SlideShare a Scribd company logo

Risk Management & Information Security Management Systems

IT-Toolkits.org
IT-Toolkits.org

Risk Management and Risk Assessment are major components of Information Security Management (ISM). Although they are widely known, a wide range of definitions of Risk Management and Risk Assessment are found in the relevant literature [ISO13335-2], [NIST], [ENISA Regulation]. Here a consolidated view of Risk Management and Risk Assessment is presented. For the sake of this discussion, two approaches to presenting Risk Management and Risk Assessment, mainly based on OCTAVE [OCTAVE] and ISO 13335-2 [ISO13335-2] will be considered. Nevertheless, when necessary, structural elements that emanate from other perceptions of Risk Management and Risk Assessment are also used (e.g. consideration of Risk Management and Risk Assessment as counterparts of Information Security Management System, as parts of wider operational processes, etc. [WG-Deliverable 3], [Ricciuto]).

Education
1 of 3
Download to read offline
Website: http://it-toolkits.org/ Copyright@TrucPhuong 1 Risk Management & Information Security Management Systems Risk Management and Risk Assessment are major components of Information Security Management (ISM). Although they are widely known, a wide range of definitions of Risk Management and Risk Assessment are found in the relevant literature [ISO13335-2], [NIST], [ENISA Regulation]. Here a consolidated view of Risk Management and Risk Assessment is presented. For the sake of this discussion, two approaches to presenting Risk Management and Risk Assessment, mainly based on OCTAVE [OCTAVE] and ISO 13335-2 [ISO13335-2] will be considered. Nevertheless, when necessary, structural elements that emanate from other perceptions of Risk Management and Risk Assessment are also used (e.g. consideration of Risk Management and Risk Assessment as counterparts of Information Security Management System, as parts of wider operational processes, etc. [WG-Deliverable 3], [Ricciuto]). It seems to be generally accepted by Information Security experts, that Risk Assessment is part of the Risk Management process. After initialization, Risk Management is a recurrent activity that deals with the analysis, planning, implementation, control and monitoring of implemented measurements and the enforced security policy. On the
Website: http://it-toolkits.org/ Copyright@TrucPhuong 2 contrary, Risk Assessment is executed at discrete time points (e.g. once a year, on demand, etc.) and – until the performance of the next assessment - provides a temporary view of assessed risks and while parameterizing the entire Risk Management process. This view of the relationship of Risk Management to Risk Assessment is depicted in the following figure as adopted from OCTAVE . It is worth mentioning, that in this figure both Risk Management and Risk Assessment are presented as processes, that is, as sequences of activities (s. arrows in figure above). Various standards and good practices exist for the establishment of these processes (e.g. through structuring, adaptation, re-configuration etc.). In practice, organizations tend to generate their own instantiations of these methods, in a form most suitable for a given organizational structure, business area or sector. In doing so, national or international standards (or combination of those) are taken as a basis, whereas existing security mechanisms, policies and/or infrastructure are adapted one-by-one. In this way, new good practices for a particular sector are created. Some representative examples of tailored methods/good practices are: a method based on a native national standard (e.g. [IT-Grund]); a method based on an native international standard (e.g. [ISO13335-2]); a method based on a de facto standard (e.g. [OCTAVE]); a method based on a sector standard (e.g. [SIZ-DE]); a method based on an individual basic protection profile for the IT-systems of an organization (e.g. [SIZ-PP]); adoption of an already existing risk analysis of similar systems (e.g. based on an existing Protection Profiles according to Common Criteria [CC]). In practice, combinations of the above examples are very common. For the sake of the presentation within this site, the assumption is made, that the Risk Management life-cycle presented in the figure (i.e. plan, implement, monitor, control, identify, assess), refers solely to risks. Similar activities that might be necessary within the Information Security Management process are considered to apply to operational aspects related to the implementation and control of security measurements . Even although organizations tend to use a single method for Risk Management, multiple methods are typically be used in parallel for Risk Assessment. This is because different Risk Assessment methods might be necessary, depending on the nature of the assessed system (e.g. structure, criticality, complexity, importance, etc.).
Website: http://it-toolkits.org/ Copyright@TrucPhuong 3 Through a series of activities, ENISA has established inventories of existing Risk Management and Risk Assessment methods and tools in Europe (also referred to as products here). Any of these products can be used for the instantiation of both the Risk Management and Risk Assessment processes mentioned in the figure above. The contents of these inventories and the inventories themselves are presented in this site. It should be noted that a more detailed representation of Risk Management and Risk Assessment is given in ISO 13335-2 [ISO13335-2]. In general, the contents of Risk Management and Risk Assessment processes as described here are compatible with ISO 13335. In the future, detailed examples of how to adapt the processes presented to existing business and IT-needs by means of demonstrators will be given. The generation of such material will be part future work at ENISA in form of demonstrators.

