Lab 0

The document discusses the fundamentals of risk management in information systems including threats, vulnerabilities, exploits, compliance, planning, assessment, mitigation, analysis, and continuity plans.

Uploaded by

dungnthe172688

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

17 views

Lab 0

Uploaded by

dungnthe172688

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 8

Risk Management in

Information Systems
Objectives

• Risk Management Fundamentals: Threats, Vulnerabilities, & Exploits

• Risk Compliance & Planning
• Security Risk Assessment Definition & Performance
• Asset Identification, Analysis of Threats, Vulnerabilities & Exploits
• Risk Mitigation: Security Control & Planning
• Security Risk Mitigation:
– Risk Assessment & Mitigation Planning
– BIA (Business Impact Analysis) & BCP (Business Continuity Plan)
– DRP (Disaster Recovery Plan) & CIRT (Computer Incidence Response Team) Plan

http://fpt.edu.vn 05/20/202 2
4
Course Learning Outcomes
• Understand the fundamental concepts of risk management and its importance.
• Understand methods of mitigating risk by managing threats, vulnerabilities, & exploits.
• Identify compliance laws, standards, best practices, & policies of risk management.
• Describe the components of an effective risk management plan.
• Describe approaches for identifying & analyzing relevant threats, vulnerabilities, & exploits.
• Describe the process of performing risk assessments.
• Identify assets and activities to be protected within an organization.
• Identify and analyze threats, vulnerabilities, & exploits.
• Identify and analyze risk mitigation security controls.
• Describe the process of planning risk mitigation throughout an organization.
• Describe the process of implementing a risk mitigation plan.
• Perform a BIA.
• Review a BCP based on the findings of a given risk assessment for an organization.
• Review a DRP based on the findings of a given risk assessment for an organization.
• Review a CIRT plan for an organization.

http://fpt.edu.vn 05/20/202 3
4
Knowledge Flow
1. Risk Management Fundamentals
1 Risk Management 2. Managing Risk: Threats, Vulnerabilities, and Exploits
3. Maintaining Compliance
4. Developing a Risk Management Plan

2 4 3 5. Defining Risk Assessment Approaches

6. Performing a Risk Assessment
7. Identifying Assets and Activities to Be Protected
8. Identifying and Analyzing Threats, Vulnerabilities,
5 6 7 9 8 and Exploits
9. Identifying and Analyzing Risk Mitigation Security
Controls
10. Planning Risk Mitigation Throughout Your
11 Risk Mitigation 10 Organization
11. Turning Your Risk Assessment Into a Risk Mitigation
Plan

12. Mitigating Risk with a Business Impact Analysis

12 15
13. Mitigating Risk with a Business Continuity Plan
14. Mitigating Risk with a Disaster Recovery Plan
15. Mitigating Risk with a Computer Incident Response
13 14 Risk Mitigation Plans
Team Plan
http://fpt.edu.vn
05/20/202 4
4
Risk Management

• Risk Management Fundamentals, Compliance Laws,

Standards, and Best Practices
– Risk Management Fundamentals
– Maintaining Compliance
• Risk Management Planning
– Managing Risk: Threats, Vulnerabilities, and Exploits
– Developing a Risk Management Plan

http://fpt.edu.vn 05/20/202 5
4
Risk Mitigation

• Concepts of Risk Assessment

– Defining Risk Assessment Approaches
– Performing a Risk Assessment
• Key Components of Risk Assessment
– Identifying Assets and Activities to Be Protected
– Identifying and Analyzing Threats, Vulnerabilities, and Exploits
– Identifying and Analyzing Risk Mitigation Security Controls
• Strategies for Mitigating Risk
– Planning Risk Mitigation Throughout Your Organization
– Turning Your Risk Assessment Into a Risk Mitigation Plan

http://fpt.edu.vn 05/20/202 6
4
Risk Mitigation Plans

• Business Impact Analysis and Continuity Planning

– Mitigating Risk with a Business Impact Analysis
– Mitigating Risk with a Business Continuity Plan
• Disaster Recovery, Incident Response Team, and Plan
– Mitigating Risk with a Disaster Recovery Plan
– Mitigating Risk with a Computer Incident Response Team Plan

