Your SlideShare is downloading. ×
Risk assessment on information security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Risk assessment on information security

717
views

Published on

Published in: Education, Technology, Sports

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
717
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
33
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. risk assessment on information security Angelo Sala - November 2010 http://www.flickr.com/photos/borghetti/43058749/
  • 2. goal: to reduce risks related to information security http://www.flickr.com/photos/keylosa/184606430/
  • 3. you have to identify risk activities among sensitive processes http://www.flickr.com/photos/emiliano-iko/4045654001/
  • 4. 1. IT (information technologies) http://www.flickr.com/photos/johnseb/3425464/ identify risk factors …
  • 5. 2. organization http://www.flickr.com/photos/thomasguest/3581215442/
  • 6. 3. human resources http://www.flickr.com/photos/pietel/3468574846/
  • 7. 4. environment http://www.flickr.com/photos/theplanetdotcom/4878805271/
  • 8. identify and classify risks by factors and … http://www.flickr.com/photos/stephenpoff/3032885683/
  • 9. by information values http://www.flickr.com/photos/sidelong/305305214/ 1. data integrity
  • 10. 2. confidentiality http://www.flickr.com/photos/giltron/315026788/
  • 11. 3. availability http://www.flickr.com/photos/davidjwbailey/3676408544/
  • 12. you have to estimate bad event probability http://www.flickr.com/photos/jackpix/146384867/
  • 13. evaluate damages ($) http://www.flickr.com/photos/dawn_perry/237343945/
  • 14. if the company reputation is involved http://www.flickr.com/photos/striatic/2191404675/ so you get risk levels that could increase …
  • 15. .. and finally you have to establish mitigation actions in order to reduce risk level
  • 16. Number of risks identified * (Middle & High level) human resources organization IT environment 45 5 11 27 * fake data
  • 17. Measured vs. Expected * risk index 31,5 9,5 15,5 20 22,5 12,25 6,25 16,5 human resources organization IT environment * fake data
  • 18. and then … you’ll have to roll up your sleeves and start mitigation actions http://www.flickr.com/photos/pennstatelive/5059771553/