Scribd
Upload
21 views13 pages

risk

The document outlines the concept of risk, defined as the combination of the likelihood of an event occurring and its potential impact. It discusses key terminology such as vulnerability, asset, and threat, and emphasizes the importance of risk identification and assessment in protecting organizational assets. Additionally, it covers risk treatment options and the role of security controls in safeguarding information systems.

Uploaded by

0ba35dac91
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
21 views13 pages

risk

The document outlines the concept of risk, defined as the combination of the likelihood of an event occurring and its potential impact. It discusses key terminology such as vulnerability, asset, and threat, and emphasizes the importance of risk identification and assessment in protecting organizational assets. Additionally, it covers risk treatment options and the role of security controls in safeguarding information systems.

Uploaded by

0ba35dac91
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Risk • The Risk is a measure of the extent to

which an entity is threatened by a potential


circumstance or event. It is often expressed
combination of:

. adverse impacts that would arise if the


 The
circumstance or event occurs and
. likelihood of occurrence.
 The

Risk = likelihood x impact


Risk
management
Terminology
Vulnerability Asset Threat
Vulnerability
• A Vulnerability is a gap or weakness in an
organizations protection of its valuable assets,
including information.
Asset
An Asset is something that has value and in
need of protection.
Threat • A Threat is something or someone that aims
to exploit a vulnerability to gain unauthorized
access.
• Types of threats
1- Natural threats such as floods hurricanes,
or tornadoes.
2-Unintentional threats like an employee
mistakenly accessing the wrong
information.
3- Intentional threats such as spyware
malware adware companies or the actions
of a disgruntled employee.
Risk • Identify risk to protect against it.
Identification • It is not a one-and-done activity.
• Risks to communicated clearly.
• Employees at all levels of the organization
responsible for identifying risk.

• Security professionals participate in risk


assessment by focusing on:
 Needed Security Controls
 Risk Monitoring
 Planning
 Incident Response
RISK • Definition:
ASSESSMENT The process of identifying estimating and
prioritizing risk to an organizations
operations (including its mission functions
image and reputation) assets and individuals.

• Risk Assessment Goal: Risks must be linked


to
business goals objectives assets or processes.
Risk Priorities – Risk Analysis
RiskTreatment
• Making decisions about the best actions to
take regarding the identified and prioritized risk.

• Decisions made are dependent on the attitude


of management toward risk and the availability
– and cost – of risk mitigation..
Risk Treatment
Option Avoidance Acceptance

Mitigation Transfer
Security
Controls
Security controls pertain to the physical,
technical and administrative mechanisms that
What are act as safeguards or countermeasures prescribed
for an information system to protect the
Security confidentiality, integrity and availability of the
system and its information. The implementation
Controls? of controls should reduce risk, hopefully to an
acceptable level.
Physical Controls
Security
Controls Technical Controls

Administrative Controls

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy