Scribd Logo
Upload

Welcome to Scribd!

  • Essential Risk Management Strategies

    Uploaded by

    Moses Ndimele
    29 views21 pages

    Original Title

    Risk Management Strategies

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    29 views21 pages

    Essential Risk Management Strategies

    Uploaded by

    Moses Ndimele

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    RISK MANAGEMENT

    STRATEGIES.
    What is Risk Management?

     Risk management is a process methodology that will


    provide a cost-benefit payback factor to senior
    management.

     Inrisk management, we have two players, the risk


    manager and the adversary.
    The risk manager does the following:

     Minimize damage to the organization by the adversary.

     Manipulates indicators to deceive the adversary and add new


    countermeasures.

     Constrained by the security budget.

     Minimize gain by the adversary.


    The adversary does the following;

    a) Minimize the likelihood of detection and


    identification.
    b) Caries out intelligent operations.
    c) May not have enough budget for intelligence.
    Importance of risk management

    1. It allows us to determine the protection required for


    varied assets at the most reasonable cost.
    2. It provides the methodology of developing a plan for
    protection of assets. The plan identifies the assets, the
    threats, vulnerabilities and cost effective
    countermeasures.
    Cost Analysis

    1. Assess
    Assets

    5. Determine
    2. Assess Threats 4. Assess Risk Countermeasure Make RM Decision
    s

    3. Assess Vulnerability
    The above process will allow you to,
     
    1. Identify critical assets in need of protection.
    2. Assess various types of threats to critical assets.
    3. Determine site specific vulnerability related to a particular type of threat.
    4. Determine the consequences or ramifications of undesirable events upon
    continuing operations.
    5. Estimate relative risk levels associated with specific undesirable events.
    6. Identify specific risk mitigate activities and countermeasures that could
    be used to reduce the likelihood of an undesirable event.
    7. Analyze the costs and benefits of various risk mitigation strategies.
    8. Develop a communication strategy to present risk analysis results and
    countermeasures options or recommendations to senior management.
    Key terms.

    Risk management: The process of selecting and implementing security countermeasures


    to achieve an acceptable level of risk at an acceptable cos.
     
    Risks: The potential for damage or loss of an asset.

    Assets: Any person, facility, material, information or activity that has a positive value for
    its owners.

    Impact: The amount of loss or damage that can be expected.


    CONT.

    Threat: Any indication or event with the potential to cause the loss or damage to
    as assets.

    Adversary: An individual group organization that conducts activities that are


    detrimental to the owner and his assets.

    Vulnerability: Any weakness that can be exploited by an adversary to gain


    access to an asset.

    Risk Assessment: The process of evaluating the threats and vulnerabilities to an


    asset with a view to determining the probability of its occurrence and its impact in
    terms of money value.
    Categories of Assets.

    1. People.
    2. Facilities.
    3. Equipment and materials.
    4. Information.
    5. Activities and operations.
    Risk Management Process Flow.

    Step 1: Asset Assessment. Step 1 is where you identify


    the various assets and the loss impacts:

    1. Determine critical assets requiring protection.


    2. Identify undesirable events and expected impacts.
    3. Value/prioritize assets based on the consequences of
    loss.
    Step 2: Threat Assessment. Here we identify and characterize the
    threats.

    1. Identify the threat categories and adversaries.


    2. Assess the intent and motivation of unknown or suspected
    adversaries.
    3. Assess the capabilities of an adversary or threat.
    4. Determine the frequency of threat-related incidents based on
    historical data.
    5. Estimate the degree of threat relative to each critical asset.
    Step 3: Vulnerability Assessment. The identification and
    characterization of vulnerabilities.
     
    1. Identify potential vulnerabilities related to specific assets
    or understanding events.
    2. Identify existing countermeasures in place and their level
    of effectiveness in reducing vulnerabilities.
    3. Estimate the degree of vulnerability relative to each asset
    and threat.
    Step 4: To assess risk and determine your priorities for asset
    protection.

    1. Estimate the degree of impact relative to each critical asset.


    2. Estimate the likelihood of attack by a potential adversary/threat.
    3. Estimate the likelihood that a specific vulnerability will be
    exploited.
    4. Aggregate the degree of impact (asset value) with the likelihood of a
    successful attack (Threat X vulnerability) to determine your relative
    degree of risk.
    5. Prioritize the risks based on an integrated assessment.
    Step 5: Countermeasures Assessment. Identify countermeasures,
    costs and trade-offs, and select an appropriate protection strategy.
     

    1. Identify potential countermeasures to reduce


    vulnerabilities.
    2. Identify each countermeasures capability and effectiveness.
    3. Identify countermeasures costs.
    4. Conduct a countermeasures cost-benefit and trade-off
    analysis.
    5. Prioritize your options and prepare appropriate
    recommendations for the senior level management
    decision-maker.
    Assets

    People

    Activities

    Information

    Facilities

    equipment
    Critical Potential Undesirable Events Impact level
    Assets

    People Assault High Level


    Accident/Injury/Medical/Emerg
    ency

    Activities    

    Information    

    Facilities    

    Equipment    
    rt

    Critical Potential Undesirable Events Vulnerability Threat


    Description Level
    Assets

    People      

    Activities      

    Information      

    Facilities      

    Equipment      
    Undesirable Existing Related Countermeasures New Risk
    Events Risk Level Vulnerabilities Options Level

             
    Threat Assessment Chart

    Critical Potential Undesirable Events Threat Threat


    Assets Category/Adversary Level

    People      

    Activities      

    Information      

    Facilities      

    Equipment      
    Potential Undesirable Events Impact Threat Vuln. Overall Risk Acceptable
    Rating Rating Rating Rating

               

               

               

               

    You might also like