Please enable JavaScript.
Coggle requires JavaScript to display documents.
Information Security Risk Management (Measures to minimize risk (Avoid…
Information Security Risk Management
Security vulnerabilities
Caused by human factor
Patches are used to fix vulnerabilities
Monitor effectiveness of those measures
1st boundary: Min ARO
2nd boundary: Max SLE
3rd boundary: Max ALE
threat identification & damage assessment
Human acts
Maicious
Non-malicious
Natural disasters
Measures to minimize risk
Avoid threats & attacks
Reduce asset exposure by installing firewall, antivirus
Transferring risk by outsourcing
Risk retention
Security risk assessment
Quantitative risk analysis
ALE (Annual Loss Expectancy)
SLE (Single Loss Exposure)
AV (Monetary Value of asset)
EF (Exposure Factor)
ARO (Annual Rate of Occurrence)
Qualitative risk analysis
Methods
OCTAVE
FAA
SRM
FRAP
Identify business assets
Discrete Classes of assets
Low assets
Moderate assets
Critical assets
Intangible assets
Tangible assets
Costs & benefits of IT Security calculated via
IRR (Internal Rate of Return)
NPV (Net Present Value)
ROI = (Benefits - Cost of investment)/Investment
SLE = AV x EF
ALE = ARO x SLE