Lecture 4 Flashcards
?
process of identifying and controlling risks facing an organization
Risk Management
Risk Management
?
process of examining an organization’s current information technology security situation
Risk Management
Risk Identification
?
applying controls to reduce risks to an organizations data and information systems
Risk Management
Risk Control
?
Began as a advantage
Competitiveness
Risk Management
Information Technology Role
?
Now falling behind is a disadvantage
Competitiveness
Risk Management
Information Technology Role
?
is a necessity
Competitiveness
Risk Management
Availability
?
Understand the technology and systems in your organization
An Overview of Risk Management
Risk Management
Know yourself
?
Identify, examine, understand threats
An Overview of Risk Management
Risk Management
Know the enemy
(3) Role of Communities of Interest
An Overview of Risk Management | Enumerate
Risk Management
- Information Security
- Management and Users
- Information Technology
Verify ? of asset inventory
The Roles of Communities of Interest - Management Review
Risk Management
completeness/accuracy
Review and verify threats as well as ? strategies
The Roles of Communities of Interest - Management Review
Risk Management
controls and mitigation
Review ? of each control
The Roles of Communities of Interest - Management Review
Risk Management
cost effectiveness
? of controls deployed
The Roles of Communities of Interest - Management Review
Risk Management
Verify effectiveness
Risk management involves identifying ? and identifying ??
Risk Identification
Risk Management
- organization’s assets
- threats/vulnerabilities
?
begins with identification of assets, including all elements of an organization’s system (people, procedures, data and information, software, hardware, networking)
Asset Identification and Valuation
Risk Management
Iterative Process
?
are then classified and categorized
Asset Identification and Valuation
Risk Management
Assets
Human resources, documentation, and data information assets are more difficult to ?
People, Procedures, and Data Asset Identification
Risk Management
identify
People with knowledge, experience, and good judgment should be assigned this ?
People, Procedures, and Data Asset Identification
Risk Management
task
These assets should be recorded using reliable ? process
People, Procedures, and Data Asset Identification
Risk Management
data-handling
Asset attributes for ?: position name/number/ID; supervisor; security clearance level; special skills
* Try to avoid names
People, Procedures, and Data Asset Identification
Risk Management
people
Asset attributes for ?
* Intended purpose
* Relationship to software, hardware, network elements
* Storage location
People, Procedures, and Data Asset Identification
Risk Management
procedures
Asset attributes for ?
* classification; owner/creator/manager; data structure size; data structure used; online/offline; location; backup procedures employed
People, Procedures, and Data Asset Identification
Risk Management
data
(4) Asset attributes to be considered are:
Hardware, Software, and Network Asset Identification
Risk Management
- Name (device or program name)
- IP address
- Media access control (MAC) address
- Element type – server, desktop, etc. Device Class, Device OS, Device Capacity
Where on network
Hardware, Software, and Network Asset Identification
Risk Management
Logical Location