Professional Documents
Culture Documents
E
What is Security Risk?
• Corporate information
--The life blood of business
--The survival & success of business depends on it
• Information security is concerned with
-- Confidentiality
-- Integrity
-- Availability
E
What Is Risk Assessment
Identificatin of
Threat assessment Existing and planned
Security controls
Risk assessment E
Risk Management Process
• Business environment
• Nature and Importance of business
• The dependency on technology and non
technology based information system
• The complexity of the business, supporting
systems, applications and services
• The number of trading partners and external
business and contractual relationships E
Risk Assessment Approaches
E
Risk Assessment Output
E
Identified Possible Threats
••Succeptibility
•Wrong of equipment to voltage fluctuation & spikes
Lack of proper
allocation
policies
of access
for the
rights
correct use of the resourses
••Lack
•Lackofofperiodic replacement of medias,e.g., floppies, cd
UnprotectedAudit
communication
Trail lines
roms,etc.
•Lack
•Lackofofproof
off-site
of receiving
storage oforbackups
sending of messages
•Lack of validation mechanisms in the I/O of the Custom
•Application
•Lack of regular
Uncontrolled copying
updations
Software of softwares
of the anti-virus software
•Lack of the Security awareness
E
Planned Security Controls
Backups aresoftware
Anti-virus done once a week
should and stored
in place, in takes
which the network
care of all
management
servers and clients
Access to network
Anti-virus should isberesources
of reputedcontrolled
company.by the ACL of
the network OS
Firewall should be in place in the internet access gateway
Internet access details can be displayed using the internet
Network
logging should
facility ofbe
theunder
proxymaintenance
server contract.
Administrators sre trained to manage networks