Information Security Risk Management at Daffodil International University

Information Security Risk Management at Daffodil International University
Slide Note
Embed
Share

Information security risk management in the Department of Computer Science and Engineering at Daffodil International University involves practices such as information assurance, risk identification, asset categorization, and key risk indicators. The process aims to protect user data integrity, availability, authenticity, non-repudiation, and confidentiality. It includes assessing risk levels, identifying assets, and recognizing risk scenarios related to threats and vulnerabilities. Various threat categories and sources are considered, such as human acts, technical failures, cyber-attacks, and natural forces.

  • Information Security
  • Risk Management
  • Asset Identification
  • Key Risk Indicators
  • Daffodil International University
mit_wie
mit_wie Follow

Uploaded on Apr 13, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Daffodil International University Dept. of CSE Information Security Chapter 3 Security Risk Management

  2. Information Assurance Information assurance is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Information assurance includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data.

  3. What is Risk, Purpose and Risk Level Risk is the potential for loss, damage or destruction of assets or data. It comprises the impacts to an organization and its stakeholders that could occur due to the threats and vulnerabilities associated with the operation and use of IS and the environments in which those systems operate. Purpose of Risk Management: to identify potential problems before they occur to ensure the desired business outcomes are achieved Fig: Risk Management Process

  4. What is Risk, Purpose and Risk Level Risk Level: Three distinct levels are used for risk assessment: Fig: Risk Levels

  5. Identification of Assets A Risk management strategy requires that information security professionals know their organizations information assets that is, identify, classify, and prioritize them. Asset Type / Category Particulars Criticality Core Application Software Core Banking Systems Card issuing, Authorizations & Switching Systems Call Center Management H H M Intranet Applications ANYORG Document Management System HR Management System Employee information PortalS H M M Database CBS Database (Customer data and Financial Data) H Information (Data) Sensitive data of different devices (Passwords, configurations) Source code Network infrastructure design Strategic plans H H H M Human Resources (People) Decision Makers End Users Operation/Maintenance Staff Subject Matter Experts Fig: Example of Assets of a Banking System H H H M

  6. Identification of Key Risk Indicators (KRIs) A key risk indicator (KRI) is a measure used in management to indicate how risky an activity is. KRI s are metrics used by organizations to provide an early signal of increasing risk exposures in various areas. Identification of Risk-Scenarios Any event that triggers an undesired scenario alternative is identified as Risk. Threat Category Threat Sources Risk Scenarios Human Acts of human error or failure Accidents, Disclosure of password Technical Technical software failures or errors Technical hardware failures or errors Deviation in quality of service from service providers Software failure (System, OS, database etc.) Hardware/ Disk malfunction, failure, damages Communications link down, Damage caused by service provider Cyber-attack activities Deliberate cyber-attack activities Malicious code inject by insider or outsider, DDOS, Social Engineering, Corruption Data, Data Theft Natural Forces Natural Disaster Flood, Fire, Power Failure, Supply Shortage Fig: Example of Risk Scenarios of an IS System

  7. Relationship between Vulnerabilities and Risk Scenarios based on Assets Vulnerability is the weakness of assets which can be exploited by a threat Actor, such as an attacker, to perform unauthorized actions within a computer system. This unauthorized actions are the Risk Scenarios that an organization might face. Asset Type / Category Vulnerabilities Risk Scenarios Core Application Software Well-known flaws in the software. 2. Unauthorized system changes Due to Unauthorized software, users are not aware of safe browsing policy. Application weakness, No input validation Software failure Compromising confidential information Malicious code inject by insider or outsider Database Power failure, No redundant on storage media, No high Availability. Application weakness, No input validation,unwanted open ports,Internet access from server Database System failure Malicious code inject by insider or outsider Information (Data) Due to Unauthorized software, Users are not aware of safe browsing policy, Operating System and security patch is not updated, Due to Unauthorized software, Antivirus not updated 6. Unrestricted remote access Cyber Crime / Attack Human Resources (People) Aggressive, Anger and resentment, Arrogant, Insecurity, Na ve, Short- sighted, Low Employee Morale Disgruntled Employee Political Spying human intervention - Pandemic Flu - Dengue Fever Fig: Relation Between Vulnerabilities and Risk Scenarios based on Assets

  8. Risk Frequency Evaluation Risk frequency may be defined in terms of the chance (likelihood). Measure of risk frequency evaluation: likelihood chance of the risk happening Likelihood Scale Rating Likelihood Likelihood of Occurrence 0.1 Low Not expected, but there's a slight possibility it may occur at some time. 0.5 Moderate The event might occur at some time as there is a history of casual occurrence. 1 High There is a strong possibility the event will occur as there is a history of frequent occurrence.

  9. Thank You

Related


Comprehensive Overview of Security Risk Analysis and Management

Comprehensive Overview of Security Risk Analysis and Management

toula
Risk Management in Environmental Geography and Disaster Management

Risk Management in Environmental Geography and Disaster Management

duke
Country Risk Analysis in International Business

Country Risk Analysis in International Business

aramis
Project Risk Management Fundamentals: A Comprehensive Overview

Project Risk Management Fundamentals: A Comprehensive Overview

franky
Principles of Risk Management in Therapeutic Innovation

Principles of Risk Management in Therapeutic Innovation

luqman
Certification and Training in Information Security

Certification and Training in Information Security

buck
Citizen Security and Justice Programme: Case Management for Violence Prevention

Citizen Security and Justice Programme: Case Management for Violence Prevention

argo
Risk Management Strategies in Organizational Security

Risk Management Strategies in Organizational Security

lillymai
Comprehensive Overview of Information Security Risk Assessment

Comprehensive Overview of Information Security Risk Assessment

hereward
Risk Concepts and Management Strategies in Finance

Risk Concepts and Management Strategies in Finance

ybre
Risk and Return Assessment in Financial Management

Risk and Return Assessment in Financial Management

chey888
Risk Management and Security Controls in Research Computing

Risk Management and Security Controls in Research Computing

aima_39
Risk Management & MPTF Portfolio Analysis at Programme Level for UN Somalia

Risk Management & MPTF Portfolio Analysis at Programme Level for UN Somalia

jud_l
UIC Security Division Overview and International Activities

UIC Security Division Overview and International Activities

hadri
Developing a Risk Appetite Culture: Importance and Framework

Developing a Risk Appetite Culture: Importance and Framework

aima295
Security Planning and Risk Management Overview

Security Planning and Risk Management Overview

kaks
State of Kansas Nonprofit Security Grant Program Overview

State of Kansas Nonprofit Security Grant Program Overview

mic_c
Comprehensive DevOps Security Training Overview

Comprehensive DevOps Security Training Overview

jahv_808
Risk-Based Permission Model for Smart Homes

Risk-Based Permission Model for Smart Homes

dav_p
Introduction to Web Engineering at Daffodil International University

Introduction to Web Engineering at Daffodil International University

lexineg
Managing Risk in a Lean Environment: Connecting Lean Construction with Risk Reduction

Managing Risk in a Lean Environment: Connecting Lean Construction with Risk Reduction

chal_661
Fundamental Review of Trading Book: Standardized Approach

Fundamental Review of Trading Book: Standardized Approach

kmagn

More Related Content