Introduction To Risk Assessment
Description
Info
Level: Beginner
Presenter: Eli the Computer Guy
Date Created: October 12, 2010
Length of Class: 57 Minutes
Tracks
Computer Security /Integrity
Prerequisites
None
Purpose of Class
This class teaches students the basic concepts behind Risk Assessments.
Topics Covered
Defining Risk, Threat and Vulnerability
Types of Protections
Mitigation Concepts
Business Rational for Risk Assessment and Management
Class Notes
Introduction
The better you know technology the better you will do with Risk Assessment/ Management.
Risk
Risk = Treat x Vulnerability
Overview of Risk
Risk is defined as the likelihood of financial loss.
Risk is a business concepts not a technological one.
Down Time
Fraud
Legal data loss issues
Hacking -- Attacks from your network
Data Theft (Trade Secrets)
Overview of Threat
i. Natural Disatser
ii. Malicious Human
iii. Accidental Human
iv. System Failure
Impersonation
Interception
Interference
Overview of Vulnerability
Flooding
Theft of Systems
Hacking
Viruses
Overview of Protections Technoloigical Safe Guards
Physical/ Operational Security
Disaster Plan
Documentation
Technological Safeguards (Firewalls, Antivirus)
Concepts of Mitigation
Incident - Response - Debrief - Mitigation
Making Bad not so bad
You will never be safe
Security Buy In and Quantifying Risk
The business leaders will make the final decision on Risk Management
The better your BUSINESS argument the more likely you are to get the go ahead.
What is the cost of downtime
What is the legal cost
Cost of Security vs. Benefit
Final Thoughts
Risk is a BUSINESS concept! The more you understand about business and can talk about financial ramifications the more likely you are to get you fancy new security equipment.
Resources
US Computer Emergency Readiness Team