0% found this document useful (0 votes)

8 views

Lect 11

The document discusses how to translate a risk assessment into an actionable risk mitigation plan. It covers prioritizing risks, verifying risks can be mitigated, performing cost-benefit analyses, implementing and following up on the risk mitigation plan.

Uploaded by

dungnthe172688

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

8 views

Lect 11

Uploaded by

dungnthe172688

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 13

Turning Your Risk Assessment

into a Risk Mitigation Plan

Objectives

• Reviewing a Risk Assessment

• Overview of conversion to a mitigation plan
• Prioritizing risk elements
• Verifying risk elements entails
• Performing a cost-benefit analysis for risk elements
• Following up on a risk mitigation plan
• Best practices for enabling a risk mitigation plan

http://fpt.edu.vn 05/11/202 2
4
Review the Risk Assessment
for Your IT Infrastructure

• Identifying and evaluate relevant threats

• Identifying and evaluate relevant vulnerabilities
• Identifying and evaluate countermeasures
• Developing mitigation recommendations

http://fpt.edu.vn 05/11/202 3
4
Review the Risk Assessment for
Your IT Infrastructure (cont.)

• In-place countermeasures
• Planned countermeasures
• Approved countermeasures

http://fpt.edu.vn 05/11/202 4
4
Review the Risk Assessment for
Your IT Infrastructure (cont.)

• Overlapping countermeasures
• Matching threats with vulnerabilities
• Identifying countermeasures

http://fpt.edu.vn 05/11/202 5
4
Translating Your Risk Assessment
into a Risk Mitigation Plan

• Cost to implement the countermeasures

• Time to implement the countermeasures
• Operational impact of the countermeasures

http://fpt.edu.vn 05/11/202 6
4
Prioritizing Risk Elements That
Require Risk Mitigation

• Using a Threat/Vulnerability Matrix

http://fpt.edu.vn 05/11/202 7
4
Prioritizing Risk Elements That
Require Risk Mitigation
• Prioritizing Countermeasures

http://fpt.edu.vn 05/11/202 8
4
Verifying Risk Elements and How
These Risks Can Be Mitigated

• Ensuring the threats and vulnerabilities you’re trying to

mitigate still exist.
• Verifying the approved countermeasure can still mitigate
the current risk

http://fpt.edu.vn 05/11/202 9
4
Performing a Cost-Benefit Analysis
on the Identified Risk Elements

• Calculating the CBA

• A CBA Report

http://fpt.edu.vn 05/11/202 10
4
Implementing a Risk Mitigation Plan

• Staying Within Budget

• Staying on Schedule

http://fpt.edu.vn 05/11/202 11
4
Following Up on the Risk Mitigation Plan

• Ensuring countermeasures are implemented

• Ensuring security gaps have been closed

http://fpt.edu.vn 05/11/202 12
4
Best Practices for Enabling a Risk Mitigation Plan
from Your Risk Assessment

• Staying within scope

• Redoing CBAs if new costs are identified
• Prioritizing countermeasures
• Including current countermeasures in analysis
• Controlling costs
• Controlling the schedule
• Following up

