SlideShare a Scribd company logo

Risk Analysis.pptx

Download as PPTX, PDF
K
Karthick Panneerselvam

Risk Analysis in Information Security system

Engineering
1 of 10
INFORMATION SECURITY RISK ANALYSIS
KEY POINTS • What is Risk Management? • What is the need for Risk Management? • Approach to Risk Management • Risk Assessment
RELATIONSHIP AMONG DIFFERENT SECURITY CONCEPTS
TERMS AND DEFINITIONS FOR RISK ANALYSIS • Asset – Something that an organization considers important so as to be protected. For eg, a resource, process, product, computing infrastructure etc. – The loss of the asset could effect CIA or could have an overall adverse business impact. • Threat – A threat is the presence of any potential event that could cause an adverse impact on the organization. • Safeguard – A safeguard is the ‘control’ or ‘countermeasure’ put in place to reduce the risk associated with a specific threat or group of threats. • Vulnerability – The absence or weakness of a ‘safeguard’. – A minor threat has a potential to become a greater threat because of vulnerability.
• Exposure related terms – Exposure factor(EF): Represents the percentage loss that a threat event would have on a specific asset. • EF can be a small percentage such as effect of loss of some hardware or a very large percentage such as loss of storage devices at some data center. – Single loss expectancy(SLE): A monetary figure that is assigned to a single threat event. It represents an organization’s loss from a single threat. SLE= Asset value * EF eg; asset value=USD 45000, EF =20% then SLE will be (45000* 0.2) i.e. USD 900
– Annualized rate of occurrence(ARO): Represents the estimated probability of a specific threat taking place within a one-year time frame. • The range of probability is from 0.0 to 1.0 • Eg, Probability of flood is once in 1000 years, ARO value is 0.001 – Annualized loss expectancy(ALE): Is a monetary value derived from ALE= SLE * ARO
Exposure-related concept Formula for calculation Exposure factor(EF) Percentage of asset loss caused by a threat Single loss expectancy(SLE) Asset value * EF Annualized rate of occurrence(ARO) Frequency of threat occurrence per year Annualized loss expectancy(ALE) SLE * ARO FORMULA FOR RISK ANALYSIS
RISK MANAGEMENT AND RISK ANALYSIS • Risk analysis: Science of observation, knowledge and evaluation; • Risk management: – The ongoing process of identifying the risks and implementing plans to address them. – Skill of handling the identified risks in the best possible manner for interests of organization • Risk evaluation: Provides a baseline that can be used to focus mitigation and improvement activities. Risk = threat * vulnerability * asset value
RISK MANAGEMENT PROCESS
STAGED METHODOLOGY FOR RISK ANALLYSIS • Methodology: it is a framework for managing a task efficiently, usually including standard techniques for problem solving. • Three main stages in risk analysis: – Asset evaluation – Analysis of threats and vulnerabilities – Selection of safeguards

Recommended

1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementOnur Yuksektepeli
 
COSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORECOSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORENaresh Parandhaman
 
ch01.ppt
ch01.pptch01.ppt
ch01.pptsamsam693199
 
information security presentation topics
information security presentation topicsinformation security presentation topics
information security presentation topicsOlajide Kuku
 
educational content, educational contented educational content
educational content, educational contented educational contenteducational content, educational contented educational content
educational content, educational contented educational contentOlajide Kuku
 
INFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTSINFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTShenlydailymotion
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).pptAjjuSingh2
 

Recommended

1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementOnur Yuksektepeli
 
COSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORECOSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORENaresh Parandhaman
 
ch01.ppt
ch01.pptch01.ppt
ch01.pptsamsam693199
 
information security presentation topics
information security presentation topicsinformation security presentation topics
information security presentation topicsOlajide Kuku
 
educational content, educational contented educational content
educational content, educational contented educational contenteducational content, educational contented educational content
educational content, educational contented educational contentOlajide Kuku
 
INFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTSINFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTShenlydailymotion
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).pptAjjuSingh2
 
Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Chinatu Uzuegbu
 
Risk Management in Pilotage - By Mr. Marantis Stylianos
Risk Management in Pilotage - By Mr. Marantis StylianosRisk Management in Pilotage - By Mr. Marantis Stylianos
Risk Management in Pilotage - By Mr. Marantis StylianosISPO | International Standard for Maritime Pilot Organizations
 
Cybersecurity risk management 101
Cybersecurity risk management 101Cybersecurity risk management 101
Cybersecurity risk management 101Srinivasan Vanamali
 
