Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 5 - Coggle Diagram
Chapter 5
risk assessments
definition:
is a process used to identify and evaluate risks
safeguards: used to control or reduce risks
a risk assessment should be completed:
periodically after a control has been implemented
when evaluating a control
when evaluating risk
purpose of a risk assessment:
support decision making
evaluate control effectiveness
steps to develop a risk assessment
determining the impact of a risk
determining the usefulness of a safeguard or control
identifying asset values
identifying the likelihood that a risk will occur
identifying threats and vulnerabilities
best practices for conducting risk assessments:
building a strong risk assessment team
repeating the risk assessment regularly
enlisting senior management support
defining a methodology to use
starting with clear goals and a defined scope
providing a report of clear risks and recommendations
risk assessment challenges
data consistency
estimating impact effects
availability of resources and data
providing results that support resource allocation and risk acceptance
using a static process to evaluate a moving target
risk categories
web defacing
loss of data from unauthorized access
DoS attack
loss of website data from hardware failure
quantitative
objective
uses numbers
key terms:
annual rate of occurrence
annual loss expectancy
single loss expectancy
safeguard value
qualitative
subjective
uses probabilities and impact of a risk
risk level = probability x impact
scope
critical areas:
web server
database server
internal firewall
definition:
identifies the boundaries of the risk assessment