SlideShare a Scribd company logo

Risk Management

Download as PPTX, PDF
Vishal Sharma
Vishal Sharma
Education
1 of 20
BÜROTEX GmbH Vishal Sharma Information Security Consultant/Solution Developer
RISK It is the uncertainty of outcome whether positive opportunity or negative threat. Some commonly Known terms:  Asset : It is something which should be protected  Asset Valuation: It is a value assigned to an asset based on actual cost and nonmonetary expenses
 Threats : Any occurrence that could cause an undesirable or unwanted outcome for an organization for a specific threat  Vulnerability: The absence of weakness of a safeguard or countermeasure  Exposure: It is being susceptible to asset loss because of a threat
 Safeguard: A safeguard or a countermeasure, is anything that removes a vulnerability  Attack: An exploitation of a vulnerability by a threat agent  Breach : The occurrence of a security mechanism being bypassed
Threats • Exploits Assets Vulnerabilities • Whch are • Which endangered results in by Safeguard Exposure • Which • Which is protects Risk • Which is mitigated by
Factors for Asset Valuation:  Purchase Cost  Development Cost  Administrative Cost  Maintaining or Upkeep Cost  Cost in Acquiring asset  Cost to protect or sustain asset  Value to Owners and users
 Value to Competitors  Intellectual property or equity Value  Market valuation  Replacement Cost  Productivity enhancement or degradation  Operational cost of asset presence and Loss  Liability of asset loss  Usefulness
Next logical step is to calculate Threats:  Viruses  Cascade errors and Dependency Faults  Criminal activities by authorized users  Movements  Intentional Attacks  Reorganization
 Authorized user illness  Hackers  User errors  Natural Disasters  Physical Damage  Misuse of data, resource, or services  Changes or compromises to data classification or security policies  Government, political, or military intrusions or restrictions
 Processing errors, buffer overflows  Personal privilege abuse  Temperature extremes  Energy anomalies  Loss of data  Information Warfare  Bankruptcy or alteration/ interruption of business activity
 Coding/programming errors  Intruders  Environmental factors  Equipment Failures  Physical Theft  Social Engineering
Risk Analysis  Quantitative : It results in Concrete Probability Percentage  Qualitative: This is more scenario based, it requires: Brainstorming Delphi Technique
 Story boarding  Focus groups  Surveys  Questionnaires  Checklists  One-on-one Meetings  Interviews
Quantative Analysis, major steps involved:  Countermeasures for each threat  Calculate the changes to Aro and ALE based on applied counter measure  Perform a cost benefit analysis of each counter measure for each asset
 AV : Inventory assets and sign a Value  EF : Calculate exposure factors, possible threat of each individual asset  SLE: Single Loss Expectancy,  ARO: Annualized rate of occurrence  ALE: Annualized Loss expectancy
Cost Functions  Exposure factors : % loss, if specific asset were violated by a realized risk  SLE : AV*EF  ARO : It could be derived from historical records, statistical analysis or guess work. Basically it‘s a probability determination  ALE : SLE*ARO
 ACS : Annual cost of safeguard, € per year, which involves following factors: Cost of purchase, development and licensing Cost of implementation and customization Cost of annual operation, maintenance, administration and so on Cost of annual repairs and upgrades
Productivity improvement or loss Changes to environment Cost of testing and evaluation  Value or benefit of a safe guard: =(ALE1-ALE2) – ACS
Note : Value of safeguard to the Company = (ALE before Safegaurd – ALE after implementing safeguard) – (Annual cost of Safeguard)
Thank You

Recommended

Bay Dynamics
Bay DynamicsBay Dynamics
Bay Dynamics
Meg Vorland
 
App Showcase: Compliance
App Showcase: ComplianceApp Showcase: Compliance
App Showcase: Compliance
Resolver Inc.
 
Hernan Huwyler - 10 risk concepts to throw on the bonfire
Hernan Huwyler - 10 risk concepts to throw on the bonfireHernan Huwyler - 10 risk concepts to throw on the bonfire
Hernan Huwyler - 10 risk concepts to throw on the bonfire
Hernan Huwyler, MBA CPA
 
PEO Risk Management Advisor - August 2011
PEO Risk Management Advisor - August 2011PEO Risk Management Advisor - August 2011
PEO Risk Management Advisor - August 2011
PEO Risk Management Advisor
 
Quantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal AuditQuantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal Audit
Hernan Huwyler, MBA CPA
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Hernan Huwyler, MBA CPA
 
Security Site Surveys and Risk Assessments
Security Site Surveys and Risk AssessmentsSecurity Site Surveys and Risk Assessments
Security Site Surveys and Risk Assessments
Enterprise Security Risk Management
 
Building Risk Management into Enterprise Architecture
Building Risk Management into Enterprise ArchitectureBuilding Risk Management into Enterprise Architecture
Building Risk Management into Enterprise Architecture
iasaglobal
 

Recommended

Bay Dynamics
Bay DynamicsBay Dynamics
Bay Dynamics
Meg Vorland
 
App Showcase: Compliance
App Showcase: ComplianceApp Showcase: Compliance
App Showcase: Compliance
Resolver Inc.
 