http://fpt.edu.vn 05/20/202 7
4
References

[1] Darril Gibson, Managing Risk in Information Systems, 2nd Edition, Jones & Bartlett Learning,
2015.
[2] Seymour Bosworth, M.E. Kabay, Eric Whyne (eds.), Computer Security Handbook, 6th
Edition, 2 Volumes, Parts II, VII, John Wiley & Sons, 2014.
[3] W. Krag Brotby, Information Security Management Metrics: A Definitive Guide to Effective
Security Monitoring and Measurement, CRC Press, 2009.
[4] Jack Freund, Jack Jones, Measuring and Managing Information Risk: A FAIR Approach,
Butterworth-Heinemann, Elsevier, 2015.
[5] Leighton R. Johnson, Security Controls Evaluation, Testing, and Assessment Handbook,
Syngress, 2016.
[6] Thomas R. Peltier, Information Security Risk Analysis, 3rd Edition, CRC Press, 2010.
[7] vLab Solutions, 2015, Managing Risk in Information Systems: Laboratory Manual to
Accompany version 2.0, Jones & Bartlett Learning

http://fpt.edu.vn 05/20/202 8
4

ITIL 4 Practice Guide CM Information Security Management
No ratings yet
ITIL 4 Practice Guide CM Information Security Management
44 pages
A Z of Copywriting
No ratings yet
A Z of Copywriting
52 pages
Lect 10
No ratings yet
Lect 10
12 pages
Lect 11
No ratings yet
Lect 11
13 pages
Lect11
No ratings yet
Lect11
13 pages
Lab 006
No ratings yet
Lab 006
13 pages
Lect 01
No ratings yet
Lect 01
32 pages
IT-322-MODULE-2
No ratings yet
IT-322-MODULE-2
12 pages
Cybersecurity - Expert
No ratings yet
Cybersecurity - Expert
550 pages
Syllabus IAA202 - SU20
No ratings yet
Syllabus IAA202 - SU20
10 pages
Lect 02
No ratings yet
Lect 02
6 pages
Information System Security
No ratings yet
Information System Security
38 pages
Course Name: IAA202 Student Name: Chế Công Đại: Risk planning Risk identification
No ratings yet
Course Name: IAA202 Student Name: Chế Công Đại: Risk planning Risk identification
3 pages
Dưới đây là bài thuyết trình được mở rộng chi tiết hơn với các nội dung và gợi ý cụ thể hơn cho từng slide
No ratings yet
Dưới đây là bài thuyết trình được mở rộng chi tiết hơn với các nội dung và gợi ý cụ thể hơn cho từng slide
5 pages
Lect 05
No ratings yet
Lect 05
18 pages
Lab 02
No ratings yet
Lab 02
12 pages
Quoc
No ratings yet
Quoc
20 pages
Information security management_ ITIL 4 Practice Guide
No ratings yet
Information security management_ ITIL 4 Practice Guide
38 pages
Risk Mitigation Plan OUTLINE
No ratings yet
Risk Mitigation Plan OUTLINE
10 pages
Risk Is A Function of The Likelihood of A Given Threat-Source's Exercising A Particular Potential Vulnerability, and The Resulting Impact of That Adverse Event On The Organization
No ratings yet
Risk Is A Function of The Likelihood of A Given Threat-Source's Exercising A Particular Potential Vulnerability, and The Resulting Impact of That Adverse Event On The Organization
4 pages
UNIT 3 - Information Security (1)
No ratings yet
UNIT 3 - Information Security (1)
76 pages
CRM TEE
No ratings yet
CRM TEE
151 pages
Risk Management Plan
100% (7)
Risk Management Plan
15 pages
CISM Guide 2_ Information Risk Management
No ratings yet
CISM Guide 2_ Information Risk Management
2 pages
BED 105 Midterm Topic
No ratings yet
BED 105 Midterm Topic
9 pages
Assignment 2 - Frontsheet - Security
No ratings yet
Assignment 2 - Frontsheet - Security
26 pages
Risk Management Plan
0% (1)
Risk Management Plan
15 pages
Abdulla Pres 2011
No ratings yet
Abdulla Pres 2011
9 pages
chap 4 notes pdf
No ratings yet
chap 4 notes pdf
14 pages
RISK ASSESSMENT AND MANAGEMENT - Report
