Information Risk Management
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Information Risk Management as PDF for free.
More details
- Words: 305
- Pages: 10
Information Risk Management
ensuring secure and reliable corporate computing
Things Can Go Wrong Imagine: Your purchase system makes you overpay a crore a year Your competitor knows all about your ‘unique’ product All your emails are read by the person in opposite cubicle or, worse, the taxman!
Information risk needs attention IT,
in most organisations, has grown organically Islands of IT Just too many promises Excuses, excuses, excuses Is IT investment paying off?
Aspects of Information Risk Management Control Security Reliability Operational
Efficiency Business Continuity ROI Compliance
Risk and Control The
central concept Anticipating what can go wrong Prevention of ‘incidents’ Being prepared
Information Systems Security
Acts of God
tia en id
Co nf
ity gr te
Hackers etc.
Information Assets
In
Human Errors, Accidents
lit
y
Competitors, Adversaries
Manipulating Processes
Availability
Threats To IS Security
Buggy/ Not Well Designed Software Lack of Operational Controls Casual attitude towards systems security Vendor Stability Environmental Hazards Accident/ Errors Malicious Attacks – – – – –
Hacking DOS Social Engineering Insiders Virus, etc.
IS Policies & Procedures The
first and most critical component to any IS risk management programme Sets a baseline from which to operate Communicates management’s intent Describes acceptable uses of various systems, expectations from users. Based on ‘Best Practices’ Establishes framework for Business Continuity and Disaster Recovery
Risk Management Life Cycle Analyse Current State
Organisation Objectives
Risk Assessm ent
Assess
Business Processes
Review Anticipate
Technologica l Capabilities
Policy Gap Analysis
Implement
Visualise Maintain
External Environment Monitor Revise
Formulate
Roadmap IT
Strategy Comprehensive risk assessment Establishment of control framework IT Policy Security implementation User awareness and training Audit
ensuring secure and reliable corporate computing
Things Can Go Wrong Imagine: Your purchase system makes you overpay a crore a year Your competitor knows all about your ‘unique’ product All your emails are read by the person in opposite cubicle or, worse, the taxman!
Information risk needs attention IT,
in most organisations, has grown organically Islands of IT Just too many promises Excuses, excuses, excuses Is IT investment paying off?
Aspects of Information Risk Management Control Security Reliability Operational
Efficiency Business Continuity ROI Compliance
Risk and Control The
central concept Anticipating what can go wrong Prevention of ‘incidents’ Being prepared
Information Systems Security
Acts of God
tia en id
Co nf
ity gr te
Hackers etc.
Information Assets
In
Human Errors, Accidents
lit
y
Competitors, Adversaries
Manipulating Processes
Availability
Threats To IS Security
Buggy/ Not Well Designed Software Lack of Operational Controls Casual attitude towards systems security Vendor Stability Environmental Hazards Accident/ Errors Malicious Attacks – – – – –
Hacking DOS Social Engineering Insiders Virus, etc.
IS Policies & Procedures The
first and most critical component to any IS risk management programme Sets a baseline from which to operate Communicates management’s intent Describes acceptable uses of various systems, expectations from users. Based on ‘Best Practices’ Establishes framework for Business Continuity and Disaster Recovery
Risk Management Life Cycle Analyse Current State
Organisation Objectives
Risk Assessm ent
Assess
Business Processes
Review Anticipate
Technologica l Capabilities
Policy Gap Analysis
Implement
Visualise Maintain
External Environment Monitor Revise
Formulate
Roadmap IT
Strategy Comprehensive risk assessment Establishment of control framework IT Policy Security implementation User awareness and training Audit
Related Documents
Information Risk Management
May 2020 13
Risk Management
June 2020 20
Risk Management
June 2020 17
Risk Management
June 2020 11
Risk Management
May 2020 10