Scribd
Upload
15 views

Lab 0

The document discusses the fundamentals of risk management in information systems including threats, vulnerabilities, exploits, compliance, planning, assessment, mitigation, analysis, and continuity plans.

Uploaded by

dungnthe172688
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
15 views

Lab 0

The document discusses the fundamentals of risk management in information systems including threats, vulnerabilities, exploits, compliance, planning, assessment, mitigation, analysis, and continuity plans.

Uploaded by

dungnthe172688
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 8

Risk Management in

Information Systems
Objectives

• Risk Management Fundamentals: Threats, Vulnerabilities, & Exploits


• Risk Compliance & Planning
• Security Risk Assessment Definition & Performance
• Asset Identification, Analysis of Threats, Vulnerabilities & Exploits
• Risk Mitigation: Security Control & Planning
• Security Risk Mitigation:
– Risk Assessment & Mitigation Planning
– BIA (Business Impact Analysis) & BCP (Business Continuity Plan)
– DRP (Disaster Recovery Plan) & CIRT (Computer Incidence Response Team) Plan

http://fpt.edu.vn 05/20/202 2
4
Course Learning Outcomes
• Understand the fundamental concepts of risk management and its importance.
• Understand methods of mitigating risk by managing threats, vulnerabilities, & exploits.
• Identify compliance laws, standards, best practices, & policies of risk management.
• Describe the components of an effective risk management plan.
• Describe approaches for identifying & analyzing relevant threats, vulnerabilities, & exploits.
• Describe the process of performing risk assessments.
• Identify assets and activities to be protected within an organization.
• Identify and analyze threats, vulnerabilities, & exploits.
• Identify and analyze risk mitigation security controls.
• Describe the process of planning risk mitigation throughout an organization.
• Describe the process of implementing a risk mitigation plan.
• Perform a BIA.
• Review a BCP based on the findings of a given risk assessment for an organization.
• Review a DRP based on the findings of a given risk assessment for an organization.
• Review a CIRT plan for an organization.

http://fpt.edu.vn 05/20/202 3
4
Knowledge Flow
1. Risk Management Fundamentals
1 Risk Management 2. Managing Risk: Threats, Vulnerabilities, and Exploits
3. Maintaining Compliance
4. Developing a Risk Management Plan

2 4 3 5. Defining Risk Assessment Approaches


6. Performing a Risk Assessment
7. Identifying Assets and Activities to Be Protected
8. Identifying and Analyzing Threats, Vulnerabilities,
5 6 7 9 8 and Exploits
9. Identifying and Analyzing Risk Mitigation Security
Controls
10. Planning Risk Mitigation Throughout Your
11 Risk Mitigation 10 Organization
11. Turning Your Risk Assessment Into a Risk Mitigation
Plan

12. Mitigating Risk with a Business Impact Analysis


12 15
13. Mitigating Risk with a Business Continuity Plan
14. Mitigating Risk with a Disaster Recovery Plan
15. Mitigating Risk with a Computer Incident Response
13 14 Risk Mitigation Plans
Team Plan
http://fpt.edu.vn
05/20/202 4
4
Risk Management

• Risk Management Fundamentals, Compliance Laws,


Standards, and Best Practices
– Risk Management Fundamentals
– Maintaining Compliance
• Risk Management Planning
– Managing Risk: Threats, Vulnerabilities, and Exploits
– Developing a Risk Management Plan

http://fpt.edu.vn 05/20/202 5
4
Risk Mitigation

• Concepts of Risk Assessment


– Defining Risk Assessment Approaches
– Performing a Risk Assessment
• Key Components of Risk Assessment
– Identifying Assets and Activities to Be Protected
– Identifying and Analyzing Threats, Vulnerabilities, and Exploits
– Identifying and Analyzing Risk Mitigation Security Controls
• Strategies for Mitigating Risk
– Planning Risk Mitigation Throughout Your Organization
– Turning Your Risk Assessment Into a Risk Mitigation Plan

http://fpt.edu.vn 05/20/202 6
4
Risk Mitigation Plans

• Business Impact Analysis and Continuity Planning


– Mitigating Risk with a Business Impact Analysis
– Mitigating Risk with a Business Continuity Plan
• Disaster Recovery, Incident Response Team, and Plan
– Mitigating Risk with a Disaster Recovery Plan
– Mitigating Risk with a Computer Incident Response Team Plan

http://fpt.edu.vn 05/20/202 7
4
References

[1] Darril Gibson, Managing Risk in Information Systems, 2nd Edition, Jones & Bartlett Learning,
2015.
[2] Seymour Bosworth, M.E. Kabay, Eric Whyne (eds.), Computer Security Handbook, 6th
Edition, 2 Volumes, Parts II, VII, John Wiley & Sons, 2014.
[3] W. Krag Brotby, Information Security Management Metrics: A Definitive Guide to Effective
Security Monitoring and Measurement, CRC Press, 2009.
[4] Jack Freund, Jack Jones, Measuring and Managing Information Risk: A FAIR Approach,
Butterworth-Heinemann, Elsevier, 2015.
[5] Leighton R. Johnson, Security Controls Evaluation, Testing, and Assessment Handbook,
Syngress, 2016.
[6] Thomas R. Peltier, Information Security Risk Analysis, 3rd Edition, CRC Press, 2010.
[7] vLab Solutions, 2015, Managing Risk in Information Systems: Laboratory Manual to
Accompany version 2.0, Jones & Bartlett Learning

http://fpt.edu.vn 05/20/202 8
4

You might also like