The presentation is about information risk management. It covers information threats, risks, vulnerabilities and importance of risk assessment for information security for software companies in India.
http://www.ifour-consultancy.com
2. What is Risk Management?
The total process of identifying, controlling, and minimizing information system
related risks to a level commensurate with the value of the assets protected
The goal of a risk management program is to protect the organization and its ability
to perform its mission from IT-related risk
Software company in India
3. What is Risk?
Risk is a function of the likelihood of a given threat-source’s exercising a
particular potential vulnerability, and the resulting impact of that adverse
event on the organization.
Software company in India
4. Information security Risks
Theft of personal data
Information leakage, extraction or loss of valuable private information
Social engineering
Environmental disasters
Poor information security studies, assessments
Deception including frauds
Endangerment
Unauthorized exploitation of intellectual property
Software company in India
5. Threat: The potential for a threat source to exercise (accidentally trigger or
intentionally exploit) a specific vulnerability.
Vulnerability is a weakness which allows an attacker to reduce a system's
information assurance.
What is a Threat?
Software company in India
6. Examples of Threats
Imposition of legal and regulatory obligations
Organized crime or terrorist groups
Cyber-criminals, Malware authors
Negligent staff
Acts of nature i.e. storms, tornados, floods
Accidental disclosure, intentional alteration of data
Unethical competitors
Unauthorized access to or modification or disclosure of information assets
Software company in India
7. Some common Vulnerabilities
Software bugs and design flaws
Complexity in IT
Inadequate investment in appropriate information security controls
Insufficient attention to human factors in system design and implementation
Unwarranted confidence
Poor or missing governance
Frequent change in the business
Inadequate contingency planning
Legacy systems
Bugs in microprocessor designs and microcode
Lack of will, concern and ability to impress the need for information security
Software company in India
8. Unanimous core security Practices
Security Responsibility
Risk Management
Risk Assessment
Network Security
Security Awareness Training
Incident Management
Software company in India
9. Need for Security Risk Assessment
Checks and Balances
Periodic Review
Risk based spending
Requirement
Software company in India
10. Secondary benefits
Transfer of knowledge from security assessment team to the organization’s staff
Increased communications regarding security among business units
Increased security awareness within the organization
Results of security risk assessment may be used as a measure of security posture&
compared to previous and future results
Software company in India