Đang chuẩn bị liên kết để tải về tài liệu:
Lecture Information systems security - Chapter 9: Risk management
Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
After studying chapter 9 you should be able to: Define risk and risk management, describe the components of risk management, list and describe vulnerability scanning tools, define penetration testing. | Risk Management Contents Define risk and risk management Describe the components of risk management List and describe vulnerability scanning tools Define penetration testing Risk Management, Assessment, and Mitigation One of the most important assets any organization possesses is its data Unfortunately, the importance of data is generally underestimated The first steps in data protection actually begin with understanding risks and risk management What Is Risk? In information security, a risk is the likelihood that a threat agent will exploit a vulnerability More generally, a risk can be defined as an event or condition that could occur And if it does occur, then it has a negative impact Risk generally denotes a potential negative impact to an asset Definition of Risk Management Realistically, risk cannot ever be entirely eliminated Would cost too much or take too long Rather, some degree of risk must always be assumed Risk management A systematic and structured approach to managing the potential for loss that is related to a threat Steps in Risk Management The first step or task in risk management is to determine the assets that need to be protected Asset identification The process of inventorying and managing these items Types of assets: Data Hardware Personnel Physical assets Software Attributes of Assets Along with the assets, the attributes of the assets need to be compiled Attributes are details Important to determine each item’s relative value Attributes of Assets Determining Relative Value Factors that should be considered in determining the relative value are: How critical is this asset to the goals of the organization? How difficult would it be to replace it? How much does it cost to protect it? How much revenue does it generate? Determining Relative Value Factors that should be considered in determining the relative value are: (continued) How quickly can it be replaced? What is the cost to replace it? What is the impact to the organization if this asset . | Risk Management Contents Define risk and risk management Describe the components of risk management List and describe vulnerability scanning tools Define penetration testing Risk Management, Assessment, and Mitigation One of the most important assets any organization possesses is its data Unfortunately, the importance of data is generally underestimated The first steps in data protection actually begin with understanding risks and risk management What Is Risk? In information security, a risk is the likelihood that a threat agent will exploit a vulnerability More generally, a risk can be defined as an event or condition that could occur And if it does occur, then it has a negative impact Risk generally denotes a potential negative impact to an asset Definition of Risk Management Realistically, risk cannot ever be entirely eliminated Would cost too much or take too long Rather, some degree of risk must always be assumed Risk management A systematic and structured approach to managing .