SlideShare une entreprise Scribd logo

Risk Mitigation

Télécharger en tant que PPTX, PDF
P
primeteacher32

Risk Mitigation

Carrière
1  sur  7
RISK MITIGATION
INTRODUCTION • Risk is at heart of information security • Some risks have small impact and can be easily managed, other risks can threaten very existence of business • Multifaceted approach to managing risk in information security: • Control risk • Develop security policy • Maintain user awareness and training
CONTROLLING RISK • Risk - Situation that involves exposure to some type of danger • Not all events that first appear to be risk may actually result in a risk: • False positive - Event considered be a risk yet turns out not to be one • False negative - Event that does not appear to be risk but actually turns out to be one
REDUCING RISK • Several different approaches used to reduce risk • Can modify the response to the risk instead of merely accepting the risk • Different risk responses: • Transference - Make third party responsible for the risk • Risk avoidance - Identifying the risk and making the decision not engage in activity. • Mitigation - Address the risk by making it less serious • Simple Risk Model organizes risks as: • Preventive - Considered most effective since they minimize possibility of loss by preventing the risk from occurring • Detective - Least effective but most often used that identify event after has occurred • Corrective- Minimize impact by restoring system to its state at point before event; may still result in some degree of loss • Management risk control types - Administrative in their nature and are laws, regulations, policies, practices, and guidelines that govern overall requirements and controls • Technical risk control types - Enforcing technology to control risk (Examples: antivirus software, firewalls, encryption) • Operational risk control types - Cover operational procedures to limit risk; may include using video surveillance systems and barricades to limit access to secure sites
REDUCING RISK: MANAGERIAL PERSPECTIVE • One approach looks at mitigating risk from the managerial perspective • Most common elements: • Privilege management - Process of assigning and revoking privileges to objects and covers procedures of managing object authorizations • Change management - Methodology for making modifications and keeping track of changes • Incident management - The “framework” and functions required to enable incident response and incident handling within an organization • Various methods are used to calculate risk
PHASES TO CALCULATING RISK CALCULATION • 1. Likelihood of Risk • Historical data valuable in providing information on risk likelihood • Measured either by Qualitative or Quantitative means • Mean Time To Failure (MTTF) - Basic measure of reliability for systems that cannot be repaired and is average amount of time expected until first failure of equipment • Failure In Time (FIT) - Can report number of expected failures per one billion hours of operation for device • Annualized Rate of Occurrence (ARO) - Likelihood of risk occurring within one year • 2. Impact of Risk • Single Loss Expectancy (SLE) - Expected monetary loss every time a risk occurs; computed by multiplying Asset Value (AV) by Exposure Factor (EF), which is proportion of an asset’s value that is likely to be destroyed by particular risk • Annualized Loss Expectancy (ALE) - Expected monetary loss be expected for asset due to risk over a one-year period; computed by multiplying SLE by ARO, which is the probability that a risk will occur in a particular year • 3. Mitigation of Risk • Security policy is another means of reducing risks
CHECKPOINT • A risk is the likelihood that a threat agent will exploit a vulnerability • Privilege management and change management are risk management approaches • A security policy states how an organization plans to protect its information technology assets • Development and maintenance of a security policy follows a three-phase cycle • Security policies are often broken into sub-policies • Acceptable use policy • Privacy policy • Password management and complexity policy • Disposal and destruction policy • Classification of information policy • Ongoing awareness training provides users with knowledge and skills necessary to support information security

Recommandé

Risk management
Risk managementRisk management
Risk managementHarold Malamion
 
Risk Management
Risk ManagementRisk Management
Risk Managementcgeorgeo
 
Introduction to Risk Management
Introduction to Risk ManagementIntroduction to Risk Management
Introduction to Risk ManagementFAA Safety Team Central Florida
 
Risk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk MatrixRisk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk MatrixEtQ, Inc.
 
