abdulla pres 2011

8/2/2019 Abdulla Pres 2011

http://slidepdf.com/reader/full/abdulla-pres-2011 1/9

Introduction

Information is an asset, like other important business

assets.

Information is now exposed to a growing number and a

wide variety of threats and vulnerabilities.

Businesses are vulnerable to various kinds of information

risks inflicting varied damage and resulting in significant

losses.

“Security is like oxygen; when you have it, you take it for

granted, But when you don’t, getting it becomes the

immediate and pressing priority”

Joseph Nye, Harvard University.



Reasons To choose theProblem

The importance of Security for

businesses and organization.

To enable organization to handle any

kind of security issues at any given

point of time. The needs for new techniques and best

practices to cop up with security threats.



The lack of having good techniquesand practices to assess the securityrisks and good mitigation strategiesdecisions in organizations.

General Research Question :

What are the most effective risk assessments and mitigation strategies can be implemented efficiently in order to have a secured system?

Research Problem & Question



Research Sub-Question

How are effective the current securityrisk assessments processes that areused?

How are effective the current mitigationstrategies that are practiced?

What are the best risk assessments

practices that meet organizationssecurity requirements?

What are the best practices of

mitigation strategies that suit the



RESEARCH IMPORTANCE AND PURPOSE

Help organizations to carry out itsmission by having a secured system.

The research will guide the

management to make good mitigationstrategies decisions.

To find out innovative methods andtechniques of implementing the risk

assessments and mitigationstrategies.

To understand the various threats that

may occur in the security systems.



Research ObjectivesTo clearly understand and specify what are the

different components of the risk assessmentprocesses.

To evaluate the current security riskassessment processes used by mostorganizations.

To understand and specify what are differentmitigation strategies in the information securitysystems used by organizations.

To evaluate the current mitigation strategies

used by most known organizations.Recommend the appropriate security risk

assessments that can be implemented indifferent environments.



Definition of TermsMitigation: The combination of the probability of an

event and its consequence.Risk assessment: The process by which risks

are identified and the impact of those risksdetermined.

Risk management: The process of determining

an acceptable level of risk, assessing the currentlevel of risk, taking steps to reduce risk to theacceptable level, and maintaining that level ofrisk.

Threat: A potential cause of an unwanted impact

to a system or organization.Vulnerability: Any weakness, administrative

process, or act or physical exposure that makesan information asset susceptible to exploit by athreat.



References Alan Calder & Steve Watkins, S. G. (2010). Information Security Risk Management for

ISO27001/ISO27002. IT Governance Ltd.

Andy Jones, D. A. (2005). Risk management for computer security: Protecting your

network and information assets. Butterworth-Heinemann. Bob Blakley, E. M. (2002). Information Security is Information Risk Management.

NSPW'01 , 97-104.

deloitte. (n.d.). IT Risk Assessment Methodology . Retrieved 5 24, 2011, fromwww.deloitte.com: http://www.deloitte.com/view/en_GR/gr/services/enterprise-risk-services/tools/it-risk-assessment-methodology/index.htm

Hoh Peter In, Y.-G. K.-J. (2005). A Security Risk Analysis Model for Information Systems.

AsiaSim , 505-513.

Jake Kouns, D. M. (2010). Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams. Wiley-Interscience.

Rees, J. J. (n.d.). Value at Risk: A methodology for Information Security RiskAssessment. . Krannert Graduate School of Management Purdue University .

Team, M.-S. I. (2005). Malware Threats and mitigation strategies. US-CERT Informational Whitepaper , 1-10.

Creative Research Systems. “Survey Design” The Survey System’s Tutorial . RevisedMay 2011.

http://www.surveysystem.com/sdesign.htm, accessed 18 May 2011.

Harold F. Tipton, M. K. (2007). Information Security Management Handbook, SixthEdition. Auerbach Publications .

Jule Hintzbergen, K. H. (2010). Foundations of Information Security Based on Iso27001

http://www.deloitte.com/view/en_GR/gr/services/enterprise-risk-services/tools/it-risk-assessment-methodology/index.htm













abdulla pres 2011

Documents