Professional Documents
Culture Documents
Please check that you can hear me and see the slides
on your computer
If you need to communicate, please use the chat box
Subject Information
Assessment Item 1
Subject Overview
IT Security
Risk Management
* Foundations of risk management 1: Identifying risks
* Foundations of risk management 2: Controlling risks
* Quantitative risk assessment
* Qualitative risk assessment
Related Topics
* Cyberinsurance
* Risk perception and communication
* Security metrics
Textbook
Is IT security a problem?
Is IT security a problem?
To Get Started
Assessment Information
About Me
Preferred communication is email.
11
Introduction
12
Think about potential vulnerabilities (hasnt happened yet, what-if?), and shut the door
cf. typical business activity customer tells you of actual need, you resolve it
14
15
Forces of nature
information extortion
Sabotage or vandalism
Software attacks
Technological obsolescence
Theft
Information characteristics
Information location
20
Information classification
Cryptography (encryption)
2014
First step in gaining access to secured material and serves as the foundation
for subsequent authentication and authorization
24
Principles of Information
Security Management
Planning
Policy
Programs
Protection
People
Projects
Planning
26
Policy
Enterprise information security policy (EISP) - sets the tone for the InfoSec
department (e.g. bank encryption systems must use industry-specific
systems for key management)
27
Programs
28
Protection
Protection mechanisms
Technologies
Tools
Discussed in second
section on risk
management
29
30
Assessment Item 1
31
Assessment Item 1
32