Information risk management

A
Akash Saraswat
iFour ConsultancyInformation Risk Management - The Basics
What is Risk Management? The total process of identifying, controlling, and minimizing information system related risks to a level commensurate with the value of the assets protected The goal of a risk management program is to protect the organization and its ability to perform its mission from IT-related risk Software company in India
What is Risk? Risk is a function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. Software company in India
Information security Risks Theft of personal data Information leakage, extraction or loss of valuable private information Social engineering Environmental disasters Poor information security studies, assessments Deception including frauds Endangerment Unauthorized exploitation of intellectual property Software company in India
Threat: The potential for a threat source to exercise (accidentally trigger or intentionally exploit) a specific vulnerability. Vulnerability is a weakness which allows an attacker to reduce a system's information assurance. What is a Threat? Software company in India
Examples of Threats Imposition of legal and regulatory obligations Organized crime or terrorist groups Cyber-criminals, Malware authors Negligent staff Acts of nature i.e. storms, tornados, floods Accidental disclosure, intentional alteration of data Unethical competitors Unauthorized access to or modification or disclosure of information assets Software company in India
Some common Vulnerabilities Software bugs and design flaws Complexity in IT Inadequate investment in appropriate information security controls Insufficient attention to human factors in system design and implementation Unwarranted confidence Poor or missing governance Frequent change in the business Inadequate contingency planning Legacy systems Bugs in microprocessor designs and microcode Lack of will, concern and ability to impress the need for information security Software company in India
Unanimous core security Practices Security Responsibility Risk Management Risk Assessment Network Security Security Awareness Training Incident Management Software company in India
Need for Security Risk Assessment Checks and Balances Periodic Review Risk based spending Requirement Software company in India
Secondary benefits Transfer of knowledge from security assessment team to the organization’s staff Increased communications regarding security among business units Increased security awareness within the organization Results of security risk assessment may be used as a measure of security posture& compared to previous and future results Software company in India
Thank You Software company in India
1 de 11

Information risk management

Baixar para ler offline
TecnologiaNegócios

The presentation is about information risk management. It covers information threats, risks, vulnerabilities and importance of risk assessment for information security for software companies in India. http://www.ifour-consultancy.com

A
Akash Saraswat

Recomendados

Information Security Risk Management por
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
8.9K visualizações18 slides
1. Security and Risk Management por
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
1.4K visualizações167 slides
Steps in it audit por
Steps in it auditSteps in it audit
Steps in it auditkinjalmkothari92
9.8K visualizações22 slides
NIST Cybersecurity Framework 101 por
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
4.8K visualizações28 slides
CISA Domain 1 - IS Auditing (day 1) por
CISA Domain 1 - IS Auditing (day 1)CISA Domain 1 - IS Auditing (day 1)
CISA Domain 1 - IS Auditing (day 1)Cyril Soeri
5.1K visualizações46 slides
Information Security Governance and Strategy - 3 por
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
3.6K visualizações35 slides

Mais conteúdo relacionado

Mais procurados

IT System & Security Audit por
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
1.8K visualizações29 slides
Information Security Risk Management por
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementNikhil Soni
274 visualizações27 slides
Security risk management por
Security risk managementSecurity risk management
Security risk managementG Prachi
7K visualizações61 slides
Advanced Cybersecurity Risk Management: How to successfully address your Cybe... por
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
2.4K visualizações46 slides
Chapter 11: Information Security Incident Management por
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementNada G.Youssef
2K visualizações15 slides
Mastering Information Technology Risk Management por
Mastering Information Technology Risk ManagementMastering Information Technology Risk Management
Mastering Information Technology Risk ManagementGoutama Bachtiar
9.9K visualizações114 slides

Mais procurados(20)

