SlideShare uma empresa Scribd logo

Information Security Risk Management

Transferir como PPTX, PDF
Onur Yuksektepeli
Onur Yuksektepeli

Information Security Risk Management And Calculations.

NegóciosEconomia e finanças
1 de 15
Onur YÜKSEKTEPELİ Bilgi Güvenliği Danışmanı www.onuryuksektepeli.com twitter.com/oyuksektepeli facebook.com/onuryuksektepeli
Risk Analysis and Management Risk Management – Principles and Guidelines ISO 31000:2009
Unique Terms and Definitions Annualized Loss Expectancy - The Cost of loss due to a Risk over a year Threat – A Potentially negative occurence Vulnerability – A Weakness in a System Risk – A Matched Threat and Vulnerability Safeguard – A Measure taken to Reduce Risk Total Cost of Ownership – The Cost of a Safequard Return of Investment – Money Saved by deploying a Safeguard
What is Risk? Risk = Threat x Vulnerability
Example: Earthquake Disaster Risk Index San Francisco – Near the Pasicific Ocean Boston - Northeast San Francisco Threat, 4 San Francisco vulnerability, 2 San Francisco risk = 4 x 2 = 8 Boston Threat, 2 Boston Vulnerability, 4 Boston Risk = 2 x 4= 8 Rachel Davidson Earthquake Disaster Risk Index http://www.sciencedaily.com/releases/1997/08/970821233648.htm
IMPACT  Severity of the Damage Risk = Threat x Vulnerability x Impact Empty Building Risk = 2 (threat) x 4 (vulnerability) x 2 (impact) = 16 Full Building Risk = 2 (threat) x 4 (vulnerability) x 5 = 40
Risk Analysis Matrix
Calculating Annualized Loss Expectancy
Calculating Annualized Loss Expectancy ALE = Annual Cost of a loss due to risk Asset Value= Value of the asset you are trying to protect Stolen Computer Example: Hardware Cost = 2500$ Data Cost = 22.500$ Asset Value = 25000$ Asset Value  Market Approach  Income Approach  Cost Approach
Calculating Annualized Loss Expectancy  Exposure Factor The Percentage of value an asset lost due to an incident. Exposure Factor of Stolen Computer = %100 Singel Loss Expectancy (SLE) The Cost of a single loss. SLE = Asset Value (25000$) x Exposure Factor(%100) = 25000$  Annual Rate of Occurrence (ARO) Number of losses you suffer per year. ARO = 11 Annualized Loss Expectancy ALE = SLE (25000) x ARO (11) = 275000$
Total Cost of Ownership Total Cost of Ownership (TCO) is the total cost of a mitigating safequard. Total Cost of Ownership must contain; • One – Time capital expense • Annual Cost • Staff Hours • Ventor Maintenance fees • Software Subscriptions etc.
Total Cost of Ownership 1000 Laptops Software = $100/laptop = 100000$ Annual Support Fee = %10 Annually 10000$ 4000 Staff Hours $50 / hour $20 / hour $70/ hour x 4000 = 280000$ 3 Years Technology Refresh Cycle Software Cost = $100000 3 Years of Vendor Support = $10000 x 3 = $30000 Hourly Staff Cost = $280000 TCO for 3 Years = $410000 TCO per Year = $410000 / 3 = 136,667/year
Return of Investment The Amount of Money saved by implementing a safeguard. TCO < ALE – Postive ROI, Good Choice TCO > ALE – Negative ROI, Poor Choice TCO = $136,667 ALE = $275,000 After Encryption Implement Asset Value = $25000 - $22500 = 25000 Exposure Factor = %10 $275000 * %10 = $27,5000 By Making Investment You Save; Old ALE ($275,000) – New ALE ($27,500) = $247,500 Your ROI = $247,500 - $136,667 = $110,833
Risk Choice Accept the Risk Mitigate the Risk Transfer the Risk Risk Avoidance
Onur YÜKSEKTEPELİ Bilgi Güvenliği Danışmanı www.onuryuksektepeli.com twitter.com/oyuksektepeli facebook.com/onuryuksektepeli

Recomendados

Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Isms
IsmsIsms
Ismspenetration Tester
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 

Recomendados

Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Isms
IsmsIsms
Ismspenetration Tester
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsJack Nichelson
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management ProgramBeyondTrust
 