Introduction to risk management
Introduction to risk managementIntroduction to risk management
Introduction to risk managementKannan Subbiah
 
Risk assessment tools and techniques
Risk assessment tools and techniquesRisk assessment tools and techniques
Risk assessment tools and techniquesAhmad Azwang Aisram Omar
 
Risk management
Risk managementRisk management
Risk managementbaderali2141
 
Risk management
Risk managementRisk management
Risk managementBabasab Patil
 

Recommandé

Risk management
Risk managementRisk management
Risk managementHarold Malamion
 
Risk Management
Risk ManagementRisk Management
Risk Managementcgeorgeo
 
Introduction to Risk Management
Introduction to Risk ManagementIntroduction to Risk Management
Introduction to Risk ManagementFAA Safety Team Central Florida
 
Risk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk MatrixRisk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk MatrixEtQ, Inc.
 
Introduction to risk management
Introduction to risk managementIntroduction to risk management
Introduction to risk managementKannan Subbiah
 
Risk assessment tools and techniques
Risk assessment tools and techniquesRisk assessment tools and techniques
Risk assessment tools and techniquesAhmad Azwang Aisram Omar
 
Risk management
Risk managementRisk management
Risk managementbaderali2141
 
Risk management
Risk managementRisk management
Risk managementBabasab Patil
 
Introduction to Business Continuity Management
Introduction to Business Continuity ManagementIntroduction to Business Continuity Management
Introduction to Business Continuity ManagementProf. David E. Alexander (UCL)
 
Risk management
Risk managementRisk management
Risk managementSazzad Hossain, ITP, MBA, CSCA™
 
Risk management
Risk managementRisk management
Risk managementAbhi Kalyan
 
Business Continuity Planning Presentation
Business Continuity Planning PresentationBusiness Continuity Planning Presentation
Business Continuity Planning PresentationThe Chamber For a Greater Chapel Hill-Carrboro
 
Risk Assessment PowerPoint Presentation Slides
Risk Assessment PowerPoint Presentation Slides Risk Assessment PowerPoint Presentation Slides
Risk Assessment PowerPoint Presentation Slides SlideTeam
 
Risk & Risk Management
Risk & Risk ManagementRisk & Risk Management
Risk & Risk Managementansula
 
Risk Management
Risk ManagementRisk Management
Risk ManagementShahan Ullah
 
Risk strategies presentation
Risk strategies presentationRisk strategies presentation
Risk strategies presentationRaven Morgan
 
Crisis Management Strategies When Disaster Strikes
Crisis Management Strategies When Disaster StrikesCrisis Management Strategies When Disaster Strikes
Crisis Management Strategies When Disaster StrikesThe Windsdor Consulting Group, Inc.
 
Qualitative risk analysis
Qualitative risk analysisQualitative risk analysis
Qualitative risk analysissonali talkar
 
Risk identification
Risk identificationRisk identification
Risk identificationmurukkada
 
Risk Management Framework
Risk Management FrameworkRisk Management Framework
Risk Management FrameworkAnand Subramaniam
 
Risk mangement
Risk mangementRisk mangement
Risk mangementcollege
 
Risk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesRisk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesSlideTeam
 
Risk management presentation
Risk management presentationRisk management presentation
Risk management presentationabpeters82
 
Business Continuity Workshop Final
Business Continuity Workshop FinalBusiness Continuity Workshop Final
Business Continuity Workshop FinalBill Lisse
 
Introduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesIntroduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesSlideTeam
 
Risk Management Overview
Risk Management OverviewRisk Management Overview
Risk Management OverviewJIGNESH PADIA
 
Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides SlideTeam
 
What’s & Why’s of Business Continuity Planning (BCP)
What’s & Why’s of Business Continuity Planning (BCP) What’s & Why’s of Business Continuity Planning (BCP)
What’s & Why’s of Business Continuity Planning (BCP) CBIZ, Inc.
 
INFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTSINFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTShenlydailymotion
 
ch01.ppt
ch01.pptch01.ppt
ch01.pptsamsam693199
 

Contenu connexe

Tendances

Risk Assessment PowerPoint Presentation Slides
Risk Assessment PowerPoint Presentation Slides Risk Assessment PowerPoint Presentation Slides
Risk Assessment PowerPoint Presentation Slides SlideTeam
 
Risk & Risk Management
Risk & Risk ManagementRisk & Risk Management
Risk & Risk Managementansula
 
Risk strategies presentation
Risk strategies presentationRisk strategies presentation
Risk strategies presentationRaven Morgan
 
Qualitative risk analysis
Qualitative risk analysisQualitative risk analysis
Qualitative risk analysissonali talkar
 
Risk identification
Risk identificationRisk identification
Risk identificationmurukkada
 
Risk mangement
Risk mangementRisk mangement
Risk mangementcollege
 
Risk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesRisk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesSlideTeam
 
Risk management presentation
Risk management presentationRisk management presentation
Risk management presentationabpeters82
 
Business Continuity Workshop Final
Business Continuity Workshop FinalBusiness Continuity Workshop Final
Business Continuity Workshop FinalBill Lisse
 
Introduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesIntroduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesSlideTeam
 
Risk Management Overview
Risk Management OverviewRisk Management Overview
Risk Management OverviewJIGNESH PADIA
 
Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides SlideTeam
 
What’s & Why’s of Business Continuity Planning (BCP)
What’s & Why’s of Business Continuity Planning (BCP) What’s & Why’s of Business Continuity Planning (BCP)
What’s & Why’s of Business Continuity Planning (BCP) CBIZ, Inc.
 

Tendances (20)

Introduction to Business Continuity Management
Introduction to Business Continuity ManagementIntroduction to Business Continuity Management
Introduction to Business Continuity Management
 
Risk management
Risk managementRisk management
Risk management
 
Risk management
Risk managementRisk management
Risk management
 
Business Continuity Planning Presentation
Business Continuity Planning PresentationBusiness Continuity Planning Presentation
Business Continuity Planning Presentation
 
Risk Assessment PowerPoint Presentation Slides
Risk Assessment PowerPoint Presentation Slides Risk Assessment PowerPoint Presentation Slides
Risk Assessment PowerPoint Presentation Slides
 
Risk & Risk Management
Risk & Risk ManagementRisk & Risk Management
Risk & Risk Management
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Risk strategies presentation
Risk strategies presentationRisk strategies presentation
Risk strategies presentation
 
Crisis Management Strategies When Disaster Strikes
Crisis Management Strategies When Disaster StrikesCrisis Management Strategies When Disaster Strikes
Crisis Management Strategies When Disaster Strikes
 
Qualitative risk analysis
Qualitative risk analysisQualitative risk analysis
Qualitative risk analysis
 
Risk identification
Risk identificationRisk identification
Risk identification
 
Risk Management Framework
Risk Management FrameworkRisk Management Framework
Risk Management Framework
 
Risk mangement
Risk mangementRisk mangement
Risk mangement
 
Risk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesRisk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation Slides
 
Risk management presentation
Risk management presentationRisk management presentation
Risk management presentation
 
Business Continuity Workshop Final
Business Continuity Workshop FinalBusiness Continuity Workshop Final
Business Continuity Workshop Final
 
Introduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesIntroduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation Slides
 
Risk Management Overview
Risk Management OverviewRisk Management Overview
Risk Management Overview
 
Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides
 
What’s & Why’s of Business Continuity Planning (BCP)
What’s & Why’s of Business Continuity Planning (BCP) What’s & Why’s of Business Continuity Planning (BCP)
What’s & Why’s of Business Continuity Planning (BCP)
 

Similaire à Risk Mitigation

INFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTSINFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTShenlydailymotion
 
information security presentation topics
information security presentation topicsinformation security presentation topics
information security presentation topicsOlajide Kuku
 
educational content, educational contented educational content
educational content, educational contented educational contenteducational content, educational contented educational content
educational content, educational contented educational contentOlajide Kuku
 
IS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdfIS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdfAbdulrafiiMohammed
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Health information security session 4 risk management
Health information security session 4 risk managementHealth information security session 4 risk management
Health information security session 4 risk managementDr. Lasantha Ranwala
 
crisc_wk_4.pptx
crisc_wk_4.pptxcrisc_wk_4.pptx
crisc_wk_4.pptxdotco
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniyaseraljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniYaser Alrefai
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpointrandalje86
 
Microsoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobileMicrosoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobileVijayananda Mohire
 
Information Security Risk Management and Compliance.pptx
Information Security Risk Management and Compliance.pptxInformation Security Risk Management and Compliance.pptx
Information Security Risk Management and Compliance.pptxAbraraw Zerfu
 
Undertake the Risk Analysis Policy
Undertake the Risk Analysis PolicyUndertake the Risk Analysis Policy
Undertake the Risk Analysis PolicyKomal Zahra
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).pptAjjuSingh2
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
crisc_wk_2a.pptx
crisc_wk_2a.pptxcrisc_wk_2a.pptx
crisc_wk_2a.pptxdotco
 

Similaire à Risk Mitigation (20)

INFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTSINFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTS
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
 
information security presentation topics
information security presentation topicsinformation security presentation topics
information security presentation topics
 
educational content, educational contented educational content
educational content, educational contented educational contenteducational content, educational contented educational content
educational content, educational contented educational content
 
IS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdfIS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdf
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Health information security session 4 risk management
Health information security session 4 risk managementHealth information security session 4 risk management
Health information security session 4 risk management
 
CISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementCISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk Management
 
crisc_wk_4.pptx
crisc_wk_4.pptxcrisc_wk_4.pptx
crisc_wk_4.pptx
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpoint
 
Microsoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobileMicrosoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobile
 
Information Security Risk Management and Compliance.pptx
Information Security Risk Management and Compliance.pptxInformation Security Risk Management and Compliance.pptx
Information Security Risk Management and Compliance.pptx
 
Introduction to Ethical Hacking
Introduction to Ethical HackingIntroduction to Ethical Hacking
Introduction to Ethical Hacking
 
Undertake the Risk Analysis Policy
Undertake the Risk Analysis PolicyUndertake the Risk Analysis Policy
Undertake the Risk Analysis Policy
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).ppt
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
crisc_wk_2a.pptx
crisc_wk_2a.pptxcrisc_wk_2a.pptx
crisc_wk_2a.pptx
 
CompTIA Security+.pptx
CompTIA Security+.pptxCompTIA Security+.pptx
CompTIA Security+.pptx
 

Plus de primeteacher32

Software Development Life Cycle
Software Development Life CycleSoftware Development Life Cycle
Software Development Life Cycleprimeteacher32
 
Introduction to GUIs with guizero
Introduction to GUIs with guizeroIntroduction to GUIs with guizero
Introduction to GUIs with guizeroprimeteacher32
 
Introduction to Repetition Structures
Introduction to Repetition StructuresIntroduction to Repetition Structures
Introduction to Repetition Structuresprimeteacher32
 
Intro to Python with GPIO
Intro to Python with GPIOIntro to Python with GPIO
Intro to Python with GPIOprimeteacher32
 
Variables and Statements
Variables and StatementsVariables and Statements
Variables and Statementsprimeteacher32
 
Variables and User Input
Variables and User InputVariables and User Input
Variables and User Inputprimeteacher32
 
Hardware vs. Software Presentations
Hardware vs. Software PresentationsHardware vs. Software Presentations
Hardware vs. Software Presentationsprimeteacher32
 

Plus de primeteacher32 (20)

Software Development Life Cycle
Software Development Life CycleSoftware Development Life Cycle
Software Development Life Cycle
 
Variable Scope
Variable ScopeVariable Scope
Variable Scope
 
Returning Data
Returning DataReturning Data
Returning Data
 
Intro to Functions
Intro to FunctionsIntro to Functions
Intro to Functions
 
Introduction to GUIs with guizero
Introduction to GUIs with guizeroIntroduction to GUIs with guizero
Introduction to GUIs with guizero
 
