Documente Academic
Documente Profesional
Documente Cultură
Management
Threats, Vulnerability, Assets and Risk
Risk Management and Risk Analysis
Process of Risk Analysis/Risk Management
Staged Methodology for Risk Analysis
• Three main stages in risk analysis:
• 1. Asset Evaluation
• 2. Analysis of threats and vulnerabilities
• 3. selection of safeguards
Approaches and consideration in Information
security Risk Analysis
• Quantitative risk analysis
• Qualitative risk analysis
• Valuation of Assets
• Selection of safeguards
How Quantitative risk analysis is done ?
• In this, the attempt is to assign independently the objective numeric
values in monetary terms to the components of the risk assessment
and to the assessment of the potential loss.
Management
Operational
Preventive Controls
Authentication, Authorization, Access Control Lists,
Nonrepudiation,
Detection Controls
Background Checks, Personnel Clearance, review of security
controls, risk management
Recovery Controls
Continuity plans, Incident responseplans
Operational Security Controls
Preventive Controls
Backups, UPS, Media access and disposal, Securing wiring
closets, Controlling humidity and temperature.
Detection Controls
CCTV camera, motion detectors, smoke detectors, fire
alarms.
Residual Risk