Dr. Benjamin Khoo [email protected] New York Institute of Technology School of Management.
-
Upload
gregory-terry -
Category
Documents
-
view
223 -
download
0
Transcript of Dr. Benjamin Khoo [email protected] New York Institute of Technology School of Management.
![Page 1: Dr. Benjamin Khoo kkhoo@nyit.edu New York Institute of Technology School of Management.](https://reader030.fdocuments.in/reader030/viewer/2022033101/56649eb15503460f94bb6c67/html5/thumbnails/1.jpg)
Dr. Benjamin [email protected]
New York Institute of TechnologyNew York Institute of TechnologySchool of ManagementSchool of Management
![Page 2: Dr. Benjamin Khoo kkhoo@nyit.edu New York Institute of Technology School of Management.](https://reader030.fdocuments.in/reader030/viewer/2022033101/56649eb15503460f94bb6c67/html5/thumbnails/2.jpg)
1. Why should a Risk Assessment be conducted?2. When should a Risk Analysis be conducted?3. Who should conduct the Risk Analysis and
Risk Assessment?4. Who within the organization should conduct
the Risk Analysis and Risk Assessment?5. How long should a Risk Analysis or Risk
Assessment take?6. What can a Risk Analysis or Risk Assessment
Analyze?
![Page 3: Dr. Benjamin Khoo kkhoo@nyit.edu New York Institute of Technology School of Management.](https://reader030.fdocuments.in/reader030/viewer/2022033101/56649eb15503460f94bb6c67/html5/thumbnails/3.jpg)
7. What can the results of Risk Management tell an Organization?
8. Who should review the results of a Risk Analysis?
9. How is the success of the Risk Analysis measured?
![Page 4: Dr. Benjamin Khoo kkhoo@nyit.edu New York Institute of Technology School of Management.](https://reader030.fdocuments.in/reader030/viewer/2022033101/56649eb15503460f94bb6c67/html5/thumbnails/4.jpg)
1. Overview- RM used to balance operational & economic costs of protective measures (IS)
and achieve gains in mission capability.- made up of:
1. risk analysis2. risk assessment3. risk mitigation4. vulnerability assessment & controls
evaluation.
See Table 2.1 for definitions.
![Page 5: Dr. Benjamin Khoo kkhoo@nyit.edu New York Institute of Technology School of Management.](https://reader030.fdocuments.in/reader030/viewer/2022033101/56649eb15503460f94bb6c67/html5/thumbnails/5.jpg)
2. Risk Assessment as part of the business process
See Figure 2.1
Risk Management Activities mapped to the SDLC
See Table 2.2
![Page 6: Dr. Benjamin Khoo kkhoo@nyit.edu New York Institute of Technology School of Management.](https://reader030.fdocuments.in/reader030/viewer/2022033101/56649eb15503460f94bb6c67/html5/thumbnails/6.jpg)
3. Employee Roles and Responsibilities
See Table 2.3, Table 2.4 & Table 2.5 for examples.
4. Information Security Life Cycle
See Figure 2.2
5. Risk Analysis Process
![Page 7: Dr. Benjamin Khoo kkhoo@nyit.edu New York Institute of Technology School of Management.](https://reader030.fdocuments.in/reader030/viewer/2022033101/56649eb15503460f94bb6c67/html5/thumbnails/7.jpg)
6. Risk Assessment1. Asset Definition2. Threat Identification (See Table 2.6)3. Determine Probability of Occurrence4. Determine the Impact of the Threat
(See Figure 2.3 and Figure 2.4)5. Controls Recommended6. Documentation