Security Mgt U5, risk analysis & mgt (part 2)

jjanesko
Mind Map by , created over 6 years ago

IYM001 Mind Map on Security Mgt U5, risk analysis & mgt (part 2), created by jjanesko on 04/13/2013.

78
20
0
Tags
jjanesko
Created by jjanesko over 6 years ago
Security Mgt U5, quantitative risk assessment forumula (image)
jjanesko
Security Mgt U5, risk analysis and mgt (part 1)
jjanesko
Security Mgt: Legislation, Organizations, Standards
jjanesko
Study Plan
mlanders
THE PRESENT CONTINUOUS
neworld2030
Security Mgt, ISO 27001, PDCA
jjanesko
Security Mgt U3, BS7799 (Part 1)
jjanesko
Security Mgt, Flashcards for ISO 27000 series
jjanesko
Exemplary Assignment Answers
jjanesko
Security Mgt U8, Incident Recovery Image
jjanesko
Security Mgt U5, risk analysis & mgt (part 2)
1 stages of the risk analysis and management process
1.1 stage 1
1.1.1 What is the value of the information being processed?
1.1.1.1 costs of assets
1.1.1.1.1 replacement costs
1.1.1.1.2 for software: only valued insofar as it provides competitive advantage
1.1.1.2 what devalues assets?
1.1.1.2.1 modification
1.1.1.2.2 unavailability
1.1.1.2.3 disclosure
1.1.1.2.4 destruction
1.1.1.2.5 communication interference
1.1.2 What parts of the system support which business processes?
1.1.3 identify assets
1.2 stage 2
1.2.1 identify threats, vulnerabilities and risk
1.2.1.1 What threats affect the system?
1.2.1.2 How vulnerable are our systems?
1.2.1.3 What conclusions can be reached about the risks to our security?
1.2.1.4 assessing a new system for risk
1.2.1.4.1 I do have a similar system.
1.2.1.4.1.1 use stats from this system
1.2.1.4.2 I don't have a similar system.
1.2.1.4.2.1 seek industry stats or best guess
1.2.1.5 types of threats
1.2.1.5.1 logical
1.2.1.5.2 communications
1.2.1.5.3 technical failures
1.2.1.5.4 human errors
1.2.1.5.5 physical
1.2.1.6 types of vulnerabilities
1.2.1.6.1 facilities and functionalities
1.2.1.6.2 system dependence
1.2.1.6.3 design
1.3 stage 3
1.3.1 How can the identified risks be met?
1.3.1.1 countermeasures
1.3.1.1.1 kinds
1.3.1.1.1.1 1. avoid
1.3.1.1.1.2 2. transfer
1.3.1.1.1.3 3. reduce threat
1.3.1.1.1.4 4. reduce vulnerability
1.3.1.1.1.5 5. reduce impact
1.3.1.1.1.6 6. detect
1.3.1.1.1.7 7. recover
1.3.1.1.2 review and mark countermeasrues
1.3.1.1.2.1 installed
1.3.1.1.2.2 not applicable
1.3.1.1.2.3 under consideration
1.3.1.1.2.3.1 requires management consultation to determine whether or not this countermeasure is applicable or not
1.3.1.1.3 prioritization
1.3.1.1.3.1 already in place
1.3.1.1.3.2 covers many threats
1.3.1.1.3.3 required
1.3.1.1.3.4 low cost high effectiveness
1.3.2 What improvements can be made to existing security?
1.3.2.1 gap analysis
1.3.2.1.1 highlights countermeasures that are not in place

Media attachments