Hernan Huwyler - 10 risk concepts to throw on the bonfire
Hernan Huwyler - 10 risk concepts to throw on the bonfireHernan Huwyler - 10 risk concepts to throw on the bonfire
Hernan Huwyler - 10 risk concepts to throw on the bonfire
Hernan Huwyler, MBA CPA
 
PEO Risk Management Advisor - August 2011
PEO Risk Management Advisor - August 2011PEO Risk Management Advisor - August 2011
PEO Risk Management Advisor - August 2011
PEO Risk Management Advisor
 
Quantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal AuditQuantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal Audit
Hernan Huwyler, MBA CPA
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Hernan Huwyler, MBA CPA
 
Security Site Surveys and Risk Assessments
Security Site Surveys and Risk AssessmentsSecurity Site Surveys and Risk Assessments
Security Site Surveys and Risk Assessments
Enterprise Security Risk Management
 
Building Risk Management into Enterprise Architecture
Building Risk Management into Enterprise ArchitectureBuilding Risk Management into Enterprise Architecture
Building Risk Management into Enterprise Architecture
iasaglobal
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)
Jan Wong
 
Presenting Metrics to the Executive Team
Presenting Metrics to the Executive TeamPresenting Metrics to the Executive Team
Presenting Metrics to the Executive Team
John D. Johnson
 
Osprey Bank Risk
Osprey Bank RiskOsprey Bank Risk
Osprey Bank Risk
pakelly
 
Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks
Hernan Huwyler, MBA CPA
 
Cybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopCybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy Workshop
Life Cycle Engineering
 
Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Risk
phanleson
 
Chaiyakorn
ChaiyakornChaiyakorn
Chaiyakorn
Narinrit Prem-apiwathanokul
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
Samuel Loomis
 
Insurance
InsuranceInsurance
Insurance
sukesh gowda
 
Risks in cc
Risks in ccRisks in cc
Risks in cc
RubaNagarajan
 
Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines School
Hernan Huwyler, MBA CPA
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
eeaches
 
Business cases for software security
Business cases for software securityBusiness cases for software security
Business cases for software security
Marco Morana
 
Deepak Jaiswal Resume2
Deepak Jaiswal Resume2Deepak Jaiswal Resume2
Deepak Jaiswal Resume2
Deepak jaiswal
 
Ict homework
Ict homeworkIct homework
Ict homework
Fayza Sakina Maghfira
 
Risø energy report 10
Risø energy report 10Risø energy report 10
Risø energy report 10
Glenn Klith Andersen
 
Presentation Guaraní Partnership
Presentation Guaraní PartnershipPresentation Guaraní Partnership
Presentation Guaraní Partnership
Iwl Pcu
 
Open Data und interaktive Datenvisualisierungen
Open Data und interaktive DatenvisualisierungenOpen Data und interaktive Datenvisualisierungen
Open Data und interaktive Datenvisualisierungen
Matthias Stürmer
 
RA FACE 2011
RA FACE 2011RA FACE 2011
RA FACE 2011
Fondation Agir Contre l'Exclusion
 
Sexualidad segun el plan de dios
Sexualidad segun el plan de diosSexualidad segun el plan de dios
Sexualidad segun el plan de dios
Miguel Ángel Nuñez
 
Testing
TestingTesting
Testing
lorenceman
 

More Related Content

What's hot

Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Risk
phanleson
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
Samuel Loomis
 

What's hot (14)

Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)
 
Presenting Metrics to the Executive Team
Presenting Metrics to the Executive TeamPresenting Metrics to the Executive Team
Presenting Metrics to the Executive Team
 
Osprey Bank Risk
Osprey Bank RiskOsprey Bank Risk
Osprey Bank Risk
 
Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks
 
Cybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopCybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy Workshop
 
Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Risk
 
Chaiyakorn
ChaiyakornChaiyakorn
Chaiyakorn
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
 
Insurance
InsuranceInsurance
Insurance
 
Risks in cc
Risks in ccRisks in cc
Risks in cc
 
Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines School
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
 
Business cases for software security
Business cases for software securityBusiness cases for software security
Business cases for software security
 

Viewers also liked

Deepak Jaiswal Resume2
Deepak Jaiswal Resume2Deepak Jaiswal Resume2
Deepak Jaiswal Resume2
Deepak jaiswal
 