IT System & Security Audit por Mufaddal Nullwala
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala1.8K visualizações
Information Security Risk Management por Nikhil Soni
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
Nikhil Soni274 visualizações
Security risk management por G Prachi
Security risk managementSecurity risk management
Security risk management
G Prachi7K visualizações
Advanced Cybersecurity Risk Management: How to successfully address your Cybe... por PECB
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
PECB 2.4K visualizações
Chapter 11: Information Security Incident Management por Nada G.Youssef
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
Nada G.Youssef2K visualizações
Mastering Information Technology Risk Management por Goutama Bachtiar
Mastering Information Technology Risk ManagementMastering Information Technology Risk Management
Mastering Information Technology Risk Management
Goutama Bachtiar9.9K visualizações
CISA Training - Chapter 1 - 2016 por Hafiz Sheikh Adnan Ahmed
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016
Hafiz Sheikh Adnan Ahmed13.8K visualizações
Information security management por UMaine
Information security managementInformation security management
Information security management
UMaine18.5K visualizações
NIST CyberSecurity Framework: An Overview por Tandhy Simanjuntak
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak49.7K visualizações
Information System Security(lecture 1) por Ali Habeeb
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
Ali Habeeb8.6K visualizações
How to assess and manage cyber risk por Stephen Cobb
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
Stephen Cobb1.7K visualizações
Computer security overview por CAS
Computer security overviewComputer security overview
Computer security overview
CAS12.9K visualizações
CISA Training - Chapter 4 - 2016 por Hafiz Sheikh Adnan Ahmed
CISA Training - Chapter 4 - 2016CISA Training - Chapter 4 - 2016
CISA Training - Chapter 4 - 2016
Hafiz Sheikh Adnan Ahmed3.7K visualizações
Network security (vulnerabilities, threats, and attacks) por Fabiha Shahzad
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad11.9K visualizações
Information Security Awareness And Training Business Case For Web Based Solut... por Michael Kaishar, MSIA | CISSP
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
Michael Kaishar, MSIA | CISSP2.6K visualizações
Domain 6 - Security Assessment and Testing por Maganathin Veeraragaloo
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and Testing
Maganathin Veeraragaloo1.6K visualizações
Types of Threat Actors and Attack Vectors por LearningwithRayYT
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
LearningwithRayYT336 visualizações
Cybersecurity Roadmap Development for Executives por Krist Davood - Principal - CIO
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO1.3K visualizações
Application Security | Application Security Tutorial | Cyber Security Certifi... por Edureka!
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!2K visualizações
ISO 27005 Risk Assessment por Smart Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
Smart Assessment31.2K visualizações

Destaque

Information systems risk assessment frame workisraf 130215042410-phpapp01 por
Information systems risk assessment frame workisraf 130215042410-phpapp01Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01S Periyakaruppan CISM,ISO31000,C-EH,ITILF
3.4K visualizações23 slides
A Method for Evaluating End-User Development Technologies por
A Method for Evaluating End-User Development TechnologiesA Method for Evaluating End-User Development Technologies
A Method for Evaluating End-User Development TechnologiesClaudia Melo
936 visualizações21 slides
Make or Buy por
Make or BuyMake or Buy
Make or BuyTAUS - The Language Data Network
5.2K visualizações15 slides
Outsource por
OutsourceOutsource
Outsourcevvmenon22
2.7K visualizações20 slides
A Practical Approach to Managing Information System Risk por
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Riskamiable_indian
1.7K visualizações21 slides
Make or buy diagram por
Make or buy diagramMake or buy diagram
Make or buy diagramhttp://www.drawpack.com
7.3K visualizações2 slides

Destaque(20)

