own variant of both a hiring and a termination policy rela.docx
earleanp
 
Describe two methods for communicating the material in an Informatio.pdf
Describe two methods for communicating the material in an Informatio.pdfDescribe two methods for communicating the material in an Informatio.pdf
Describe two methods for communicating the material in an Informatio.pdf
archgeetsenterprises
 
New Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationNew Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise Infilteration
Shritam Bhowmick
 
4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx
4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx
4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx
gilbertkpeters11344
 
ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...
ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...
ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...
PECB
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
amrutharam
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
Nicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security background
Nicholas Davis
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
ciso_insights
 

Similaire à Ch07 Managing Risk (20)

REPORTING IAS101djfjfjffjfjfjjfjfjjf.pptx
REPORTING IAS101djfjfjffjfjfjjfjfjjf.pptxREPORTING IAS101djfjfjffjfjfjjfjfjjf.pptx
REPORTING IAS101djfjfjffjfjfjjfjfjjf.pptx
 
IAS101REPORTINGINFORMATIONRISKBSIT3B.pptx
IAS101REPORTINGINFORMATIONRISKBSIT3B.pptxIAS101REPORTINGINFORMATIONRISKBSIT3B.pptx
IAS101REPORTINGINFORMATIONRISKBSIT3B.pptx
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 
Create your own variant of both a hiring and a termination policy rela.docx
Create your own variant of both a hiring and a termination policy rela.docxCreate your own variant of both a hiring and a termination policy rela.docx
Create your own variant of both a hiring and a termination policy rela.docx
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
 
Best Open Threat Management Platform in USA
Best Open Threat Management Platform in USABest Open Threat Management Platform in USA
Best Open Threat Management Platform in USA
 
Describe two methods for communicating the material in an Informatio.pdf
Describe two methods for communicating the material in an Informatio.pdfDescribe two methods for communicating the material in an Informatio.pdf
Describe two methods for communicating the material in an Informatio.pdf
 
New Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationNew Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise Infilteration
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
 
web application penetration testing.pptx
web application penetration testing.pptxweb application penetration testing.pptx
web application penetration testing.pptx
 
Outsourcing
OutsourcingOutsourcing
Outsourcing
 
4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx
4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx
4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx
 
ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...
ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...
ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...
 
Red Team Assessment | Cyber Security - 2023.pdf
Red Team Assessment | Cyber Security - 2023.pdfRed Team Assessment | Cyber Security - 2023.pdf
Red Team Assessment | Cyber Security - 2023.pdf
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Information security background
Information security backgroundInformation security background
Information security background
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
 
It risk assessment
It risk assessmentIt risk assessment
It risk assessment
 

Plus de phanleson

Lecture 1 - Getting to know XML
Lecture 1 - Getting to know XMLLecture 1 - Getting to know XML
Lecture 1 - Getting to know XML
phanleson
 

Plus de phanleson (20)

Learning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with SparkLearning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with Spark
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewalls
 
Mobile Security - Wireless hacking
Mobile Security - Wireless hackingMobile Security - Wireless hacking
Mobile Security - Wireless hacking
 
Authentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless ProtocolsAuthentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless Protocols
 
E-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server AttacksE-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server Attacks
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applications
 
HBase In Action - Chapter 04: HBase table design
HBase In Action - Chapter 04: HBase table designHBase In Action - Chapter 04: HBase table design
HBase In Action - Chapter 04: HBase table design
 
HBase In Action - Chapter 10 - Operations
HBase In Action - Chapter 10 - OperationsHBase In Action - Chapter 10 - Operations
HBase In Action - Chapter 10 - Operations
 
Hbase in action - Chapter 09: Deploying HBase
Hbase in action - Chapter 09: Deploying HBaseHbase in action - Chapter 09: Deploying HBase
Hbase in action - Chapter 09: Deploying HBase
 
Learning spark ch11 - Machine Learning with MLlib
Learning spark ch11 - Machine Learning with MLlibLearning spark ch11 - Machine Learning with MLlib
Learning spark ch11 - Machine Learning with MLlib
 
Learning spark ch10 - Spark Streaming
Learning spark ch10 - Spark StreamingLearning spark ch10 - Spark Streaming
Learning spark ch10 - Spark Streaming
 
Learning spark ch09 - Spark SQL
Learning spark ch09 - Spark SQLLearning spark ch09 - Spark SQL
Learning spark ch09 - Spark SQL
 
Learning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a ClusterLearning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a Cluster
 
Learning spark ch06 - Advanced Spark Programming
Learning spark ch06 - Advanced Spark ProgrammingLearning spark ch06 - Advanced Spark Programming
Learning spark ch06 - Advanced Spark Programming
 
Learning spark ch05 - Loading and Saving Your Data
Learning spark ch05 - Loading and Saving Your DataLearning spark ch05 - Loading and Saving Your Data
Learning spark ch05 - Loading and Saving Your Data
 
