This document discusses cyber security risk assessments. It provides objectives for risk assessments such as determining organizational risk tolerance and identifying risks to confidentiality, integrity and availability of data. Risk is defined as the threat times vulnerability times information value. The benefits of risk assessments are outlined, including better organizational knowledge, avoidance of data breaches and regulatory issues. Types of risk assessments like qualitative and quantitative are described. Key aspects of confidentiality, integrity and availability are also summarized.

1. CYBER SECURITY

2. Objectives:
 What is Risk assessment.
 Why We need Of Risk Assessment.
 Organization Risk tolerance.
 Determining the Different Audience.
 CIA ( confidentiaty , Integrity, Availability).
 Types of risk assessment.

3.  Cyber risk is the likelihood of suffering negative disruption to
sensitive data, finances,or business operations online.
 Conducting a cyber-security risk assessment is a complex
process that requires.
 Cyber risk can be calculated as:
Cyber Risk = Threat X vulnerability x information value.
 Risk assessment is defined by the NIST as risk assessment are
used to identify, estimate and prioritize risk to organizational
operation, assists individual, other organizations.

4.  Provides a cyber security risk assessment
template for future assessments.
 Better organizational knowledge.
 Avoid data breaches
 Reduction of long-term costs.
 Avoid regulatory issues.
 Data loss.

5.  Risk tolerance depend upon person to
person Some may take more risk in order to
get Better return while for other the main aim
may be to protect their investment capital.
 Unsupported operating system can expose
your network to attack.

6.  Many executive struggle with cyber security expenditures
because it is difficult to see any return on investment. Having
an architecture document that define the existing security
architecture and risks that exist make it easier to justify and
communicate to those individuals what needs to be done and
why.
 Connecting business objectives with security in the
architecture and governance document also support
management in understanding the need for cyber security
measure in the CIA realm.
 Here we manage the risk using the risk management life
cycle.

7.  Cloud is good for data storage but there are
some issues one of the most significant
issues is security,.
 Security concern relate to risk areas such as
external data storage, depenancy on the
“public” internet, lack of control etc.
 Identifying the vulnerabilities is difficult task
in cloud.

10.  Confidentiality information is one of the most
valuable assets of any business.
 Confidentiality is frequently the best way of
protecting trade secrets.
 But the breach of confidentiality can directly
cause the loss of key business asset and
business disruption.


11.  Integrity ensures the accuracy of data used in
business processes and transactions.
 Companies must consider not only the integrity of
data in databases and applications, but also of data
that has been backed up for use in disaster
recovery.
 The National Cyber security Center of Excellence—a
partnership between industry and the National
Institute of Standards and Technology (NIST)—was
formed to address the most pressing cyber security
challenges to business.

12.  Data availability means that information is
accessible to authorized users. It provides an
assurance that your system and data can be
accessed by authenticated users whenever
they’re needed. Similar to confidentiality and
integrity.
 Availability is typically associated with reliability
and system uptime, which can be impacted by
non-malicious issues like hardware failures,
unscheduled software downtime, and human
error, or malicious issues like cyberattacks and
insider threats.

13.  A quantitative risk assessment of your IT
environment is a must for higher security
maturity models to be achieved.
 It is also a must if your organization wants to
take risk assessment of IT seriously.
 Qualitative Risk is studying an event , or
regulatory control in this case and
understanding the quality of its
implementation.

14. Qualitative Quantitative
 Qualitative focus on risk
identification for measuring
the possibility of the
occurrence of the risk event.
 It is complex because it does
not involve straightforward
math and hence one must
know how the rank the risk for
which expertise is required
 Time consuming to identify
each risk, record and rank
them.
 It deals with all risk and than
rank them.
 Quantitative is verified are
used to analyze the risk effect.
 Direct calculating methods and
tools are available making the
process simple
 Tools are used to speed up the
process.
 Deals with the risks marked for
further analysis by qualitative
risk analysis

15. Quantitative risk analysis is best for risk
analysis in business because its speed of
identifying the risk better than Qualitative.

16. Presented by :
Kajal kumari