1 / 7

MGMT 755 Security Risk Analysis

New York Institute of Technology School of Management. MGMT 755 Security Risk Analysis. Dr. Benjamin Khoo kkhoo@nyit.edu. Chapter 1: (Introduction – FAQ). Why should a Risk Assessment be conducted? When should a Risk Analysis be conducted?

Download Presentation

MGMT 755 Security Risk Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. New York Institute of Technology School of Management MGMT 755 Security Risk Analysis Dr. Benjamin Khoo kkhoo@nyit.edu

  2. Chapter 1: (Introduction – FAQ) • Why should a Risk Assessment be conducted? • When should a Risk Analysis be conducted? • Who should conduct the Risk Analysis and Risk Assessment? • Who within the organization should conduct the Risk Analysis and Risk Assessment? • How long should a Risk Analysis or Risk Assessment take? • What can a Risk Analysis or Risk Assessment Analyze?

  3. Chapter 1: (Introduction – FAQ) • What can the results of Risk Management tell an Organization? • Who should review the results of a Risk Analysis? • How is the success of the Risk Analysis measured?

  4. Chapter 2: Risk Management I • Overview- RM used to balance operational & economic costs of protective measures (IS) and achieve gains in mission capability. - made up of:1. risk analysis2. risk assessment3. risk mitigation4. vulnerability assessment & controls evaluation.See Table 2.1 for definitions.

  5. Chapter 2: Risk Management I • Risk Assessment as part of the business processSee Figure 2.1 Risk Management Activities mapped to the SDLC See Table 2.2

  6. Chapter 2: Risk Management I • Employee Roles and ResponsibilitiesSee Table 2.3, Table 2.4 & Table 2.5 for examples. • Information Security Life CycleSee Figure 2.2 • Risk Analysis Process

  7. Chapter 2: Risk Management I • Risk Assessment1. Asset Definition2. Threat Identification (See Table 2.6)3. Determine Probability of Occurrence4. Determine the Impact of the Threat (See Figure 2.3 and Figure 2.4)5. Controls Recommended6. Documentation

More Related