CISSPills #3.04
CISSPills #3.04CISSPills #3.04
CISSPills #3.04Pierluigi Falcone, CISSP, CISM, CCSK, SABSA Foundation
 
IS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdfIS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdfAbdulrafiiMohammed
 
Risk Mitigation
Risk MitigationRisk Mitigation
Risk Mitigationprimeteacher32
 
Understanding enterprise risk management and fair
Understanding enterprise risk management and fairUnderstanding enterprise risk management and fair
Understanding enterprise risk management and fairiaemedu
 
Chapter-2A.pptx
Chapter-2A.pptxChapter-2A.pptx
Chapter-2A.pptxSaraBenChamkha1
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsPriyanka Aash
 
Ppt for IMPROVEMENT OF SAFETY THROUGH SAFETY MANAGAMENT PLAN – office p...
Ppt for IMPROVEMENT OF SAFETY THROUGH SAFETY MANAGAMENT PLAN – office p...Ppt for IMPROVEMENT OF SAFETY THROUGH SAFETY MANAGAMENT PLAN – office p...
Ppt for IMPROVEMENT OF SAFETY THROUGH SAFETY MANAGAMENT PLAN – office p...AMIT SAHU
 
SAFETY MANAGAMENT PLAN –
SAFETY MANAGAMENT PLAN –SAFETY MANAGAMENT PLAN –
SAFETY MANAGAMENT PLAN –AMIT SAHU
 
Session 04_Risk Assessment Program for YSP_Risk Analysis I
Session 04_Risk Assessment Program for YSP_Risk Analysis ISession 04_Risk Assessment Program for YSP_Risk Analysis I
Session 04_Risk Assessment Program for YSP_Risk Analysis IMuizz Anibire
 
MAA_Riskmanagement
MAA_RiskmanagementMAA_Riskmanagement
MAA_RiskmanagementHong Tong Wu ???
 
OVER VIEW risk management 22016 NEW ASLI
OVER VIEW risk management 22016 NEW ASLIOVER VIEW risk management 22016 NEW ASLI
OVER VIEW risk management 22016 NEW ASLIsssheid
 
Risk management ISO 27001 Standard
Risk management ISO 27001 StandardRisk management ISO 27001 Standard
Risk management ISO 27001 StandardTharindunuwan9
 
BlueBookAcademy.com - Risk, Return & Diversification Techniques
BlueBookAcademy.com - Risk, Return & Diversification TechniquesBlueBookAcademy.com - Risk, Return & Diversification Techniques
BlueBookAcademy.com - Risk, Return & Diversification Techniquesbluebookacademy
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30timmcguinness
 
Project risk analysis
Project risk analysisProject risk analysis
Project risk analysisNur E Alam Siddike
 
HSE-BMS-006 Risk Assessment & JSA.ppt
HSE-BMS-006 Risk Assessment & JSA.pptHSE-BMS-006 Risk Assessment & JSA.ppt
HSE-BMS-006 Risk Assessment & JSA.pptGkMechanical
 
Cissp combined notes
Cissp combined notesCissp combined notes
Cissp combined notesJoshua Fonseca
 
Cursors.ppt
Cursors.pptCursors.ppt
Cursors.pptKarthick Panneerselvam
 
Concurrent Transactions.ppt
Concurrent Transactions.pptConcurrent Transactions.ppt
Concurrent Transactions.pptKarthick Panneerselvam
 

More Related Content

Similar to Risk Analysis.pptx

Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Chinatu Uzuegbu
 
Cybersecurity risk management 101
Cybersecurity risk management 101Cybersecurity risk management 101
Cybersecurity risk management 101Srinivasan Vanamali
 
IS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdfIS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdfAbdulrafiiMohammed
 
Understanding enterprise risk management and fair
Understanding enterprise risk management and fairUnderstanding enterprise risk management and fair
Understanding enterprise risk management and fairiaemedu
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsPriyanka Aash
 
Ppt for IMPROVEMENT OF SAFETY THROUGH SAFETY MANAGAMENT PLAN – office p...
Ppt for IMPROVEMENT OF SAFETY THROUGH SAFETY MANAGAMENT PLAN – office p...Ppt for IMPROVEMENT OF SAFETY THROUGH SAFETY MANAGAMENT PLAN – office p...
Ppt for IMPROVEMENT OF SAFETY THROUGH SAFETY MANAGAMENT PLAN – office p...AMIT SAHU
 
