50 %
50 %
Information about 3130-g3

Published on January 15, 2009

Author: aSGuest10636

Source: authorstream.com

A FRAMEWORK FOR INTEGRATED RISK MANAGEMENT IN INFORMATION TECHNOLOGY : A FRAMEWORK FOR INTEGRATED RISK MANAGEMENT IN INFORMATION TECHNOLOGY By Group4: Cher, Jessica, Jessie & Kat INTRODUCTION : INTRODUCTION What is risk management? Objective: to protect IT assets from all external and internal threats Purpose: to avoid and minimize losses by implementing the best combination of security measures INTRODUCTION : INTRODUCTION Major components of risk management: Risk identification Risk analysis Risk-reducing measures Risk monitoring STAGE:1 : STAGE:1 RISK IDENTIFICATION RISK IDENTIFICATION : RISK IDENTIFICATION Determine early the potential impact of the realization of internal and external threats on the entire IT environment. RISK IDENTIFICATION : RISK IDENTIFICATION Levels of IT environment: Organizational Level Inter-organizational Level Application Level RISK IDENTIFICATION : RISK IDENTIFICATION Application level Concentrates on the risks of technical or implementation failure of IT applications Risks may arise from both external and internal threats RISK IDENTIFICATION : RISK IDENTIFICATION Organizational level focus on the impact of IT throughout all functional areas of the organization such impact maybe positive or negative 3 types of organizational risks: Sustainability risk Data security risk Legal risk RISK IDENTIFICATION : RISK IDENTIFICATION Inter-organizational level Focus on the IT risks of organizations operating in a networked environment Top 3 threats for networked environment: Natural disaster Intrusion by computer hackers Weak and ineffective control STAGE:2 : STAGE:2 RISK ANALYSIS RISK ANALYSIS : RISK ANALYSIS Understand and investigate the extent of losses of IT assets if risks identified are realized Assess the risks and select appropriate and justified security safeguards RISK ANALYSIS : RISK ANALYSIS Supervised by experienced IT security staff With knowledge of computer security principles RISK ANALYSIS : RISK ANALYSIS Risk analysis deals with which assets need protection? what is the value of these assets? what threats prevail? what is the probability of each threat? what is the vulnerability of the assets to the threats? how much is the company at risk? RISK ANALYSIS : RISK ANALYSIS Risk is calculated as combination of the value of assets the level of threat the level of being harmed RISK ANALYSIS : RISK ANALYSIS Cost-benefit Analyses determine which controls are the most effective and justifiable in terms of cost, resource requirements, scope, and protection provided analysis of assets, threats and outcomes to determine risks RISK ANALYSIS : RISK ANALYSIS Methodologies Quantitative Approach estimate the probabilities of possible outcomes of a significant risk Qualitative Approach use descriptive variables for analyzing IT risks RISK ANALYSIS : RISK ANALYSIS Risk analysis helps to obtain agreement among managers clearly understand the systems that must be protected understand how valuable to the organization STAGE:3 : STAGE:3 RISK-REDUCING MEASURES RISK: NATURAL DISASTERS : RISK: NATURAL DISASTERS Measures: Disaster Recovery Plan (DPR) Definition: “The process of developing and maintaining an effective written plan of how organizations will continue to operate in the event of interruptions of business functions” DRP : DRP Capabilities: Value-added capabilities Protect initial business assets and recover the business functions systematically Avoid major business losses Raise awareness and made employees become prepared for a disaster DRP : DRP Capabilities: Reduce legal risks Ensure to recover the acceptable level of operation in the least possible time Maintain uninterrupted services to customers Reduce insurance premiums for business interruption coverage RISK: DATA SECURITY RISKS : RISK: DATA SECURITY RISKS For stand-alone system Measures: Backup files password control Access code Fingerprinting Palm-printing Signature analysis Retinal screening Voice recognition For networked environment Measures: Data encryption Call-back modems RISK: COMPUTER VIRUSES : RISK: COMPUTER VIRUSES Measures: Password Backup procedures Employee education Security policies Company provided software Viruses removing software RISK STRATEGIC RISKS : RISK STRATEGIC RISKS Steps to take: 1. Understand strategic risk 2. Foresee the long-term benefits form a new system 3. Access resources and capabilities of its potential competitors RISK STRATEGIC RISKS : RISK STRATEGIC RISKS 4. Evaluate company’s internal strengths 5. Match IT strategy with its overall business strategy. RISK: STRATEGIC RISK : RISK: STRATEGIC RISK Measures: Patent protection Innovative search for new ways to compete Advantage: provide competitive advantages to the company RISK: LEGAL RISK : RISK: LEGAL RISK Measures: Policies and procedures Advantages: Promote understanding of potential legal risk STAGE:4 : STAGE:4 RISK-MONITORING RISK MONITORING : RISK MONITORING Security problem of IT environment Ensure those effective countermeasures are appropriately implemented RISK MONITORING : RISK MONITORING 1st step: risk-reducing measures are evaluated 2nd step: appropriate adjustments are made upon ill-implemented areas An on-going re-evaluation and proper adjustment should be made FEW TIPS TO MANAGER : FEW TIPS TO MANAGER Investment on tested and update risk management method Ensure those managers have the ability to identify those potential threats Managers need to change their traditional way of thinking about risk RISK MANAGEMENT PLAN : RISK MANAGEMENT PLAN A general idea of risk management concept in: application level, organisational level and inter-organisational level Teaching program about decision theory approaches related to risk management Managers should react proactively BUSINESS-ORIENTED APPROACH : BUSINESS-ORIENTED APPROACH Focus on identifying risks to the business process It fits together well with the business process re-engineering (BPR) They all concern about the re-evaluation of what they do and how they do it BUSINESS-ORIENTED APPROACH : BUSINESS-ORIENTED APPROACH Benefits: -Encourages management involvement -Saves more time and resources - Focus on mission CONCLUSION : CONCLUSION Companies and managers should co-operate together in all four steps of risk management A close relationship should be developed between all four steps