Recommended

The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 
Directory: Regulatory & Risk Data
Directory: Regulatory & Risk DataDirectory: Regulatory & Risk Data
Directory: Regulatory & Risk DataConor Coughlan
 
Regulatory Risk
Regulatory RiskRegulatory Risk
Regulatory Risknikatmalik
 
Risk management
Risk managementRisk management
Risk managementBebura Matanda
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
Enterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormEnterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormGoutama Bachtiar
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsVisionet Systems, Inc.
 
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksInformation Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksHernan Huwyler, MBA CPA
 

Recommended

The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 
Directory: Regulatory & Risk Data
Directory: Regulatory & Risk DataDirectory: Regulatory & Risk Data
Directory: Regulatory & Risk DataConor Coughlan
 
Regulatory Risk
Regulatory RiskRegulatory Risk
Regulatory Risknikatmalik
 
Risk management
Risk managementRisk management
Risk managementBebura Matanda
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
Enterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormEnterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormGoutama Bachtiar
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsVisionet Systems, Inc.
 
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksInformation Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksHernan Huwyler, MBA CPA
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteHernan Huwyler, MBA CPA
 
Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk managementG3 intelligence Ltd
 
Quantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal AuditQuantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal AuditHernan Huwyler, MBA CPA
 
Risk - IT Services
Risk - IT ServicesRisk - IT Services
Risk - IT ServicesNema Chhaya Buch
 
Mastering Information Technology Risk Management
Mastering Information Technology Risk ManagementMastering Information Technology Risk Management
Mastering Information Technology Risk ManagementGoutama Bachtiar
 
Risk and Business Continuity Management
Risk and Business Continuity Management Risk and Business Continuity Management
Risk and Business Continuity Management Continuity and Resilience
 
Integrated Risk Management
Integrated Risk ManagementIntegrated Risk Management
Integrated Risk ManagementOmicron Systems
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAGeorge Delikouras
 
Hands on IT risk assessment
Hands on IT risk assessmentHands on IT risk assessment
Hands on IT risk assessmentGeorge Delikouras
 
Integrated risk management
Integrated risk managementIntegrated risk management
Integrated risk managementEndeavor Management
 
case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)ishan parikh production
 
Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Deepak Kamboj
 
Information technology risks
Information technology risksInformation technology risks
Information technology riskssalman butt
 
Remote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC ComplainceRemote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC ComplainceJTLeekley
 
Risk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingRisk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingContentAssets
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementNikhil Soni
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningKeyaan Williams
 
Operational Risk Management and Bpm
Operational Risk Management and BpmOperational Risk Management and Bpm
Operational Risk Management and BpmNathaniel Palmer
 
CISSPills #3.04
CISSPills #3.04CISSPills #3.04
CISSPills #3.04Pierluigi Falcone, CISSP, CISM, CCSK, SABSA Foundation
 
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...Government Technology and Services Coalition
 
Manage your Information Security Management System (ISMS) with Odoo
Manage your Information Security Management System (ISMS) with OdooManage your Information Security Management System (ISMS) with Odoo
Manage your Information Security Management System (ISMS) with OdooMaxime Chambreuil
 

More Related Content

What's hot

Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteHernan Huwyler, MBA CPA
 
Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk managementG3 intelligence Ltd
 
Quantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal AuditQuantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal AuditHernan Huwyler, MBA CPA
 
Mastering Information Technology Risk Management
Mastering Information Technology Risk ManagementMastering Information Technology Risk Management
Mastering Information Technology Risk ManagementGoutama Bachtiar
 
Integrated Risk Management
Integrated Risk ManagementIntegrated Risk Management
Integrated Risk ManagementOmicron Systems
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAGeorge Delikouras
 
case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)ishan parikh production
 
Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Deepak Kamboj
 
Information technology risks
Information technology risksInformation technology risks
Information technology riskssalman butt
 
Remote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC ComplainceRemote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC ComplainceJTLeekley
 
Risk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingRisk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingContentAssets
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementNikhil Soni
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningKeyaan Williams
 
Operational Risk Management and Bpm
Operational Risk Management and BpmOperational Risk Management and Bpm
Operational Risk Management and BpmNathaniel Palmer
 

What's hot (20)

Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
 
Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk management
 
Quantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal AuditQuantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal Audit
 
Risk - IT Services
Risk - IT ServicesRisk - IT Services
Risk - IT Services
 
Mastering Information Technology Risk Management
Mastering Information Technology Risk ManagementMastering Information Technology Risk Management
Mastering Information Technology Risk Management
 
Risk and Business Continuity Management
Risk and Business Continuity Management Risk and Business Continuity Management
Risk and Business Continuity Management
 
Integrated Risk Management
Integrated Risk ManagementIntegrated Risk Management
Integrated Risk Management
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIA
 
Hands on IT risk assessment
Hands on IT risk assessmentHands on IT risk assessment
Hands on IT risk assessment
 
Integrated risk management
Integrated risk managementIntegrated risk management
Integrated risk management
 
case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)
 
Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions
 
Information technology risks
Information technology risksInformation technology risks
Information technology risks
 
Remote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC ComplainceRemote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC Complaince
 
Risk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingRisk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in Manufacturing
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic Planning
 
Operational Risk Management and Bpm
Operational Risk Management and BpmOperational Risk Management and Bpm
Operational Risk Management and Bpm
 
CISSPills #3.04
CISSPills #3.04CISSPills #3.04
CISSPills #3.04
 

Viewers also liked

Manage your Information Security Management System (ISMS) with Odoo
Manage your Information Security Management System (ISMS) with OdooManage your Information Security Management System (ISMS) with Odoo
Manage your Information Security Management System (ISMS) with OdooMaxime Chambreuil
 
Information security-management-system
Information security-management-systemInformation security-management-system
Information security-management-systemintellisenseit
 
Information systems 365 lecture four - Security Policy Development, Data Clas...
Information systems 365 lecture four - Security Policy Development, Data Clas...Information systems 365 lecture four - Security Policy Development, Data Clas...
Information systems 365 lecture four - Security Policy Development, Data Clas...Nicholas Davis
 
How to conduct a risk assessment
How to conduct a risk assessmentHow to conduct a risk assessment
How to conduct a risk assessmentJim Booth
 
Security and Control Issues in Information System
Security and Control Issues in Information SystemSecurity and Control Issues in Information System
Security and Control Issues in Information SystemDaryl Conson
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsCertification Europe
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaDiscover JKUAT
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorCONFENIS 2012
 
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1Denise Tawwab
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
EHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentEHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentdata brackets
 
Planning, design and implementation of information systems
Planning, design and implementation of information systemsPlanning, design and implementation of information systems
Planning, design and implementation of information systemsOnline
 
Slide Deck CISSP Class Session 3
Slide Deck CISSP Class Session 3Slide Deck CISSP Class Session 3
Slide Deck CISSP Class Session 3FRSecure
 
DEVELOPMENT PROCESS OF MIS
DEVELOPMENT PROCESS OF MISDEVELOPMENT PROCESS OF MIS
DEVELOPMENT PROCESS OF MISHiren Selani
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 

Viewers also liked (20)

Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
 
Manage your Information Security Management System (ISMS) with Odoo
Manage your Information Security Management System (ISMS) with OdooManage your Information Security Management System (ISMS) with Odoo
Manage your Information Security Management System (ISMS) with Odoo
 
Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01
 
Information security-management-system
Information security-management-systemInformation security-management-system
Information security-management-system
 
Information systems 365 lecture four - Security Policy Development, Data Clas...
Information systems 365 lecture four - Security Policy Development, Data Clas...Information systems 365 lecture four - Security Policy Development, Data Clas...
Information systems 365 lecture four - Security Policy Development, Data Clas...
 
