SlideShare a Scribd company logo

Information risk management

Download as PPTX, PDF
A
Akash Saraswat

The presentation is about information risk management. It covers information threats, risks, vulnerabilities and importance of risk assessment for information security for software companies in India. http://www.ifour-consultancy.com

TechnologyBusiness
1 of 11
iFour ConsultancyInformation Risk Management - The Basics
What is Risk Management? The total process of identifying, controlling, and minimizing information system related risks to a level commensurate with the value of the assets protected The goal of a risk management program is to protect the organization and its ability to perform its mission from IT-related risk Software company in India
What is Risk? Risk is a function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. Software company in India
Information security Risks Theft of personal data Information leakage, extraction or loss of valuable private information Social engineering Environmental disasters Poor information security studies, assessments Deception including frauds Endangerment Unauthorized exploitation of intellectual property Software company in India
Threat: The potential for a threat source to exercise (accidentally trigger or intentionally exploit) a specific vulnerability. Vulnerability is a weakness which allows an attacker to reduce a system's information assurance. What is a Threat? Software company in India
Examples of Threats Imposition of legal and regulatory obligations Organized crime or terrorist groups Cyber-criminals, Malware authors Negligent staff Acts of nature i.e. storms, tornados, floods Accidental disclosure, intentional alteration of data Unethical competitors Unauthorized access to or modification or disclosure of information assets Software company in India
Some common Vulnerabilities Software bugs and design flaws Complexity in IT Inadequate investment in appropriate information security controls Insufficient attention to human factors in system design and implementation Unwarranted confidence Poor or missing governance Frequent change in the business Inadequate contingency planning Legacy systems Bugs in microprocessor designs and microcode Lack of will, concern and ability to impress the need for information security Software company in India
Unanimous core security Practices Security Responsibility Risk Management Risk Assessment Network Security Security Awareness Training Incident Management Software company in India
Need for Security Risk Assessment Checks and Balances Periodic Review Risk based spending Requirement Software company in India
Secondary benefits Transfer of knowledge from security assessment team to the organization’s staff Increased communications regarding security among business units Increased security awareness within the organization Results of security risk assessment may be used as a measure of security posture& compared to previous and future results Software company in India
Thank You Software company in India

Recommended

Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 

Recommended

Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementNikhil Soni
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistIvan Piskunov
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Managementn|u - The Open Security Community
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementNada G.Youssef
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk AssessmentsJoAnna Cheshire
 
Security policy
Security policySecurity policy
Security policyDhani Ahmad
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Mukesh Chinta
 
Cybersecurity risk management 101
Cybersecurity risk management 101Cybersecurity risk management 101
Cybersecurity risk management 101Srinivasan Vanamali
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01S Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
A Method for Evaluating End-User Development Technologies
A Method for Evaluating End-User Development TechnologiesA Method for Evaluating End-User Development Technologies
A Method for Evaluating End-User Development TechnologiesClaudia Melo
 

More Related Content

What's hot

SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementNikhil Soni
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistIvan Piskunov
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementNada G.Youssef
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Mukesh Chinta
 
Cybersecurity risk management 101
Cybersecurity risk management 101Cybersecurity risk management 101
Cybersecurity risk management 101Srinivasan Vanamali
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 

What's hot (20)

ISO 27001
ISO 27001ISO 27001
ISO 27001
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About Compliance
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) Checklist
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards Compliance
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk Assessments
 
Security policy
Security policySecurity policy
Security policy
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1
 
Cybersecurity risk management 101
Cybersecurity risk management 101Cybersecurity risk management 101
Cybersecurity risk management 101
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
Information security governance
Information security governanceInformation security governance
Information security governance
 

Viewers also liked

A Method for Evaluating End-User Development Technologies
A Method for Evaluating End-User Development TechnologiesA Method for Evaluating End-User Development Technologies
A Method for Evaluating End-User Development TechnologiesClaudia Melo
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Riskamiable_indian
 
Strategic information system management
Strategic information system managementStrategic information system management
Strategic information system managementPragnya Sahoo
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)BPalmer13
 
Supply Chain Management
Supply Chain ManagementSupply Chain Management
Supply Chain ManagementAnupam Basu
 
Challenge of Outsourcing
Challenge of OutsourcingChallenge of Outsourcing
Challenge of OutsourcingNascenia IT
 
Characterization of strategic information systems
Characterization of strategic information systemsCharacterization of strategic information systems
Characterization of strategic information systemsSuresh Kumar
 
End user development
End user developmentEnd user development
End user developmentgavhays
 
Make or buy, insourcingoutsourcing
Make or buy, insourcingoutsourcingMake or buy, insourcingoutsourcing
Make or buy, insourcingoutsourcingAnkit
 
