Risk Management Processes PDF
Document Details
Uploaded by MemorablePointillism
null
null
null
Tags
Summary
This document provides a presentation on risk management processes, including key terms, definitions, different types of risks, and risk management strategies. The presentation aims to cover the concepts and methodologies for managing risks within organizations.
Full Transcript
CHAPTER 12 Risk Management Processes SECURITY PRO 12. RISK MANAGEMENT 1 PROCESSES Risk Manageme nt Processes and Concepts SECURITY PRO Key Terms Risk management Business impact analysis Key Risk Indicators (KRIs) (BIA) Continuity of operations...
CHAPTER 12 Risk Management Processes SECURITY PRO 12. RISK MANAGEMENT 1 PROCESSES Risk Manageme nt Processes and Concepts SECURITY PRO Key Terms Risk management Business impact analysis Key Risk Indicators (KRIs) (BIA) Continuity of operations Risk acceptance (COOP) Quantitative risk analysis Capacity planning Hot site Qualitative risk analysis Warm site Inherent risk Cold site SECURITY PRO Key Definitions Risk management: The cyclical process of identifying, assessing, analyzing, and responding to risks. Business impact analysis (BIA): Systematic activity that identifies organizational risks and determines their effect on ongoing mission-critical operations. Risk acceptance: The response of determining that a risk is within the organization's appetite and no countermeasures other than ongoing monitoring is needed. Quantitative risk analysis: A numerical method that is used to assess the probability and impact of risk and measure the impact. SECURITY PRO Key Definitions Qualitative risk analysis: The process of determining the probability of occurrence and the impact of identified risks by using logical reasoning when numeric data is not readily available. Inherent risk: Risk that an event will pose if no controls are put in place to mitigate it. Key Risk Indicators (KRIs): The method by which emerging risks are identified and analyzed so that changes can be adopted to proactively avoid issues from occuring. Continuity of operations (COOP): Identifies how business processes should deal with both minor and disaster-level disruption by ensuring that there is processing redundancy supporting the workflow. SECURITY PRO Key Definitions Capacity planning: A practice which involves estimating the personnel, storage, computer hardware, software, and connection infrastructure resources required over some future period of time. Hot site: A fully configured alternate processing site that can be brought online either instantly or very quickly after a disaster. Warm site: An alternate processing location that is dormant or performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed. Cold site: A predetermined alternate location where a network can be rebuilt after a disaster. SECURITY PRO Risk Types and Tolerance SECURITY PRO Asset Identification Lost data Failed systems Downtime Training new employees SECURITY PRO Risk Types and Tolerance SECURITY PRO Risk Types and Tolerance SECURITY PRO Internal Threats Employee fraud Theft System failure Sabotage Espionage Collusion Snooping SECURITY PRO External Threats Fire Water Burglars Internet attackers Market competition Natural disasters SECURITY PRO Risk Management Strategies Avoidance Transference Mitigation Acceptance SECURITY PRO Transference Outsourcing Cybersecurity insurance SECURITY PRO Security Controls Administrative controls Technical controls Risk-control checks SECURITY PRO Summary Asset identification Risk identification Risk analysis Risk evaluation Risk management strategies SECURITY PRO Analyzing Risks SECURITY PRO Analyzing Risks SECURITY PRO ARO Crime Natural disasters Insurance Cyber incidents SECURITY PRO SLE Loss expected by an attack Monetary value SECURITY PRO ALE Annual loss from incident SLE x ARO = ALE SECURITY PRO Analyzing Risks SECURITY PRO Analyzing Risks SECURITY PRO Analyzing Risks SECURITY PRO Summary Calculate risk Illustrate risk SECURITY PRO Business Continuity Planning SECURITY PRO Business Impact Analysis Identify critical functions Prioritize critical functions Calculate recovery timeframe Estimate impact SECURITY PRO Recover Point Objective How old can restored data be? How many backups? SECURITY PRO Site Resiliency Hot site Warm site Cold site SECURITY PRO Business Continuity Planning SECURITY PRO Business Continuity Planning SECURITY PRO Business Continuity Planning SECURITY PRO Summary Business continuity plans Business impact analysis Site resiliency SECURITY PRO Class Discussion Why are disaster recovery policies important for an organization's security? What is the difference in acceptance and mitigation in risk management? What is the difference in qualitative and quantitative risk assessment? How is the annualized rate of occurrence (ARO) calculated? What