0
risk assessment on
information security
Angelo Sala - November 2010
http://www.flickr.com/photos/borghetti/43058749/
goal: to reduce risks related to
information security
http://www.flickr.com/photos/keylosa/184606430/
you have to identify risk activities among
sensitive processes
http://www.flickr.com/photos/emiliano-iko/4045654001/
1. IT (information
technologies)
http://www.flickr.com/photos/johnseb/3425464/
identify risk factors …
2. organization
http://www.flickr.com/photos/thomasguest/3581215442/
3. human
resources
http://www.flickr.com/photos/pietel/3468574846/
4. environment
http://www.flickr.com/photos/theplanetdotcom/4878805271/
identify and classify risks by
factors and …
http://www.flickr.com/photos/stephenpoff/3032885683/
by information values
http://www.flickr.com/photos/sidelong/305305214/
1. data integrity
2. confidentiality
http://www.flickr.com/photos/giltron/315026788/
3. availability
http://www.flickr.com/photos/davidjwbailey/3676408544/
you have to estimate bad
event probability
http://www.flickr.com/photos/jackpix/146384867/
evaluate damages ($)
http://www.flickr.com/photos/dawn_perry/237343945/
if the company
reputation is involved
http://www.flickr.com/photos/striatic/2191404675/
so you get risk
levels that could
...
.. and finally you have to
establish mitigation actions
in order to reduce risk level
Number of risks identified * (Middle & High level)
human resources
organization
IT
environment
45
5
11
27
* fake data
Measured vs. Expected * risk index
31,5
9,5
15,5
20
22,5
12,25
6,25
16,5
human resources
organization
IT
environment
* fak...
and then …
you’ll have to roll up your sleeves and
start mitigation actions
http://www.flickr.com/photos/pennstatelive/505...
Upcoming SlideShare
Loading in...5
×

Risk assessment on information security

766

Published on

Published in: Education, Technology, Sports
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
766
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
34
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Risk assessment on information security"

  1. 1. risk assessment on information security Angelo Sala - November 2010 http://www.flickr.com/photos/borghetti/43058749/
  2. 2. goal: to reduce risks related to information security http://www.flickr.com/photos/keylosa/184606430/
  3. 3. you have to identify risk activities among sensitive processes http://www.flickr.com/photos/emiliano-iko/4045654001/
  4. 4. 1. IT (information technologies) http://www.flickr.com/photos/johnseb/3425464/ identify risk factors …
  5. 5. 2. organization http://www.flickr.com/photos/thomasguest/3581215442/
  6. 6. 3. human resources http://www.flickr.com/photos/pietel/3468574846/
  7. 7. 4. environment http://www.flickr.com/photos/theplanetdotcom/4878805271/
  8. 8. identify and classify risks by factors and … http://www.flickr.com/photos/stephenpoff/3032885683/
  9. 9. by information values http://www.flickr.com/photos/sidelong/305305214/ 1. data integrity
  10. 10. 2. confidentiality http://www.flickr.com/photos/giltron/315026788/
  11. 11. 3. availability http://www.flickr.com/photos/davidjwbailey/3676408544/
  12. 12. you have to estimate bad event probability http://www.flickr.com/photos/jackpix/146384867/
  13. 13. evaluate damages ($) http://www.flickr.com/photos/dawn_perry/237343945/
  14. 14. if the company reputation is involved http://www.flickr.com/photos/striatic/2191404675/ so you get risk levels that could increase …
  15. 15. .. and finally you have to establish mitigation actions in order to reduce risk level
  16. 16. Number of risks identified * (Middle & High level) human resources organization IT environment 45 5 11 27 * fake data
  17. 17. Measured vs. Expected * risk index 31,5 9,5 15,5 20 22,5 12,25 6,25 16,5 human resources organization IT environment * fake data
  18. 18. and then … you’ll have to roll up your sleeves and start mitigation actions http://www.flickr.com/photos/pennstatelive/5059771553/
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×