Chapter 6 Information System-Critical Success Factor
Chapter 6 Information System-Critical Success FactorChapter 6 Information System-Critical Success Factor
Chapter 6 Information System-Critical Success FactorSanat Maharjan
 
Strategic information system
Strategic information system Strategic information system
Strategic information system Megha_pareek
 
Computer Security and Risks
Computer Security and RisksComputer Security and Risks
Computer Security and RisksMiguel Rebollo
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security controlCheng Olayvar
 

Viewers also liked (20)

Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01
 
A Method for Evaluating End-User Development Technologies
A Method for Evaluating End-User Development TechnologiesA Method for Evaluating End-User Development Technologies
A Method for Evaluating End-User Development Technologies
 
Make or Buy
Make or BuyMake or Buy
Make or Buy
 
Outsource
OutsourceOutsource
Outsource
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Risk
 
Make or buy diagram
Make or buy diagramMake or buy diagram
Make or buy diagram
 
Outsourcing
OutsourcingOutsourcing
Outsourcing
 
Strategic information system management
Strategic information system managementStrategic information system management
Strategic information system management
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
 
Supply Chain Management
Supply Chain ManagementSupply Chain Management
Supply Chain Management
 
Challenge of Outsourcing
Challenge of OutsourcingChallenge of Outsourcing
Challenge of Outsourcing
 
Characterization of strategic information systems
Characterization of strategic information systemsCharacterization of strategic information systems
Characterization of strategic information systems
 
End user development
End user developmentEnd user development
End user development
 
Make or buy, insourcingoutsourcing
Make or buy, insourcingoutsourcingMake or buy, insourcingoutsourcing
Make or buy, insourcingoutsourcing
 
Chapter 6 Information System-Critical Success Factor
Chapter 6 Information System-Critical Success FactorChapter 6 Information System-Critical Success Factor
Chapter 6 Information System-Critical Success Factor
 
End user development
End user developmentEnd user development
End user development
 
Strategic information system
Strategic information system Strategic information system
Strategic information system
 
Outsourcing Ppt 1
Outsourcing Ppt 1Outsourcing Ppt 1
Outsourcing Ppt 1
 
Computer Security and Risks
Computer Security and RisksComputer Security and Risks
Computer Security and Risks
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security control
 

Similar to Information risk management

Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber securityInderjeet Singh
 
Running Head VULNERABILITY ASSESSMENT SUMMARY REPORT 1VULNER
Running Head VULNERABILITY ASSESSMENT SUMMARY REPORT 1VULNERRunning Head VULNERABILITY ASSESSMENT SUMMARY REPORT 1VULNER
Running Head VULNERABILITY ASSESSMENT SUMMARY REPORT 1VULNERMalikPinckney86
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackamrutharam
 
Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Riskphanleson
 
Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01rajkumar jonuboyena
 
REPORTING IAS101djfjfjffjfjfjjfjfjjf.pptx
REPORTING IAS101djfjfjffjfjfjjfjfjjf.pptxREPORTING IAS101djfjfjffjfjfjjfjfjjf.pptx
REPORTING IAS101djfjfjffjfjfjjfjfjjf.pptxJakeariesMacarayo
 
IAS101REPORTINGINFORMATIONRISKBSIT3B.pptx
IAS101REPORTINGINFORMATIONRISKBSIT3B.pptxIAS101REPORTINGINFORMATIONRISKBSIT3B.pptx
IAS101REPORTINGINFORMATIONRISKBSIT3B.pptxJakeariesMacarayo
 
Benefit from Penetration Testing Certification
Benefit from Penetration Testing CertificationBenefit from Penetration Testing Certification
Benefit from Penetration Testing Certificationshanaadams190
 
Information security
Information securityInformation security
Information securityWilliam Moore
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxjeanettehully
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxtodd521
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Satyanandan Atyam
 
Isa Prog Need L
Isa Prog Need LIsa Prog Need L
Isa Prog Need LR_Yanus
 
5 THREAT AND RISK ASSESSMENT APPROACHES.pptx
5 THREAT AND RISK ASSESSMENT APPROACHES.pptx5 THREAT AND RISK ASSESSMENT APPROACHES.pptx
5 THREAT AND RISK ASSESSMENT APPROACHES.pptxBluechip Gulf IT Services
 
The Role of Incident Response in Cybersecurity: Protecting Your Organization
The Role of Incident Response in Cybersecurity: Protecting Your OrganizationThe Role of Incident Response in Cybersecurity: Protecting Your Organization
The Role of Incident Response in Cybersecurity: Protecting Your OrganizationLDMGlobal
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of securityciso_insights
 

Similar to Information risk management (20)

Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
 
Mis 1
Mis 1Mis 1
Mis 1
 
Running Head VULNERABILITY ASSESSMENT SUMMARY REPORT 1VULNER
Running Head VULNERABILITY ASSESSMENT SUMMARY REPORT 1VULNERRunning Head VULNERABILITY ASSESSMENT SUMMARY REPORT 1VULNER
Running Head VULNERABILITY ASSESSMENT SUMMARY REPORT 1VULNER
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
 
Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Risk
 
Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01
 
It risk assessment
It risk assessmentIt risk assessment
It risk assessment
 
REPORTING IAS101djfjfjffjfjfjjfjfjjf.pptx
REPORTING IAS101djfjfjffjfjfjjfjfjjf.pptxREPORTING IAS101djfjfjffjfjfjjfjfjjf.pptx
REPORTING IAS101djfjfjffjfjfjjfjfjjf.pptx
 
IAS101REPORTINGINFORMATIONRISKBSIT3B.pptx
IAS101REPORTINGINFORMATIONRISKBSIT3B.pptxIAS101REPORTINGINFORMATIONRISKBSIT3B.pptx
IAS101REPORTINGINFORMATIONRISKBSIT3B.pptx
 
Benefit from Penetration Testing Certification
Benefit from Penetration Testing CertificationBenefit from Penetration Testing Certification
Benefit from Penetration Testing Certification
 
Information security
Information securityInformation security
Information security
 
Risk assessment
Risk assessmentRisk assessment
Risk assessment
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0
 
Isa Prog Need L
Isa Prog Need LIsa Prog Need L
Isa Prog Need L
 
5 THREAT AND RISK ASSESSMENT APPROACHES.pptx
5 THREAT AND RISK ASSESSMENT APPROACHES.pptx5 THREAT AND RISK ASSESSMENT APPROACHES.pptx
5 THREAT AND RISK ASSESSMENT APPROACHES.pptx
 
The Role of Incident Response in Cybersecurity: Protecting Your Organization
The Role of Incident Response in Cybersecurity: Protecting Your OrganizationThe Role of Incident Response in Cybersecurity: Protecting Your Organization
The Role of Incident Response in Cybersecurity: Protecting Your Organization
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
 

Recently uploaded

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Recently uploaded (20)

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Information risk management

  • 1. iFour ConsultancyInformation Risk Management - The Basics
  • 2. What is Risk Management? The total process of identifying, controlling, and minimizing information system related risks to a level commensurate with the value of the assets protected The goal of a risk management program is to protect the organization and its ability to perform its mission from IT-related risk Software company in India
  • 3. What is Risk? Risk is a function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. Software company in India
  • 4. Information security Risks Theft of personal data Information leakage, extraction or loss of valuable private information Social engineering Environmental disasters Poor information security studies, assessments Deception including frauds Endangerment Unauthorized exploitation of intellectual property Software company in India
  • 5. Threat: The potential for a threat source to exercise (accidentally trigger or intentionally exploit) a specific vulnerability. Vulnerability is a weakness which allows an attacker to reduce a system's information assurance. What is a Threat? Software company in India
  • 6. Examples of Threats Imposition of legal and regulatory obligations Organized crime or terrorist groups Cyber-criminals, Malware authors Negligent staff Acts of nature i.e. storms, tornados, floods Accidental disclosure, intentional alteration of data Unethical competitors Unauthorized access to or modification or disclosure of information assets Software company in India
  • 7. Some common Vulnerabilities Software bugs and design flaws Complexity in IT Inadequate investment in appropriate information security controls Insufficient attention to human factors in system design and implementation Unwarranted confidence Poor or missing governance Frequent change in the business Inadequate contingency planning Legacy systems Bugs in microprocessor designs and microcode Lack of will, concern and ability to impress the need for information security Software company in India
  • 8. Unanimous core security Practices Security Responsibility Risk Management Risk Assessment Network Security Security Awareness Training Incident Management Software company in India
  • 9. Need for Security Risk Assessment Checks and Balances Periodic Review Risk based spending Requirement Software company in India
  • 10. Secondary benefits Transfer of knowledge from security assessment team to the organization’s staff Increased communications regarding security among business units Increased security awareness within the organization Results of security risk assessment may be used as a measure of security posture& compared to previous and future results Software company in India

Editor's Notes

  1. Software development company India – http://www.ifour-consultancy.com
  2. Software development company India – http://www.ifour-consultancy.com
  3. Software development company India – http://www.ifour-consultancy.com
  4. Software development company India – http://www.ifour-consultancy.com
  5. Software development company India – http://www.ifour-consultancy.com
  6. Software development company India – http://www.ifour-consultancy.com
  7. Software development company India – http://www.ifour-consultancy.com
  8. Software development company India – http://www.ifour-consultancy.com
  9. Software development company India – http://www.ifour-consultancy.com
  10. Software development company India – http://www.ifour-consultancy.com
  11. Software development company India – http://www.ifour-consultancy.com