risk management
play

Risk Management Information Security Dr Hans Georg Schaathun - PowerPoint PPT Presentation

Apr 29, 2023 •7 likes •727 views

Risk Management Information Security Dr Hans Georg Schaathun Hgskolen i lesund Autumn 2011 Week 5 Dr Hans Georg Schaathun Risk Management Autumn 2011 Week 5 1 / 1 Learning Outcomes After this week, students should be able to

  1. Risk Management Information Security Dr Hans Georg Schaathun Høgskolen i Ålesund Autumn 2011 – Week 5 Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 1 / 1

  2. Learning Outcomes After this week, students should be able to understand what risk is. know what one can do about risk. conduct a simple risk analysis using the FAIR framework. Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 2 / 1

  3. Risk and Risk Management Outline Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 3 / 1

  4. Risk and Risk Management What risk is Outline Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 4 / 1

  5. Risk and Risk Management What risk is Definition of Risk Risk is potential event which, if occuring, will cause some impact. Risk Loss Event Probable Loss Frequency Magntiude Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 5 / 1

  6. Risk and Risk Management Risk Treatment Outline Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 6 / 1

  7. Risk and Risk Management Risk Treatment Risk Treatment Only four approaches to risk — TARA Transfer Let someone else take the risk. Avoid Drop the business. Reduce Implement effective controls to reduce the probability and/or impact. Accept Conclude that the benefit outweighs the risk and live with it. Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 7 / 1

  8. Risk and Risk Management Risk Treatment Risk Treatment Only four approaches to risk — TARA Transfer Let someone else take the risk. Avoid Drop the business. Reduce Implement effective controls to reduce the probability and/or impact. Accept Conclude that the benefit outweighs the risk and live with it. Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 7 / 1

  9. Risk and Risk Management Risk Treatment Risk Treatment Only four approaches to risk — TARA Transfer Let someone else take the risk. Avoid Drop the business. Reduce Implement effective controls to reduce the probability and/or impact. Accept Conclude that the benefit outweighs the risk and live with it. Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 7 / 1

  10. Risk and Risk Management Risk Treatment Transfer Common example: insurance pay someone to take the risk for you insurers gather risks in large quantities Law of Large Numbers in Statistics reduces total risk Contractual matters transfer risk to your clients key issue of any contract: who takes the risk? Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 8 / 1

  11. Risk and Risk Management Risk Treatment Avoid Avoid means staying out of the business. Nothing ventured, nothing gained. One avoids the risk it outweighs the possible gain. Choosing not to have WiFi Choosing not to use BankID Choosing not to have web pages Choosing not to do business in South America There is NO other way to avoid risk. Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 9 / 1

  12. Risk and Risk Management Risk Treatment Reduce Controls reduce risk you can (almost?) never reduce risk to zero expect some residual risk Access control may reduce the risk of having WiFi Malware filters may reduce the risk of using BankID Good secure coding practice may reduce the risk of web pages Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 10 / 1

  13. Risk and Risk Management Risk Treatment Accept Risk does not have to be bad We accept risk when ... The possible gain outweighs the risk The cost of reducing or transferring the risk outweighs the risk itself Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 11 / 1

  14. Risk and Risk Management Risk Management Outline Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 12 / 1

  15. Risk and Risk Management Risk Management Graphical View of ISO 27005 Information Risk Management A graphical view of ISO 27005 Context Establishment Risk Appetite Risk Assessment Risk Analysis Risk Monitoring and Review Risk Communication Risk Identification Risk Estimation Risk Evaluation Assessment Satisfactory? Risk Treatment Treatment Satisfactory? Risk Acceptance www.cs.surrey.ac.uk Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 13 / 1

  16. Risk and Risk Management Risk Management ISO 31000 Risk Principles Risk management should create value be an integral part of organisational processes be part of decision making be systematic and structured be based on the best available information be tailored be transparent and inclusive be dynamic iterative and responsive to change be capable of continual improvement and enhancement Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 14 / 1

  17. Risk and Risk Management Risk Management Risk Appetite Risk Tolerance The organisation must decide how it values risk risk seeking or risk adverse? Risk appetite refers to the willingness to take risk decides what risk levels to accept risk does not have have to be negative ... high risk may mean huge gain FAIR speaks of risk tolerance how much risk will you tolerate? indicates that risk is always negative Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 15 / 1

