Risk Management Strategies in Organizational Security

Slide Note
Embed
Share

Exploring risk management in organizational security, this study guide delves into resiliency, automation strategies, policies, and procedures to reduce risk. It covers threat assessments, computing risk assessments, qualitative vs. quantitative risk measurements, and actions based on risk assessments like avoidance, transference, mitigation, and acceptance.

lillymai
lillymai Follow

Uploaded on Jul 31, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. CompTIA Security+ Study Guide (SY0-501) Chapter 1: Managing Risk

  2. Chapter 1: Managing Risk Explain how resiliency and automation strategies reduce risk Explain the importance of policies, plans, and procedures related to organizational security

  3. Threat Assessment Threats can be categorized as environmental, manmade, and internal vs. external Risk assessment (risk analysis) Risk assessment Deals with the threats, vulnerabilities, and impacts of a loss of information-processing capabilities or information itself Key components of risk assessment Risks to which the organization is exposed Risks that need addressing Coordination with BIA

  4. Computing Risk Assessment Methods of measurement Annualized rate of occurrence (ARO) Likelihood, often from historical data, of an event occurring within a year ARO can be used in conjunction with: Single loss expectancy (SLE) Annual loss expectancy (ALE) Formula: SLE x ARO = ALE

  5. Computing Risk Assessment Continued Risk assessment can be qualitative or quantitative Qualitative Opinion-based and subjective Quantitative Cost-based and objective

  6. Risk Measurements MTBF: Mean Time Between Failures MTTF: Mean Time To Failure MTTR: Mean Time To Restore RTO: Recovery Time Objective RPO: Recovery Point Objective

  7. Acting on Your Risk Assessment Risk avoidance Involves identifying a risk and making the decision to no longer engage in actions associated with that risk Risk transference Sharing some of the burden of the risk with someone else Risk mitigation Accomplished anytime steps are taken to reduce risk

  8. Acting on Your Risk Assessment Risk acceptance Often the choice you must make when the cost of implementing any of the other choices exceeds the value of the harm that would occur if the risk came to fruition

  9. Risks and Cloud Computing Cloud computing Using the Internet to host services and data instead of hosting it locally Three ways to implement cloud computing 1. Platform as a Service 2. Software as a Service 3. Infrastructure as a Service

  10. Risks and Cloud Computing Risk-related issues associated with cloud computing Regulatory compliance User privileges Data integration/segregation

  11. Risks Associated with Virtualization Breaking out of the virtual machine Network and security controls can intermingle Hypervisor: the virtual machine monitoring the software that allows the virtual machines to exist

  12. Developing Policies, Standards, and Guidelines Implementing policies Policies provide people in an organization with guidance about their expected behavior Well-written policies are clear and concise and outline the consequences when they are not followed

  13. Key Areas of a Good Policy Scope statement Outlines what the policy intends to accomplish and which documents, laws, and practices the policy addresses Policy overview statement Provides goal of the policy, why it s important, and how to comply with it Policy statement Should be as clear and unambiguous as possible Accountability statement Provides additional information to readers about who to contact if a problem is discovered Exception statement Provides specific guidance about the procedure or process that must be followed in order to deviate from the policy

  14. Chapter 1: Measuring and Weighing Risk Incorporating standards: five points 1. Scope and purpose 2. Roles and responsibilities 3. Reference documents 4. Performance criteria 5. Maintenance and administrative requirements

  15. Following Guidelines Guidelines Help an organization implement or maintain standards by providing information on how to accomplish policies and maintain standards Four Minimum Contents of Good Guidelines 1. Scope and purpose 2. Roles and responsibilities 3. Guideline statements 4. Operational considerations

  16. Business Policies Primary Areas of Concern Mandatory vacations Job rotation Separation of duties Clean desk Background checks Nondisclosure Onboarding Continuing education Exit interviews Role-based awareness

  17. Business Policies Primary Areas of Concern Continued Acceptable use policies (AUP) Adverse actions General security policies Network/application policies

  18. Chapter 1: Measuring and Weighing Risk False positives Events that aren t really incidents Risk management best practices Business impact analysis (BIA)

  19. Redundant Array of Independent Disks Redundant array of independent disks (RAID) A technology that uses multiple disks to provide fault tolerance Several designations for RAID levels RAID Level 0 RAID 0 is disk striping. RAID Level 1 RAID 1 is disk mirroring. RAID Level 3 RAID 3 is disk striping with a parity disk. RAID Level 5 RAID 5 is disk striping with parity

Related


Understanding Risk Management in Environmental Geography and Disaster Management

Understanding Risk Management in Environmental Geography and Disaster Management

duke
Comprehensive Overview of Security Risk Analysis and Management

Comprehensive Overview of Security Risk Analysis and Management

toula
Project Risk Management Fundamentals: A Comprehensive Overview

Project Risk Management Fundamentals: A Comprehensive Overview

franky
Comprehensive Guide to Data Security, Business Continuity, Risk Management, and Disaster Recovery