Information systems risk assessment frame workisraf 130215042410-phpapp01 por S Periyakaruppan CISM,ISO31000,C-EH,ITILF
Information systems risk assessment frame workisraf 130215042410-phpapp01Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01
S Periyakaruppan CISM,ISO31000,C-EH,ITILF3.4K visualizações
A Method for Evaluating End-User Development Technologies por Claudia Melo
A Method for Evaluating End-User Development TechnologiesA Method for Evaluating End-User Development Technologies
A Method for Evaluating End-User Development Technologies
Claudia Melo936 visualizações
Make or Buy por TAUS - The Language Data Network
Make or BuyMake or Buy
Make or Buy
TAUS - The Language Data Network5.2K visualizações
Outsource por vvmenon22
OutsourceOutsource
Outsource
vvmenon222.7K visualizações
A Practical Approach to Managing Information System Risk por amiable_indian
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Risk
amiable_indian1.7K visualizações
Make or buy diagram por http://www.drawpack.com
Make or buy diagramMake or buy diagram
Make or buy diagram
http://www.drawpack.com7.3K visualizações
Outsourcing por Jigar mehta
OutsourcingOutsourcing
Outsourcing
Jigar mehta24K visualizações
Strategic information system management por Pragnya Sahoo
Strategic information system managementStrategic information system management
Strategic information system management
Pragnya Sahoo6.7K visualizações
System Security Threats and Risks) por BPalmer13
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
BPalmer133.2K visualizações
Supply Chain Management por Anupam Basu
Supply Chain ManagementSupply Chain Management
Supply Chain Management
Anupam Basu29.1K visualizações
Challenge of Outsourcing por Nascenia IT
Challenge of OutsourcingChallenge of Outsourcing
Challenge of Outsourcing
Nascenia IT10.5K visualizações
Characterization of strategic information systems por Suresh Kumar
Characterization of strategic information systemsCharacterization of strategic information systems
Characterization of strategic information systems
Suresh Kumar8.9K visualizações
End user development por gavhays
End user developmentEnd user development
End user development
gavhays10.1K visualizações
Make or buy, insourcingoutsourcing por Ankit
Make or buy, insourcingoutsourcingMake or buy, insourcingoutsourcing
Make or buy, insourcingoutsourcing
Ankit 21K visualizações
Chapter 6 Information System-Critical Success Factor por Sanat Maharjan
Chapter 6 Information System-Critical Success FactorChapter 6 Information System-Critical Success Factor
Chapter 6 Information System-Critical Success Factor
Sanat Maharjan23.6K visualizações
End user development por sanmittra bhatkar
End user developmentEnd user development
End user development
sanmittra bhatkar12.3K visualizações
Strategic information system por Megha_pareek
Strategic information system Strategic information system
Strategic information system
Megha_pareek10.1K visualizações
Outsourcing Ppt 1 por Anand Raj Singh
Outsourcing Ppt 1Outsourcing Ppt 1
Outsourcing Ppt 1
Anand Raj Singh29K visualizações
Computer Security and Risks por Miguel Rebollo
Computer Security and RisksComputer Security and Risks
Computer Security and Risks
Miguel Rebollo33.5K visualizações
Information system and security control por Cheng Olayvar
Information system and security controlInformation system and security control
Information system and security control
Cheng Olayvar5.9K visualizações

Similar a Information risk management

Challenges in implementating cyber security por
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber securityInderjeet Singh
1.1K visualizações47 slides
Mis 1 por
Mis 1Mis 1
Mis 1Rohit Garg
363 visualizações5 slides
Running Head VULNERABILITY ASSESSMENT SUMMARY REPORT 1VULNER por
Running Head VULNERABILITY ASSESSMENT SUMMARY REPORT 1VULNERRunning Head VULNERABILITY ASSESSMENT SUMMARY REPORT 1VULNER
Running Head VULNERABILITY ASSESSMENT SUMMARY REPORT 1VULNERMalikPinckney86
2 visualizações29 slides
Ethical hacking a licence to hack por
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackamrutharam
1.5K visualizações25 slides
Ch07 Managing Risk por
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Riskphanleson
250 visualizações22 slides
Ethicalhackingalicencetohack 120223062548-phpapp01 por
Ethicalhackingalicencetohack 120223062548-phpapp01Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01rajkumar jonuboyena
133 visualizações25 slides

Similar a Information risk management(20)