Function Parameters
Function ParametersFunction Parameters
Function Parameters
 
Nested Loops
Nested LoopsNested Loops
Nested Loops
 
Conditional Loops
Conditional LoopsConditional Loops
Conditional Loops
 
Introduction to Repetition Structures
Introduction to Repetition StructuresIntroduction to Repetition Structures
Introduction to Repetition Structures
 
Input Validation
Input ValidationInput Validation
Input Validation
 
Windows File Systems
Windows File SystemsWindows File Systems
Windows File Systems
 
Nesting Conditionals
Nesting ConditionalsNesting Conditionals
Nesting Conditionals
 
Conditionals
ConditionalsConditionals
Conditionals
 
Intro to Python with GPIO
Intro to Python with GPIOIntro to Python with GPIO
Intro to Python with GPIO
 
Variables and Statements
Variables and StatementsVariables and Statements
Variables and Statements
 
Variables and User Input
Variables and User InputVariables and User Input
Variables and User Input
 
Intro to Python
Intro to PythonIntro to Python
Intro to Python
 
Raspberry Pi
Raspberry PiRaspberry Pi
Raspberry Pi
 
Hardware vs. Software Presentations
Hardware vs. Software PresentationsHardware vs. Software Presentations
Hardware vs. Software Presentations
 
Block chain security
Block chain securityBlock chain security
Block chain security
 

Dernier

Storytelling, Ethics and Workflow in Documentary Photography
Storytelling, Ethics and Workflow in Documentary PhotographyStorytelling, Ethics and Workflow in Documentary Photography
Storytelling, Ethics and Workflow in Documentary PhotographyOrtega Alikwe
 
定制英国克兰菲尔德大学毕业证成绩单原版一比一
定制英国克兰菲尔德大学毕业证成绩单原版一比一定制英国克兰菲尔德大学毕业证成绩单原版一比一
定制英国克兰菲尔德大学毕业证成绩单原版一比一z zzz
 
办理哈珀亚当斯大学学院毕业证书文凭学位证书
办理哈珀亚当斯大学学院毕业证书文凭学位证书办理哈珀亚当斯大学学院毕业证书文凭学位证书
办理哈珀亚当斯大学学院毕业证书文凭学位证书saphesg8
 
Crack JAG. Guidance program for entry to JAG Dept. & SSB interview
Crack JAG. Guidance program for entry to JAG Dept. & SSB interviewCrack JAG. Guidance program for entry to JAG Dept. & SSB interview
Crack JAG. Guidance program for entry to JAG Dept. & SSB interviewNilendra Kumar
 
定制(Waikato毕业证书)新西兰怀卡托大学毕业证成绩单原版一比一
定制(Waikato毕业证书)新西兰怀卡托大学毕业证成绩单原版一比一定制(Waikato毕业证书)新西兰怀卡托大学毕业证成绩单原版一比一
定制(Waikato毕业证书)新西兰怀卡托大学毕业证成绩单原版一比一Fs
 
Issues in the Philippines (Unemployment and Underemployment).pptx
Issues in the Philippines (Unemployment and Underemployment).pptxIssues in the Philippines (Unemployment and Underemployment).pptx
Issues in the Philippines (Unemployment and Underemployment).pptxJenniferPeraro1
 
定制(UQ毕业证书)澳洲昆士兰大学毕业证成绩单原版一比一
定制(UQ毕业证书)澳洲昆士兰大学毕业证成绩单原版一比一定制(UQ毕业证书)澳洲昆士兰大学毕业证成绩单原版一比一
定制(UQ毕业证书)澳洲昆士兰大学毕业证成绩单原版一比一lvtagr7
 
Graduate Trainee Officer Job in Bank Al Habib 2024.docx
Graduate Trainee Officer Job in Bank Al Habib 2024.docxGraduate Trainee Officer Job in Bank Al Habib 2024.docx
Graduate Trainee Officer Job in Bank Al Habib 2024.docxJobs Finder Hub
 
MIdterm Review International Trade.pptx review
MIdterm Review International Trade.pptx reviewMIdterm Review International Trade.pptx review
MIdterm Review International Trade.pptx reviewSheldon Byron
 
