ITSG > TYPES OF POLICIES: PART 5 -RISK ASSESSMENT

15:44

RISK MANAGEMENT


  • Risk Assessment: Identify Assets, Threats, Vulnerabilities
  • Risk Analysis: Value of Potential Risks
  • Risk Mitigation: Responding to Risk
  • Risk Monitoring: Risk is FOREVER!

ASSESSMENT

  • Identify and Valuate Assets
  • Identify Threats and Vulnerabilities
  • Methodologies
    • OCTAVE: An approach where analysts identify asses and their criticality, identify vulnerabilities and threats and base the protection strategy to reduce risk.  
    • FRAP: Facilitated Risk Analysis Process. Qualitative analysis used to determine whether or not to proceed with a quantitative analysis. If likelihood or impact is too loq, the quantitative analysis is foregone
    • NIST 800-300:Risk management Guide for Information Technologies System
      • 9 Step Process:
        1. System characterization
        2. Threat identification
        3. Vulnerability Identification
        4. Control analysis
        5. Likelihood Determination
        6. Impact Analysis
        7. Risk Determination
        8. Control Recommendations
        9. Results Documentation




Leave a Comment

No comments

Subscribe to: Post Comments ( Atom )
Powered by Blogger.