No ratings yet
RISK ASSESSMENT AND MANAGEMENT - Report
9 pages
IAA202_SA170195_Lab3
No ratings yet
IAA202_SA170195_Lab3
12 pages
Analyzing Risk: Analyze Organizational Risk Analyze The Business Impact of Risk
No ratings yet
Analyzing Risk: Analyze Organizational Risk Analyze The Business Impact of Risk
28 pages
Unit 5 - Assignment 2 Frontsheet - Security
No ratings yet
Unit 5 - Assignment 2 Frontsheet - Security
28 pages
Ias101 Sbit3l W8sum Vida, John Paul S.
No ratings yet
Ias101 Sbit3l W8sum Vida, John Paul S.
3 pages
3.28.18 Risk Assessment
No ratings yet
3.28.18 Risk Assessment
16 pages
Risk Management: ISEC 4340
No ratings yet
Risk Management: ISEC 4340
166 pages
Risk-Avoidance, Transference, Acceptance, Mitigation, Deterrence
No ratings yet
Risk-Avoidance, Transference, Acceptance, Mitigation, Deterrence
2 pages
Lecture 3
No ratings yet
Lecture 3
29 pages
IAS 4 documentation
No ratings yet
IAS 4 documentation
15 pages
Lect 05
No ratings yet
Lect 05
18 pages
Steps in Risk Assessment
No ratings yet
Steps in Risk Assessment
3 pages
Understanding Risk and Threat
No ratings yet
Understanding Risk and Threat
3 pages
Chapter 4 Reviewer - Risk Management
No ratings yet
Chapter 4 Reviewer - Risk Management
4 pages
Information Security Management
No ratings yet
Information Security Management
3 pages
As an IS auditor
No ratings yet
As an IS auditor
6 pages
Lec 8
No ratings yet
Lec 8
19 pages
FCRM D01 S01 T01 Step
No ratings yet
FCRM D01 S01 T01 Step
5 pages
Unit 5 - Assignment 2 Frontsheet
No ratings yet
Unit 5 - Assignment 2 Frontsheet
24 pages
2_CRM TEE NOTES
No ratings yet
2_CRM TEE NOTES
77 pages
Risk Management For Cybersecurity and IT Managers Study Guide PDF
No ratings yet
Risk Management For Cybersecurity and IT Managers Study Guide PDF
11 pages
A Complete Guide To Cybersecurity Risk Management
No ratings yet
A Complete Guide To Cybersecurity Risk Management
36 pages
Session 5 Cyber Security Risks and Vulnerabilities
No ratings yet
Session 5 Cyber Security Risks and Vulnerabilities
14 pages
Lecture 10 Risk Management
No ratings yet
Lecture 10 Risk Management
29 pages
Adventurer's Guide to Risk Management: Fictional Tales about Risk Management
From Everand
Adventurer's Guide to Risk Management: Fictional Tales about Risk Management
Phill Akinwale
No ratings yet
CRM Long question
No ratings yet
CRM Long question
2 pages
RiskMgtSecurity_Banglisan-Cipriano-Crisostomo-Regalario.pdf
No ratings yet
RiskMgtSecurity_Banglisan-Cipriano-Crisostomo-Regalario.pdf
5 pages
Performing A Risk Assessment: Flourensia Sapty Rahayu S.T., M.Kom
No ratings yet
Performing A Risk Assessment: Flourensia Sapty Rahayu S.T., M.Kom
23 pages
Impact and Probability of Threat
No ratings yet
Impact and Probability of Threat
12 pages
Assignment 1
No ratings yet
Assignment 1
4 pages
ASM2-Security-Nguyen Huu Loi
No ratings yet
ASM2-Security-Nguyen Huu Loi
28 pages
GIU_2722_65_22161_2025-02-11T13_13_41
No ratings yet
GIU_2722_65_22161_2025-02-11T13_13_41
44 pages
Lab01-Ex04
No ratings yet
Lab01-Ex04
7 pages
Lab01-Ex03
No ratings yet
Lab01-Ex03
4 pages
Lab01-Ex02
No ratings yet
Lab01-Ex02
4 pages
Ưerewstfsdgd
No ratings yet
Ưerewstfsdgd
1 page
Lab01-Ex01
No ratings yet
Lab01-Ex01
4 pages
Lect 08
No ratings yet
Lect 08
13 pages
Module 4-1 - Collecting-Evidence
No ratings yet
Module 4-1 - Collecting-Evidence
25 pages
Module 6 - Network-Forensics
No ratings yet
Module 6 - Network-Forensics
28 pages
Lect 13
No ratings yet
Lect 13