http://fpt.edu.vn 05/11/202 13
4

Mandiant - Company - Presentation - SHORT - V0.1 MASTER
100% (1)
Mandiant - Company - Presentation - SHORT - V0.1 MASTER
38 pages
Summary Report of Information Technology Audit Findings
No ratings yet
Summary Report of Information Technology Audit Findings
32 pages
IT 111: Introduction To Information Technology (IT)
0% (1)
IT 111: Introduction To Information Technology (IT)
57 pages
Cert Secure Coding Standards
No ratings yet
Cert Secure Coding Standards
18 pages
Lect11
No ratings yet
Lect11
13 pages
Lab 0
No ratings yet
Lab 0
8 pages
Lab 006
No ratings yet
Lab 006
13 pages
Lect 10
No ratings yet
Lect 10
12 pages
Lect 05
No ratings yet
Lect 05
18 pages
Lect 05
No ratings yet
Lect 05
18 pages
Risk Mitigation Plan OUTLINE
No ratings yet
Risk Mitigation Plan OUTLINE
10 pages
Analyzing Risk: Analyze Organizational Risk Analyze The Business Impact of Risk
No ratings yet
Analyzing Risk: Analyze Organizational Risk Analyze The Business Impact of Risk
28 pages
Information System Security
No ratings yet
Information System Security
38 pages
Lect 01
No ratings yet
Lect 01
32 pages
Project Part 3-Risk Mitigation Plan
No ratings yet
Project Part 3-Risk Mitigation Plan
6 pages
Lect 02
No ratings yet
Lect 02
6 pages
12 RISK MITIGATION CONCEPT AND TYPES (Risk Treatment)
No ratings yet
12 RISK MITIGATION CONCEPT AND TYPES (Risk Treatment)
53 pages
Lect 04
No ratings yet
Lect 04
21 pages
IT-322-MODULE-2
No ratings yet
IT-322-MODULE-2
12 pages
What Is Risk Mitigation - Definition, Strategies and Planning
100% (1)
What Is Risk Mitigation - Definition, Strategies and Planning
4 pages
Lecture 3
No ratings yet
Lecture 3
29 pages
Assignment 2 - Frontsheet - Security
No ratings yet
Assignment 2 - Frontsheet - Security
26 pages
Risk Assessment Procedure: Revision History
No ratings yet
Risk Assessment Procedure: Revision History
6 pages
Dưới đây là bài thuyết trình được mở rộng chi tiết hơn với các nội dung và gợi ý cụ thể hơn cho từng slide
No ratings yet
Dưới đây là bài thuyết trình được mở rộng chi tiết hơn với các nội dung và gợi ý cụ thể hơn cho từng slide
5 pages
Course Name: IAA202 Student Name: Chế Công Đại: Risk planning Risk identification
No ratings yet
Course Name: IAA202 Student Name: Chế Công Đại: Risk planning Risk identification
3 pages
Quoc
No ratings yet
Quoc
20 pages
Cybersecurity - Expert
No ratings yet
Cybersecurity - Expert
550 pages
Lab 02
No ratings yet
Lab 02
12 pages
UNIT 3 - Information Security (1)
No ratings yet
UNIT 3 - Information Security (1)
76 pages
Risk-Avoidance, Transference, Acceptance, Mitigation, Deterrence
No ratings yet
Risk-Avoidance, Transference, Acceptance, Mitigation, Deterrence
2 pages
Chapter 4
No ratings yet
Chapter 4
49 pages
Abdulla Pres 2011
No ratings yet
Abdulla Pres 2011
9 pages
Developing A Risk Management Plan
No ratings yet
Developing A Risk Management Plan
35 pages
Unit 5 - Assignment 2 Frontsheet - Security
No ratings yet
Unit 5 - Assignment 2 Frontsheet - Security
28 pages
Developing A Risk Management Plan
100% (1)
Developing A Risk Management Plan
35 pages
Risk Assessment Analysis 2
No ratings yet
Risk Assessment Analysis 2
13 pages
Fully Formatted Network Risk Assessment
No ratings yet
Fully Formatted Network Risk Assessment
5 pages
Risk Assessment
No ratings yet
Risk Assessment