Challenges in implementating cyber security por Inderjeet Singh
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
Inderjeet Singh1.1K visualizações
Mis 1 por Rohit Garg
Mis 1Mis 1
Mis 1
Rohit Garg363 visualizações
Running Head VULNERABILITY ASSESSMENT SUMMARY REPORT 1VULNER por MalikPinckney86
Running Head VULNERABILITY ASSESSMENT SUMMARY REPORT 1VULNERRunning Head VULNERABILITY ASSESSMENT SUMMARY REPORT 1VULNER
Running Head VULNERABILITY ASSESSMENT SUMMARY REPORT 1VULNER
MalikPinckney862 visualizações
Ethical hacking a licence to hack por amrutharam
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
amrutharam1.5K visualizações
Ch07 Managing Risk por phanleson
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Risk
phanleson250 visualizações
Ethicalhackingalicencetohack 120223062548-phpapp01 por rajkumar jonuboyena
Ethicalhackingalicencetohack 120223062548-phpapp01Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01
rajkumar jonuboyena133 visualizações
It risk assessment por Happiest Minds Technologies
It risk assessmentIt risk assessment
It risk assessment
Happiest Minds Technologies293 visualizações
Information security por William Moore
Information securityInformation security
Information security
William Moore173 visualizações
Risk assessment por kajal kumari
Risk assessmentRisk assessment
Risk assessment
kajal kumari79 visualizações
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx por jeanettehully
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
jeanettehully5 visualizações
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx por todd521
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
todd5214 visualizações
reply to the below discussions with 250 words1)  Informa.docx por chris293
reply to the below discussions with 250 words1)  Informa.docxreply to the below discussions with 250 words1)  Informa.docx
reply to the below discussions with 250 words1)  Informa.docx
chris2935 visualizações
Defense In Depth Using NIST 800-30 por Kevin M. Moker, CFE, CISSP, ISSMP, CISM
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
Kevin M. Moker, CFE, CISSP, ISSMP, CISM3.7K visualizações
Cyber Threat Landscape- Security Posture - ver 1.0 por Satyanandan Atyam
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0
Satyanandan Atyam230 visualizações
Isa Prog Need L por R_Yanus
Isa Prog Need LIsa Prog Need L
Isa Prog Need L
R_Yanus451 visualizações
Convergence innovative integration of security por ciso_insights
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
ciso_insights623 visualizações
Improving New Technology Systems From Cyber Criminals por Jessica Reed
Improving New Technology Systems From Cyber CriminalsImproving New Technology Systems From Cyber Criminals
Improving New Technology Systems From Cyber Criminals
Jessica Reed2 visualizações
Nonprofit Cybersecurity Readiness - Community IT Innovators Webinar por Community IT Innovators
Nonprofit Cybersecurity Readiness - Community IT Innovators WebinarNonprofit Cybersecurity Readiness - Community IT Innovators Webinar
Nonprofit Cybersecurity Readiness - Community IT Innovators Webinar
Community IT Innovators382 visualizações
Application security testing an integrated approach por Idexcel Technologies
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
Idexcel Technologies1K visualizações
Infopercept_Technology_Risk_Review por anjali bhalgama
Infopercept_Technology_Risk_ReviewInfopercept_Technology_Risk_Review
Infopercept_Technology_Risk_Review
anjali bhalgama126 visualizações

