Scribd Logo
Upload

Welcome to Scribd!

  • 1 Risk Assessment Process

    Uploaded by

    ombilin
    9 views11 pages

    Original Title

    1 Risk Assessment Process.pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views11 pages

    1 Risk Assessment Process

    Uploaded by

    ombilin

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    Risk Assessment

    Process
    Risk Assessment Process

    By: Dedy Syamsuar, PhD


    Komponen Managemen Resiko

    Assess

    Arus informassi
    Arus informassi
    dan komunikasi
    dan komunikasi

    Fram
    e

    Respon
    Monitor
    d
    Arus informassi
    dan komunikasi
    Frame Risk
    : Adjust intelligence direction to meet needs of risk
    management, describing the environment in which risk -based decisions are
    made
    The purpose of the risk framing component is to produce a risk management
    strategy that addresses how organizations intend to assess risk, respond to risk,
    and monitor risk

    Establishing a realistic Risk assumptions


    and credible risk frame
    requires that Risk constraints
    organizations identify:
    Risk tolerance

    Priorities and trade-offs


    Risk framing
     Determine the uncertainty of the risk and associated risk
    constraints
     Define the risk tolerance and priority and tradeoffs
     Determine the set of risk factors, assessment scale and
    associated algorithm for combining factors
     Assist in precise risk communication and sketch out
    boundaries of information system authorization
     Enhance the risk decision with approprieate information
     Determine the context of the entire risk assessment
    process/approach
    Risk assessment is the process of identifying,
    estimating, and prioritizing information security
    risks
    Threats
    Risk Assessment

    Vulnerabilities
    purposes

    Harm

    Likehood
    To support the risk assessment component,
    organizations identify:

     the tools, techniques, and methodologies that are used to assess


    risk;
     the assumptions related to risk assessments;
     the constraints that may affect risk assessments;
     roles and responsibilities;
     how risk assessment information is collected, processed, and
    communicated throughout organizations;
     how risk assessments are conducted within organizations;
     the frequency of risk assessments; and
     how threat information is obtained (i.e., sources and methods).
    Threat type

    Physical Natural Loss of Compromise of Technical Compromise of


    essential information: failures: functions:
    damage: events: services: • eavesdropping • error in use,
    • equipment,
    • fire, • climatic, • electrical power, • theft of media, • abuse of rights,
    • software,
    • water, • seismic, • air conditioning, • retrieval of • capacity • denial of actions
    • telecommunication
    • pollution • volcanic discarded saturation,
    materials
    Vulnerabilities (Kerentanan)
    Kerentanan atau vulnerabilities merupakan kelemahan dari sistem
    yang dapat dimanfaatkan oleh ‘penyerang’ untuk menggagalkan atau
    mengambil alih suatu system

    A weakness of an asset or group of assets that can


    be exploited by one or more threats (ISO 27005)

    A flaw or weakness in system security procedures,


    design, implementation, or internal controls that
    could be exercised (accidentally triggered or
    intentionally exploited) and result in a security
    breach or a violation of the system's security
    policy (NIST SP800-30).
    Top 25 most common passwords by year according to SplashData

    Vulnerabilities Protection
    Rank 2011[4] 2012[5] 2013[6] 2014[7] 2015[8] 2016[3]

    1 password password 123456 123456 123456 123456

    2 123456 123456 password password password password

    3 12345678 12345678 12345678 12345 12345678 12345


    4 qwerty abc123 qwerty 12345678 qwerty 12345678
    5 abc123 qwerty abc123 qwerty 12345 football

    6 monkey monkey 123456789 123456789 123456789 qwerty

    7 1234567 letmein 111111 1234 football 1234567890

    8 letmein dragon 1234567 baseball 1234 1234567


    9 trustno1 111111 iloveyou dragon 1234567 princess

    10 dragon baseball adobe123[a] football baseball 1234

    11 baseball iloveyou 123123 1234567 welcome login

    12 111111 trustno1 admin monkey 1234567890 welcome

    13 iloveyou 1234567 1234567890 letmein abc123 solo

    14 master sunshine letmein abc123 111111 abc123

    15 sunshine master photoshop[a] 111111 1qaz2wsx admin

    16 ashley 123123 1234 mustang dragon 121212

    17 bailey welcome monkey access master flower

    18 passw0rd shadow shadow shadow monkey passw0rd


    19 shadow ashley sunshine master letmein dragon
    Respond to Risk
    : Intelligence supports evaluation and implementation of courses of action

    The purpose of the risk response component is to provide a consistent, organization-


    wide, response to risk in accordance with the organizational risk frame by:

    determining
    developing implementing risk
    evaluating the appropriate courses
    alternative courses responses based on
    alternative courses of action consistent
    of action for selected courses of
    of action; with organizational
    responding to risk; action.
    risk tolerance;
    Monitor risk
    Inteligence tracks threat changes that warrant system and control change

    determine the ongoing


    The purpose of the effectiveness of risk
    risk monitoring responses
    component is identify risk-impacting
    to changes

    verify that planned risk


    responses

    You might also like