How to conduct a risk assessment
How to conduct a risk assessmentHow to conduct a risk assessment
How to conduct a risk assessment
 
Security and Control Issues in Information System
Security and Control Issues in Information SystemSecurity and Control Issues in Information System
Security and Control Issues in Information System
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr Wafula
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking Sector
 
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
Risk asssessment
Risk asssessmentRisk asssessment
Risk asssessment
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)
 
EHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentEHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample document
 
Planning, design and implementation of information systems
Planning, design and implementation of information systemsPlanning, design and implementation of information systems
Planning, design and implementation of information systems
 
Slide Deck CISSP Class Session 3
Slide Deck CISSP Class Session 3Slide Deck CISSP Class Session 3
Slide Deck CISSP Class Session 3
 
DEVELOPMENT PROCESS OF MIS
DEVELOPMENT PROCESS OF MISDEVELOPMENT PROCESS OF MIS
DEVELOPMENT PROCESS OF MIS
 
Mis planning
Mis planningMis planning
Mis planning
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
 

Similar to Risk Management & Information Security Management Systems

CHAPTER 5Risk Response and MitigationIn this chapter, you will
CHAPTER 5Risk Response and MitigationIn this chapter, you willCHAPTER 5Risk Response and MitigationIn this chapter, you will
CHAPTER 5Risk Response and MitigationIn this chapter, you willJinElias52
 
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docx
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docxCHAPTER 5Risk Response and MitigationIn this chapter, you will.docx
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docxAbhinav816839
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Riskamiable_indian
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxMargenePurnell14
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxbagotjesusa
 
Comparative Analysis of Information Security Governance Fram
Comparative Analysis of Information Security Governance FramComparative Analysis of Information Security Governance Fram
Comparative Analysis of Information Security Governance FramLynellBull52
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementkris489049
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionVivek Maurya
 
The IRM India- A Risk Management Standard
The IRM India- A Risk Management StandardThe IRM India- A Risk Management Standard
The IRM India- A Risk Management StandardThe IRM India
 
InstructionsAssignment #6Write a 1 to 2 page essay paper th.docx
InstructionsAssignment #6Write a 1 to 2 page essay paper th.docxInstructionsAssignment #6Write a 1 to 2 page essay paper th.docx
InstructionsAssignment #6Write a 1 to 2 page essay paper th.docxLaticiaGrissomzz
 
AbstractKey FeaturesAssessmentIntroductionMeasur.docx
AbstractKey FeaturesAssessmentIntroductionMeasur.docxAbstractKey FeaturesAssessmentIntroductionMeasur.docx
AbstractKey FeaturesAssessmentIntroductionMeasur.docxransayo
 
Management of risk introduction
Management of risk introductionManagement of risk introduction
Management of risk introductionSpyros Ktenas
 
Method of forming numerical metrics of information security v2+
Method of forming numerical metrics of information security v2+Method of forming numerical metrics of information security v2+
Method of forming numerical metrics of information security v2+Илья Лившиц
 
M1-1-SMS_Aerodrome_Hazard Identfication.pdf
M1-1-SMS_Aerodrome_Hazard Identfication.pdfM1-1-SMS_Aerodrome_Hazard Identfication.pdf
M1-1-SMS_Aerodrome_Hazard Identfication.pdfGSEProject
 
A R ISK - A WARE B USINESS P ROCESS M ANAGEMENT R EFERENCE M ODEL AND IT...
A R ISK - A WARE B USINESS P ROCESS M ANAGEMENT R EFERENCE M ODEL AND IT...A R ISK - A WARE B USINESS P ROCESS M ANAGEMENT R EFERENCE M ODEL AND IT...
A R ISK - A WARE B USINESS P ROCESS M ANAGEMENT R EFERENCE M ODEL AND IT...IJCSES Journal
 

Similar to Risk Management & Information Security Management Systems (20)

Risk Management Frameworks
Risk Management FrameworksRisk Management Frameworks
Risk Management Frameworks
 
CHAPTER 5Risk Response and MitigationIn this chapter, you will
CHAPTER 5Risk Response and MitigationIn this chapter, you willCHAPTER 5Risk Response and MitigationIn this chapter, you will
CHAPTER 5Risk Response and MitigationIn this chapter, you will
 