Presentation Guaraní Partnership
Presentation Guaraní PartnershipPresentation Guaraní Partnership
Presentation Guaraní Partnership
Iwl Pcu
 

Viewers also liked (7)

Deepak Jaiswal Resume2
Deepak Jaiswal Resume2Deepak Jaiswal Resume2
Deepak Jaiswal Resume2
 
Ict homework
Ict homeworkIct homework
Ict homework
 
Risø energy report 10
Risø energy report 10Risø energy report 10
Risø energy report 10
 
Presentation Guaraní Partnership
Presentation Guaraní PartnershipPresentation Guaraní Partnership
Presentation Guaraní Partnership
 
Open Data und interaktive Datenvisualisierungen
Open Data und interaktive DatenvisualisierungenOpen Data und interaktive Datenvisualisierungen
Open Data und interaktive Datenvisualisierungen
 
RA FACE 2011
RA FACE 2011RA FACE 2011
RA FACE 2011
 
Sexualidad segun el plan de dios
Sexualidad segun el plan de diosSexualidad segun el plan de dios
Sexualidad segun el plan de dios
 

Similar to Risk Management

CHAPTER 1Risk Management FundamentalsCopyright © 202
CHAPTER 1Risk Management FundamentalsCopyright © 202CHAPTER 1Risk Management FundamentalsCopyright © 202
CHAPTER 1Risk Management FundamentalsCopyright © 202
EstelaJeffery653
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
ciso_insights
 
RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™
CPaschal
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Hernan Huwyler, MBA CPA
 
RiskWatch for Physical & Homeland Security™
RiskWatch for Physical & Homeland Security™RiskWatch for Physical & Homeland Security™
RiskWatch for Physical & Homeland Security™
CPaschal
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
7wounders
 
Rational application-security-071411
Rational application-security-071411Rational application-security-071411
Rational application-security-071411
Scott Althouse
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
Jyothi Satyanathan
 

Similar to Risk Management (20)

Testing
TestingTesting
Testing
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Management
 
CHAPTER 1Risk Management FundamentalsCopyright © 202
CHAPTER 1Risk Management FundamentalsCopyright © 202CHAPTER 1Risk Management FundamentalsCopyright © 202
CHAPTER 1Risk Management FundamentalsCopyright © 202
 
Cissp combined notes
Cissp combined notesCissp combined notes
Cissp combined notes
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworks
 
RiskWatch for Physical & Homeland Security™
RiskWatch for Physical & Homeland Security™RiskWatch for Physical & Homeland Security™
RiskWatch for Physical & Homeland Security™
 
File000170
File000170File000170
File000170
 
Risk Assessment Methodologies
Risk Assessment MethodologiesRisk Assessment Methodologies
Risk Assessment Methodologies
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
 
SecurityExchange2009-Key Note
SecurityExchange2009-Key NoteSecurityExchange2009-Key Note
SecurityExchange2009-Key Note
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
 
Application Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 FinalApplication Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 Final
 
Rational application-security-071411
Rational application-security-071411Rational application-security-071411
Rational application-security-071411
 
TrustedAgent GRC for Vulnerability Management and Continuous Monitoring
TrustedAgent GRC for Vulnerability Management and Continuous MonitoringTrustedAgent GRC for Vulnerability Management and Continuous Monitoring
TrustedAgent GRC for Vulnerability Management and Continuous Monitoring
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 

Recently uploaded

SPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code ExamplesSPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code Examples
Peter Brusilovsky
 
Including Mental Health Support in Project Delivery, 14 May.pdf
Including Mental Health Support in Project Delivery, 14 May.pdfIncluding Mental Health Support in Project Delivery, 14 May.pdf
Including Mental Health Support in Project Delivery, 14 May.pdf
Association for Project Management
 
Personalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes GuàrdiaPersonalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes Guàrdia
EADTU
 
SURVEY I created for uni project research
SURVEY I created for uni project researchSURVEY I created for uni project research
SURVEY I created for uni project research
CaitlinCummins3
 
Orientation Canvas Course Presentation.pdf
Orientation Canvas Course Presentation.pdfOrientation Canvas Course Presentation.pdf
Orientation Canvas Course Presentation.pdf
Elizabeth Walsh
 
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MysoreMuleSoftMeetup
 

Recently uploaded (20)

SPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code ExamplesSPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code Examples
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Rich Dad Poor Dad ( PDFDrive.com )--.pdf
Rich Dad Poor Dad ( PDFDrive.com )--.pdfRich Dad Poor Dad ( PDFDrive.com )--.pdf
Rich Dad Poor Dad ( PDFDrive.com )--.pdf
 
21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx
 
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfFICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
 
PUBLIC FINANCE AND TAXATION COURSE-1-4.pdf
PUBLIC FINANCE AND TAXATION COURSE-1-4.pdfPUBLIC FINANCE AND TAXATION COURSE-1-4.pdf
PUBLIC FINANCE AND TAXATION COURSE-1-4.pdf
 
Including Mental Health Support in Project Delivery, 14 May.pdf
Including Mental Health Support in Project Delivery, 14 May.pdfIncluding Mental Health Support in Project Delivery, 14 May.pdf
Including Mental Health Support in Project Delivery, 14 May.pdf
 
OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...
 
