Professional Documents
Culture Documents
Presentation Overview
• Risk Management is a critical component in the security
posture of any organization.
• Threats to each asset in the organization must be known
and strategies developed to handle the likelihood of a
negative event occurring.
• Risk Management is a proactive and important feature of
an organization because you may be spending $1 mil to
protect an asset that’s worth $20,000.
Introduction
Risk management
• Is the process of identifying, assessing and controlling
threats to an organization's capital and earnings.
• These threats, or risks, could stem from a wide variety of
sources including;
• Financial uncertainty
• Legal liabilities
• Hardware / Software configuration errors
• Accidents and natural disasters.
Risk Management
• Asset – A resource that a business needs to function
Ex. – Physical Building, Web Server, Firewall, Data / Information
• Vulnerability – A weakness in the configuration of hardware and
software
Ex. - Unpatched Systems, Outdated Virus Scan , Poorly configured applications
• Threat – An even that can cause harm
Ex. Social Engineering attacks, DDoS, Botnet, Malware, SQL injection
• Risk - The potential for loss, damage or destruction of an asset as a
result of a threat exploiting a vulnerability
Ex. – Financial Loss, Reputational Damage, Legal Sanctions
• Threat Vector – A tool, mechanism, the hacker uses to exploit a
weakness on a system
Ex. – RATs, Email Attachments, Malicious Links / Websites,
Phishing