11-02-2013, 04:55 PM
Risk Analysis
Risk Analysis.ppt (Size: 210 KB / Downloads: 63)
Goal of Risk Analysis
If you know the enemy and know yourself, you need not fear the result of a hundred battles.”
Sun Tzu, Art of War
What is Risk
The probability that a particular threat will exploit a particular vulnerability
Need to systematically understand risks to a system and decide how to control them.
What is Risk Analysis
The process of identifying, assessing, and reducing risks to an acceptable level
Defines and controls threats and vulnerabilities
Implements risk reduction measures
An analytic discipline with three parts:
Risk assessment: determine what the risks are
Risk management: evaluating alternatives for mitigating the risk
Risk communication: presenting this material in an understandable way to decision makers and/or the public
Basic Risk Analysis Structure
Evaluate
Value of computing and information assets
Vulnerabilities of the system
Threats from inside and outside
Risk priorities
Examine
Availability of security countermeasures
Effectiveness of countermeasures
Costs (installation, operation, etc.) of countermeasures
Implement and Monitor