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docx
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docxCHAPTER 5Risk Response and MitigationIn this chapter, you will.docx
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docx
 
Information Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsInformation Serurity Risk Assessment Basics
Information Serurity Risk Assessment Basics
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Risk
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
 
Comparative Analysis of Information Security Governance Fram
Comparative Analysis of Information Security Governance FramComparative Analysis of Information Security Governance Fram
Comparative Analysis of Information Security Governance Fram
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
abcd
abcdabcd
abcd
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solution
 
Dj24712716
Dj24712716Dj24712716
Dj24712716
 
The IRM India- A Risk Management Standard
The IRM India- A Risk Management StandardThe IRM India- A Risk Management Standard
The IRM India- A Risk Management Standard
 
InstructionsAssignment #6Write a 1 to 2 page essay paper th.docx
InstructionsAssignment #6Write a 1 to 2 page essay paper th.docxInstructionsAssignment #6Write a 1 to 2 page essay paper th.docx
InstructionsAssignment #6Write a 1 to 2 page essay paper th.docx
 
AbstractKey FeaturesAssessmentIntroductionMeasur.docx
AbstractKey FeaturesAssessmentIntroductionMeasur.docxAbstractKey FeaturesAssessmentIntroductionMeasur.docx
AbstractKey FeaturesAssessmentIntroductionMeasur.docx
 
Management of risk introduction
Management of risk introductionManagement of risk introduction
Management of risk introduction
 
5757912.ppt
5757912.ppt5757912.ppt
5757912.ppt
 
Method of forming numerical metrics of information security v2+
Method of forming numerical metrics of information security v2+Method of forming numerical metrics of information security v2+
Method of forming numerical metrics of information security v2+
 
M1-1-SMS_Aerodrome_Hazard Identfication.pdf
M1-1-SMS_Aerodrome_Hazard Identfication.pdfM1-1-SMS_Aerodrome_Hazard Identfication.pdf
M1-1-SMS_Aerodrome_Hazard Identfication.pdf
 
A R ISK - A WARE B USINESS P ROCESS M ANAGEMENT R EFERENCE M ODEL AND IT...
A R ISK - A WARE B USINESS P ROCESS M ANAGEMENT R EFERENCE M ODEL AND IT...A R ISK - A WARE B USINESS P ROCESS M ANAGEMENT R EFERENCE M ODEL AND IT...
A R ISK - A WARE B USINESS P ROCESS M ANAGEMENT R EFERENCE M ODEL AND IT...
 

More from IT-Toolkits.org

Information Technology & Its Role in the Modern Organization
Information Technology & Its Role in the Modern OrganizationInformation Technology & Its Role in the Modern Organization
Information Technology & Its Role in the Modern OrganizationIT-Toolkits.org
 
It Organization Management : Revisiting Centralization
It Organization Management : Revisiting CentralizationIt Organization Management : Revisiting Centralization
It Organization Management : Revisiting CentralizationIT-Toolkits.org
 
P2 how to develop an it change management program
P2 how to develop an it change management programP2 how to develop an it change management program
P2 how to develop an it change management programIT-Toolkits.org
 
25 important considerations for selecting new customer support tools
25 important considerations for selecting new customer support tools25 important considerations for selecting new customer support tools
25 important considerations for selecting new customer support toolsIT-Toolkits.org
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to itIT-Toolkits.org
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to itIT-Toolkits.org
 
The basics of managing i.t
The basics of managing i.tThe basics of managing i.t
The basics of managing i.tIT-Toolkits.org
 
It management audits it management templates
It management audits it management templatesIt management audits it management templates
It management audits it management templatesIT-Toolkits.org
 
What is value added- it management_ - it management templates
What is value added- it management_ - it management templatesWhat is value added- it management_ - it management templates
What is value added- it management_ - it management templatesIT-Toolkits.org
 
7 steps to business and it alignment it management templates
7 steps to business and it alignment it management templates7 steps to business and it alignment it management templates
7 steps to business and it alignment it management templatesIT-Toolkits.org
 
Relevant it – it solutions to bridge the gap between business and it it man...
Relevant it – it solutions to bridge the gap between business and it it man...Relevant it – it solutions to bridge the gap between business and it it man...
Relevant it – it solutions to bridge the gap between business and it it man...IT-Toolkits.org
 