Learning spark ch04 - Working with Key/Value Pairs
Learning spark ch04 - Working with Key/Value PairsLearning spark ch04 - Working with Key/Value Pairs
Learning spark ch04 - Working with Key/Value Pairs
 
Learning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with SparkLearning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with Spark
 
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about LibertagiaHướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
 
Lecture 1 - Getting to know XML
Lecture 1 - Getting to know XMLLecture 1 - Getting to know XML
Lecture 1 - Getting to know XML
 
Lecture 4 - Adding XTHML for the Web
Lecture 4 - Adding XTHML for the WebLecture 4 - Adding XTHML for the Web
Lecture 4 - Adding XTHML for the Web
 

Dernier

BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
dollysharma2066
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
lizamodels9
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
Renandantas16
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
dlhescort
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
lizamodels9
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
amitlee9823
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Dipal Arora
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 

Dernier (20)

BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 

Ch07 Managing Risk

  • 2. Overview Defining risk. Identifying the risk to an organization. Measuring risk.
  • 3. Defining Risk Risk is the potential for loss that requires protection. Risk management provides a basis for valuing an organization’s information assets. Risk is the measure of vulnerabilities and threats.
  • 5. Vulnerability Vulnerabilities make computer systems and networks prone to technical, non-technical, or social engineering attacks. It is characterized by the difficulty and the level of technical skill that is required to exploit it. The result of such exploitation must also be considered.
  • 6. Threat A threat is an action or event that violates the security of an information system environment. It can have multiple targets. The components of threat are targets, agents, and events.
  • 7. Targets The targets of threat or attack are security services such as: Confidentiality - Disclosure of classified information to unauthorized individuals. Integrity - Tampering of information. Availability - Denial-of-service attack. Accountability - Prevents organization from reconstructing past events.
  • 8. Agents (1/2) The characteristics of agents who are the people who may wish to harm the organization are: Access - An agent must have direct or indirect access to system, network, facility, or information. Knowledge - An agent must have some knowledge about the target. More familiar an agent is with the target, more likely the agent will know about the vulnerabilities. Motivation - An agent may tamper with information as a challenge, greed to gain something, or purely with a malicious intent.
  • 9. Agents (2/2) A threat occurs when an agent with access and knowledge gains motivation to take action. Such agents could be: Employees having necessary access and knowledge to systems. Ex-employees having any grudges. Hackers, terrorists, and criminals with a malicious intent to harm the organization. Commercial rivals who are interested in classified business information of the organization.
  • 10. Events Events are the ways in which an agent of threat may cause harm to an organization. It is the extent of harm that could possibly be done if the agent gained access.
  • 11. Risk and How to Identify the Risk to an Organization Risk is the combination of threat and vulnerability. Risks can be categorized as low, medium, or high-risk.
  • 12. Identifying Vulnerabilities To identify specific vulnerabilities: Locate all the entry points (electronic and physical) to the organization. Identify system configurations. Identify which information and systems are accessible. Include any known vulnerabilities in operating systems and applications.
  • 13. Identifying Real Threats Real or targeted threats may not show themselves until an event has occurred. All targeted threats are time-consuming and difficult.
  • 14. Examining Countermeasures Countermeasures for each access point within an organization must be identified. Some of the countermeasures include firewalls, anti-virus software, access control mechanisms, and biometrics.
  • 15. Identifying Risk Identify specific risks to the organization. Identify what possible harm can be done through each access point. Rate each risk as high risk, medium risk, or low risk. The same vulnerability may pose different levels of risk based on the access point.
  • 16. Measuring Risk Risks can be measured in terms of: Money. Time. Resources. Reputation and lost business.
  • 17. Money The cost for managing risks include: Lost productivity. Stolen equipment or money. Cost of an investigation. Cost to repair or replace systems. Cost of experts to assist. Employee overtime.
  • 18. Time The amount of time taken to manage risks may include: The time a technical staff member is unavailable to perform normal tasks due to a security event. The downtime of a key system. Delay in product delivery or service.
  • 19. Resources Includes people, systems, communication lines, applications, or access as resources. Computes the monetary cost of using a resource to troubleshoot.
  • 20. Reputation and Lost Business Data compromise can affect the organization’s reputation. Future business is in jeopardy as people lose faith in the brand name. Losses due to system failures and production delay cannot be ruled out.
  • 21. Measuring Risk To measure risk: Identify the extent of risk – best case, worst case, or most likely case. Identify the damage in terms of money, time, resources, reputation, and lost business. Identify the cost of restoration. Examine the potential results in each risk measurement area. Develop appropriate risk management approaches.
  • 22. Summary Security is managing risk. To identify risks, identify vulnerabilities, and threats. Examine countermeasures for each risk. Identify the extent of risk. Measure risk in terms of money, time, resources, reputation, and lost business.