Bilgi Güvenliği Farkındalık Eğitimi Sunumu
Bilgi Güvenliği Farkındalık Eğitimi SunumuBilgi Güvenliği Farkındalık Eğitimi Sunumu
Bilgi Güvenliği Farkındalık Eğitimi SunumuBTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 
Ücretsiz Bilgi Güvenliği Farkındalık Eğitimi
Ücretsiz Bilgi Güvenliği Farkındalık EğitimiÜcretsiz Bilgi Güvenliği Farkındalık Eğitimi
Ücretsiz Bilgi Güvenliği Farkındalık EğitimiBGA Cyber Security
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
Ssdf nist
Ssdf nistSsdf nist
Ssdf nistNaveen Koyi
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Security Awareness &amp; Training
Security Awareness &amp; TrainingSecurity Awareness &amp; Training
Security Awareness &amp; Trainingnovemberchild
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30timmcguinness
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesGreenway Health
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDPranav Shah
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Risk Analysis.pptx
Risk Analysis.pptxRisk Analysis.pptx
Risk Analysis.pptxKarthick Panneerselvam
 
Cissp combined notes
Cissp combined notesCissp combined notes
Cissp combined notesJoshua Fonseca
 

Mais conteúdo relacionado

Mais procurados

Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsJack Nichelson
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management ProgramBeyondTrust
 
Ücretsiz Bilgi Güvenliği Farkındalık Eğitimi
Ücretsiz Bilgi Güvenliği Farkındalık EğitimiÜcretsiz Bilgi Güvenliği Farkındalık Eğitimi
Ücretsiz Bilgi Güvenliği Farkındalık EğitimiBGA Cyber Security
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
Security Awareness &amp; Training
Security Awareness &amp; TrainingSecurity Awareness &amp; Training
Security Awareness &amp; Trainingnovemberchild
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30timmcguinness
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesGreenway Health
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDPranav Shah
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 

Mais procurados (20)

Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security Metrics
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program
 
Bilgi Güvenliği Farkındalık Eğitimi Sunumu
Bilgi Güvenliği Farkındalık Eğitimi SunumuBilgi Güvenliği Farkındalık Eğitimi Sunumu
Bilgi Güvenliği Farkındalık Eğitimi Sunumu
 
Ücretsiz Bilgi Güvenliği Farkındalık Eğitimi
Ücretsiz Bilgi Güvenliği Farkındalık EğitimiÜcretsiz Bilgi Güvenliği Farkındalık Eğitimi
Ücretsiz Bilgi Güvenliği Farkındalık Eğitimi
 
Information security management
Information security managementInformation security management
Information security management
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
Ssdf nist
Ssdf nistSsdf nist
Ssdf nist
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
Security Awareness &amp; Training
Security Awareness &amp; TrainingSecurity Awareness &amp; Training
Security Awareness &amp; Training
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 

Semelhante a Information Security Risk Management

New offer: Climate Risk
New offer: Climate RiskNew offer: Climate Risk
New offer: Climate RiskEcoAct
 
Session B3 - Introduction to Project Cost and Schedule Risk Analysis
Session B3 - Introduction to Project Cost and Schedule Risk AnalysisSession B3 - Introduction to Project Cost and Schedule Risk Analysis
Session B3 - Introduction to Project Cost and Schedule Risk AnalysisProject Controls Expo
 
CHAPTER 1 Scopes of Industrial Safety Part 1 12 Feb 2020 3.pptx
CHAPTER 1 Scopes of Industrial Safety Part 1 12 Feb 2020 3.pptxCHAPTER 1 Scopes of Industrial Safety Part 1 12 Feb 2020 3.pptx
CHAPTER 1 Scopes of Industrial Safety Part 1 12 Feb 2020 3.pptxJALIMIEABDULJALIL
 
System shock analysis and complex network effects
System shock analysis and complex network effectsSystem shock analysis and complex network effects
System shock analysis and complex network effectsKimmo Soramaki
 
Session 01 _Risk Assessment Program for YSP_Introduction, Definitions and Sta...
Session 01 _Risk Assessment Program for YSP_Introduction, Definitions and Sta...Session 01 _Risk Assessment Program for YSP_Introduction, Definitions and Sta...
Session 01 _Risk Assessment Program for YSP_Introduction, Definitions and Sta...Muizz Anibire
 
Exploration & Production onshore and offshore: technical challenges and their...
Exploration & Production onshore and offshore: technical challenges and their...Exploration & Production onshore and offshore: technical challenges and their...
Exploration & Production onshore and offshore: technical challenges and their...ITE Oil&Gas
 