SAFETY MANAGAMENT PLAN –
SAFETY MANAGAMENT PLAN –SAFETY MANAGAMENT PLAN –
SAFETY MANAGAMENT PLAN –AMIT SAHU
 
Session 04_Risk Assessment Program for YSP_Risk Analysis I
Session 04_Risk Assessment Program for YSP_Risk Analysis ISession 04_Risk Assessment Program for YSP_Risk Analysis I
Session 04_Risk Assessment Program for YSP_Risk Analysis IMuizz Anibire
 
OVER VIEW risk management 22016 NEW ASLI
OVER VIEW risk management 22016 NEW ASLIOVER VIEW risk management 22016 NEW ASLI
OVER VIEW risk management 22016 NEW ASLIsssheid
 
Risk management ISO 27001 Standard
Risk management ISO 27001 StandardRisk management ISO 27001 Standard
Risk management ISO 27001 StandardTharindunuwan9
 
BlueBookAcademy.com - Risk, Return & Diversification Techniques
BlueBookAcademy.com - Risk, Return & Diversification TechniquesBlueBookAcademy.com - Risk, Return & Diversification Techniques
BlueBookAcademy.com - Risk, Return & Diversification Techniquesbluebookacademy
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30timmcguinness
 
HSE-BMS-006 Risk Assessment & JSA.ppt
HSE-BMS-006 Risk Assessment & JSA.pptHSE-BMS-006 Risk Assessment & JSA.ppt
HSE-BMS-006 Risk Assessment & JSA.pptGkMechanical
 

Similar to Risk Analysis.pptx (20)

Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3
 
Risk Management in Pilotage - By Mr. Marantis Stylianos
Risk Management in Pilotage - By Mr. Marantis StylianosRisk Management in Pilotage - By Mr. Marantis Stylianos
Risk Management in Pilotage - By Mr. Marantis Stylianos
 
Cybersecurity risk management 101
Cybersecurity risk management 101Cybersecurity risk management 101
Cybersecurity risk management 101
 
CISSPills #3.04
CISSPills #3.04CISSPills #3.04
CISSPills #3.04
 
IS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdfIS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdf
 
Risk Mitigation
Risk MitigationRisk Mitigation
Risk Mitigation
 
Understanding enterprise risk management and fair
Understanding enterprise risk management and fairUnderstanding enterprise risk management and fair
Understanding enterprise risk management and fair
 
Chapter-2A.pptx
Chapter-2A.pptxChapter-2A.pptx
Chapter-2A.pptx
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security Controls
 
Ppt for IMPROVEMENT OF SAFETY THROUGH SAFETY MANAGAMENT PLAN – office p...
Ppt for IMPROVEMENT OF SAFETY THROUGH SAFETY MANAGAMENT PLAN – office p...Ppt for IMPROVEMENT OF SAFETY THROUGH SAFETY MANAGAMENT PLAN – office p...
Ppt for IMPROVEMENT OF SAFETY THROUGH SAFETY MANAGAMENT PLAN – office p...
 
SAFETY MANAGAMENT PLAN –
SAFETY MANAGAMENT PLAN –SAFETY MANAGAMENT PLAN –
SAFETY MANAGAMENT PLAN –
 
Session 04_Risk Assessment Program for YSP_Risk Analysis I
Session 04_Risk Assessment Program for YSP_Risk Analysis ISession 04_Risk Assessment Program for YSP_Risk Analysis I
Session 04_Risk Assessment Program for YSP_Risk Analysis I
 
MAA_Riskmanagement
MAA_RiskmanagementMAA_Riskmanagement
MAA_Riskmanagement
 
OVER VIEW risk management 22016 NEW ASLI
OVER VIEW risk management 22016 NEW ASLIOVER VIEW risk management 22016 NEW ASLI
OVER VIEW risk management 22016 NEW ASLI
 
Risk management ISO 27001 Standard
Risk management ISO 27001 StandardRisk management ISO 27001 Standard
Risk management ISO 27001 Standard
 
BlueBookAcademy.com - Risk, Return & Diversification Techniques
BlueBookAcademy.com - Risk, Return & Diversification TechniquesBlueBookAcademy.com - Risk, Return & Diversification Techniques
BlueBookAcademy.com - Risk, Return & Diversification Techniques
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30
 
Project risk analysis
Project risk analysisProject risk analysis
Project risk analysis
 
