Risk Assessment and Management (ISAD 37) PDF
Document Details
Uploaded by Deleted User
John Ysaac A. Espinoda
Tags
Summary
This presentation provides a comprehensive overview of risk assessment and management, from defining key terms to illustrating real-world scenarios and practical applications. It includes various aspects such as threats, vulnerabilities, types of assets, interrelation of terms, and the importance of mitigation strategies.
Full Transcript
RISK ASSESSMENT AND MANAGEMENT ISAD 37 – Week 1 Presented by: Mr. John Ysaac A. TOPIC OUTLINE: DEFINITION OF TERMS INTERRELATION OF TERMS INTRODUCTION TO RISK ASSESSMENT AND MANAGEMENT BENEFITS OF RISK ASSESSMENT DEFINITION OF TERMS 1.Risk It refers to t...
RISK ASSESSMENT AND MANAGEMENT ISAD 37 – Week 1 Presented by: Mr. John Ysaac A. TOPIC OUTLINE: DEFINITION OF TERMS INTERRELATION OF TERMS INTRODUCTION TO RISK ASSESSMENT AND MANAGEMENT BENEFITS OF RISK ASSESSMENT DEFINITION OF TERMS 1.Risk It refers to the potential for loss, damage, or destruction of an asset because of a threat exploiting a vulnerability. Risk = Likelihood x Impact DEFINITION OF TERMS Elements of Risk Likelihood: How probable is the threat to exploit the vulnerability? Impact: What is the potential harm or damage if the risk occurs? DEFINITION OF TERMS Elements of Risk Likelihood: How probable is the threat to exploit the vulnerability? Impact: What is the potential harm or damage if the risk occurs? DEFINITION OF TERMS 2.Threat A threat is any circumstance or event with the potential to cause harm by exploiting vulnerabilities. Threats can be natural, human-made, or technological. DEFINITION OF TERMS Types of Threat Natural Threat It refers to any potential hazard or danger that originates from natural processes or phenomena in the environment. These threats are typically beyond human control and can cause significant damage to infrastructure, disrupt operations, and pose risks to human safety. DEFINITION OF TERMS Types of Threat Human Threat It refers to any potential hazard or risk posed by individuals or groups through intentional or unintentional actions that can harm an organization, its assets, or its operations. DEFINITION OF TERMS Types of Threat Technological Threat It refers to any potential danger or risk that arises from the use or advancement of technology. These threats can affect individuals, organizations, or even entire nations. QUESTION: Can an organization prepare for all types of threats equally? DEFINITION OF TERMS 3. Vulnerability Vulnerability refers to weaknesses or gaps in a system that can be exploited by threats. It can be related to physical, technical, or human factors. DEFINITION OF TERMS Types of Vulnerabilities Technical Vulnerabilities It refers to weaknesses or flaws in technology systems, software, or hardware that can be exploited by attackers to compromise security, disrupt operations, or gain unauthorized access. DEFINITION OF TERMS Types of Vulnerabilities Technical Vulnerabilities It refers to weaknesses or flaws in technology systems, software, or hardware that can be exploited by attackers to compromise security, disrupt operations, or gain unauthorized access. Examples: Broken/low quality CCTVs, broken scanner, etc. DEFINITION OF TERMS Types of Vulnerabilities Physical Vulnerabilities It refers to weaknesses or flaws in the physical aspects of an organization’s infrastructure and facilities that can be exploited to cause harm or gain unauthorized access. DEFINITION OF TERMS Types of Vulnerabilities Physical Vulnerabilities It refers to weaknesses or flaws in the physical aspects of an organization’s infrastructure and facilities that can be exploited to cause harm or gain unauthorized access. Examples: Unlocked doors, broken doors, etc. DEFINITION OF TERMS Types of Vulnerabilities Human Vulnerabilities It refers to weaknesses or flaws related to people that can lead to security risks or operational issues within an organization DEFINITION OF TERMS Types of Vulnerabilities Human Vulnerabilities It refers to weaknesses or flaws related to people that can lead to security risks or operational issues within an organization Examples: Lack of training, insider threats, employee behavior, etc. QUESTION: How can organizations mitigate vulnerabilities? DEFINITION OF TERMS 4. Asset An asset is anything of value to an organization that needs protection. DEFINITION OF TERMS TYPES OF ASSETS Tangible Intangible Physical Information Human QUESTION: How do organization prioritize their most valuable assets? TOPIC OUTLINE: DEFINITION OF TERMS INTERRELATION OF TERMS INTRODUCTION TO RISK ASSESSMENT AND MANAGEMENT BENEFITS OF RISK ASSESSMENT INTERRELATION OF TERMS 1st Scenario: Theft o Asset: Retail merchandise, which includes expensive items like electronics and jewelry. o Threat: Shoplifter targeting high-value merchandise. o Vulnerability: Weak security measures, such as inadequate surveillance cameras in certain areas or ineffective loss prevention practices. Compute for the Risk INTERRELATION OF TERMS 2nd Unauthorized Access o Asset: Sensitive areas within the mall, including inventory storage and office spaces. o Threat: Unauthorized individuals attempting to gain access to restricted areas. o Vulnerability: Poor access control systems, such as malfunctioning keycard systems or insufficient security staff monitoring. Compute for the Risk INTERRELATION OF TERMS 3rd Natural Disaster o Asset: Physical structures of the mall, including stores, parking areas, and office spaces. o Threat: Severe weather event, such as a hurricane or flood. o Vulnerability: Inadequate physical infrastructure to withstand natural disasters (e.g., poor drainage, unreinforced building structures). Compute for the Risk TOPIC OUTLINE: DEFINITION OF TERMS INTERRELATION OF TERMS INTRODUCTION TO RISK ASSESSMENT AND MANAGEMENT BENEFITS OF RISK ASSESSMENT INTRODUCTION TO RISK ASSESSMENT AND MANAGEMENT Risk Assessment V.S. Risk Management The process of identifying, The process of controlling analyzing, and evaluating risks risks to minimize their to determine their potential impact and ensure impact and likelihood. organizational objectives are achieved. QUESTION: What is the purpose of Risk Assessment and Management in a company? QUESTION: What is the purpose of Risk Assessment and Management in a company? 1. Minimize potential losses or damages. 2. Prioritize risk mitigation efforts based on risk levels. TOPIC OUTLINE: DEFINITION OF TERMS INTERRELATION OF TERMS INTRODUCTION TO RISK ASSESSMENT AND MANAGEMENT BENEFITS OF RISK ASSESSMENT BENEFITS OF RISK ASSESSMENT 1. Enhances Protection of Assets o An effective risk management identifies and mitigates threats and vulnerabilities that could harm valuable assets. 2. Improves Decision-Making o It provides a structured approach to evaluating potential risks and making informed decisions based on risk assessments. END OF DISCUSSION