Upload
Featured Recent Articles Topics Login Upload
Security Risk Analysis and Management Risk
1 / 1

Security Risk Analysis and Management Risk

Author : conchita-marotz | Published Date : 2025-06-23

Description: Security Risk Analysis and Management Risk Management Controlling Risk In information Security The purpose of risk management Ensure overall business and business assets are safe Protect against competitive disadvantage Compliance with
risk security control loss asset

Presentation Embed Code

Download Presentation

Download Presentation The PPT/PDF document "Security Risk Analysis and Management Risk" is the property of its rightful owner. Permission is granted to download and print the materials on this website for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Transcript:Security Risk Analysis and Management Risk:
Security Risk Analysis and Management Risk Management: Controlling Risk In information Security The purpose of risk management Ensure overall business and business assets are safe Protect against competitive disadvantage Compliance with laws and best business practices Maintain a good public reputation Steps of a risk management plan Step 1: Identify Risk Step 2: Assess Risk Step 3: Control Risk Steps are similar regardless of context (InfoSec, Physical Security, Financial, etc.) This presentation will focus on controlling risk within an InfoSec context Risk Identification The steps to risk identification are: Identify your organization’s information assets Classify and categorize said assets into useful groups Rank assets necessity to the organization To the right is a simplified example of how a company may identify risks Risk Assessment The steps to risk assessment are: Identify threats and threat agents Prioritize threats and threat agents Assess vulnerabilities in current InfoSec plan Determine risk of each threat R = P * V – M + U R = Risk P = Probability of threat attack V = Value of Information Asset M = Mitigation by current controls U = Uncertainty of vulnerability The table to the right combines elements of all of these in a highly simplified format Risk control The steps to risk control are: Cost-Benefit Analysis (CBA) Single Loss Expectancy (SLE) Annualized Rate of Occurrence (ARO) Annual Loss Expectancy (ALE) Annual Cost of the Safeguard (ASG) Feasibility Analysis Organizational Feasibility Operational Feasibility Technical Feasibility Political Feasibility Risk Control Strategy Implementation Security+ Guide to Network Security Fundamentals, Fourth Edition Vulnerability Assessment (cont’d.) Single loss expectancy (SLE) Expected monetary loss each time a risk occurs Calculated by multiplying the asset value by exposure factor Exposure factor: percentage of asset value likely to be destroyed by a particular risk 8 Security+ Guide to Network Security Fundamentals, Fourth Edition Vulnerability Assessment (cont’d.) Annualized loss expectancy (ALE) Expected monetary loss over a one year period Multiply SLE by annualized rate of occurrence Annualized rate of occurrence (ARO) : probability that a risk will occur in a particular year It can be calculated by multiplying the annual rate of occurrence (ARO) by single loss expectancy (SLE). 9 Suppose that an asset is valued at $100,000, and the Exposure Factor (EF) for this asset is 25%. The single loss expectancy (SLE) then, is 25% * $100,000, or $25,000. For an annual rate of occurrence of one, the annualized loss expectancy is

Download Document

Here is the link to download the presentation.
"Security Risk Analysis and Management Risk"The content belongs to its owner. You may download and print it for personal use, without modification, and keep all copyright notices. By downloading, you agree to these terms.

Related Presentations

Program Analysis for Web Application Security
Program Analysis for Web Application Security
 Security and Personnel
Security and Personnel
 A Conversation on Risk Management in Environmental Monitoring and Public Health Labs
A Conversation on Risk Management in Environmental Monitoring and Public Health Labs
 ESET Smart Security Premium: Security For Everyone
ESET Smart Security Premium: Security For Everyone
Guess? The Impact of Different Approaches to Risk Assessment
Guess? The Impact of Different Approaches to Risk Assessment
 the management and security of its IT resources SERO is accountable f
the management and security of its IT resources SERO is accountable f
 8008 : Risk Management Frameworks, Operational Risk, Credit Risk, Counterparty Risk,
8008 : Risk Management Frameworks, Operational Risk, Credit Risk, Counterparty Risk,
 (BOOK)-Cryptography and Network Security: Demystifying the ideas of Network Security,
(BOOK)-Cryptography and Network Security: Demystifying the ideas of Network Security,
 Network Monitoring Cyber Security Software in Dubai
Network Monitoring Cyber Security Software in Dubai
 IS Risk Management Framework Overview
IS Risk Management Framework Overview
 Risk analysis Risk analysis
Risk analysis Risk analysis
 Investment Analysis and Portfolio Management
Investment Analysis and Portfolio Management
 Technical Security Controls
Technical Security Controls