HSE-BMS-006 Risk Assessment & JSA.ppt
HSE-BMS-006 Risk Assessment & JSA.pptHSE-BMS-006 Risk Assessment & JSA.ppt
HSE-BMS-006 Risk Assessment & JSA.ppt
 
Cissp combined notes
Cissp combined notesCissp combined notes
Cissp combined notes
 

More from Karthick Panneerselvam

More from Karthick Panneerselvam (6)

Cursors.ppt
Cursors.pptCursors.ppt
Cursors.ppt
 
Concurrent Transactions.ppt
Concurrent Transactions.pptConcurrent Transactions.ppt
Concurrent Transactions.ppt
 
DDL and DML statements.pptx
DDL and DML statements.pptxDDL and DML statements.pptx
DDL and DML statements.pptx
 
standards1.pdf
standards1.pdfstandards1.pdf
standards1.pdf
 
Security.pdf
Security.pdfSecurity.pdf
Security.pdf
 
computer Network
computer Networkcomputer Network
computer Network
 

Recently uploaded

High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
High Profile Call Girls Nashik Megha 7001305949 Independent Escort Service Na...
High Profile Call Girls Nashik Megha 7001305949 Independent Escort Service Na...High Profile Call Girls Nashik Megha 7001305949 Independent Escort Service Na...
High Profile Call Girls Nashik Megha 7001305949 Independent Escort Service Na...Call Girls in Nagpur High Profile
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAbhinavSharma374939
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZTE
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 

Recently uploaded (20)

High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
High Profile Call Girls Nashik Megha 7001305949 Independent Escort Service Na...
High Profile Call Girls Nashik Megha 7001305949 Independent Escort Service Na...High Profile Call Girls Nashik Megha 7001305949 Independent Escort Service Na...
High Profile Call Girls Nashik Megha 7001305949 Independent Escort Service Na...
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog Converter
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 

Risk Analysis.pptx

  • 2. KEY POINTS • What is Risk Management? • What is the need for Risk Management? • Approach to Risk Management • Risk Assessment
  • 4. TERMS AND DEFINITIONS FOR RISK ANALYSIS • Asset – Something that an organization considers important so as to be protected. For eg, a resource, process, product, computing infrastructure etc. – The loss of the asset could effect CIA or could have an overall adverse business impact. • Threat – A threat is the presence of any potential event that could cause an adverse impact on the organization. • Safeguard – A safeguard is the ‘control’ or ‘countermeasure’ put in place to reduce the risk associated with a specific threat or group of threats. • Vulnerability – The absence or weakness of a ‘safeguard’. – A minor threat has a potential to become a greater threat because of vulnerability.
  • 5. • Exposure related terms – Exposure factor(EF): Represents the percentage loss that a threat event would have on a specific asset. • EF can be a small percentage such as effect of loss of some hardware or a very large percentage such as loss of storage devices at some data center. – Single loss expectancy(SLE): A monetary figure that is assigned to a single threat event. It represents an organization’s loss from a single threat. SLE= Asset value * EF eg; asset value=USD 45000, EF =20% then SLE will be (45000* 0.2) i.e. USD 900
  • 6. – Annualized rate of occurrence(ARO): Represents the estimated probability of a specific threat taking place within a one-year time frame. • The range of probability is from 0.0 to 1.0 • Eg, Probability of flood is once in 1000 years, ARO value is 0.001 – Annualized loss expectancy(ALE): Is a monetary value derived from ALE= SLE * ARO
  • 7. Exposure-related concept Formula for calculation Exposure factor(EF) Percentage of asset loss caused by a threat Single loss expectancy(SLE) Asset value * EF Annualized rate of occurrence(ARO) Frequency of threat occurrence per year Annualized loss expectancy(ALE) SLE * ARO FORMULA FOR RISK ANALYSIS
  • 8. RISK MANAGEMENT AND RISK ANALYSIS • Risk analysis: Science of observation, knowledge and evaluation; • Risk management: – The ongoing process of identifying the risks and implementing plans to address them. – Skill of handling the identified risks in the best possible manner for interests of organization • Risk evaluation: Provides a baseline that can be used to focus mitigation and improvement activities. Risk = threat * vulnerability * asset value
  • 10. STAGED METHODOLOGY FOR RISK ANALLYSIS • Methodology: it is a framework for managing a task efficiently, usually including standard techniques for problem solving. • Three main stages in risk analysis: – Asset evaluation – Analysis of threats and vulnerabilities – Selection of safeguards