Security Mgt U5, risk analysis and mgt (part 1)


IYM001 Mind Map on Security Mgt U5, risk analysis and mgt (part 1), created by jjanesko on 13/04/2013.
Mind Map by jjanesko, updated more than 1 year ago
Created by jjanesko over 11 years ago

Resource summary

Security Mgt U5, risk analysis and mgt (part 1)
  1. risk model
    1. risk
      1. identify, analyze, model
        1. assets
          1. threats
            1. vulnerabilities
            2. management
              1. countermeasures
                1. implementation
                  1. audit
              2. definitions
                1. risk
                  1. potential for an unwanted event to have a negative impact upon an activity by exploiting an exposure
                  2. risk management
                    1. reduction of the exposures identified by risk analysis to a level acceptable to the organization
                    2. gap analysis
                      1. highlights areas where there are significant gaps i the security managemen process or in security measures implemented
                      2. business impact analysis
                        1. identifies impact for organization if the functions that core information systems are interrupted. quantifies importance for business
                        2. assets
                          1. physical environment
                            1. hardware
                              1. data
                                1. software/systems
                                  1. communications network
                                    1. infrastructure
                                      1. staff
                                    2. 4 kinds of risk
                                      1. business
                                        1. project
                                          1. operational
                                            1. financial
                                            2. related legislation
                                              1. HIPAA
                                                1. Gamm Leach Bliley Act
                                                  1. Basel II
                                                    1. Sarbanes Oxley
                                                      1. financial services and markets act
                                                      2. manuallly documented or software-guided?
                                                        1. manual
                                                          1. low cost to entry
                                                            1. simpler but error prone
                                                              1. less efficient
                                                                1. harder to share and repeat
                                                                  1. increased cost of expertise maintenance
                                                                  2. software guided
                                                                    1. consistently implements a specific methodology
                                                                      1. guides user
                                                                        1. reusable, shareable
                                                                          1. dynamic, efficient
                                                                            1. software options (image)


                                                                          2. ISMS documentation set
                                                                            1. infosec policy
                                                                              1. information asset register
                                                                                1. risk assessment report
                                                                                  1. statement of applicability
                                                                                    1. policies and procedrues
                                                                                    2. threat motivation
                                                                                      1. resources
                                                                                        1. opportunity
                                                                                          1. capability
                                                                                            1. publicity
                                                                                              1. asset attractiveness
                                                                                              2. qualitative vs. quantitative
                                                                                                1. qualtitative
                                                                                                  1. capable of handling soft impacts
                                                                                                    1. handles hard & soft impacts consistently
                                                                                                      1. adapts to emerging best practices
                                                                                                        1. accepts that risk mgt is evolving
                                                                                                          1. relies on consensus of "best placed"
                                                                                                            1. dependent on expert opinion
                                                                                                              1. only as good as your best expert opinion
                                                                                                            2. quantitative
                                                                                                              1. every loss is capable of beig expressed in financial terms
                                                                                                                1. requires careful records
                                                                                                                  1. formula for financial impact (image)


                                                                                                                    1. expected frequency of attacks is known (statistics bank)
                                                                                                                      1. has problems with new risks
                                                                                                                        1. has problems with less concrete risk
                                                                                                                    Show full summary Hide full summary


                                                                                                                    Security Mgt, ISO 27001, PDCA
                                                                                                                    Exemplary Assignment Answers
                                                                                                                    Security Mgt, Flashcards for ISO 27000 series
                                                                                                                    Security Mgt U8, Information Assurance
                                                                                                                    Security Mgt U3, BS7799 (Part 2)
                                                                                                                    Security Mgt U5, quantitative risk assessment forumula (image)
                                                                                                                    Security Mgt U8, Incident Recovery Image
                                                                                                                    Security Mgt U3, BS7799 (Part 1)
                                                                                                                    Security Mgt U5, Risk Analysis Methods and Tools (image)
                                                                                                                    Security Mgt U5, risk analysis & mgt (part 2)
                                                                                                                    Security Mgt U10, Scope of Incident Response (chart)