Assets and Risk Managment

Asset Managment
1. Assets Identification
  1. Inventory of
    1. Hardawares
    2. Softwares
    3. Network Devices
  2. Firmware
  3. Runtime environments , libraries
2. Assets Classifications
  1. 1.category Identifications
    1. Information asset
    2. Software asset
    3. Physical Asset
    4. Services
    5. 2.Identifying the owner
      1. Owner for all information assets
      2. Owner for the all software app..
      3. 3.Crederia for identification
        Confidentiality
        value
        Time
        Access Right
        Destruction
        4.Implement Schema
3. Assets Lifecycle
  1. Procurement
  2. Deployment
  3. Utilizations
  4. Maintenance
  5. Disposal
Risk Managment
1. Risks Types
  1. High Risk
  2. Lower Risks
  3. Acceptable Risks
2. Risk Managment Process
  1. Frame the risk
  2. Access the Risks
  3. Respond to Risks
  4. Monitor the RIsks
Risk Assessment
1. Thread Source Type
  1. Adversarial
    Anmerkungen:
    - threads from individuals , groups, organizations, nations
  2. Accidental
    Anmerkungen:
    - actions with out malicious intend 
  3. Environmental
    Anmerkungen:
    - natural disaster, human - aided
  4. Structural
    Anmerkungen:
    - software hardware failures
2. Risk Analysis
  Anmerkungen:
  - Examine the dangers poses by the disasters or human involved actions
  1. Quantitative Risk Analysis
  2. Qualitative Risk Analysis
3. Mitigations
  1. Accept the risk and periodically reassess
  2. Reduce the risk by implementing controls
    Anmerkungen:
    - by providing updates and patches
  3. Avoid risk by changing approach totally
  4. Transfer the risk to 3rd party
    Anmerkungen:
    - hire specialist 
Security Controls
1. Control types
  1. Administrative Control
    Anmerkungen:
    - determine how people acts consists with policies and procedures
  2. Technical Control
    Anmerkungen:
    - -involved software and hardware - manage risks and provide protections
  3. Physical Control
    Anmerkungen:
    - separate people or other threats from system
2. Functional security Controls
  1. Preventive Control
    Anmerkungen:
    - prevent unauthorized and unwanted activities happen
  2. Deterrent Control
    Anmerkungen:
    - discourage before something happens
  3. Detective Control
    Anmerkungen:
    - identifies the different type of unauthorized activities 
  4. Corrective Control
  5. Recovery Control
  6. Compensative control
    Anmerkungen:
    - alternative solutions

Nächster

Assets and Risk Managment

Beschreibung

Zusammenfassung der Ressource

ähnlicher Inhalt

	Erstellt von Hisham Haneefa vor mehr als 2 Jahre