Último

"Running students' code in isolation. The hard way", Yurii Holiuk por
"Running students' code in isolation. The hard way", Yurii Holiuk "Running students' code in isolation. The hard way", Yurii Holiuk
"Running students' code in isolation. The hard way", Yurii Holiuk Fwdays
17 visualizações34 slides
Info Session November 2023.pdf por
Info Session November 2023.pdfInfo Session November 2023.pdf
Info Session November 2023.pdfAleksandraKoprivica4
13 visualizações15 slides
Network Source of Truth and Infrastructure as Code revisited por
Network Source of Truth and Infrastructure as Code revisitedNetwork Source of Truth and Infrastructure as Code revisited
Network Source of Truth and Infrastructure as Code revisitedNetwork Automation Forum
27 visualizações45 slides
Voice Logger - Telephony Integration Solution at Aegis por
Voice Logger - Telephony Integration Solution at AegisVoice Logger - Telephony Integration Solution at Aegis
Voice Logger - Telephony Integration Solution at AegisNirmal Sharma
39 visualizações1 slide
Kyo - Functional Scala 2023.pdf por
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdfFlavio W. Brasil
400 visualizações92 slides
PharoJS - Zürich Smalltalk Group Meetup November 2023 por
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023Noury Bouraqadi
132 visualizações17 slides

Último(20)

"Running students' code in isolation. The hard way", Yurii Holiuk por Fwdays
"Running students' code in isolation. The hard way", Yurii Holiuk "Running students' code in isolation. The hard way", Yurii Holiuk
"Running students' code in isolation. The hard way", Yurii Holiuk
Fwdays17 visualizações
Info Session November 2023.pdf por AleksandraKoprivica4
Info Session November 2023.pdfInfo Session November 2023.pdf
Info Session November 2023.pdf
AleksandraKoprivica413 visualizações
Network Source of Truth and Infrastructure as Code revisited por Network Automation Forum
Network Source of Truth and Infrastructure as Code revisitedNetwork Source of Truth and Infrastructure as Code revisited
Network Source of Truth and Infrastructure as Code revisited
Network Automation Forum27 visualizações
Voice Logger - Telephony Integration Solution at Aegis por Nirmal Sharma
Voice Logger - Telephony Integration Solution at AegisVoice Logger - Telephony Integration Solution at Aegis
Voice Logger - Telephony Integration Solution at Aegis
Nirmal Sharma39 visualizações
Kyo - Functional Scala 2023.pdf por Flavio W. Brasil
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdf
Flavio W. Brasil400 visualizações
PharoJS - Zürich Smalltalk Group Meetup November 2023 por Noury Bouraqadi
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023
Noury Bouraqadi132 visualizações
STKI Israeli Market Study 2023 corrected forecast 2023_24 v3.pdf por Dr. Jimmy Schwarzkopf
STKI Israeli Market Study 2023 corrected forecast 2023_24 v3.pdfSTKI Israeli Market Study 2023 corrected forecast 2023_24 v3.pdf
STKI Israeli Market Study 2023 corrected forecast 2023_24 v3.pdf
Dr. Jimmy Schwarzkopf20 visualizações
Microsoft Power Platform.pptx por Uni Systems S.M.S.A.
Microsoft Power Platform.pptxMicrosoft Power Platform.pptx
Microsoft Power Platform.pptx
Uni Systems S.M.S.A.53 visualizações
Serverless computing with Google Cloud (2023-24) por wesley chun
Serverless computing with Google Cloud (2023-24)Serverless computing with Google Cloud (2023-24)
Serverless computing with Google Cloud (2023-24)
wesley chun11 visualizações
virtual reality.pptx por G036GaikwadSnehal
virtual reality.pptxvirtual reality.pptx
virtual reality.pptx
G036GaikwadSnehal14 visualizações
NET Conf 2023 Recap por Lee Richardson
NET Conf 2023 RecapNET Conf 2023 Recap
NET Conf 2023 Recap
Lee Richardson10 visualizações
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f... por TrustArc
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc11 visualizações
Business Analyst Series 2023 - Week 3 Session 5 por DianaGray10
Business Analyst Series 2023 - Week 3 Session 5Business Analyst Series 2023 - Week 3 Session 5
Business Analyst Series 2023 - Week 3 Session 5
DianaGray10300 visualizações
STPI OctaNE CoE Brochure.pdf por madhurjyapb
STPI OctaNE CoE Brochure.pdfSTPI OctaNE CoE Brochure.pdf
STPI OctaNE CoE Brochure.pdf
madhurjyapb14 visualizações
Five Things You SHOULD Know About Postman por Postman
Five Things You SHOULD Know About PostmanFive Things You SHOULD Know About Postman
Five Things You SHOULD Know About Postman
Postman36 visualizações
Unit 1_Lecture 2_Physical Design of IoT.pdf por StephenTec
Unit 1_Lecture 2_Physical Design of IoT.pdfUnit 1_Lecture 2_Physical Design of IoT.pdf
Unit 1_Lecture 2_Physical Design of IoT.pdf
StephenTec12 visualizações
MVP and prioritization.pdf por rahuldharwal141
MVP and prioritization.pdfMVP and prioritization.pdf
MVP and prioritization.pdf
rahuldharwal14131 visualizações
6g - REPORT.pdf por Liveplex
6g - REPORT.pdf6g - REPORT.pdf
6g - REPORT.pdf
Liveplex10 visualizações
Ransomware is Knocking your Door_Final.pdf por Security Bootcamp
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
Security Bootcamp59 visualizações
Zero to Automated in Under a Year por Network Automation Forum
Zero to Automated in Under a YearZero to Automated in Under a Year
Zero to Automated in Under a Year
Network Automation Forum15 visualizações

