Scribd Logo
Upload

Welcome to Scribd!

  • Risk Management Concepts

    Uploaded by

    3LIX 311
    7 views3 pages

    Original Title

    Risk management concepts

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views3 pages

    Risk Management Concepts

    Uploaded by

    3LIX 311

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    1

    Risk management concepts

    Risk assessment/analysis concepts:


    1. threats to its assets
    2. vulnerabilities present in the environment
    3. The likelihood of a threat
    4. the impact of an exposure
    5. countermeasures available
    6. the residual risk
    Various methodologies:
    1. COSO(5 areas of internal control)
    2. ITIL (34 books to improve IT service management)
    3. COBIT (examine effectiveness, efficiency, confidentiality, integrity, compliance and
    reliability aspects of high level control objectives) and integrates the following frameworks:-
    a. Cobit 4.1
    b. Val IT 2.0
    c. Risk IT
    d. IT assurance framework (ITAF)
    e. Business Model for Information Security (BMIS)
    NIST SP 800-30 (process):
    1. system characterisation
    2. vulnerability identification
    3. threat identification
    4. countermeasure identification
    5. likelihood determination
    6. impact determination
    7. risk determination
    8. additional countermeasures recommendations
    9. document results
    2

    ISO 27000 (main areas):


    1. information security policy
    2. organising information security
    3. asset management
    4. human resources security
    5. physical and environmental security
    6. communications and operations management
    7. access control
    8. information systems acquisition development and maintenance
    9. information security incident management
    10. business continuity management
    11. compliance
    Octave:
     This is defined as a situation where people from an organisation manage and direct an
    information security risk evaluation for their organisation.
     They are a set of principles attributes and outputs.
    o principles e.g. self-direction
    o attributes e.g. distinctive qualities or characteristics
    o outputs e.g. required outputs results of each phase of the evaluation
    Countermeasure control examples:
     accountability
     auditability
     trusted source
     independence
     consistently applied
     cost effective
     reliable
     independence
     ease of use
     automation
     sustainable
     secure
     protects CIA of assets
     can be backed out in event of issue
     creates no additional operational issues
     leaves no residual data
    3

    You might also like