Escort Service Andheri WhatsApp:+91-9833363713
Escort Service Andheri WhatsApp:+91-9833363713Escort Service Andheri WhatsApp:+91-9833363713
Escort Service Andheri WhatsApp:+91-9833363713Riya Pathan
 
LinkedIn Strategic Guidelines April 2024
LinkedIn Strategic Guidelines April 2024LinkedIn Strategic Guidelines April 2024
LinkedIn Strategic Guidelines April 2024Bruce Bennett
 
定制(SCU毕业证书)南十字星大学毕业证成绩单原版一比一
定制(SCU毕业证书)南十字星大学毕业证成绩单原版一比一定制(SCU毕业证书)南十字星大学毕业证成绩单原版一比一
定制(SCU毕业证书)南十字星大学毕业证成绩单原版一比一z xss
 
Unlock Your Creative Potential: 7 Skills for Content Creator Evolution
Unlock Your Creative Potential: 7 Skills for Content Creator EvolutionUnlock Your Creative Potential: 7 Skills for Content Creator Evolution
Unlock Your Creative Potential: 7 Skills for Content Creator EvolutionRhazes Ghaisan
 
办理老道明大学毕业证成绩单|购买美国ODU文凭证书
办理老道明大学毕业证成绩单|购买美国ODU文凭证书办理老道明大学毕业证成绩单|购买美国ODU文凭证书
办理老道明大学毕业证成绩单|购买美国ODU文凭证书saphesg8
 
Most Inspirational Leaders Empowering the Educational Sector, 2024.pdf
Most Inspirational Leaders Empowering the Educational Sector, 2024.pdfMost Inspirational Leaders Empowering the Educational Sector, 2024.pdf
Most Inspirational Leaders Empowering the Educational Sector, 2024.pdfTheKnowledgeReview2
 
办理学位证(UoM证书)北安普顿大学毕业证成绩单原版一比一
办理学位证(UoM证书)北安普顿大学毕业证成绩单原版一比一办理学位证(UoM证书)北安普顿大学毕业证成绩单原版一比一
办理学位证(UoM证书)北安普顿大学毕业证成绩单原版一比一A SSS
 
Ioannis Tzachristas Self-Presentation for MBA.pdf
Ioannis Tzachristas Self-Presentation for MBA.pdfIoannis Tzachristas Self-Presentation for MBA.pdf
Ioannis Tzachristas Self-Presentation for MBA.pdfjtzach
 
8377877756 Full Enjoy @24/7 Call Girls in Pitampura Delhi NCR
8377877756 Full Enjoy @24/7 Call Girls in Pitampura Delhi NCR8377877756 Full Enjoy @24/7 Call Girls in Pitampura Delhi NCR
8377877756 Full Enjoy @24/7 Call Girls in Pitampura Delhi NCRdollysharma2066
 
Jumark Morit Diezmo- Career portfolio- BPED 3A
Jumark Morit Diezmo- Career portfolio- BPED 3AJumark Morit Diezmo- Career portfolio- BPED 3A
Jumark Morit Diezmo- Career portfolio- BPED 3Ajumarkdiezmo1
 

Dernier (20)

Storytelling, Ethics and Workflow in Documentary Photography
Storytelling, Ethics and Workflow in Documentary PhotographyStorytelling, Ethics and Workflow in Documentary Photography
Storytelling, Ethics and Workflow in Documentary Photography
 
定制英国克兰菲尔德大学毕业证成绩单原版一比一
定制英国克兰菲尔德大学毕业证成绩单原版一比一定制英国克兰菲尔德大学毕业证成绩单原版一比一
定制英国克兰菲尔德大学毕业证成绩单原版一比一
 
办理哈珀亚当斯大学学院毕业证书文凭学位证书
办理哈珀亚当斯大学学院毕业证书文凭学位证书办理哈珀亚当斯大学学院毕业证书文凭学位证书
办理哈珀亚当斯大学学院毕业证书文凭学位证书
 
Crack JAG. Guidance program for entry to JAG Dept. & SSB interview
Crack JAG. Guidance program for entry to JAG Dept. & SSB interviewCrack JAG. Guidance program for entry to JAG Dept. & SSB interview
Crack JAG. Guidance program for entry to JAG Dept. & SSB interview
 
