Scribd Logo
Upload

Welcome to Scribd!

  • Chapter05-Defining Risk Assessment Approaches

    Uploaded by

    MHuy
    8 views16 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views16 pages

    Chapter05-Defining Risk Assessment Approaches

    Uploaded by

    MHuy

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    Defining Risk Assessment

    Approaches
    Objectives

    • What risk assessment is


    • What the critical components of a risk assessment are
    • What types of risk assessments are available
    • Which risk assessment challenges you should address
    • What best practices for risk assessment are

    http://fpt.edu.vn 28/05/2019 2
    Define Risk Assessment

    • Process used to identify and evaluate risks


    • Quantified based on the importance or impact severity of
    risk
    • Major part of an overall risk management program
    • Risk assessment vs. Risk Management

    http://fpt.edu.vn 28/05/2019 3
    Importance of Risk Assessments

    • Helps maintain a proper balance between two goals:


    profitability and survivability
    • RA should be completed:
    – When evaluating risk
    – When evaluating a control
    – Periodically after a control has been implemented

    http://fpt.edu.vn 28/05/2019 4
    Purpose of a Risk Assessment

    • Support decision making


    • Evaluate control effectiveness

    http://fpt.edu.vn 28/05/2019 5
    Risk Assessment Steps

    • Identify threats and vulnerabilities


    • Identify the likelihood that a risk will occur
    • Identify asset

    http://fpt.edu.vn 28/05/2019 6
    Risk Assessment Steps (cont.)

    • Determine the impact of a risk


    • Determine the usefulness of a safeguard or control

    http://fpt.edu.vn 28/05/2019 7
    Critical Components
    of Risk Assessment
    • Identify scope
    • Identify critical areas
    • Identify team

    http://fpt.edu.vn 28/05/2019 8
    Types of Risk Assessments

    • Objective method - Quantitative


    • Subjective method - Qualitative

    http://fpt.edu.vn 28/05/2019 9
    Quantitative Risk Assessments

    • Single loss expectancy (SLE)


    • Annual rate of occurrence (ARO)
    • Annual loss expectancy (ALE)
    • Benefits vs. limitations

    http://fpt.edu.vn 28/05/2019 10
    Qualitative Risk Assessments

    • Probability
    • Impact
    • You must define the scale. However, there is no single
    standard.
    • Benefits vs. limitations

    http://fpt.edu.vn 28/05/2019 11
    Qualitative Assessment
    with the Delphi Method
    • Identify a problem
    • Gather input from experts
    • Collate the responses
    • Share the results
    • Repeat as necessary

    http://fpt.edu.vn 28/05/2019 12
    Comparing Quantitative
    and Qualitative Risk Assessments

    http://fpt.edu.vn 28/05/2019 13
    Risk Assessment Outline

    • Introduction
    • Risk assessment approach
    • System characterization
    • Threat statement
    • Risk assessment results
    • Control recommendations
    • Summary

    http://fpt.edu.vn 28/05/2019 14
    Risk Assessment Challenges

    • Using a static process to evaluate a moving target


    • Availability of data and resources
    • Data consistency
    • Estimating impact effects
    • Providing results that support resource allocation and risk
    acceptance

    http://fpt.edu.vn 28/05/2019 15
    Best Practices for Risk Assessment

    • Start with clear goals and a defined scope


    • Ensure senior management support
    • Build a strong RA team
    • Repeat the RA regularly
    • Define a methodology to use
    • Provide a report of clear risks and clear recommendations

    http://fpt.edu.vn 28/05/2019 16

    You might also like