null
US
Sign In
Sign Up for Free
Sign Up
We have detected that Javascript is not enabled in your browser. The dynamic nature of our site means that Javascript must be enabled to function properly. Please read our
terms and conditions
for more information.
Next up
Copy and Edit
You need to log in to complete this action!
Register for Free
45106
Security Mgt U5, risk analysis and mgt (part 1)
Description
IYM001 Mind Map on Security Mgt U5, risk analysis and mgt (part 1), created by jjanesko on 13/04/2013.
No tags specified
iym001
iym001
Mind Map by
jjanesko
, updated more than 1 year ago
More
Less
Created by
jjanesko
over 11 years ago
134
20
0
Resource summary
Security Mgt U5, risk analysis and mgt (part 1)
risk model
risk
identify, analyze, model
assets
threats
vulnerabilities
management
countermeasures
implementation
audit
definitions
risk
potential for an unwanted event to have a negative impact upon an activity by exploiting an exposure
risk management
reduction of the exposures identified by risk analysis to a level acceptable to the organization
gap analysis
highlights areas where there are significant gaps i the security managemen process or in security measures implemented
business impact analysis
identifies impact for organization if the functions that core information systems are interrupted. quantifies importance for business
assets
physical environment
hardware
data
software/systems
communications network
infrastructure
staff
4 kinds of risk
business
project
operational
financial
related legislation
HIPAA
Gamm Leach Bliley Act
Basel II
Sarbanes Oxley
financial services and markets act
manuallly documented or software-guided?
manual
low cost to entry
simpler but error prone
less efficient
harder to share and repeat
increased cost of expertise maintenance
software guided
consistently implements a specific methodology
guides user
reusable, shareable
dynamic, efficient
software options (image)
Attachments:
Security Mgt U5, Risk Analysis Methods and Tools (image)
ISMS documentation set
infosec policy
information asset register
risk assessment report
statement of applicability
policies and procedrues
threat motivation
resources
opportunity
capability
publicity
asset attractiveness
qualitative vs. quantitative
qualtitative
capable of handling soft impacts
handles hard & soft impacts consistently
adapts to emerging best practices
accepts that risk mgt is evolving
relies on consensus of "best placed"
dependent on expert opinion
only as good as your best expert opinion
quantitative
every loss is capable of beig expressed in financial terms
requires careful records
formula for financial impact (image)
Attachments:
Security Mgt U5, quantitative risk assessment forumula (image)
expected frequency of attacks is known (statistics bank)
has problems with new risks
has problems with less concrete risk
Show full summary
Hide full summary
Want to create your own
Mind Maps
for
free
with GoConqr?
Learn more
.
Similar
Security Mgt, ISO 27001, PDCA
jjanesko
Exemplary Assignment Answers
jjanesko
Security Mgt, Flashcards for ISO 27000 series
jjanesko
Security Mgt U3, BS7799 (Part 1)
jjanesko
Security Mgt U3, BS7799 (Part 2)
jjanesko
Security Mgt U5, Risk Analysis Methods and Tools (image)
jjanesko
Security Mgt U5, quantitative risk assessment forumula (image)
jjanesko
Security Mgt U5, risk analysis & mgt (part 2)
jjanesko
Security Mgt U8, Information Assurance
jjanesko
Security Mgt U8, Incident Recovery Image
jjanesko
Security Mgt U10, world class security infrastructure
jjanesko
Browse Library