Add a comment

Related presentations

Related pages

G3 Empire Carbon 127 Ski | geARCHIVE.com - Outdoor gear ...

Compare specs on the G3 Empire Carbon 127 Ski in an efficient table-format. Easily shop for the best price and read/write reviews. No buyer's guide can ...
Read more

Vacuum - Black Handheld 12 Volt Plug

Brushroll 2037029 Models 3130 3130; G3 G6 G7 G10d Sentria; Filtration Vacuum Bags Free; Central Inlet Installation Kit Foot; Cartridge Filter Vac ...
Read more

Box of Assorted Vintage Games and Toys - Youcanbid.ca®

YOUCANBID.ca, 565 Front St., Wyoming, ONTARIO N0N 1T0 [3130] (g3) Current Server Time: 3/26/16 8:22:45 AM ET: Place Pre-Bid;
Read more

CONSIGNMENT AUCTION-565 Front St., Wyoming - Youcanbid.ca®

Location: YOUCANBID.ca, 565 Front St., Wyoming, ONTARIO N0N 1T0 [3130] (g3) 5.00 CAD--4/5 8:30 PM ET Item Details & Bidding Watch This Item: 23-101160 ...
Read more

(CZ) China Southern Airlines 7174 Flight Status

Check the current status of flight (CZ) China Southern Airlines 7174 complete with live maps, weather and more.
Read more

Reed Gift Fairs Melbourne February

Reed Gift Fairs – Melbourne February 04 - 7 Feb 2012 Gatwick Distribution (2912) F6 ... Safade (3130) G3 Sassy Duck (1502) C8 Selco Imports Pty Ltd (1210) B7
Read more

Hf Hepa Filters

We Have Top Price Cuts On Hf Hepa Filters And Can Be Found At This Widely Used Retail Website.
Read more

Vacuum - Box Febreze Eureka 5500 Series

We Have Major Special Offers On Box Febreze Eureka 5500 Series And Discounted Today At This Trusted World-wide-web Site Market.
Read more

Cyrus 3 Service Manual - Scribd - Read books, audiobooks ...

Cyrus 3 Service Manual - Download as PDF File (.pdf) ... IV! %1 A8/! dW %1 A8/1 dW %1 M.3130 G3.'IV! %1 A8/1 .lJ:)"13 sn.IN SllldN ~Z1IdN ~m.IV!
Read more

Vax Power Pet P2p S4737

Bissell Belt 3120 3130 3130; G3 Vacuum Part; Shop Vac Vacuum 9066100; Black Decker 12v Vac; Filtrete Bissell 10; Floor Prolux Vacuum; Central Vacuum 35 ...
Read more