risk assessment on information security
Post on 21-Oct-2014
973 views
DESCRIPTION
TRANSCRIPT
risk assessment on information securityAngelo Sala - November 2010
http://www.flickr.com/photos/borghetti/43058749/
goal: to reduce risks related to
information security
http://www.flickr.com/photos/keylosa/184606430/
you have to identify risk activities among
sensitive processes
http://www.flickr.com/photos/emiliano-iko/4045654001/
1. IT (information technologies)
http://www.flickr.com/photos/johnseb/3425464/
identify risk factors …
2. organization
http://www.flickr.com/photos/thomasguest/3581215442/
3. human resources
http://www.flickr.com/photos/pietel/3468574846/
4. environment
http://www.flickr.com/photos/theplanetdotcom/4878805271/
identify and classify risks by
factors and …
http://www.flickr.com/photos/stephenpoff/3032885683/
by information values
http://www.flickr.com/photos/sidelong/305305214/
1. data integrity
2. confidentiality
http://www.flickr.com/photos/giltron/315026788/
3. availability
http://www.flickr.com/photos/davidjwbailey/3676408544/
you have to estimate bad
event probability
http://www.flickr.com/photos/jackpix/146384867/
evaluate damages ($)
http://www.flickr.com/photos/dawn_perry/237343945/
if the company reputation is involved
http://www.flickr.com/photos/striatic/2191404675/
so you get risk levels that could increase …
.. and finally you have to establish mitigation actions
in order to reduce risk level
Number of risks identified * (Middle & High level)
human resources
organization
IT
environment
45
5
11
27
* fake data
Measured vs. Expected * risk index
31,5
9,5
15,5
20
22,5
12,25
6,25
16,5
human resources
organization
IT
environment
* fake data
and then …
you’ll have to roll up your sleeves and start mitigation actions
http://www.flickr.com/photos/pennstatelive/5059771553/