Finding a common ground between finance and it it management templates
Finding a common ground between finance and it it management templatesFinding a common ground between finance and it it management templates
Finding a common ground between finance and it it management templatesIT-Toolkits.org
 
How to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsHow to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsIT-Toolkits.org
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...IT-Toolkits.org
 
The benefits of technology standards it-toolkits
The benefits of technology standards it-toolkitsThe benefits of technology standards it-toolkits
The benefits of technology standards it-toolkitsIT-Toolkits.org
 
Email policies tools to govern usage, access and etiquette it-toolkits
Email policies tools to govern usage, access and etiquette it-toolkitsEmail policies tools to govern usage, access and etiquette it-toolkits
Email policies tools to govern usage, access and etiquette it-toolkitsIT-Toolkits.org
 
Fundamentals of data security policy in i.t. management it-toolkits
Fundamentals of data security policy in i.t. management it-toolkitsFundamentals of data security policy in i.t. management it-toolkits
Fundamentals of data security policy in i.t. management it-toolkitsIT-Toolkits.org
 
Why do you need an it policy it-toolkits
Why do you need an it policy it-toolkitsWhy do you need an it policy it-toolkits
Why do you need an it policy it-toolkitsIT-Toolkits.org
 
Help desk ticket categories create help desk ticket classification it-tool...
Help desk ticket categories create help desk ticket classification it-tool...Help desk ticket categories create help desk ticket classification it-tool...
Help desk ticket categories create help desk ticket classification it-tool...IT-Toolkits.org
 

More from IT-Toolkits.org (20)

Information Technology & Its Role in the Modern Organization
Information Technology & Its Role in the Modern OrganizationInformation Technology & Its Role in the Modern Organization
Information Technology & Its Role in the Modern Organization
 
It Organization Management : Revisiting Centralization
It Organization Management : Revisiting CentralizationIt Organization Management : Revisiting Centralization
It Organization Management : Revisiting Centralization
 
It change management
It change managementIt change management
It change management
 
P2 how to develop an it change management program
P2 how to develop an it change management programP2 how to develop an it change management program
P2 how to develop an it change management program
 
25 important considerations for selecting new customer support tools
25 important considerations for selecting new customer support tools25 important considerations for selecting new customer support tools
25 important considerations for selecting new customer support tools
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to it
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to it
 
The basics of managing i.t
The basics of managing i.tThe basics of managing i.t
The basics of managing i.t
 
It management audits it management templates
It management audits it management templatesIt management audits it management templates
It management audits it management templates
 
What is value added- it management_ - it management templates
What is value added- it management_ - it management templatesWhat is value added- it management_ - it management templates
What is value added- it management_ - it management templates
 
7 steps to business and it alignment it management templates
7 steps to business and it alignment it management templates7 steps to business and it alignment it management templates
7 steps to business and it alignment it management templates
 
Relevant it – it solutions to bridge the gap between business and it it man...
Relevant it – it solutions to bridge the gap between business and it it man...Relevant it – it solutions to bridge the gap between business and it it man...
Relevant it – it solutions to bridge the gap between business and it it man...
 
Finding a common ground between finance and it it management templates
Finding a common ground between finance and it it management templatesFinding a common ground between finance and it it management templates
Finding a common ground between finance and it it management templates
 
How to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsHow to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkits
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...
 
The benefits of technology standards it-toolkits
The benefits of technology standards it-toolkitsThe benefits of technology standards it-toolkits
The benefits of technology standards it-toolkits
 
Email policies tools to govern usage, access and etiquette it-toolkits
Email policies tools to govern usage, access and etiquette it-toolkitsEmail policies tools to govern usage, access and etiquette it-toolkits
Email policies tools to govern usage, access and etiquette it-toolkits
 
Fundamentals of data security policy in i.t. management it-toolkits
Fundamentals of data security policy in i.t. management it-toolkitsFundamentals of data security policy in i.t. management it-toolkits
Fundamentals of data security policy in i.t. management it-toolkits
 
Why do you need an it policy it-toolkits
Why do you need an it policy it-toolkitsWhy do you need an it policy it-toolkits
Why do you need an it policy it-toolkits
 
Help desk ticket categories create help desk ticket classification it-tool...
Help desk ticket categories create help desk ticket classification it-tool...Help desk ticket categories create help desk ticket classification it-tool...
Help desk ticket categories create help desk ticket classification it-tool...
 

