1 / 13

Risk Management Vs Risk avoidance

Risk Management Vs Risk avoidance. William Gillette. Security System Development Life Cycle An Overview. Investigation Teams of employees define the problem, scope and set goals/objectives and check feasibility of the project Analysis

drew
Download Presentation

Risk Management Vs Risk avoidance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Management Vs Risk avoidance William Gillette

  2. Security System Development Life CycleAn Overview • Investigation • Teams of employees define the problem, scope and set goals/objectives and check feasibility of the project • Analysis • Looks at current security policies, threats, controls, and legal issues that could impact a new security policy/system. Risk management stage • Design • The logical and physical design of security system. Risk avoidance stage • Implement • The purchase or development of security solutions. • Maintenance • Security systems constantly need updating, modifying and testing

  3. Risk Management • Defined: • The process of identifying vulnerabilities in an organization’s information systems and or programs. Then taking steps to assure its confidentiality, availability, integrity, authenticity.

  4. Risk Management Step by Step analysis • Step 1 Know yourself. • First, you must identify, examine, and understand the data/information and systems that interact on these elements. • Second, once you know what you have you can now look at what is already being done to protect these assets. • Third, Identify if these controls are being properly maintained and administrated.

  5. Risk Management Step by Step analysis • Step 2 know you enemy • Now that you are informed of your organization’s assets and weaknesses you must identify, examine, understanding the treats facing your organization. • In turn you must also identify the aspects of the treats that will most directly effect you organization. • With your understanding of the threats you are now ready to create a list of treats prioritized by the importance of the threat and the asset. • Remember in business, business needs come first technology (including security mainly come second)

  6. Risk Management Step by Step analysis • Step 3 know your community • Information security community: theses people understand the threats the most and often take a leadership role when it comes addressing threats. • Users and managers communities: when properly trained this group plays a critical part in the area of early detection. • Both groups are also responsible for • Evaluating risk controls • Determining which control option are cost effective • Acquiring or installing the needs for controls. • Overseeing that the controls remains effective.

  7. Risk avoidance • Defined: • A risk control strategy that attempts to prevent attacks to organizational assets, through there vulnerabilities. • This is the most preferred risk control strategy as it seeks to avoid risk/treats entirely. • Avoidance is accomplish through countering treats, removing vulnerabilities in assets, limiting access to assets, and adding protective safeguards.

  8. Methods of risk avoidance • Avoidance through application of policy. • Avoidance through application of training and education. • Avoidance though application of technology.

  9. Avoidance through application of policy • This mandates that procedure must be followed when dealing with a sensitive asset. • Example requiring random assigned password to access sensitive assets like customer databases.

  10. Avoidance through application of training and education • New policies must be communicated to employees. In addition new technology requires training. • General security awareness issues. • Awareness, education, and training are essential if employees are to exhibit safe controlled behavior.

  11. Avoidance though application of technology. • In the real world technological solutions are often required to assure that a risk is reduced. • The use of countering measure to reduce or eliminating the exposure of a particular asset to a specific treat. • Implementing safeguards to defect attack on systems and therefore minimize the probability of a attack will be successful.

  12. Risk management Identifying vulnerabilities in an organization’s information systems and or programs Risk avoidance Control strategy that attempts to prevent attacks Risk Management Vs Risk avoidance

  13. Bibliography • Information Technology for Management Henry C. Lucas 7th Edition Irwin McGraw-Hill • Principles of Information Security Michael E. Whitman Thomson Course Technology. • Information Security Issues that Healthcare Management Must Understand Journal of Healthcare Information Management Vol 17 # Winter 2003

More Related