Documente Academic
Documente Profesional
Documente Cultură
Managementul riscurilor de
securitate
Managementul riscurilor
If you know the enemy and know yourself, you need not fear
the result of a hundred battles.
If you know yourself but not the enemy, for every victory
gained you will also suffer a defeat.
If you know neither the enemy nor yourself, you will succumb
in every battle. (Sun Tzu The Art of War)
Ion BICA
Definiii
Risc - probabilitatea ca o un eveniment s aib consecine
negative
R = probabilitate x impact
(asset, thread, vulnerability)
Ion BICA
Relaii i procese
Ion BICA
Evaluarea riscurilor
Metode cantitative
cuantificarea exact a elementelor
Metode calitative
folosirea de termeni aproximativi: low, medium, high
Etape:
Ion BICA
Inventariere bunuri
Identificarea bunurilor critice pentru organizaie i stabilirea
valorii acestora
Bunuri tangibile sau intangibile
Primary assets
Business processes & activities
Information
Supporting assets
Ion BICA
Equipment
Software
Networks
Personnel
Premises
Organisational support
6
Identificare ameninri
De natur uman
Aciuni deliberate
Accidente
erori de operare
omisiuni
De natur tehnic
ntrerupere alimentare cu energie
defectare echipamente
De mediu
dezastre naturale (cutremure, inundaii, incendii, furtuni, tsunami)
condiii exterioare (contaminare, interferen electromagnetic)
Ion BICA
Identificare vulnerabiliti
Ion BICA
Estimare probabiliti
Frecvena cu care o ameninare poate exploata o vulnerabilitate
Se estimeaz pentru fiecare combinaie (asset, thread, vulnerability)
Probability
Ion BICA
Definition
Scale
Negligible
Unlikely to occur
Very Low
Low
Medium
High
Very High
Extreme
Determinare impact
Consecina materializrii unei ameninri
Se estimeaz pentru fiecare combinaie (asset, thread, vulnerability)
Harm
Ion BICA
Definition
Scale
Insignificant No impact
Minor
Significant
Damaging
Serious
Grave
Permanent shutdown
Complete compromise
10
Calcul risc
Risk = Probability x Harm
Ion BICA
Scale
Definition
NIL
1-3
Low
4-7
Medium
8-14
High
15-19
Critical
20-30
Extreme
11
Threat
Vulnerability
Prob Harm
Risk
Data Center
Flood
Proximity to river
NIL
System
Administrator
Absence
Lack of cross
training
HIGH
Web Server
Disk crash
Insufficient backup
MEDIUM
Research work
Theft
Communication
channel security
MEDIUM
Organization
Reputation
Server
unavailability
External internet
interfaces
EXTREME
Ion BICA
12
Ion BICA
13
14
Ion BICA
15
Ion BICA
16
Ion BICA
17