38 pages
Module 5-2 - Computer-Forensics
No ratings yet
Module 5-2 - Computer-Forensics
53 pages
Lect 09
No ratings yet
Lect 09
17 pages
Lect 15
No ratings yet
Lect 15
14 pages
Lect 12
No ratings yet
Lect 12
10 pages
Overall Equipment Effectiveness:: Guidelines For The CPG Industry and Its Suppliers
100% (1)
Overall Equipment Effectiveness:: Guidelines For The CPG Industry and Its Suppliers
21 pages
Engineering Mechanics Statics
No ratings yet
Engineering Mechanics Statics
25 pages
SH1016
No ratings yet
SH1016
20 pages
Research Proposal
No ratings yet
Research Proposal
2 pages
BID Evaluation Report
100% (1)
BID Evaluation Report
48 pages
Hypromellose
No ratings yet
Hypromellose
12 pages
Glue Sealing Machine
No ratings yet
Glue Sealing Machine
4 pages
ISO 9001:2015 & ISO 14001:2015: Hatim Steel Structure LTD
No ratings yet
ISO 9001:2015 & ISO 14001:2015: Hatim Steel Structure LTD
1 page
techspecs1_ab2dd9da-14fd-4b95-847a1724218169841_buyer55.ongcl.ap
No ratings yet
techspecs1_ab2dd9da-14fd-4b95-847a1724218169841_buyer55.ongcl.ap
3 pages
Failure Diagnosis: The Luk Guide To Troubleshooting Clutch System Failures and Malfunctions On Agricultural Vehicles
No ratings yet
Failure Diagnosis: The Luk Guide To Troubleshooting Clutch System Failures and Malfunctions On Agricultural Vehicles
24 pages
Recap AA
No ratings yet
Recap AA
6 pages
3risklandscapeajer 37870-8831
No ratings yet
3risklandscapeajer 37870-8831
15 pages
FYP Tower Crane Design Report (FINAL)
100% (4)
FYP Tower Crane Design Report (FINAL)
80 pages
Fuel Testing Kit (Liqui-Cult Microbial Activity)
No ratings yet
Fuel Testing Kit (Liqui-Cult Microbial Activity)
1 page
TXD
No ratings yet
TXD
52 pages
h15275 Vxrail Planning Guide Virtual San Stretched Cluster
No ratings yet
h15275 Vxrail Planning Guide Virtual San Stretched Cluster
10 pages
Republic of The Marshall Islands Office of The Maritime Administrator
No ratings yet
Republic of The Marshall Islands Office of The Maritime Administrator
5 pages
Company Law Intro
No ratings yet
Company Law Intro
38 pages
Electronic Music DLL
No ratings yet
Electronic Music DLL
3 pages
GJ GL TB Ajp
No ratings yet
GJ GL TB Ajp
17 pages
Full Download of Solutions for Intermediate Accounting 15th Edition by Kieso in PDF DOCX Format
100% (18)
Full Download of Solutions for Intermediate Accounting 15th Edition by Kieso in PDF DOCX Format
46 pages
Msds Corrosion Inhibitor
No ratings yet
Msds Corrosion Inhibitor
4 pages
Presentation of Electrical Machines
No ratings yet
Presentation of Electrical Machines
11 pages
Check-In Activity No.2: Limiting Reactants
No ratings yet
Check-In Activity No.2: Limiting Reactants
3 pages
SDC - TFiL - Summary Report
No ratings yet
SDC - TFiL - Summary Report
20 pages
Boiler Starting Operating Procedure
No ratings yet
Boiler Starting Operating Procedure
2 pages
Reflection Essay On Work Experience
No ratings yet
Reflection Essay On Work Experience
4 pages
11 Engine Tools Appliances Fdny
No ratings yet
11 Engine Tools Appliances Fdny
52 pages
Affidavit of Disclosure
100% (1)
Affidavit of Disclosure
1 page

Lab 0

Uploaded by

Lab 0

Uploaded by

Risk Management in

• Risk Management Fundamentals: Threats, Vulnerabilities, & Exploits

2 4 3 5. Defining Risk Assessment Approaches

12. Mitigating Risk with a Business Impact Analysis

• Risk Management Fundamentals, Compliance Laws,

• Concepts of Risk Assessment

• Business Impact Analysis and Continuity Planning

You might also like