are examples of external risk types? SECURITY PRO 12. RISK MANAGEMENT 2 PROCESSES Vendor Managem ent SECURITY PRO Key Terms Due diligence Memorandum of Agreement (MOA) Conflict of interest Business Partnership Questionnaires Agreement (BPA) Rules of Engagement (RoE) Master Service Agreement Memorandum of (MSA) Understanding (MOU) Service-level Agreement Nondisclosure Agreement (SLA) (NDA) Statement of Work (SOW)/Work Order (WO) SECURITY PRO Key Definitions Due diligence: A legal principal that responsible parties have used best practice or reasonable care and have not been negligent in discharging their duties. Conflict of interest: When an individual or organization has investments or obligations that could compromise their ability to act objectively, impartially, or in the best interest of another party. Questionnaires: In vendor management, a structured means of obtaining consistent information, enabling more effective risk analysis and comparison. Rules of Engagement (RoE): A definition of how a pen test will be executed and what constraints will be in place. This provides the pen tester with guidelines to consult as they conduct their tests so that they don't have to constantly ask management for permission to do something. SECURITY PRO Key Definitions Memorandum of Understanding (MOU): Usually a preliminary or exploratory agreement to express an intent to work together that is not legally binding and does not involve the exchange of money. Nondisclosure Agreement (NDA): An agreement that stipulates that entities will not share confidential information, knowledge, or materials with unauthorized third parties. Memorandum of Agreement (MOA): Legal document forming the basis for two parties to cooperate without a formal contract (a cooperative agreement). MOAs are often used by public bodies. Business Partnership Agreement (BPA): Agreement by two companies to work together closely, such as the partner agreements that large IT companies set up with resellers and solution providers. SECURITY PRO Key Definitions Master Service Agreement (MSA): A contract that establishes precedence and guidelines for any business documents that are executed between two parties. Service-level Agreement (SLA): An agreement that sets the service requirements and expectations between a consumer and a provider. Statement of Work (SOW)/Work Order (WO): A document that defines the expectations for a specific business arrangement. SECURITY PRO Managing Third Parties SECURITY PRO Onboarding Considerations Security policies Incident response procedures Security controls Audit policies Security posture SECURITY PRO Managing Third Parties SECURITY PRO Managing Third Parties SECURITY PRO Managing Third Parties SECURITY PRO Managing Third Parties SECURITY PRO Managing Third Parties SECURITY PRO Ongoing Operations Tasks Verify compliance Assess vulnerabilities Audit security Share findings SECURITY PRO Offboarding Phase Disable shared connections Disable domain trusts Disable user or group accounts Reset passwords Revisit NDA End-of-business agreement SECURITY PRO Summary Onboarding phase Ongoing operations phase Offboarding phase SECURITY PRO Class Discussion What are three types of third-party relationships? How does onboarding with a third-party create security risk? What security risks should be considered on a daily or ongoing basis? Why is it important to reevaluate security risks when offboarding? SECURITY PRO 12. RISK MANAGEMENT 3 PROCESSES Audits and Assessme nts SECURITY PRO Section Skill Overview Audit the Windows security log. Configure advanced audit policies. Audit device logs on a switch. Enable device logs. SECURITY PRO Key Terms SIEM Sensor Trend Sensitivity SECURITY PRO Key Definitions SIEM: A software tool used to compile and examine multiple data points gathered from across a network. Sensor: A devise that gathers data from a device or system. It provides the collected data to a monitoring system. Trend: Patterns of activity discovered and reported to the SIEM. Sensitivity: Customized threshold for sensor data that is sent to the SIEM. SECURITY PRO Audits SECURITY PRO Audits and assessments Internal External SECURITY PRO Audits SECURITY PRO Audits SECURITY PRO Audits SECURITY PRO Audits SECURITY PRO Audits SECURITY PRO Audits SECURITY PRO Audits SECURITY PRO Penetration Test Environments Unknown Partially known Known SECURITY PRO Audits SECURITY PRO Audits SECURITY PRO Audits SECURITY PRO Audits SECURITY PRO Audits SECURITY PRO Audits and Assessments Internal and external Penetration testing SECURITY PRO In-Class Practice Do the following labs: 12.3.4 Configure Advanced Audit Policy 12.3.6 Enable Device Logs SECURITY PRO Class Discussion What is an audit? What are the different types of audits? How do the types of audits differ from one another? SECURITY PRO