  18. Risk and Risk Management Risk Management Assessing a methodology Risk analysis is never perfect. depends on approximation and guesswork Structure available information emphasise most important pieces of information Considering a methodology, FAIR asks: Is it useful? Is it logical? Does it track with reality? Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 16 / 1

  19. Risk and Risk Management Risk Management Possibilities and Probabilities Possiblility is a binary quantity. Either we might lose, or we cannot. Probability is a continuous measure. A negative outcome be more or less likely to happen, and we may or may not find the probability acceptable. Prediction is very difficult, especially about the future. Nils Bohr A security expert will always lose; either waste resources on controls where there is no loss lose when struck by a threat not controlled Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 17 / 1

  20. Risk and Risk Management Risk Management Possibilities and Probabilities Possiblility is a binary quantity. Either we might lose, or we cannot. Probability is a continuous measure. A negative outcome be more or less likely to happen, and we may or may not find the probability acceptable. Prediction is very difficult, especially about the future. Nils Bohr A security expert will always lose; either waste resources on controls where there is no loss lose when struck by a threat not controlled Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 17 / 1

  21. Risk and Risk Management Risk Management Possibilities and Probabilities Possiblility is a binary quantity. Either we might lose, or we cannot. Probability is a continuous measure. A negative outcome be more or less likely to happen, and we may or may not find the probability acceptable. Prediction is very difficult, especially about the future. Nils Bohr A security expert will always lose; either waste resources on controls where there is no loss lose when struck by a threat not controlled Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 17 / 1

  22. Risk and Risk Management Impact Outline Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 18 / 1

  23. Risk and Risk Management Impact Impact Personal Impacts 1 Death, injury Business Impacts 2 Bankruptcy Societal Impact 3 Collapse of social order Geo-Political Impact 4 War Environmental Impacts 5 Global Warming Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 19 / 1

  24. Risk and Risk Management Impact Impact Personal Impacts 1 Death, injury Business Impacts 2 Bankruptcy Societal Impact 3 Collapse of social order Geo-Political Impact 4 War Environmental Impacts 5 Global Warming Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 19 / 1

  25. Risk and Risk Management Impact Impact Personal Impacts 1 Death, injury Business Impacts 2 Bankruptcy Societal Impact 3 Collapse of social order Geo-Political Impact 4 War Environmental Impacts 5 Global Warming Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 19 / 1

  26. Risk and Risk Management Impact Impact Personal Impacts 1 Death, injury Business Impacts 2 Bankruptcy Societal Impact 3 Collapse of social order Geo-Political Impact 4 War Environmental Impacts 5 Global Warming Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 19 / 1

  27. Risk and Risk Management Impact Impact Personal Impacts 1 Death, injury Business Impacts 2 Bankruptcy Societal Impact 3 Collapse of social order Geo-Political Impact 4 War Environmental Impacts 5 Global Warming Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 19 / 1

  28. Risk and Risk Management Impact Impact Personal Impacts 1 Death, injury Business Impacts 2 Bankruptcy Societal Impact 3 Collapse of social order Geo-Political Impact 4 War Environmental Impacts 5 Global Warming Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 19 / 1

  29. The FAIR Framework Outline Dr Hans Georg Schaathun Risk Management Autumn 2011 – Week 5 20 / 1

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk

Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk

FREE Lifelong Learning Event for Fasset Members Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk assessment control matrix management process Governance Risk appetite Agenda for and risk Risk

1.28k views • 105 slides
Market Risk Management Gen Ins. Risk Management Life Ins. Risk Management Op.

Market Risk Management Gen Ins. Risk Management Life Ins. Risk Management Op.

Market Risk Management Gen Ins. Risk Management Life Ins. Risk Management Op. Risk Management Board of Enterprise Risk Senior Management Committees Directors Management Credit Risk Cross-Border Exposure Country Rating

453 views • 6 slides
What is Risk Management? What is Risk Management? A (great) management tool Focus

What is Risk Management? What is Risk Management? A (great) management tool Focus

Proudly Presents How To Establish Functional Risk Management in Your Public Entity R. J oy J ackson, City of London Tina Gardiner, Region of York RIMS, Ottawa, 2011 What is Risk Management? What is Risk Management? A (great)

463 views • 24 slides
Preparedness Preliminary risk management Risk assessment Risk management Risk

Preparedness Preliminary risk management Risk assessment Risk management Risk

FAO/WHO guide for application of risk analysis principles to food safety emergencies Food Recall and Traceability (February 2013, Thailand) Preparedness Preliminary risk management Risk assessment Risk management Risk