16 pages
Risk and Vulnerabiltiy
No ratings yet
Risk and Vulnerabiltiy
3 pages
Performing A Risk Assessment: Flourensia Sapty Rahayu S.T., M.Kom
No ratings yet
Performing A Risk Assessment: Flourensia Sapty Rahayu S.T., M.Kom
23 pages
Risk Management Approach For ISO27001
No ratings yet
Risk Management Approach For ISO27001
3 pages
Module 4
No ratings yet
Module 4
31 pages
Syllabus IAA202 - SU20
No ratings yet
Syllabus IAA202 - SU20
10 pages
Risk Assesment of Consultant
No ratings yet
Risk Assesment of Consultant
2 pages
Chap 8
No ratings yet
Chap 8
22 pages
2_CRM TEE NOTES
No ratings yet
2_CRM TEE NOTES
77 pages
Chapter 3. Risk identification
No ratings yet
Chapter 3. Risk identification
35 pages
Risk Assessment Checklist
No ratings yet
Risk Assessment Checklist
3 pages
Risk Analytics (IMT) - Chapter 14
No ratings yet
Risk Analytics (IMT) - Chapter 14
20 pages
CRM TEE
No ratings yet
CRM TEE
151 pages
3.28.18 Risk Assessment
No ratings yet
3.28.18 Risk Assessment
16 pages
Risk Assessment Frameworks: Rodney Petersen Government Relations Officer Security Task Force Coordinator Educause
No ratings yet
Risk Assessment Frameworks: Rodney Petersen Government Relations Officer Security Task Force Coordinator Educause
23 pages
Risk Management
No ratings yet
Risk Management
31 pages
Lecture 5 - Security Qualitative Risk Assessment
No ratings yet
Lecture 5 - Security Qualitative Risk Assessment
39 pages
Risk Management Plan
100% (7)
Risk Management Plan
15 pages
Risk Management Tutorial 2.0
No ratings yet
Risk Management Tutorial 2.0
7 pages
Risk Assessment (1)
No ratings yet
Risk Assessment (1)
4 pages
Risk Management Process
No ratings yet
Risk Management Process
40 pages
Eccouncil Ecihv2 1 5 1 Risk Management The Process
No ratings yet
Eccouncil Ecihv2 1 5 1 Risk Management The Process
3 pages
Lect 08
No ratings yet
Lect 08
13 pages
He181243 Phạm Huy Hoàng Ia1807 Iaa202 Lab06
No ratings yet
He181243 Phạm Huy Hoàng Ia1807 Iaa202 Lab06
14 pages
CISSP Domain 1 Study Guide ( Updated 2024 ) With Practice Exam Questions, Quizzes, Flash Cards: CISSP Study Guide - Updated 2024, #1
From Everand
CISSP Domain 1 Study Guide ( Updated 2024 ) With Practice Exam Questions, Quizzes, Flash Cards: CISSP Study Guide - Updated 2024, #1
ADITYA .
No ratings yet
Audit Engagement Strategy (Driving Audit Value, Vol. III): The Best Practice Strategy Guide for Maximising the Added Value of the Internal Audit Engagements
From Everand
Audit Engagement Strategy (Driving Audit Value, Vol. III): The Best Practice Strategy Guide for Maximising the Added Value of the Internal Audit Engagements
Hans Beumer
No ratings yet
Privacy & Data Protection Practitioner Courseware - English
From Everand
Privacy & Data Protection Practitioner Courseware - English
Marios Siathas
No ratings yet
Lab01-Ex02
No ratings yet
Lab01-Ex02
4 pages
Lab01-Ex03
No ratings yet
Lab01-Ex03
4 pages
Lab01-Ex04
No ratings yet
Lab01-Ex04
7 pages
Lab01-Ex01
No ratings yet
Lab01-Ex01
4 pages
Ưerewstfsdgd
No ratings yet
Ưerewstfsdgd
1 page
Lect 13
No ratings yet
Lect 13
38 pages
Module 6 - Network-Forensics
No ratings yet
Module 6 - Network-Forensics
28 pages
Module 4-1 - Collecting-Evidence
No ratings yet
Module 4-1 - Collecting-Evidence
25 pages
Lect 09
No ratings yet
Lect 09
17 pages
Module 5-2 - Computer-Forensics
No ratings yet