Information risk management

  • 1. iFour ConsultancyInformation Risk Management - The Basics
  • 2. What is Risk Management? The total process of identifying, controlling, and minimizing information system related risks to a level commensurate with the value of the assets protected The goal of a risk management program is to protect the organization and its ability to perform its mission from IT-related risk Software company in India
  • 3. What is Risk? Risk is a function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. Software company in India
  • 4. Information security Risks Theft of personal data Information leakage, extraction or loss of valuable private information Social engineering Environmental disasters Poor information security studies, assessments Deception including frauds Endangerment Unauthorized exploitation of intellectual property Software company in India
  • 5. Threat: The potential for a threat source to exercise (accidentally trigger or intentionally exploit) a specific vulnerability. Vulnerability is a weakness which allows an attacker to reduce a system's information assurance. What is a Threat? Software company in India
  • 6. Examples of Threats Imposition of legal and regulatory obligations Organized crime or terrorist groups Cyber-criminals, Malware authors Negligent staff Acts of nature i.e. storms, tornados, floods Accidental disclosure, intentional alteration of data Unethical competitors Unauthorized access to or modification or disclosure of information assets Software company in India
  • 7. Some common Vulnerabilities Software bugs and design flaws Complexity in IT Inadequate investment in appropriate information security controls Insufficient attention to human factors in system design and implementation Unwarranted confidence Poor or missing governance Frequent change in the business Inadequate contingency planning Legacy systems Bugs in microprocessor designs and microcode Lack of will, concern and ability to impress the need for information security Software company in India
  • 8. Unanimous core security Practices Security Responsibility Risk Management Risk Assessment Network Security Security Awareness Training Incident Management Software company in India
  • 9. Need for Security Risk Assessment Checks and Balances Periodic Review Risk based spending Requirement Software company in India
  • 10. Secondary benefits Transfer of knowledge from security assessment team to the organization’s staff Increased communications regarding security among business units Increased security awareness within the organization Results of security risk assessment may be used as a measure of security posture& compared to previous and future results Software company in India

Notas do Editor

  1. Software development company India – http://www.ifour-consultancy.com
  2. Software development company India – http://www.ifour-consultancy.com
  3. Software development company India – http://www.ifour-consultancy.com
  4. Software development company India – http://www.ifour-consultancy.com
  5. Software development company India – http://www.ifour-consultancy.com
  6. Software development company India – http://www.ifour-consultancy.com
  7. Software development company India – http://www.ifour-consultancy.com
  8. Software development company India – http://www.ifour-consultancy.com
  9. Software development company India – http://www.ifour-consultancy.com
  10. Software development company India – http://www.ifour-consultancy.com
  11. Software development company India – http://www.ifour-consultancy.com