440 views • 39 slides
Group Risk Management May 10, 2010 David Benson Chief Risk Officer Agenda 1 . Risk Management

Group Risk Management May 10, 2010 David Benson Chief Risk Officer Agenda 1 . Risk Management

Risk Management Group Risk Management May 10, 2010 David Benson Chief Risk Officer Agenda 1 . Risk Management Framework - 4 Pillars 2 . Risk Appetite pp 3 . Economic Capital Analysis 4 . Illiquid Asset Analysis 2 1. Risk Management

562 views • 10 slides
Introduction to Risk Management (Theory & Practice) DCU Risk & Compliance Officer

Introduction to Risk Management (Theory & Practice) DCU Risk & Compliance Officer

Risk Management Introduction to Risk Management (Theory & Practice) DCU Risk & Compliance Officer November 2015 Risk Management Sections 1) Aims of presentation 7) Tips for success 2) What is Risk Management (RM)? 8) Why RM may

533 views • 32 slides
ARM A commodity risk management system. 1. . ARM: : A commodity ri risk management system.

ARM A commodity risk management system. 1. . ARM: : A commodity ri risk management system.

ARM A commodity risk management system. 1. . ARM: : A commodity ri risk management system. ARM is a complete suite allowing the management of market risk and operational risk for commodities derivatives. 4 main modules are available:

848 views • 26 slides
ARM A commodity risk management system. 1. . ARM: : A commodity ri risk management system.

ARM A commodity risk management system. 1. . ARM: : A commodity ri risk management system.

ARM A commodity risk management system. 1. . ARM: : A commodity ri risk management system. ARM is a complete suite allowing the management of market risk and operational risk for commodities derivatives. 4 main modules are available:

543 views • 31 slides
Risk Management Ken Haas USA Hockey Atlantic District Risk Manager 1 Risk Management Risk

Risk Management Ken Haas USA Hockey Atlantic District Risk Manager 1 Risk Management Risk

Risk Management Ken Haas USA Hockey Atlantic District Risk Manager 1 Risk Management Risk Management What you need to know 2 Risk Management for Coaches What do you need to know? Pennsylvania Act 15 Insurance Issues Inj

908 views • 22 slides
Construction Contract: Risk management EPCC Contract Management 1 Can We Ignore Risk ?

Construction Contract: Risk management EPCC Contract Management 1 Can We Ignore Risk ?

Construction Contract: Risk management EPCC Contract Management 1 Can We Ignore Risk ? Construction is a risky business Why wait till the risk occurs? Knowing the objectives of risk management 2 Risk Recognition Dr. Julian

921 views • 90 slides
RISK RISK MA MANAGEMENT GEMENT Background Checks OSYSA Risk Management Policy

RISK RISK MA MANAGEMENT GEMENT Background Checks OSYSA Risk Management Policy

RISK RISK MA MANAGEMENT GEMENT Background Checks OSYSA Risk Management Policy Concussion Safe Sport OSYSA Risk Management Jeff Rossi OS Board member, Risk Management Coordinator Jim Sturm OS Board member,

610 views • 14 slides
1/12/2015 Chapter 3 Introduction to Risk Managem ent Agenda Meaning of Risk Management

1/12/2015 Chapter 3 Introduction to Risk Managem ent Agenda Meaning of Risk Management

1/12/2015 Chapter 3 Introduction to Risk Managem ent Agenda Meaning of Risk Management Objectives of Risk Management Steps in the Risk Management Process Benefits of Risk Management Personal Risk Management Meaning of Risk

371 views • 12 slides
1 Risk in hospitals Legal Risk Clinical risk Risk arising out of failure to comply with

1 Risk in hospitals Legal Risk Clinical risk Risk arising out of failure to comply with

Effective Risk Management Dr Rohini Sridhar MD FRCPA Dr. Rohini Sridhar, MD, FRCPA Chief Operating Officer, Apollo Speciality Hospital, Madurai Risk Management programme Identification of risk Strategies to avoid risk Strategies

494 views • 8 slides
1/16/2018 THE OBJECTIVE OF RISK MANAGEMENT Risk Management Suppose the firm is closely

1/16/2018 THE OBJECTIVE OF RISK MANAGEMENT Risk Management Suppose the firm is closely

1/16/2018 THE OBJECTIVE OF RISK MANAGEMENT Risk Management Suppose the firm is closely owned Proprietorship Partnership Privately held corporation Suppose the owner(s) are risk averse Risk management can make

