Zusammenfassung der Ressource
Assets and Risk Managment
- Asset Managment
- Assets Identification
- Inventory of
- Hardawares
- Softwares
- Network Devices
- Firmware
- Runtime environments , libraries
- Assets Classifications
- 1.category Identifications
- Information asset
- Software asset
- Physical Asset
- Services
- 2.Identifying the owner
- Owner for all information assets
- Owner for the all software app..
- 3.Crederia for identification
- Confidentiality
- value
- Time
- Access Right
- Destruction
- 4.Implement Schema
- Assets Lifecycle
- Procurement
- Deployment
- Utilizations
- Maintenance
- Disposal
- Risk Managment
- Risks Types
- High Risk
- Lower Risks
- Acceptable Risks
- Risk Managment Process
- Frame the risk
- Access the Risks
- Respond to Risks
- Monitor the RIsks
- Risk
Assessment
- Thread Source Type
- Adversarial
Anmerkungen:
- threads from individuals , groups, organizations, nations
- Accidental
Anmerkungen:
- actions with out malicious intend
- Environmental
Anmerkungen:
- natural disaster, human - aided
- Structural
Anmerkungen:
- software hardware failures
- Risk Analysis
Anmerkungen:
- Examine the dangers poses by the disasters or human involved actions
- Quantitative Risk Analysis
- Qualitative Risk Analysis
- Mitigations
- Accept the risk and periodically reassess
- Reduce the risk by implementing controls
Anmerkungen:
- by providing updates and patches
- Avoid risk by changing approach totally
- Transfer the risk to 3rd party
Anmerkungen:
- Security Controls
- Control types
- Administrative Control
Anmerkungen:
- determine how people acts
consists with policies and procedures
- Technical Control
Anmerkungen:
- -involved software and hardware
- manage risks and provide protections
- Physical Control
Anmerkungen:
- separate people or other threats from system
- Functional security Controls
- Preventive Control
Anmerkungen:
- prevent unauthorized and unwanted activities happen
- Deterrent Control
Anmerkungen:
- discourage before something happens
- Detective Control
Anmerkungen:
- identifies the different type of unauthorized activities
- Corrective Control
- Recovery Control
- Compensative control
Anmerkungen:
- alternative solutions