1 / 8

MGMT 755 Security Risk Analysis

New York Institute of Technology School of Management. MGMT 755 Security Risk Analysis. Dr. Benjamin Khoo kkhoo@nyit.edu. Business Impact Analysis. Objective:

mia-paul
Download Presentation

MGMT 755 Security Risk Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. New York Institute of Technology School of Management MGMT 755 Security Risk Analysis Dr. Benjamin Khoo kkhoo@nyit.edu

  2. Business Impact Analysis Objective: To determine the effect the mission-critical information systems failure have on the viability & operations of enterprise core business processes. Note: BIA done as part of Risk Assessment benk

  3. Business Impact Analysis Results of BIA helps determine how CRITICAL a specific: Application, System, Business Process, or Other Asset is to the enterprise. benk

  4. Business Impact Analysis Process: 1. Create set of Definitions of Impact on business (see Table 9.1) • Create set of Impact Tables that identify the impact thresholds for various categories (see Table 9.2) • Create Financial Impact worksheet (see sample table in Table 9.3) • Fill-in the values for various categories into the BIA worksheet (see Table 9.4) benk

  5. Business Impact Analysis Examples: • Accounts Payable Dept. Impact threshold level is 3-5 days(see Table 9.5) • Purchasing Dept. Impact threshold level is 2 days(see Table 9.6) benk

  6. Security Risk Management Process • Define the Scope. • Identify Assets (consider the types/categories). • Identify Threats & Vulnerabilities to assets (consider the types/categories). • Determine the Probability of occurrence. • Determine the Impact or Criticality of occurrence (Quantitative or Qualitative). • Derive the Risk Level (BIA can be done here). • Identify Safeguards/Controls (consider the types/categories). benk

  7. Security Risk Management Process • Determine the Safeguards/Controls to Implement by Cost-Benefit Analysis. • Implement Safeguards/Controls. • Continuous Monitoring & Regular Audits. benk

  8. New York Institute of Technology School of Management MGMT 755 Security Risk Analysis Thank You for a great semester!!! Dr. Benjamin Khoo kkhoo@nyit.edu

More Related