Assessing & measuring operational risk
Assessing & measuring operational riskAssessing & measuring operational risk
Assessing & measuring operational riskUjjwal 'Shanu'
 
Assessing measuring oprisksama-khan011805
Assessing measuring oprisksama-khan011805Assessing measuring oprisksama-khan011805
Assessing measuring oprisksama-khan011805Ujjwal 'Shanu'
 
IHST Safety Resources for Helicopter Pilots and Operators
IHST Safety Resources for Helicopter Pilots and OperatorsIHST Safety Resources for Helicopter Pilots and Operators
IHST Safety Resources for Helicopter Pilots and OperatorsIHSTFAA
 
Risk Concept And Management 5
Risk Concept And Management 5Risk Concept And Management 5
Risk Concept And Management 5rajeevgupta
 
1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 
International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...
International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...
International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...APNIC
 
Business cases for software security
Business cases for software securityBusiness cases for software security
Business cases for software securityMarco Morana
 
2019 FRSecure CISSP Mentor Program: Class Three
2019 FRSecure CISSP Mentor Program: Class Three 2019 FRSecure CISSP Mentor Program: Class Three
2019 FRSecure CISSP Mentor Program: Class Three FRSecure
 

Semelhante a Information Security Risk Management (20)

Risk Analysis.pptx
Risk Analysis.pptxRisk Analysis.pptx
Risk Analysis.pptx
 
Cissp combined notes
Cissp combined notesCissp combined notes
Cissp combined notes
 
New offer: Climate Risk
New offer: Climate RiskNew offer: Climate Risk
New offer: Climate Risk
 
Improving Risk Assessment Techniques by Richard Robinson
Improving Risk Assessment Techniques by Richard Robinson Improving Risk Assessment Techniques by Richard Robinson
Improving Risk Assessment Techniques by Richard Robinson
 
RISK MANAGEMENT
RISK MANAGEMENTRISK MANAGEMENT
RISK MANAGEMENT
 
Session B3 - Introduction to Project Cost and Schedule Risk Analysis
Session B3 - Introduction to Project Cost and Schedule Risk AnalysisSession B3 - Introduction to Project Cost and Schedule Risk Analysis
Session B3 - Introduction to Project Cost and Schedule Risk Analysis
 
CHAPTER 1 Scopes of Industrial Safety Part 1 12 Feb 2020 3.pptx
CHAPTER 1 Scopes of Industrial Safety Part 1 12 Feb 2020 3.pptxCHAPTER 1 Scopes of Industrial Safety Part 1 12 Feb 2020 3.pptx
CHAPTER 1 Scopes of Industrial Safety Part 1 12 Feb 2020 3.pptx
 
System shock analysis and complex network effects
System shock analysis and complex network effectsSystem shock analysis and complex network effects
System shock analysis and complex network effects
 
Session 01 _Risk Assessment Program for YSP_Introduction, Definitions and Sta...
Session 01 _Risk Assessment Program for YSP_Introduction, Definitions and Sta...Session 01 _Risk Assessment Program for YSP_Introduction, Definitions and Sta...
Session 01 _Risk Assessment Program for YSP_Introduction, Definitions and Sta...
 
Exploration & Production onshore and offshore: technical challenges and their...
Exploration & Production onshore and offshore: technical challenges and their...Exploration & Production onshore and offshore: technical challenges and their...
Exploration & Production onshore and offshore: technical challenges and their...
 
Assessing & measuring operational risk
Assessing & measuring operational riskAssessing & measuring operational risk
Assessing & measuring operational risk
 
Assessing measuring oprisksama-khan011805
Assessing measuring oprisksama-khan011805Assessing measuring oprisksama-khan011805
Assessing measuring oprisksama-khan011805
 
IHST Safety Resources for Helicopter Pilots and Operators
IHST Safety Resources for Helicopter Pilots and OperatorsIHST Safety Resources for Helicopter Pilots and Operators
IHST Safety Resources for Helicopter Pilots and Operators
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Risk Concept And Management 5
Risk Concept And Management 5Risk Concept And Management 5
Risk Concept And Management 5
 
COSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORECOSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORE
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
 
International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...
International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...
International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...
 
