An Image/Link below is provided (as is) to download presentationDownload Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.Content is provided to you AS IS for your information and personal use only. Download presentation by click this link.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.During download, if you can't get a presentation, the file might be deleted by the publisher.
E N D
Presentation Transcript
1. Slide #1 Security Planning and Risk Analysis CS461/ECE422
Computer Security I
Fall 2008
2. Slide #2 Overview Elements of Risk Analysis
Quantitative vs Qualitative Analysis
One Risk Analysis framework
3. Slide #3 Reading Material Chapter 1.6 of Computer Security
Information Security Risk Analysis, by Thomas R. Peltier
On reserve at the library
Some chapters on compass site
Identifies basic elements of risk analysis and reviews several variants of qualitative approaches
“Information Security Risk Assessment: Practices of Leading organizations”, By GAO
http://www.gao.gov/special.pubs/ai99139.pdf
Case studies of risk analysis procedures for four companies
“Risk Management Guide for Information Technology Systems”, NIST
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
Outlines steps for risk assessment
4. Slide #4 What is Risk? The probability that a particular threat will exploit a particular vulnerability
Not a certainty.
Risk impact – loss associated with exploit
Need to systematically understand risks to a system and decide how to control them.
