FSO Consulting ServicesIntroduction toRISK MANAGEMENT
FSO Consulting ServicesRISK MANAGEMENT Risk and Risk Factors Risk Assessment Ways to Address Risk Applying Controls to...
FSO Consulting ServicesWHAT IS RISK? WHAT IS A THREAT?Risk is where assets, vulnerabilities,         and threats intersect...
FSO Consulting ServicesWHAT IS RISK? WHAT IS A THREAT? A threat is something (or someone)  that could have a negative impa...
FSO Consulting ServicesRISK FACTORS   Factors are elements that are multiplied to    determine risk     Seriousness   – ...
FSO Consulting ServicesIDENTIFYING THREATSIdentify from two angles Where the threat might come from     Everhear of Chin...
FSO Consulting ServicesRISK ASSESSMENT: SCORING   Create a matrix of threats and factors:         Threat        Seriousne...
FSO Consulting ServicesREDUCING RISKWhat can you do? Eliminate the threat Reduce the seriousness of the threat Reduce t...
FSO Consulting ServicesREDUCING RISKWhat can you do? Eliminate the threat Reduce the seriousness of the threat Reduce t...
FSO Consulting ServicesRISK ASSESSMENT: SCORING   Apply controls     Forexample, install a UTM appliance     Rescore:  ...
FSO Consulting ServicesADDRESSING RISKWays to address risk? Risk avoidance       Also reduces opportunity   Risk transf...
FSO Consulting ServicesRISK MANAGEMENT Identify Risk Assess Risk Reduce Risk Manage Risk     Re-assess  periodically ...
FSO Consulting ServicesDISCUSSION & QUESTIONS
Upcoming SlideShare
Loading in …5
×

Risk management

379 views

Published on

How to apply risk management principles in the security field.

Published in: Business, Economy & Finance
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
379
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • If you have assets of value, and those assets are vulnerable to loss or damage, you have risk.
  • If you have assets of value, and those assets are vulnerable to loss or damage, you have risk.
  • Risk factors. Factor means multiply.
  • Eliminate threat through risk avoidance, but also eliminate opportunity
  • Unified Threat Management: Firewall, Intrusion Prevention, Anti-virus, etc. The risk score drops from 320 to 128 (over half). What could you do next? Harden servers so that even if they get inside your firewall they won’t be as able to cause damage.
  • Risk management

    1. 1. FSO Consulting ServicesIntroduction toRISK MANAGEMENT
    2. 2. FSO Consulting ServicesRISK MANAGEMENT Risk and Risk Factors Risk Assessment Ways to Address Risk Applying Controls to Reduce Risk Managing Risk Discussion
    3. 3. FSO Consulting ServicesWHAT IS RISK? WHAT IS A THREAT?Risk is where assets, vulnerabilities, and threats intersect. RISK Threats
    4. 4. FSO Consulting ServicesWHAT IS RISK? WHAT IS A THREAT? A threat is something (or someone) that could have a negative impact on something of value.
    5. 5. FSO Consulting ServicesRISK FACTORS Factors are elements that are multiplied to determine risk  Seriousness – how harmful is the threat?  Likelihood – what are the chances the threat will exploit a vulnerability?  Vulnerability – a weakness that could be exploited  Impact – what will the damage be if exploited?
    6. 6. FSO Consulting ServicesIDENTIFYING THREATSIdentify from two angles Where the threat might come from  Everhear of China or Iran?  What about insider threats?  How about that Internet thing? What kinds of problems might arise?  Shortage of cleared people?  Scope creep?
    7. 7. FSO Consulting ServicesRISK ASSESSMENT: SCORING Create a matrix of threats and factors: Threat Seriousness Likelihood Vulnerability Impact Score Cyber attack: 4 4 5 4 320 hostile nation
    8. 8. FSO Consulting ServicesREDUCING RISKWhat can you do? Eliminate the threat Reduce the seriousness of the threat Reduce the likelihood of the threat Reduce your vulnerability Lower the impact
    9. 9. FSO Consulting ServicesREDUCING RISKWhat can you do? Eliminate the threat Reduce the seriousness of the threat Reduce the likelihood of the threat Reduce your vulnerability Lower the impact
    10. 10. FSO Consulting ServicesRISK ASSESSMENT: SCORING Apply controls  Forexample, install a UTM appliance  Rescore: Threat Seriousness Likelihood Vulnerability Impact Score Cyber attack: 4 4 2 4 128 hostile nation  Harden servers to reduce the impact of an intrusion  You could cut that score in half
    11. 11. FSO Consulting ServicesADDRESSING RISKWays to address risk? Risk avoidance  Also reduces opportunity Risk transfer  Insurance, partnerships, coalitions Risk acceptance  Do nothing
    12. 12. FSO Consulting ServicesRISK MANAGEMENT Identify Risk Assess Risk Reduce Risk Manage Risk  Re-assess periodically  Add new threats when identified  Address in priority order  Keep risk at an acceptable level
    13. 13. FSO Consulting ServicesDISCUSSION & QUESTIONS

    ×