Upload
Featured Recent Articles Topics Login Upload
Information SECURITY Risk Assessment Turning
1 / 1

Information SECURITY Risk Assessment Turning

Author : alexa-scheidler | Published Date : 2025-06-27

Description: Information SECURITY Risk Assessment Turning Project in Process Segmentation Prioritization and Iteration Cornell University Steve Schuster sjs74cornelledu Interim Executive Director for Cornell Information Technologies Illumant
info risk assessment data map

Presentation Embed Code

Download Presentation

Download Presentation The PPT/PDF document "Information SECURITY Risk Assessment Turning" is the property of its rightful owner. Permission is granted to download and print the materials on this website for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Transcript:Information SECURITY Risk Assessment Turning:
Information SECURITY Risk Assessment Turning Project in Process: Segmentation, Prioritization and Iteration Cornell University: Steve Schuster (sjs74@cornell.edu) Interim Executive Director for Cornell Information Technologies Illumant, LLC: Matija Siljak (siljak@illumant.com) Director, Advisory Services Why Risk Assessment? To answer these questions: What constitutes sensitive information? Where is it? How much of it is there? How effectively is it protected? What are the vulnerabilities that could lead to compromise? What is the likelihood of compromise? What is the potential impact? What is the most effective use of protection resources? Problems with risk assessment Traditional risk assessment: One-offs project not process = limited ongoing benefit Breach response reactive not proactive = skewed expectations Big endeavor expensive and effort-intensive = risky project Questionable value predictable results and imbalanced cost-benefit = dissatisfaction Solutions Modified risk assessment: One-offs segment into small, independent components and iterate Breach response minimize time to partial results Big endeavor segment into small, independent components and iterate start at a high level, drill down later based on interim results Questionable value minimize cost and effort and time to results, balance cost and benefit The formula remains the same: Risk = Threat x Vulnerability x Impact Change is to administration and expectations Divide up the data gathering into segments Use interim results to prioritize further tasks and where to drill down Tolerate incompleteness, omission – circle back Analogy: mainframe vs. linux cluster What is different? Risk assessment methodology overview Risk Assessment Process Summary Data Classification Data Types Exposure Analysis Assets (Apps, DBs, etc.) Departments and Units MAP TO MAP TO MAP TO = data classification Start with the data classification policy. Consider other potentially sensitive data, for example: Student Info SSN/ Financial Info Credit Card Info Driver’s License Protected Health Info Academic Records Employee / Faculty (HR) Info SSN Payroll Info Driver’s License Bank Account Info Protected Health Info Alumni and Donor Info SSN Credit Card Info Driver’s License Bank Account Info Financial Data University Finances Point-of-Sale Customer Credit Card Data Physical Plant Buildings, Facilities, Utilities Grounds Cyber Infrastructure Access Info, Logs, LDAP Other PII Human Subject Research Key Performance Indicators Protected Health Info (PHI) Info in Non-medical Systems Intellectual Property Courseware, Research, Papers, Books, Code Library Citation DB Digital Full Text Circulation data and asset inventory Map the assets to data types and locations and attempt to roughly quantify the data exposure analysis After completing the inventory exercise, identify the key assets and

Download Document

Here is the link to download the presentation.
"Information SECURITY Risk Assessment Turning"The content belongs to its owner. You may download and print it for personal use, without modification, and keep all copyright notices. By downloading, you agree to these terms.

Related Presentations

Principles of Information Security,
Principles of Information Security,
 Turning Operations
Turning Operations
 Turning Control Flow Graphs into Callgraphs
Turning Control Flow Graphs into Callgraphs
 Analyzing security risk of information technology asset u
Analyzing security risk of information technology asset u
 NSW Paediatric Fall Risk Assessment
NSW Paediatric Fall Risk Assessment
 Risk Management Framework (RMF)
Risk Management Framework (RMF)
 Why CEOs are turning to HR to
Why CEOs are turning to HR to
 SECURITY SOLUTIONS BEST PRACTICES FOR AN IT SECURITY ASSESSMENT
SECURITY SOLUTIONS BEST PRACTICES FOR AN IT SECURITY ASSESSMENT
 How to use Turning Point zappers in a
How to use Turning Point zappers in a
 Does Security Compliance Make Any Difference? A Case Study
Does Security Compliance Make Any Difference? A Case Study
 MS in IT Auditing, Cyber Security, and Risk Assessment
MS in IT Auditing, Cyber Security, and Risk Assessment
 Departmental Risk Assessment Coordinators (DRAC)
Departmental Risk Assessment Coordinators (DRAC)
 Turning Negotiation into aCorporate Capabilityby Danny Ertel
Turning Negotiation into aCorporate Capabilityby Danny Ertel