Risk assessment on information security

1,006 views
893 views

Published on

Published in: Education, Technology, Sports
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,006
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
39
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Risk assessment on information security

  1. 1. risk assessment on information security Angelo Sala - November 2010 http://www.flickr.com/photos/borghetti/43058749/
  2. 2. goal: to reduce risks related to information security http://www.flickr.com/photos/keylosa/184606430/
  3. 3. you have to identify risk activities among sensitive processes http://www.flickr.com/photos/emiliano-iko/4045654001/
  4. 4. 1. IT (information technologies) http://www.flickr.com/photos/johnseb/3425464/ identify risk factors …
  5. 5. 2. organization http://www.flickr.com/photos/thomasguest/3581215442/
  6. 6. 3. human resources http://www.flickr.com/photos/pietel/3468574846/
  7. 7. 4. environment http://www.flickr.com/photos/theplanetdotcom/4878805271/
  8. 8. identify and classify risks by factors and … http://www.flickr.com/photos/stephenpoff/3032885683/
  9. 9. by information values http://www.flickr.com/photos/sidelong/305305214/ 1. data integrity
  10. 10. 2. confidentiality http://www.flickr.com/photos/giltron/315026788/
  11. 11. 3. availability http://www.flickr.com/photos/davidjwbailey/3676408544/
  12. 12. you have to estimate bad event probability http://www.flickr.com/photos/jackpix/146384867/
  13. 13. evaluate damages ($) http://www.flickr.com/photos/dawn_perry/237343945/
  14. 14. if the company reputation is involved http://www.flickr.com/photos/striatic/2191404675/ so you get risk levels that could increase …
  15. 15. .. and finally you have to establish mitigation actions in order to reduce risk level
  16. 16. Number of risks identified * (Middle & High level) human resources organization IT environment 45 5 11 27 * fake data
  17. 17. Measured vs. Expected * risk index 31,5 9,5 15,5 20 22,5 12,25 6,25 16,5 human resources organization IT environment * fake data
  18. 18. and then … you’ll have to roll up your sleeves and start mitigation actions http://www.flickr.com/photos/pennstatelive/5059771553/

×