Assets and Risk Managment

Asset Managment
1. Assets Identification
  1. Inventory of
    1. Hardawares
    2. Softwares
    3. Network Devices
  2. Firmware
  3. Runtime environments , libraries
2. Assets Classifications
  1. 1.category Identifications
    1. Information asset
    2. Software asset
    3. Physical Asset
    4. Services
    5. 2.Identifying the owner
      1. Owner for all information assets
      2. Owner for the all software app..
      3. 3.Crederia for identification
        Confidentiality
        value
        Time
        Access Right
        Destruction
        4.Implement Schema
3. Assets Lifecycle
  1. Procurement
  2. Deployment
  3. Utilizations
  4. Maintenance
  5. Disposal
Risk Managment
1. Risks Types
  1. High Risk
  2. Lower Risks
  3. Acceptable Risks
2. Risk Managment Process
  1. Frame the risk
  2. Access the Risks
  3. Respond to Risks
  4. Monitor the RIsks
Risk Assessment
1. Thread Source Type
  1. Adversarial
    Annotations:
    - threads from individuals , groups, organizations, nations
  2. Accidental
    Annotations:
    - actions with out malicious intend 
  3. Environmental
    Annotations:
    - natural disaster, human - aided
  4. Structural
    Annotations:
    - software hardware failures
2. Risk Analysis
  Annotations:
  - Examine the dangers poses by the disasters or human involved actions
  1. Quantitative Risk Analysis
  2. Qualitative Risk Analysis
3. Mitigations
  1. Accept the risk and periodically reassess
  2. Reduce the risk by implementing controls
    Annotations:
    - by providing updates and patches
  3. Avoid risk by changing approach totally
  4. Transfer the risk to 3rd party
    Annotations:
    - hire specialist 
Security Controls
1. Control types
  1. Administrative Control
    Annotations:
    - determine how people acts consists with policies and procedures
  2. Technical Control
    Annotations:
    - -involved software and hardware - manage risks and provide protections
  3. Physical Control
    Annotations:
    - separate people or other threats from system
2. Functional security Controls
  1. Preventive Control
    Annotations:
    - prevent unauthorized and unwanted activities happen
  2. Deterrent Control
    Annotations:
    - discourage before something happens
  3. Detective Control
    Annotations:
    - identifies the different type of unauthorized activities 
  4. Corrective Control
  5. Recovery Control
  6. Compensative control
    Annotations:
    - alternative solutions

Next up

Assets and Risk Managment

Description

Resource summary

Similar

	Created by Hisham Haneefa over 2 years ago