Risk management
Upcoming SlideShare
Loading in...5
×
 

Risk management

on

  • 324 views

How to apply risk management principles in the security field.

How to apply risk management principles in the security field.

Statistics

Views

Total Views
324
Views on SlideShare
324
Embed Views
0

Actions

Likes
0
Downloads
6
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • If you have assets of value, and those assets are vulnerable to loss or damage, you have risk.
  • If you have assets of value, and those assets are vulnerable to loss or damage, you have risk.
  • Risk factors. Factor means multiply.
  • Eliminate threat through risk avoidance, but also eliminate opportunity
  • Unified Threat Management: Firewall, Intrusion Prevention, Anti-virus, etc. The risk score drops from 320 to 128 (over half). What could you do next? Harden servers so that even if they get inside your firewall they won’t be as able to cause damage.

Risk management Risk management Presentation Transcript

  • FSO Consulting ServicesIntroduction toRISK MANAGEMENT
  • FSO Consulting ServicesRISK MANAGEMENT Risk and Risk Factors Risk Assessment Ways to Address Risk Applying Controls to Reduce Risk Managing Risk Discussion
  • FSO Consulting ServicesWHAT IS RISK? WHAT IS A THREAT?Risk is where assets, vulnerabilities, and threats intersect. RISK Threats
  • FSO Consulting ServicesWHAT IS RISK? WHAT IS A THREAT? A threat is something (or someone) that could have a negative impact on something of value.
  • FSO Consulting ServicesRISK FACTORS Factors are elements that are multiplied to determine risk  Seriousness – how harmful is the threat?  Likelihood – what are the chances the threat will exploit a vulnerability?  Vulnerability – a weakness that could be exploited  Impact – what will the damage be if exploited?
  • FSO Consulting ServicesIDENTIFYING THREATSIdentify from two angles Where the threat might come from  Everhear of China or Iran?  What about insider threats?  How about that Internet thing? What kinds of problems might arise?  Shortage of cleared people?  Scope creep?
  • FSO Consulting ServicesRISK ASSESSMENT: SCORING Create a matrix of threats and factors: Threat Seriousness Likelihood Vulnerability Impact Score Cyber attack: 4 4 5 4 320 hostile nation
  • FSO Consulting ServicesREDUCING RISKWhat can you do? Eliminate the threat Reduce the seriousness of the threat Reduce the likelihood of the threat Reduce your vulnerability Lower the impact
  • FSO Consulting ServicesREDUCING RISKWhat can you do? Eliminate the threat Reduce the seriousness of the threat Reduce the likelihood of the threat Reduce your vulnerability Lower the impact
  • FSO Consulting ServicesRISK ASSESSMENT: SCORING Apply controls  Forexample, install a UTM appliance  Rescore: Threat Seriousness Likelihood Vulnerability Impact Score Cyber attack: 4 4 2 4 128 hostile nation  Harden servers to reduce the impact of an intrusion  You could cut that score in half
  • FSO Consulting ServicesADDRESSING RISKWays to address risk? Risk avoidance  Also reduces opportunity Risk transfer  Insurance, partnerships, coalitions Risk acceptance  Do nothing
  • FSO Consulting ServicesRISK MANAGEMENT Identify Risk Assess Risk Reduce Risk Manage Risk  Re-assess periodically  Add new threats when identified  Address in priority order  Keep risk at an acceptable level
  • FSO Consulting ServicesDISCUSSION & QUESTIONS