45176
Security Mgt U5, risk
analysis & mgt (part 2)
- stages of the risk analysis and management process
- stage 1
- What is the value of the information being processed?
- costs of assets
- replacement costs
- for software: only valued
insofar as it provides
competitive advantage
- replacement costs
- what devalues assets?
- modification
- unavailability
- disclosure
- destruction
- communication
interference
- modification
- costs of assets
- What parts of the system support which business processes?
- identify assets
- What is the value of the information being processed?
- stage 2
- identify threats, vulnerabilities and risk
- What threats affect the system?
- How vulnerable are our systems?
- What conclusions can be reached about the risks to our security?
- assessing a new system for risk
- I do have a similar system.
- use stats from this system
- use stats from this system
- I don't have a similar system.
- seek industry stats or best guess
- seek industry stats or best guess
- I do have a similar system.
- types of threats
- logical
- communications
- technical failures
- human errors
- physical
- logical
- types of vulnerabilities
- facilities and functionalities
- system dependence
- design
- facilities and functionalities
- What threats affect the system?
- identify threats, vulnerabilities and risk
- stage 3
- How can the identified risks be met?
- countermeasures
- kinds
- 1. avoid
- 2. transfer
- 3. reduce threat
- 4. reduce vulnerability
- 5. reduce impact
- 6. detect
- 7. recover
- 1. avoid
- review and mark countermeasrues
- installed
- not applicable
- under consideration
- requires management
consultation to determine
whether or not this
countermeasure is
applicable or not
- requires management
consultation to determine
whether or not this
countermeasure is
applicable or not
- installed
- prioritization
- already in place
- covers many threats
- required
- low cost high effectiveness
- already in place
- kinds
- countermeasures
- What improvements can be made to existing security?
- gap analysis
- highlights countermeasures that are not in place
- highlights countermeasures that are not in place
- gap analysis
- How can the identified risks be met?
- stage 1
Möchten Sie kostenlos Ihre eigenen Mindmaps mit GoConqr erstellen? Mehr erfahren.