Security Risk Management Overview

Uploaded by

hosen15-3834

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

14 views11 pages

Security Risk Management Overview

Uploaded by

hosen15-3834

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

Security Risk

Management – Part 1
Lecture 4
What is Risk Management (RM)
Risk management in information security refers to the process of identifying, assessing, and
mitigating risks to information assets and systems. It involves systematically analyzing
potential threats, vulnerabilities, and the impact of potential incidents, and implementing
measures to reduce risks to an acceptable level.
Basic Concepts

What is Risk?
In short Risk is the potential for loss, damage or destruction of assets or data.

What is RM Purpose?
To identify potential problems before they occur and to ensure the desired
business outcomes are achieved

What is Risk level?

levels are used for risk assessment
Identification of Assets
The asset is valued in terms of the impact of total loss of the asset in terms of confidentiality,
integrity and availability.

Criticality Risk Description & Necessary Actions Key

Ratings

High The loss of Confidentiality (C), Integrity (I), or Availability (A) could be H
expected to have a severe or catastrophic adverse effect on organizational
operations, organizational assets or individuals.
Medium The loss of confidentiality, integrity, or availability could be expected to M
have a serious adverse effect on organizational operations, organizational
assets or individuals.
Low The loss of confidentiality, integrity, or availability could be expected to L
have a limited adverse effect on organizational operations, organizational
assets or individuals.
Example: List of Identified Assets

DIU Asset List For Risk Management

SL Asset Particulars Criticality Location

1. DIU Core Teachers App H Cloud

Software
Attendance App H

HR&Admin App H

2. Network Core Router H Physical

Equipment
IP Phone M

Network Rack L

3. Supporting Fire Extinguisher M Physical

Equipment
Identification of Key Risk Indicators (KRI)

A key risk indicator (KRI) is a measure used in management to indicate how risky an activity is.
Key risk indicators are metrics used by organizations to provide an early signal of increasing risk
exposures in various areas of the enterprise. Here, the Key risk indicator (KRI) has been
identified based on Bangladesh Bank ICT Security Guideline, PCI DSS and SWIFT etc.
Example: KRI Based on Bangladesh Bank
ICT Security Guideline, PCI DSS and SWIFT

Policy, Guidelines, Framework

Key Risk Indicator (KRI)
Bangladesh Bank SWIFT PCI DSS

1. Authentication token/password 5.2.12, 5.2, 6.5.8, 8.1

theft / misconfigured 5.3.4, 5.4.2, 4.2 (8.1.1-8), 8.2
5.7.21 (8.2.1-6), 8.3

2. Deletion of logs and forensic 5.2.14, 1.2 10.1, 10.2

Evidence 6.1.7, 6.3.3
3. Compromise of trusted backup 7.3 2.5A 9.5,
data 9.6
4. Execution of malicious code 5.2.9 6.1 6.4,
6.5.2
Identification of Risk-Scenarios
Threats are ubiquitous and represent possible sources of negative impact to an organization.
Threats can be natural, environmental, social, technical and medical and can lead to disruptions
in operations which can adversely impact an organization.
Example: Identification of Risk-Scenarios

SN Threat category Threat-sources Risk Scenarios

1. Human Acts Of Human Error Or Failure Accidents, Disclosure Of

Passwords

2. Technical Software Failures OS/Database Crash

Hardware Failures HDD Damages

Obsolescence Outdated
Technologies

3. Forces Of Nature Natural Disaster Flood, Earthquakes

Environmental Pollution, Power Failure

Questions
Thanks!

