dr. benjamin khoo [email protected] new york institute of technology school of management
TRANSCRIPT
Dr. Benjamin [email protected]
New York Institute of TechnologyNew York Institute of TechnologySchool of ManagementSchool of Management
1. Why should a Risk Assessment be conducted?2. When should a Risk Analysis be conducted?3. Who should conduct the Risk Analysis and
Risk Assessment?4. Who within the organization should conduct
the Risk Analysis and Risk Assessment?5. How long should a Risk Analysis or Risk
Assessment take?6. What can a Risk Analysis or Risk Assessment
Analyze?
7. What can the results of Risk Management tell an Organization?
8. Who should review the results of a Risk Analysis?
9. How is the success of the Risk Analysis measured?
1. Overview- RM used to balance operational & economic costs of protective measures (IS)
and achieve gains in mission capability.- made up of:
1. risk analysis2. risk assessment3. risk mitigation4. vulnerability assessment & controls
evaluation.
See Table 2.1 for definitions.
2. Risk Assessment as part of the business process
See Figure 2.1
Risk Management Activities mapped to the SDLC
See Table 2.2
3. Employee Roles and Responsibilities
See Table 2.3, Table 2.4 & Table 2.5 for examples.
4. Information Security Life Cycle
See Figure 2.2
5. Risk Analysis Process
6. Risk Assessment1. Asset Definition2. Threat Identification (See Table 2.6)3. Determine Probability of Occurrence4. Determine the Impact of the Threat
(See Figure 2.3 and Figure 2.4)5. Controls Recommended6. Documentation