Business cases for software security
Business cases for software securityBusiness cases for software security
Business cases for software security
 
2019 FRSecure CISSP Mentor Program: Class Three
2019 FRSecure CISSP Mentor Program: Class Three 2019 FRSecure CISSP Mentor Program: Class Three
2019 FRSecure CISSP Mentor Program: Class Three
 

Último

Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Sheetaleventcompany
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...lizamodels9
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...rajveerescorts2022
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noidadlhescort
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptP&CO
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLkapoorjyoti4444
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentationuneakwhite
 

Último (20)

Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 

Information Security Risk Management

  • 1. Onur YÜKSEKTEPELİ Bilgi Güvenliği Danışmanı www.onuryuksektepeli.com twitter.com/oyuksektepeli facebook.com/onuryuksektepeli
  • 2. Risk Analysis and Management Risk Management – Principles and Guidelines ISO 31000:2009
  • 3. Unique Terms and Definitions Annualized Loss Expectancy - The Cost of loss due to a Risk over a year Threat – A Potentially negative occurence Vulnerability – A Weakness in a System Risk – A Matched Threat and Vulnerability Safeguard – A Measure taken to Reduce Risk Total Cost of Ownership – The Cost of a Safequard Return of Investment – Money Saved by deploying a Safeguard
  • 4. What is Risk? Risk = Threat x Vulnerability
  • 5. Example: Earthquake Disaster Risk Index San Francisco – Near the Pasicific Ocean Boston - Northeast San Francisco Threat, 4 San Francisco vulnerability, 2 San Francisco risk = 4 x 2 = 8 Boston Threat, 2 Boston Vulnerability, 4 Boston Risk = 2 x 4= 8 Rachel Davidson Earthquake Disaster Risk Index http://www.sciencedaily.com/releases/1997/08/970821233648.htm
  • 6. IMPACT  Severity of the Damage Risk = Threat x Vulnerability x Impact Empty Building Risk = 2 (threat) x 4 (vulnerability) x 2 (impact) = 16 Full Building Risk = 2 (threat) x 4 (vulnerability) x 5 = 40
  • 9. Calculating Annualized Loss Expectancy ALE = Annual Cost of a loss due to risk Asset Value= Value of the asset you are trying to protect Stolen Computer Example: Hardware Cost = 2500$ Data Cost = 22.500$ Asset Value = 25000$ Asset Value  Market Approach  Income Approach  Cost Approach
  • 10. Calculating Annualized Loss Expectancy  Exposure Factor The Percentage of value an asset lost due to an incident. Exposure Factor of Stolen Computer = %100 Singel Loss Expectancy (SLE) The Cost of a single loss. SLE = Asset Value (25000$) x Exposure Factor(%100) = 25000$  Annual Rate of Occurrence (ARO) Number of losses you suffer per year. ARO = 11 Annualized Loss Expectancy ALE = SLE (25000) x ARO (11) = 275000$
  • 11. Total Cost of Ownership Total Cost of Ownership (TCO) is the total cost of a mitigating safequard. Total Cost of Ownership must contain; • One – Time capital expense • Annual Cost • Staff Hours • Ventor Maintenance fees • Software Subscriptions etc.
  • 12. Total Cost of Ownership 1000 Laptops Software = $100/laptop = 100000$ Annual Support Fee = %10 Annually 10000$ 4000 Staff Hours $50 / hour $20 / hour $70/ hour x 4000 = 280000$ 3 Years Technology Refresh Cycle Software Cost = $100000 3 Years of Vendor Support = $10000 x 3 = $30000 Hourly Staff Cost = $280000 TCO for 3 Years = $410000 TCO per Year = $410000 / 3 = 136,667/year
  • 13. Return of Investment The Amount of Money saved by implementing a safeguard. TCO < ALE – Postive ROI, Good Choice TCO > ALE – Negative ROI, Poor Choice TCO = $136,667 ALE = $275,000 After Encryption Implement Asset Value = $25000 - $22500 = 25000 Exposure Factor = %10 $275000 * %10 = $27,5000 By Making Investment You Save; Old ALE ($275,000) – New ALE ($27,500) = $247,500 Your ROI = $247,500 - $136,667 = $110,833
  • 14. Risk Choice Accept the Risk Mitigate the Risk Transfer the Risk Risk Avoidance
  • 15. Onur YÜKSEKTEPELİ Bilgi Güvenliği Danışmanı www.onuryuksektepeli.com twitter.com/oyuksektepeli facebook.com/onuryuksektepeli