Scribd Logo
Importer

Bienvenue sur Scribd !

  • Information Security Risk Management - v1.1

    Transféré par

    Raju Nair
    52 vues13 pages
    Information technology (it) plays critical role in supporting business objectives connected it infrastructures Highly with increasingly hostile--attacks attacks mounted with increasing frequency Demanding ever shorter reaction times Organizations are unable to react to new security threats before their business is impacted 3 Threat of I.T frauds Vulnerable Safe Most affected computers Mumbai Chennai Rest of India Executive sponsorship Well-defined list of risk management stakeholders Organizational maturity Atmosphere of open communication Holistic view of the organization authority throughout the process 5 Senior management unambiguously support the security

    Description originale:

    Titre original

    Information Security Risk Management_v1.1

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Information technology (it) plays critical role in supporting business objectives connected it infrastructures Highly with increasingly hostile--attacks attacks mounted with increasing frequency Demanding ever shorter reaction times Organizations are unable to react to new security threats before their business is impacted 3 Threat of I.T frauds Vulnerable Safe Most affected computers Mumbai Chennai Rest of India Executive sponsorship Well-defined list of risk management stakeholders Organizational maturity Atmosphere of open communication Holistic view of the organization authority throughout the process 5 Senior management unambiguously support the security

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    52 vues13 pages

    Information Security Risk Management - v1.1

    Transféré par

    Raju Nair
    Information technology (it) plays critical role in supporting business objectives connected it infrastructures Highly with increasingly hostile--attacks attacks mounted with increasing frequency Demanding ever shorter reaction times Organizations are unable to react to new security threats before their business is impacted 3 Threat of I.T frauds Vulnerable Safe Most affected computers Mumbai Chennai Rest of India Executive sponsorship Well-defined list of risk management stakeholders Organizational maturity Atmosphere of open communication Holistic view of the organization authority throughout the process 5 Senior management unambiguously support the security

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 13

    Presented by Raju Nair ( Consultant I.

    T )
    M.B.A -Information Management
    rajunair@consultant.com

    1
     Summary  Cost Analysis
     Threat
     Conclusion
     Keys to Success
    • Executive sponsorship
    • Risk management stakeholders
    • Organizational maturity
    • Atmosphere of open
    communication
    • Holistic view of the organization
    • Authority throughout the
    process

    2
     Informationtechnology (IT) plays critical role
    in supporting business objectives

     Highly connected IT infrastructures


    • With increasingly hostile—attacks
    • Attacks mounted with increasing frequency
    • Demanding ever shorter reaction times
    • Organizations are unable to react to new security
    threats before their business is impacted

    3
    Threat of I.T frauds Most affected computers
    Vulnerable Safe Mumbai Chennai Rest of India

    8%

    39% 37%

    92%
    24%

    Source: www.theeconomictimes.com
    Dated:19 Sep 2009
    4
     Executive sponsorship
     Well-defined list of risk management stakeholders
     Organizational maturity
     Atmosphere of open communication
     Teamwork
     Holistic view of the organization
     Authority throughout the process

    5
     Senior management

    • Unambiguously and enthusiastically support the


    security risk management process

    • Stakeholders may resist or undermine efforts to use


    risk management

    6
     Includes
    • Core team

    • Executive sponsors

    • People owning the business assets

    • IT personnel responsible and accountable


     Designing
     Deploying
     Managing the business assets

    7
     Calculate organization's maturity level

     Processmay involve too much change in


    order to implement it in its entirety

    8
     Staff
    and managers instinctively seek to drive
    the process toward outcomes that will benefit
    them and their parts of the organization.

    9
     Team members must be empowered to meet the
    commitments assigned to them
     Empowerment requires
    • Team members are given the resources necessary to perform
    their work

    • Responsible for the decisions that affect their work

    • Understand the limits to their authority

    • Escalation paths available to handle issues that transcend these


    limits

    10
     Relative
    values and costs of each control will
    be compared rather than absolute financial
    figures
    Communication

    Ongoing Training Costs

    Costs to
    Implementation Productivity and
    Convenience

    Auditing and
    Acquisition Costs Verifying

    11
     Proactive approach

     Organize and prioritize limited resources

     Effective controls that lower risk

    12
    13

    Vous aimerez peut-être aussi