Comprehensive Guide to Data Security, Business Continuity, Risk Management, and Disaster Recovery

soleil
Certification and Training in Information Security

Certification and Training in Information Security

buck
Organizational Structure Overview of HSE and Security Functions

Organizational Structure Overview of HSE and Security Functions

achilles
Principles of Risk Management in Therapeutic Innovation

Principles of Risk Management in Therapeutic Innovation

luqman
TSA Security Guidelines and Risk Reduction Strategies

TSA Security Guidelines and Risk Reduction Strategies

flint
Introduction to Organizational Behavior: Management Theories and Practices

Introduction to Organizational Behavior: Management Theories and Practices

ferelith
Conflict Management Strategies in Organizational Behavior

Conflict Management Strategies in Organizational Behavior

hawwa
Organizational and Managerial Issues in Logistics

Organizational and Managerial Issues in Logistics

anthea
Citizen Security and Justice Programme: Case Management for Violence Prevention

Citizen Security and Justice Programme: Case Management for Violence Prevention

argo
AEP Enterprise Security Program Overview - June 2021 Update

AEP Enterprise Security Program Overview - June 2021 Update

aubriella
Comprehensive Overview of E-Commerce Application Development and Computer Security

Comprehensive Overview of E-Commerce Application Development and Computer Security

aqua
Financial Management and Fundraising for Organizational Sustainability

Financial Management and Fundraising for Organizational Sustainability

asriel
Understanding the Role of Security Champions in Organizations

Understanding the Role of Security Champions in Organizations

irvin
Understanding the Roles of a Security Partner

Understanding the Roles of a Security Partner

zaara
Comprehensive Overview of Information Security Risk Assessment

Comprehensive Overview of Information Security Risk Assessment

hereward
Understanding Agricultural Risk Management in the Face of Natural Disasters

Understanding Agricultural Risk Management in the Face of Natural Disasters

sven
National Industrial Security Program (NISP) Risk Management Framework (RMF): Cybersecurity Overview

National Industrial Security Program (NISP) Risk Management Framework (RMF): Cybersecurity Overview

fredrick
The Actuarial Association of Europe and Its Risk Management Committee

The Actuarial Association of Europe and Its Risk Management Committee

kaya
Introduction to Flood Risk Assessment with HEC-FDA Overview

Introduction to Flood Risk Assessment with HEC-FDA Overview

theia
Understanding Country Risk Analysis in International Business

Understanding Country Risk Analysis in International Business

aramis
Cybersecurity and Supply Chain Risk Management Best Practices

Cybersecurity and Supply Chain Risk Management Best Practices

crew

More Related Content

Comprehensive Overview of Market Risk Management Framework in Financial Institutions
Comprehensive Overview of Market Risk Management Framework in Financial Institutions
Operational Risk Assessment for Major Accident Control: Insights from IChemE Hazards 33 Conference
Operational Risk Assessment for Major Accident Control: Insights from IChemE Hazards 33 Conference
Insights into Organizational Culture and Effective Work Practices
Insights into Organizational Culture and Effective Work Practices
Understanding Organizational Development Interventions
Understanding Organizational Development Interventions
BCA 601(N): Computer Network Security
BCA 601(N): Computer Network Security
Understanding the Role of Managers in Organizational Management and External Environment
Understanding the Role of Managers in Organizational Management and External Environment
Fundamentals of Portfolio Management and Risk Aversion in Investing
Fundamentals of Portfolio Management and Risk Aversion in Investing
Understanding Information Security Policies for Effective Cybersecurity
Understanding Information Security Policies for Effective Cybersecurity
Overview of Performance Management Systems and Competency Mapping
Overview of Performance Management Systems and Competency Mapping
Insights on Enterprise Risk Management in the Non-Life Insurance Sector
Insights on Enterprise Risk Management in the Non-Life Insurance Sector
Cyber Security Toolkit for Boards: Comprehensive Briefings and Key Questions
Cyber Security Toolkit for Boards: Comprehensive Briefings and Key Questions
Currency Risk Management Strategies for Impact Investment Funds in Frontier Markets
Currency Risk Management Strategies for Impact Investment Funds in Frontier Markets
Corporate Risk Register Dashboard Reporting
Corporate Risk Register Dashboard Reporting
Enhancing Zoonotic Disease Risk Communication in Public Health Emergencies
Enhancing Zoonotic Disease Risk Communication in Public Health Emergencies
Understanding Probabilistic Risk Analysis: Assessing Risk and Uncertainties
Understanding Probabilistic Risk Analysis: Assessing Risk and Uncertainties
Understanding Management, Leadership, and Organizational Success
Understanding Management, Leadership, and Organizational Success
Overview of Industrial-Organizational Psychology in the Workplace
Overview of Industrial-Organizational Psychology in the Workplace
Understanding Operations Management and Organizational Functions
Understanding Operations Management and Organizational Functions
Understanding Risk Management and Insurance in Economic Context
Understanding Risk Management and Insurance in Economic Context
Organizational Structures and Strategies in the U.S. Department of Transportation
Organizational Structures and Strategies in the U.S. Department of Transportation
Understanding Risk Management Approaches and Disaster Preparedness
Understanding Risk Management Approaches and Disaster Preparedness
Falls Risk Assessment and Management Plan (FRAMP) Process Overview
Falls Risk Assessment and Management Plan (FRAMP) Process Overview
Stakeholders Networking for Multi-Risk and Climate Resilient Disaster Management in Slovakia
Stakeholders Networking for Multi-Risk and Climate Resilient Disaster Management in Slovakia
Enhancing Biosecurity in Barbados and the OECS: National Capacity for IAS Risk Assessments
Enhancing Biosecurity in Barbados and the OECS: National Capacity for IAS Risk Assessments