Protective Security Risk Management Course
No ratings yet
Protective Security Risk Management Course
23 pages
Security Risk Management Guide
No ratings yet
Security Risk Management Guide
12 pages
Understanding Asset Value and Protection
No ratings yet
Understanding Asset Value and Protection
5 pages
QGEA Business Impact Levels Guide
No ratings yet
QGEA Business Impact Levels Guide
11 pages
Physical Security Measures Checklist
No ratings yet
Physical Security Measures Checklist
5 pages
Overview of Security Management Systems
No ratings yet
Overview of Security Management Systems
2 pages
Protective Security Guide for CSOs
No ratings yet
Protective Security Guide for CSOs
36 pages
Understanding Protective Security Systems
No ratings yet
Understanding Protective Security Systems
13 pages
Humanitarian Security Risk Management Guide
No ratings yet
Humanitarian Security Risk Management Guide
529 pages
Protective Security Capability Maturity Model
No ratings yet
Protective Security Capability Maturity Model
12 pages
Business Risk Impact Levels
No ratings yet
Business Risk Impact Levels
30 pages
Proactive vs Reactive Security Explained
No ratings yet
Proactive vs Reactive Security Explained
5 pages
Event Planning and Risk Management Guide
No ratings yet
Event Planning and Risk Management Guide
4 pages
Security Risk, Threat, and Vulnerability Assessment
No ratings yet
Security Risk, Threat, and Vulnerability Assessment
13 pages
Introduction To Security 9th Edition Robert J. Fischer Ebook Testbank Solutions Released 2026 Update
No ratings yet
Introduction To Security 9th Edition Robert J. Fischer Ebook Testbank Solutions Released 2026 Update
167 pages
Event Risk Management Action Plan
No ratings yet
Event Risk Management Action Plan
1 page
Event Safety Training Overview
No ratings yet
Event Safety Training Overview
101 pages
Entity Facilities Security Guidelines
No ratings yet
Entity Facilities Security Guidelines
24 pages
Physical Security Assessment Report
No ratings yet
Physical Security Assessment Report
7 pages
Local Government Business Continuity Blueprint
No ratings yet
Local Government Business Continuity Blueprint
42 pages
Parliamentary Protective Service MOU
No ratings yet
Parliamentary Protective Service MOU
6 pages
Understanding the Threat Environment
No ratings yet
Understanding the Threat Environment
32 pages
AI Guard Performance Tracking Guide
No ratings yet
AI Guard Performance Tracking Guide
6 pages
Physical Security Risk Assessment Guide
No ratings yet
Physical Security Risk Assessment Guide
10 pages
Professional Standards for Security Officers
No ratings yet
Professional Standards for Security Officers
13 pages
Manual Handling Safety Guidelines
No ratings yet
Manual Handling Safety Guidelines
3 pages
Complete Guide to Defense in Depth
No ratings yet
Complete Guide to Defense in Depth
19 pages
Security Maturity Monitoring Guidelines
No ratings yet
Security Maturity Monitoring Guidelines
4 pages
Uganda Parliamentary Procedures Guide
No ratings yet
Uganda Parliamentary Procedures Guide
8 pages
Tactical Dispositions in Business Strategy
No ratings yet
Tactical Dispositions in Business Strategy
3 pages
QGISCF Classification Mapping Guide
No ratings yet
QGISCF Classification Mapping Guide
2 pages
NSW Cyber Security Strategy Overview
No ratings yet
NSW Cyber Security Strategy Overview
20 pages
Security Management Principles Overview
No ratings yet
Security Management Principles Overview
28 pages
Minimum Cyber Security Standards Guide
No ratings yet
Minimum Cyber Security Standards Guide
50 pages
Outdoor Event Safety Management Plan
No ratings yet
Outdoor Event Safety Management Plan
6 pages
Risk Assessment Process Overview
No ratings yet
Risk Assessment Process Overview
68 pages
Waging War: Strategies for Business Success
No ratings yet
Waging War: Strategies for Business Success
55 pages
Asset Security and Data Protection Guide
No ratings yet
Asset Security and Data Protection Guide
55 pages
Continuous Commitment to Physical Security
No ratings yet
Continuous Commitment to Physical Security
2 pages
NSW Security Officer Handbook 2023
No ratings yet
NSW Security Officer Handbook 2023
85 pages
Crowd and Risk Management Plan
No ratings yet
Crowd and Risk Management Plan
1 page
Types of Risk Analysis in Projects
No ratings yet
Types of Risk Analysis in Projects
11 pages
Comprehensive Security Plan Guidelines
No ratings yet
Comprehensive Security Plan Guidelines
4 pages
Protective Agent Job Overview
No ratings yet
Protective Agent Job Overview
2 pages
Sun Tzu's Art of War: Strategies Explained
No ratings yet
Sun Tzu's Art of War: Strategies Explained
20 pages
Understanding Security Management 2023
No ratings yet
Understanding Security Management 2023
135 pages
Security Measures and Principles Explained
No ratings yet
Security Measures and Principles Explained
21 pages
Crisis Management Essentials Guide