Recently uploaded

Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxabhijeetpadhi001
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.arsicmarija21
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 

Recently uploaded (20)

Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptx
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 

Risk Management & Information Security Management Systems

  • 1. Website: http://it-toolkits.org/ Copyright@TrucPhuong 1 Risk Management & Information Security Management Systems Risk Management and Risk Assessment are major components of Information Security Management (ISM). Although they are widely known, a wide range of definitions of Risk Management and Risk Assessment are found in the relevant literature [ISO13335-2], [NIST], [ENISA Regulation]. Here a consolidated view of Risk Management and Risk Assessment is presented. For the sake of this discussion, two approaches to presenting Risk Management and Risk Assessment, mainly based on OCTAVE [OCTAVE] and ISO 13335-2 [ISO13335-2] will be considered. Nevertheless, when necessary, structural elements that emanate from other perceptions of Risk Management and Risk Assessment are also used (e.g. consideration of Risk Management and Risk Assessment as counterparts of Information Security Management System, as parts of wider operational processes, etc. [WG-Deliverable 3], [Ricciuto]). It seems to be generally accepted by Information Security experts, that Risk Assessment is part of the Risk Management process. After initialization, Risk Management is a recurrent activity that deals with the analysis, planning, implementation, control and monitoring of implemented measurements and the enforced security policy. On the
  • 2. Website: http://it-toolkits.org/ Copyright@TrucPhuong 2 contrary, Risk Assessment is executed at discrete time points (e.g. once a year, on demand, etc.) and – until the performance of the next assessment - provides a temporary view of assessed risks and while parameterizing the entire Risk Management process. This view of the relationship of Risk Management to Risk Assessment is depicted in the following figure as adopted from OCTAVE . It is worth mentioning, that in this figure both Risk Management and Risk Assessment are presented as processes, that is, as sequences of activities (s. arrows in figure above). Various standards and good practices exist for the establishment of these processes (e.g. through structuring, adaptation, re-configuration etc.). In practice, organizations tend to generate their own instantiations of these methods, in a form most suitable for a given organizational structure, business area or sector. In doing so, national or international standards (or combination of those) are taken as a basis, whereas existing security mechanisms, policies and/or infrastructure are adapted one-by-one. In this way, new good practices for a particular sector are created. Some representative examples of tailored methods/good practices are: a method based on a native national standard (e.g. [IT-Grund]); a method based on an native international standard (e.g. [ISO13335-2]); a method based on a de facto standard (e.g. [OCTAVE]); a method based on a sector standard (e.g. [SIZ-DE]); a method based on an individual basic protection profile for the IT-systems of an organization (e.g. [SIZ-PP]); adoption of an already existing risk analysis of similar systems (e.g. based on an existing Protection Profiles according to Common Criteria [CC]). In practice, combinations of the above examples are very common. For the sake of the presentation within this site, the assumption is made, that the Risk Management life-cycle presented in the figure (i.e. plan, implement, monitor, control, identify, assess), refers solely to risks. Similar activities that might be necessary within the Information Security Management process are considered to apply to operational aspects related to the implementation and control of security measurements . Even although organizations tend to use a single method for Risk Management, multiple methods are typically be used in parallel for Risk Assessment. This is because different Risk Assessment methods might be necessary, depending on the nature of the assessed system (e.g. structure, criticality, complexity, importance, etc.).
  • 3. Website: http://it-toolkits.org/ Copyright@TrucPhuong 3 Through a series of activities, ENISA has established inventories of existing Risk Management and Risk Assessment methods and tools in Europe (also referred to as products here). Any of these products can be used for the instantiation of both the Risk Management and Risk Assessment processes mentioned in the figure above. The contents of these inventories and the inventories themselves are presented in this site. It should be noted that a more detailed representation of Risk Management and Risk Assessment is given in ISO 13335-2 [ISO13335-2]. In general, the contents of Risk Management and Risk Assessment processes as described here are compatible with ISO 13335. In the future, detailed examples of how to adapt the processes presented to existing business and IT-needs by means of demonstrators will be given. The generation of such material will be part future work at ENISA in form of demonstrators.