Module 5-2 - Computer-Forensics
53 pages
Lect 12
No ratings yet
Lect 12
10 pages
Lect 15
No ratings yet
Lect 15
14 pages
SOC2 Third Party Compliance Checklist
100% (2)
SOC2 Third Party Compliance Checklist
9 pages
Libro - OWASP IoT Security Testing Guide - Pag 142
No ratings yet
Libro - OWASP IoT Security Testing Guide - Pag 142
142 pages
NSP-background 2024
No ratings yet
NSP-background 2024
51 pages
DISA CHART CHAPTER 2
No ratings yet
DISA CHART CHAPTER 2
22 pages
Black Hat USA 2011 - Weapons of Targeted Attack: Modern Document Exploit Techniques (Paper)
No ratings yet
Black Hat USA 2011 - Weapons of Targeted Attack: Modern Document Exploit Techniques (Paper)
18 pages
Fraud Prevention and Detection in An Automated World: IPPF - Practice Guide
No ratings yet
Fraud Prevention and Detection in An Automated World: IPPF - Practice Guide
27 pages
Whitesource Software Composition Analysis Solution Datasheet PDF
No ratings yet
Whitesource Software Composition Analysis Solution Datasheet PDF
3 pages
WSC2022SE TP54 MC Actual Engli
No ratings yet
WSC2022SE TP54 MC Actual Engli
5 pages
OSCP PEN200 Syllabus
No ratings yet
OSCP PEN200 Syllabus
10 pages
Ethical Hacking
No ratings yet
Ethical Hacking
11 pages
398438113_1350950415797426_6314715338725240085_n
No ratings yet
398438113_1350950415797426_6314715338725240085_n
9 pages
Ian Sommerville Notes
No ratings yet
Ian Sommerville Notes
5 pages
NCA Lab Guide - StudentVersion
No ratings yet
NCA Lab Guide - StudentVersion
22 pages
Servicenow Training Course Content
0% (1)
Servicenow Training Course Content
18 pages
Website: VCE To PDF Converter: Facebook: Twitter:: Number: C2150-606 Passing Score: 800 Time Limit: 120 Min
No ratings yet
Website: VCE To PDF Converter: Facebook: Twitter:: Number: C2150-606 Passing Score: 800 Time Limit: 120 Min
28 pages
PROTECT - Essential Eight Maturity Model (June 2020)
No ratings yet
PROTECT - Essential Eight Maturity Model (June 2020)
2 pages
ISC Security Specialist Competencies Guideline Final 01-27-12 508
No ratings yet
ISC Security Specialist Competencies Guideline Final 01-27-12 508
24 pages
Risk Assesment Elsivier
100% (1)
Risk Assesment Elsivier
7 pages
IS Week 1
No ratings yet
IS Week 1
35 pages
2024 Cloud Security Report ISC2 - Final
No ratings yet
2024 Cloud Security Report ISC2 - Final
22 pages
Recommended Standards Water 5
No ratings yet
Recommended Standards Water 5
159 pages
Barco Service Bulletin: 1. Security Note - Green BCM Affected by Spectre
No ratings yet
Barco Service Bulletin: 1. Security Note - Green BCM Affected by Spectre
2 pages
OWASP Top Ten _ OWASP Foundation
No ratings yet
OWASP Top Ten _ OWASP Foundation
5 pages
Reference Solution For Comptia Pentest+ Exam
No ratings yet
Reference Solution For Comptia Pentest+ Exam
52 pages
Exploit
No ratings yet
Exploit
3 pages
CySA Glossary
No ratings yet
CySA Glossary
33 pages

Lect 11

Uploaded by

Lect 11

Uploaded by

Turning Your Risk Assessment

into a Risk Mitigation Plan

• Reviewing a Risk Assessment

• Identifying and evaluate relevant threats

• Cost to implement the countermeasures

• Using a Threat/Vulnerability Matrix

• Ensuring the threats and vulnerabilities you’re trying to

• Calculating the CBA

• Staying Within Budget

• Ensuring countermeasures are implemented

• Staying within scope

You might also like