297 views • 8 slides
INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Risk Management Program Information

INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Risk Management Program Information

INFORMATION TECHNOLOGY SERVICES INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Risk Management Program Information Security & Privacy Office June 8, 2017 Version 1.5.7 Risk Management at Florida State University Risk assessments

549 views • 11 slides
Risk Management, Compliance and CRA October 25, 2018 Hosted By: Michael Gallagher Chief Risk

Risk Management, Compliance and CRA October 25, 2018 Hosted By: Michael Gallagher Chief Risk

Risk Management, Compliance and CRA October 25, 2018 Hosted By: Michael Gallagher Chief Risk Officer, EVP 1 Todays Agenda Risk Management Risk governance Enterprise Risk Management Community Reinvestment Act Operational Risk

366 views • 23 slides
CSc 337 LECTURE 26: REGULAR EXPRESSIONS AND SECURITY Regular expressions in JavaScript var str =

CSc 337 LECTURE 26: REGULAR EXPRESSIONS AND SECURITY Regular expressions in JavaScript var str =

CSc 337 LECTURE 26: REGULAR EXPRESSIONS AND SECURITY Regular expressions in JavaScript var str = "The rain in SPAIN stays mainly in the plain"; var res = str.match(/ain/g); - The match function takes a regular expression as a

408 views • 19 slides
Anonymity Loves Company: Usability and the network effect Roger Dingledine, Nick Mathewson The

Anonymity Loves Company: Usability and the network effect Roger Dingledine, Nick Mathewson The

Anonymity Loves Company: Usability and the network effect Roger Dingledine, Nick Mathewson The Free Haven Project 1 Overview We design and deploy anonymity systems. Version 1: You guys are studying this in academia, and we're

684 views • 25 slides
ICE and RTP DoS draft-rosenberg-mmusic-rtp-denialofservice draft-rosenberg-sipping-ice Jonathan

ICE and RTP DoS draft-rosenberg-mmusic-rtp-denialofservice draft-rosenberg-sipping-ice Jonathan

ICE and RTP DoS draft-rosenberg-mmusic-rtp-denialofservice draft-rosenberg-sipping-ice Jonathan Rosenberg dynamicsoft The DoS Problem Attacker sends SIP Server INVITE or RTSP RTP SETUP to server Flood INVITE/SETUP IP for RTP is

293 views • 10 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239 systems Computer Software Some sample intrusion detection March 9, 2005 systems Lecture 15 Lecture 15 Page 1 Page 2 CS 239, Winter 2005

602 views • 12 slides
Hardening WordPress (or, How Not To Get Hacked And What To Do When You Are) Gregory Ray dot

Hardening WordPress (or, How Not To Get Hacked And What To Do When You Are) Gregory Ray dot

Hardening WordPress (or, How Not To Get Hacked And What To Do When You Are) Gregory Ray dot gray inc. @dotgray Sunday, March 15, 15 Resources Codex.WordPress.org / Hardening_WordPress Blog.Sucuri.net / WordPress Security WPSecure.net /

608 views • 32 slides
Cyber 101 Aaron Yates Chief Executive, Berea A crash course on cyber security, data protection

Cyber 101 Aaron Yates Chief Executive, Berea A crash course on cyber security, data protection

www.berea-group.co m Cyber 101 Aaron Yates Chief Executive, Berea A crash course on cyber security, data protection and cyber insurance. Chelmsford CII Wednesday, 13th February 2019 Berea Focused on high scale cyber support for SMEs.

532 views • 34 slides
WordPress Security Dont Be a Mark (with apologies to anyone named Mark) Will Chatham @willc

WordPress Security Dont Be a Mark (with apologies to anyone named Mark) Will Chatham @willc

WordPress Security Dont Be a Mark (with apologies to anyone named Mark) Will Chatham @willc www.willchatham.com Asheville Area WordPress Group, August 17, 2016 Overview Security Threats: Why & Who How WordPress Gets Hacked

376 views • 18 slides
Security Note: These slides are created using information from. Network Security Essentials by

Security Note: These slides are created using information from. Network Security Essentials by

Security Note: These slides are created using information from. Network Security Essentials by William Stallings Computer Networking, A top-down approach by James F.Kurose and Keith W.Ross Maximum Security by Anonymous Lectures and Notes from

489 views • 38 slides

More recommend