Security Mgt U5, risk analysis & mgt (part 2)

stages of the risk analysis and management process
1. stage 1
  1. What is the value of the information being processed?
    1. costs of assets
      1. replacement costs
      2. for software: only valued insofar as it provides competitive advantage
    2. what devalues assets?
      1. modification
      2. unavailability
      3. disclosure
      4. destruction
      5. communication interference
  2. What parts of the system support which business processes?
  3. identify assets
2. stage 2
  1. identify threats, vulnerabilities and risk
    1. What threats affect the system?
    2. How vulnerable are our systems?
    3. What conclusions can be reached about the risks to our security?
    4. assessing a new system for risk
      1. I do have a similar system.
        use stats from this system
      2. I don't have a similar system.
        seek industry stats or best guess
    5. types of threats
      1. logical
      2. communications
      3. technical failures
      4. human errors
      5. physical
    6. types of vulnerabilities
      1. facilities and functionalities
      2. system dependence
      3. design
3. stage 3
  1. How can the identified risks be met?
    1. countermeasures
      1. kinds
        1. avoid
        2. transfer
        3. reduce threat
        4. reduce vulnerability
        5. reduce impact
        6. detect
        7. recover
      2. review and mark countermeasrues
        installed
        not applicable
        under consideration
        requires management consultation to determine whether or not this countermeasure is applicable or not
      3. prioritization
        already in place
        covers many threats
        required
        low cost high effectiveness
  2. What improvements can be made to existing security?
    1. gap analysis
      1. highlights countermeasures that are not in place

Next up

Security Mgt U5, risk analysis & mgt (part 2)

Description

Resource summary

Similar

	Created by jjanesko about 11 years ago