Professional Documents
Culture Documents
Data Analysis
Data Analysis
ASSESSMENT
Ayan Ghosh
Information Science (PG) Department
Data Analysis
● Introduction
● Compiling Observations from Organizational Risk Documents
● Preparation of Threat and Vulnerability Catalogs
● Overview of the System Risk Computation
● Designing the Impact Analysis Scheme
● Designing the Control Analysis Scheme
● Designing the Likelihood Analysis Scheme
● Putting it Together and the Final Risk Score
COMPILING OBSERVATIONS FROM DOCUMENTS
● Threat—This was obtained via the threat catalog. Threat catalogs such as those
from BITS, ISO27001, and NIST SP800-30 were used to build an initial list.
● Vulnerability—This was obtained by building a given vulnerability catalog
based on sources such as interviews, assessments, and audits identifying
potential issues and weaknesses in various controls in the organization. The
threat plus the vulnerability give us a threat and vulnerability pair which was
structured into a table.
● Impact Score—This was obtained by considering the potential impact of
the threat to the confidentiality, integrity, and availability of the system by
assigning scores for each of them. The category with the highest impact
became the impact score for the threat and vulnerability pair.
● Likelihood Score—This was obtained by assigning scores for the exposure ,
RISK= IMPACT × LIKELIHOOD
frequency, and control for each of the threat and vulnerability pairs.
Putting it all together