定制(Waikato毕业证书)新西兰怀卡托大学毕业证成绩单原版一比一
定制(Waikato毕业证书)新西兰怀卡托大学毕业证成绩单原版一比一定制(Waikato毕业证书)新西兰怀卡托大学毕业证成绩单原版一比一
定制(Waikato毕业证书)新西兰怀卡托大学毕业证成绩单原版一比一
 
Issues in the Philippines (Unemployment and Underemployment).pptx
Issues in the Philippines (Unemployment and Underemployment).pptxIssues in the Philippines (Unemployment and Underemployment).pptx
Issues in the Philippines (Unemployment and Underemployment).pptx
 
定制(UQ毕业证书)澳洲昆士兰大学毕业证成绩单原版一比一
定制(UQ毕业证书)澳洲昆士兰大学毕业证成绩单原版一比一定制(UQ毕业证书)澳洲昆士兰大学毕业证成绩单原版一比一
定制(UQ毕业证书)澳洲昆士兰大学毕业证成绩单原版一比一
 
Graduate Trainee Officer Job in Bank Al Habib 2024.docx
Graduate Trainee Officer Job in Bank Al Habib 2024.docxGraduate Trainee Officer Job in Bank Al Habib 2024.docx
Graduate Trainee Officer Job in Bank Al Habib 2024.docx
 
MIdterm Review International Trade.pptx review
MIdterm Review International Trade.pptx reviewMIdterm Review International Trade.pptx review
MIdterm Review International Trade.pptx review
 
Students with Oppositional Defiant Disorder
Students with Oppositional Defiant DisorderStudents with Oppositional Defiant Disorder
Students with Oppositional Defiant Disorder
 
Escort Service Andheri WhatsApp:+91-9833363713
Escort Service Andheri WhatsApp:+91-9833363713Escort Service Andheri WhatsApp:+91-9833363713
Escort Service Andheri WhatsApp:+91-9833363713
 
LinkedIn Strategic Guidelines April 2024
LinkedIn Strategic Guidelines April 2024LinkedIn Strategic Guidelines April 2024
LinkedIn Strategic Guidelines April 2024
 
定制(SCU毕业证书)南十字星大学毕业证成绩单原版一比一
定制(SCU毕业证书)南十字星大学毕业证成绩单原版一比一定制(SCU毕业证书)南十字星大学毕业证成绩单原版一比一
定制(SCU毕业证书)南十字星大学毕业证成绩单原版一比一
 
Unlock Your Creative Potential: 7 Skills for Content Creator Evolution
Unlock Your Creative Potential: 7 Skills for Content Creator EvolutionUnlock Your Creative Potential: 7 Skills for Content Creator Evolution
Unlock Your Creative Potential: 7 Skills for Content Creator Evolution
 
办理老道明大学毕业证成绩单|购买美国ODU文凭证书
办理老道明大学毕业证成绩单|购买美国ODU文凭证书办理老道明大学毕业证成绩单|购买美国ODU文凭证书
办理老道明大学毕业证成绩单|购买美国ODU文凭证书
 
Most Inspirational Leaders Empowering the Educational Sector, 2024.pdf
Most Inspirational Leaders Empowering the Educational Sector, 2024.pdfMost Inspirational Leaders Empowering the Educational Sector, 2024.pdf
Most Inspirational Leaders Empowering the Educational Sector, 2024.pdf
 
办理学位证(UoM证书)北安普顿大学毕业证成绩单原版一比一
办理学位证(UoM证书)北安普顿大学毕业证成绩单原版一比一办理学位证(UoM证书)北安普顿大学毕业证成绩单原版一比一
办理学位证(UoM证书)北安普顿大学毕业证成绩单原版一比一
 
Ioannis Tzachristas Self-Presentation for MBA.pdf
Ioannis Tzachristas Self-Presentation for MBA.pdfIoannis Tzachristas Self-Presentation for MBA.pdf
Ioannis Tzachristas Self-Presentation for MBA.pdf
 