No ratings yet
Crisis Management Essentials Guide
5 pages
Security Planning and Risk Management Guide
No ratings yet
Security Planning and Risk Management Guide
42 pages
Event Risk Assessment Guidelines
No ratings yet
Event Risk Assessment Guidelines
106 pages
Physical Security Guidelines for Entities
No ratings yet
Physical Security Guidelines for Entities
15 pages
Security Risk Assessment SOP Guide
No ratings yet
Security Risk Assessment SOP Guide
17 pages
Industrial Security Concepts Overview
No ratings yet
Industrial Security Concepts Overview
70 pages
Facility Security Risk Assessment Guide
No ratings yet
Facility Security Risk Assessment Guide
3 pages
Understanding Security Management Basics
No ratings yet
Understanding Security Management Basics
136 pages
Business Continuity Toolkit Guide
No ratings yet
Business Continuity Toolkit Guide
10 pages
Introduction to Information Security Concepts
No ratings yet
Introduction to Information Security Concepts
28 pages
CH 5 - Enhancing Physical Security
No ratings yet
CH 5 - Enhancing Physical Security
14 pages
Lecture 11
No ratings yet
Lecture 11
15 pages
Lecture 10
No ratings yet
Lecture 10
10 pages
Graduate Application Questions for York U
No ratings yet
Graduate Application Questions for York U
2 pages
CodeClause Internship Project Overview
No ratings yet
CodeClause Internship Project Overview
6 pages
Information Security Compliance Overview
No ratings yet
Information Security Compliance Overview
12 pages
History of Hacking: Key Milestones
No ratings yet
History of Hacking: Key Milestones
16 pages
Data Visualization Playbook for Finance
100% (4)
Data Visualization Playbook for Finance
48 pages
MTK Android Suite Daemon Errors
No ratings yet
MTK Android Suite Daemon Errors
10 pages
ZooKeeper: High-Performance Coordination
No ratings yet
ZooKeeper: High-Performance Coordination
14 pages
JDA Dispatcher WMS Overview and Benefits
No ratings yet
JDA Dispatcher WMS Overview and Benefits
47 pages
Message Passing in Distributed Systems
No ratings yet
Message Passing in Distributed Systems
18 pages
SSIS Data Transformations Overview
No ratings yet
SSIS Data Transformations Overview
46 pages
Exam Questions for Chapter 2 Testing
No ratings yet
Exam Questions for Chapter 2 Testing
24 pages
Database Design Project Guidelines
No ratings yet
Database Design Project Guidelines
3 pages
Azure Data Scientist End2End CodeFlow
No ratings yet
Azure Data Scientist End2End CodeFlow
16 pages
Agent Protection Status in Copilot Studio
No ratings yet
Agent Protection Status in Copilot Studio
5 pages
Sustainable IT Practices for Software Engineers
No ratings yet
Sustainable IT Practices for Software Engineers
159 pages
Understanding Operating System Functions
No ratings yet
Understanding Operating System Functions
2 pages
Solution-Brief SuperCloud Composer
No ratings yet
Solution-Brief SuperCloud Composer
13 pages
USKT Grading System Overview
No ratings yet
USKT Grading System Overview
33 pages
Senior .NET Developer with AWS Expertise
No ratings yet
Senior .NET Developer with AWS Expertise
7 pages
Remove Virus Using CMD Commands
No ratings yet
Remove Virus Using CMD Commands
9 pages
Oracle 19c RAC Infrastructure Essentials
100% (8)
Oracle 19c RAC Infrastructure Essentials
26 pages
AI-900 Updated Questions - Microsoft Azure AI Fundamentals
No ratings yet
AI-900 Updated Questions - Microsoft Azure AI Fundamentals
31 pages
Overview of Management Information Systems
No ratings yet
Overview of Management Information Systems
18 pages
CENG315 Fall 2016 Midterm Answers
No ratings yet
CENG315 Fall 2016 Midterm Answers
6 pages
Project Planning Essentials and WBS Guide
No ratings yet
Project Planning Essentials and WBS Guide
87 pages
DIP208 Operating Systems Weekly Schedule
No ratings yet
DIP208 Operating Systems Weekly Schedule
3 pages
The Pentaho Security Guide
No ratings yet
The Pentaho Security Guide
59 pages
Important DBMS Concepts and Questions
No ratings yet
Important DBMS Concepts and Questions
12 pages
Ebook & Testbank Choosing Health 2nd Edition April Lynch Barry Elmore Jerome Kotecki ISBN10 0321911857 ISBN13 9780321911858
No ratings yet
Ebook & Testbank Choosing Health 2nd Edition April Lynch Barry Elmore Jerome Kotecki ISBN10 0321911857 ISBN13 9780321911858
285 pages
Advanced Digital Forensics Techniques
No ratings yet
Advanced Digital Forensics Techniques
83 pages
Thesis Data Aniket
No ratings yet
Thesis Data Aniket
38 pages
Testbank Management Accounting Atkinson 5th Edition Ebook Solutions
100% (2)
Testbank Management Accounting Atkinson 5th Edition Ebook Solutions
254 pages
Master Data and Equipment Training Guide
No ratings yet
Master Data and Equipment Training Guide
25 pages
Mathematical Techniques of Fractional Order Systems Azar at Et Al Eds Testbank & Ebook
100% (2)
Mathematical Techniques of Fractional Order Systems Azar at Et Al Eds Testbank & Ebook
288 pages