Security Mgt U5, risk analysis and mgt (part 1)

Mind Map by , created over 6 years ago

IYM001 Mind Map on Security Mgt U5, risk analysis and mgt (part 1), created by jjanesko on 04/13/2013.

Created by jjanesko over 6 years ago
Část 3.
Gábi Krsková
Část 4.
Gábi Krsková
Část 5.
Gábi Krsková
English Grammatical Terminology
Fionnghuala Malone
Symbols in Lord of the Flies
1PR101 1.test - 9. část
Nikola Truong
1PR101 1.test - 8. část
Nikola Truong
1PR101 2.test - Část 3.
Nikola Truong
1PR101 2.test - Část 2.
Nikola Truong
Část 2.
Gábi Krsková
Security Mgt U5, risk analysis and mgt (part 1)
1 risk model
1.1 risk
1.1.1 identify, analyze, model assets threats vulnerabilities
1.1.2 management countermeasures implementation audit
2 definitions
2.1 risk
2.1.1 potential for an unwanted event to have a negative impact upon an activity by exploiting an exposure
2.2 risk management
2.2.1 reduction of the exposures identified by risk analysis to a level acceptable to the organization
2.3 gap analysis
2.3.1 highlights areas where there are significant gaps i the security managemen process or in security measures implemented
2.4 business impact analysis
2.4.1 identifies impact for organization if the functions that core information systems are interrupted. quantifies importance for business
2.5 assets
2.5.1 physical environment
2.5.2 hardware
2.5.3 data
2.5.4 software/systems
2.5.5 communications network
2.5.6 infrastructure
2.5.7 staff
3 4 kinds of risk
3.1 business
3.2 project
3.3 operational
3.4 financial
4 related legislation
4.2 Gamm Leach Bliley Act
4.3 Basel II
4.4 Sarbanes Oxley
4.5 financial services and markets act
5 manuallly documented or software-guided?
5.1 manual
5.1.1 low cost to entry
5.1.2 simpler but error prone
5.1.3 less efficient
5.1.4 harder to share and repeat
5.1.5 increased cost of expertise maintenance
5.2 software guided
5.2.1 consistently implements a specific methodology
5.2.2 guides user
5.2.3 reusable, shareable
5.2.4 dynamic, efficient
5.2.5 software options (image)


6 ISMS documentation set
6.1 infosec policy
6.2 information asset register
6.3 risk assessment report
6.4 statement of applicability
6.5 policies and procedrues
7 threat motivation
7.1 resources
7.2 opportunity
7.3 capability
7.4 publicity
7.5 asset attractiveness
8 qualitative vs. quantitative
8.1 qualtitative
8.1.1 capable of handling soft impacts
8.1.2 handles hard & soft impacts consistently
8.1.3 adapts to emerging best practices
8.1.4 accepts that risk mgt is evolving
8.1.5 relies on consensus of "best placed"
8.1.6 dependent on expert opinion only as good as your best expert opinion
8.2 quantitative
8.2.1 every loss is capable of beig expressed in financial terms requires careful records formula for financial impact (image)

Attachments: expected frequency of attacks is known (statistics bank) has problems with new risks has problems with less concrete risk

Media attachments