Please enable JavaScript.
Coggle requires JavaScript to display documents.
Turning a risk assessment into a risk mitigation plan - Coggle Diagram
Turning a risk assessment into a risk mitigation plan
Risk assessments
identify and evaluate revalant threats
Identify and evaluate relavant vulnerabilities
identify and evaluate countermeasures
In-place countermeasures - addresses some of the countermeasures that have already been put in place; may be upgraded or reconfigured
Planned countermeasures - one that has been approved and has a date for implementation; documented in the risk assessment
Approved countermeasure - previously approved by management
creating account management policy
Create script to check account usage
controlling physical access to employee areas
develop mitigating recommendations
Time to implement countermeasure
Cost to implement countermeasures
Initial purchase cost- price of initial purchase of product. (Retail minus any discount)
Facility costs - Space, power, conditioning, maintenance. Sometimes overlooked.
Installation cost - the cost generated when outside help is sought
Training cost- also overlooked; cost required to train employees to teach them how to operate software.
Operational impact
Prioritizing Risk elements
Using a threat likelihood/impact matrix- threats can negatively affect confidentiality, integrity and availability
Prioritizing countermeasure - which can be found after using the likelihood/ impact matrix to find out risks and countermeasures.
Cost benefit analysis
Calculating CBA
Loss before countermeasure - loss after countermeasure = Projected benefits
Projected benefits - cost of countermeasure = countermeasure value
CBA report
recommended countermeasures
risk to be mitigated
annual projected benefits
Initial cost
annual or recurring costs
comparison of the costs and benefits
recommendation
Implementing risk mitigation plan
Staying within budget
Initial purchase cost
facility cost
intallation cost
training cost
Staying on schedule
Follow up
ensuring countermeasures have been implemented
Measuring load on the web farm - load should be balanced during normal operations and can be measured using a load balancing software
removing a server to the web farm
Transferring nodes on the failover cluster logically
shutting down the active node on the failover cluster
ensuring security gaps have been closed
Best practices
staying within the scope
Redoing CBAs if new costs are identified
Prioritizing countermeasures
Including current countermeasures in analysis
Controlling costs
Controlling schedules