Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Risk assessment presentation

29,110 views

Published on

  • Be the first to comment

Risk assessment presentation

  1. 1. Risk Analysis Completing the Risk Analysis Puzzle A Presentation by Michelle Magario For BSDP 583 Spring 2012
  2. 2. Table of Contents • Part 1: • Risk Analysis • Limitations • Interdependency • Part 3 • In Practice • Part 2: • Interventions • Recommendations • Budgetary considerations
  3. 3. Purpose Statement Purpose: • Characterize • Define • Mitigate • Eliminate Protect Defend
  4. 4. Risk Management © Copyright 2004 Risk Mitigation Associates -- All rights reserved.
  5. 5. Risk Analysis • Phase 1 – Analyze Risks  Assets  Threats  Vulnerabilities  Risks • Phase 2 – Countermeasures  Mitigation Opportunities  Plan Development  Policy Institution
  6. 6. Phase 1
  7. 7. Risk Assessment: Phase 1 • Asset Characterization • Criticality Analysis • Threat Identification • Consequence Analysis • Vulnerability Analysis • Probability Assessment • Risk Assessment • Risk Prioritization • Risk Management Assets ThreatsVulnerabilities Risks
  8. 8. Risk Assessment: Phase 1 Assets People Property Proprietary Information Reputation
  9. 9. Risk Assessment: Phase 1 • Criticality Analysis -which assets are criticalUnderstand • Mission related -describe the assetDescribe • Location • Type -assign a valueRank • Numeric • Relative
  10. 10. Risk Assessment: Phase 1 Hazard • Natural • Manmade • Unintentional • Safety • Security • Disasters • Political/Military • Environmental or Behavioral Threat • Manmade • Intentional • With Malice • Terrorists • Petty or Economic Criminals • Subversives
  11. 11. Risk Assessment: Phase 1 • Consequence Analysis – Losses • Human life • Property • Proprietary information • Reputation – Impact • Environmental • Economical
  12. 12. Risk Assessment: Phase 1 • Vulnerability Analysis – 3 distinct steps • Define • Evaluate • Identify Vulnerability Define EvaluateIdentify
  13. 13. Risk Assessment: Phase 1 • Probability Assessment – View point dependent – Based on attractiveness – Historic Data – Statistics
  14. 14. Risk Assessment: Phase 1 Risk = Probability x Vulnerability x Consequence
  15. 15. Risk Assessment: Phase 1 • Risk: – Assessment – Prioritization – Management Assess Prioritize Manage
  16. 16. Phase 2
  17. 17. Risk Assessment: Phase 2 Countermeasures • Mitigation opportunities – Safety – Security – Policy Development • Enforcement • Costs Mitigation Security Safety Policy
  18. 18. Risk Assessment: Phase 2 Safety: In Place • Identify • Evaluate • Enforce Safety: In Need Of • Identify • Evaluate • Implement • Assess • Enforce
  19. 19. Risk Assessment: Phase 2 Security: In Place • Identify • Evaluate • Enforce Security: In Need Of • Identify • Evaluate • Implement • Assess • Enforce
  20. 20. Risk Assessment: Phase 2 • Policy Development and Implementation: Trigger Review Impact Expert Review Approval Monitor
  21. 21. Phase 3
  22. 22. Risk Assessment: Phase 3 • In Practice: – Small facility – 5 employees – Widgets
  23. 23. Risk Assessment: Phase 3 Asset Risk Consequence Vulnerability Probability Employees 12 2 3 2 Facility 16 4 2 2 Equipment 20 5 2 2 Proprietary info 100 5 5 4 Reputation 125 5 5 5
  24. 24. Risk Assessment: 3 Asset Risk Consequence Vulnerability Probability Employee 12 2 3 2
  25. 25. Risk Assessment: 3 Asset Risk Consequence Vulnerability Probability Facility 16 4 2 2
  26. 26. Risk Assessment: 3 Asset Risk Consequence Vulnerability Probability Equipment 20 5 2 2
  27. 27. Risk Assessment: 3 Asset Risk Consequence Vulnerability Probability Proprietary info 100 5 5 4
  28. 28. Risk Assessment: 3 Asset Risk Consequence Vulnerability Probability Reputation 125 5 5 5
  29. 29. Risk Assessment: Phase 3 • Prioritization Asset Risk Reputation 125 Proprietary Information 100 Equipment 20 Facility 16 Employees 12
  30. 30. Risk Assessment: Phase 3 • Countermeasures – QA/QC support – Sabotage protection – Computer back-up and security – Visitor management
  31. 31. Risk Assessment: Phase 3 • Policy Development and Implementation
  32. 32. References Booz-Allen and Hamilton, Inc. (2000). Analytical risk management: A course guide for security risk management. Norman, T. L. (2010). Risk Analysis and Security Countermeasure Selection. Boca Raton, FL: Taylor & Francis Group.

×