8377877756 Full Enjoy @24/7 Call Girls in Pitampura Delhi NCR
8377877756 Full Enjoy @24/7 Call Girls in Pitampura Delhi NCR8377877756 Full Enjoy @24/7 Call Girls in Pitampura Delhi NCR
8377877756 Full Enjoy @24/7 Call Girls in Pitampura Delhi NCR
 
Jumark Morit Diezmo- Career portfolio- BPED 3A
Jumark Morit Diezmo- Career portfolio- BPED 3AJumark Morit Diezmo- Career portfolio- BPED 3A
Jumark Morit Diezmo- Career portfolio- BPED 3A
 

Risk Mitigation

  • 2. INTRODUCTION • Risk is at heart of information security • Some risks have small impact and can be easily managed, other risks can threaten very existence of business • Multifaceted approach to managing risk in information security: • Control risk • Develop security policy • Maintain user awareness and training
  • 3. CONTROLLING RISK • Risk - Situation that involves exposure to some type of danger • Not all events that first appear to be risk may actually result in a risk: • False positive - Event considered be a risk yet turns out not to be one • False negative - Event that does not appear to be risk but actually turns out to be one
  • 4. REDUCING RISK • Several different approaches used to reduce risk • Can modify the response to the risk instead of merely accepting the risk • Different risk responses: • Transference - Make third party responsible for the risk • Risk avoidance - Identifying the risk and making the decision not engage in activity. • Mitigation - Address the risk by making it less serious • Simple Risk Model organizes risks as: • Preventive - Considered most effective since they minimize possibility of loss by preventing the risk from occurring • Detective - Least effective but most often used that identify event after has occurred • Corrective- Minimize impact by restoring system to its state at point before event; may still result in some degree of loss • Management risk control types - Administrative in their nature and are laws, regulations, policies, practices, and guidelines that govern overall requirements and controls • Technical risk control types - Enforcing technology to control risk (Examples: antivirus software, firewalls, encryption) • Operational risk control types - Cover operational procedures to limit risk; may include using video surveillance systems and barricades to limit access to secure sites
  • 5. REDUCING RISK: MANAGERIAL PERSPECTIVE • One approach looks at mitigating risk from the managerial perspective • Most common elements: • Privilege management - Process of assigning and revoking privileges to objects and covers procedures of managing object authorizations • Change management - Methodology for making modifications and keeping track of changes • Incident management - The “framework” and functions required to enable incident response and incident handling within an organization • Various methods are used to calculate risk
  • 6. PHASES TO CALCULATING RISK CALCULATION • 1. Likelihood of Risk • Historical data valuable in providing information on risk likelihood • Measured either by Qualitative or Quantitative means • Mean Time To Failure (MTTF) - Basic measure of reliability for systems that cannot be repaired and is average amount of time expected until first failure of equipment • Failure In Time (FIT) - Can report number of expected failures per one billion hours of operation for device • Annualized Rate of Occurrence (ARO) - Likelihood of risk occurring within one year • 2. Impact of Risk • Single Loss Expectancy (SLE) - Expected monetary loss every time a risk occurs; computed by multiplying Asset Value (AV) by Exposure Factor (EF), which is proportion of an asset’s value that is likely to be destroyed by particular risk • Annualized Loss Expectancy (ALE) - Expected monetary loss be expected for asset due to risk over a one-year period; computed by multiplying SLE by ARO, which is the probability that a risk will occur in a particular year • 3. Mitigation of Risk • Security policy is another means of reducing risks
  • 7. CHECKPOINT • A risk is the likelihood that a threat agent will exploit a vulnerability • Privilege management and change management are risk management approaches • A security policy states how an organization plans to protect its information technology assets • Development and maintenance of a security policy follows a three-phase cycle • Security policies are often broken into sub-policies • Acceptable use policy • Privacy policy • Password management and complexity policy • Disposal and destruction policy • Classification of information policy • Ongoing awareness training provides users with knowledge and skills necessary to support information security