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
 
Graduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxGraduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptx
 
Personalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes GuàrdiaPersonalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes Guàrdia
 
Diuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdf
Diuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdfDiuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdf
Diuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdf
 
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdfUGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
 
UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
 
SURVEY I created for uni project research
SURVEY I created for uni project researchSURVEY I created for uni project research
SURVEY I created for uni project research
 
Orientation Canvas Course Presentation.pdf
Orientation Canvas Course Presentation.pdfOrientation Canvas Course Presentation.pdf
Orientation Canvas Course Presentation.pdf
 
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
 
How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17
 

Risk Management

  • 1. BÜROTEX GmbH Vishal Sharma Information Security Consultant/Solution Developer
  • 2. RISK It is the uncertainty of outcome whether positive opportunity or negative threat. Some commonly Known terms:  Asset : It is something which should be protected  Asset Valuation: It is a value assigned to an asset based on actual cost and nonmonetary expenses
  • 3. Threats : Any occurrence that could cause an undesirable or unwanted outcome for an organization for a specific threat  Vulnerability: The absence of weakness of a safeguard or countermeasure  Exposure: It is being susceptible to asset loss because of a threat
  • 4. Safeguard: A safeguard or a countermeasure, is anything that removes a vulnerability  Attack: An exploitation of a vulnerability by a threat agent  Breach : The occurrence of a security mechanism being bypassed
  • 5. Threats • Exploits Assets Vulnerabilities • Whch are • Which endangered results in by Safeguard Exposure • Which • Which is protects Risk • Which is mitigated by
  • 6. Factors for Asset Valuation:  Purchase Cost  Development Cost  Administrative Cost  Maintaining or Upkeep Cost  Cost in Acquiring asset  Cost to protect or sustain asset  Value to Owners and users
  • 7. Value to Competitors  Intellectual property or equity Value  Market valuation  Replacement Cost  Productivity enhancement or degradation  Operational cost of asset presence and Loss  Liability of asset loss  Usefulness
  • 8. Next logical step is to calculate Threats:  Viruses  Cascade errors and Dependency Faults  Criminal activities by authorized users  Movements  Intentional Attacks  Reorganization
  • 9. Authorized user illness  Hackers  User errors  Natural Disasters  Physical Damage  Misuse of data, resource, or services  Changes or compromises to data classification or security policies  Government, political, or military intrusions or restrictions
  • 10. Processing errors, buffer overflows  Personal privilege abuse  Temperature extremes  Energy anomalies  Loss of data  Information Warfare  Bankruptcy or alteration/ interruption of business activity
  • 11. Coding/programming errors  Intruders  Environmental factors  Equipment Failures  Physical Theft  Social Engineering
  • 12. Risk Analysis  Quantitative : It results in Concrete Probability Percentage  Qualitative: This is more scenario based, it requires: Brainstorming Delphi Technique
  • 13. Story boarding  Focus groups  Surveys  Questionnaires  Checklists  One-on-one Meetings  Interviews
  • 14. Quantative Analysis, major steps involved:  Countermeasures for each threat  Calculate the changes to Aro and ALE based on applied counter measure  Perform a cost benefit analysis of each counter measure for each asset
  • 15.  AV : Inventory assets and sign a Value  EF : Calculate exposure factors, possible threat of each individual asset  SLE: Single Loss Expectancy,  ARO: Annualized rate of occurrence  ALE: Annualized Loss expectancy
  • 16. Cost Functions  Exposure factors : % loss, if specific asset were violated by a realized risk  SLE : AV*EF  ARO : It could be derived from historical records, statistical analysis or guess work. Basically it‘s a probability determination  ALE : SLE*ARO
  • 17. ACS : Annual cost of safeguard, € per year, which involves following factors: Cost of purchase, development and licensing Cost of implementation and customization Cost of annual operation, maintenance, administration and so on Cost of annual repairs and upgrades
  • 18. Productivity improvement or loss Changes to environment Cost of testing and evaluation  Value or benefit of a safe guard: =(ALE1-ALE2) – ACS
  • 19. Note : Value of safeguard to the Company = (ALE before Safegaurd – ALE after implementing safeguard) – (Annual cost of Safeguard)