Information Risk Management

  • May 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Information Risk Management as PDF for free.

More details

  • Words: 305
  • Pages: 10
Information Risk Management

ensuring secure and reliable corporate computing

Things Can Go Wrong Imagine:  Your purchase system makes you overpay a crore a year  Your competitor knows all about your ‘unique’ product  All your emails are read by the person in opposite cubicle or, worse, the taxman!

Information risk needs attention  IT,

in most organisations, has grown organically  Islands of IT  Just too many promises  Excuses, excuses, excuses  Is IT investment paying off?

Aspects of Information Risk Management  Control  Security  Reliability  Operational

Efficiency  Business Continuity  ROI  Compliance

Risk and Control  The

central concept  Anticipating what can go wrong  Prevention of ‘incidents’  Being prepared

Information Systems Security

Acts of God

tia en id

Co nf

ity gr te

Hackers etc.

Information Assets

In

Human Errors, Accidents

lit

y

Competitors, Adversaries

Manipulating Processes

Availability

Threats To IS Security       

Buggy/ Not Well Designed Software Lack of Operational Controls Casual attitude towards systems security Vendor Stability Environmental Hazards Accident/ Errors Malicious Attacks – – – – –

Hacking DOS Social Engineering Insiders Virus, etc.

IS Policies & Procedures  The

first and most critical component to any IS risk management programme  Sets a baseline from which to operate  Communicates management’s intent  Describes acceptable uses of various systems, expectations from users. Based on ‘Best Practices’  Establishes framework for Business Continuity and Disaster Recovery

Risk Management Life Cycle Analyse Current State

Organisation Objectives

Risk Assessm ent

Assess

Business Processes

Review Anticipate

Technologica l Capabilities

Policy Gap Analysis

Implement

Visualise Maintain

External Environment Monitor Revise

Formulate

Roadmap  IT

Strategy  Comprehensive risk assessment  Establishment of control framework  IT Policy  Security implementation  User awareness and training  Audit

Related Documents

Risk Management
June 2020 20
Risk Management
June 2020 17
Risk Management
June 2020 11
Risk Management
May 2020 10
Risk Management
October 2019 26