SlideShare una empresa de Scribd logo

Risk management

Descargar como DOCX, PDF
K
kalli007
EmpresarialesTecnología
1 de 3
3.Create a risk management plan and indentify key areas of concern within the organization. Aneffective risk management process is an important component of a successful IT security program. The principle goal of an organization’s risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets. Therefor, the risk management process should not be treating primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization. Common threat sources: Natural Threats – Floods, earthquakes, landslides, tornadoes and other such events. Human Threats– Events that are either enabled by or caused by human beings, such as unintentional acts (inadvertent data entry) or deliberate actions (network based attacks, malicious software upload, unauthorized access to confidential information). Environmental Threads – Long-term power failure, pollution, chemicals, liquid leakage. To derive an overall likelihood rating that indicates the probability that a potential vulnerability may be exercised within the construct on the associated threat environment High - The threat source is highly motivated and sufficient capable, and controls to prevent the vulnerability from being exercised are ineffective. Medium - The threat source is motivated and capable, but controls are in place that may impede successful exercise of the vulnerability. Low - the threat source lacks motivation or capability, or controls are in place to prevent, or at last significantly impede, the vulnerability from being exercised. We will identify risks pertaining to the group in 4 main areas: 1. Risk identification 2. Risk probability 3. Risk impact 4. Mitigation and or corrective action
Risk Management Plan Ref. Risk Identification Risk probability Risk impact Corrective actions No High Med Low 1 Distributed system X Open to attack resulting in Adequate firewall and system performance security settings, issues including failure, different sub nets, loss/corrupted or stolen domain & group policy data 2 Data storage X Current each site stores its Centralized servers own data sets and only with mirror backups – few sites have a proper introduce user profiles backup facility –Employee limiting access data, pay role, sales & enforcing segregation marketing, production of duties 3 X Ina event of a data loss System back up and Disaster Recovery unable to recover and Disaster recovery plan operate effectively 4 Software Licensing X The group holds 4% of the Proper assets export share in Sri Lanka management. Obtain not been with global common licensing for standard in IS/IT is an software for the entire impact to the reputation group and the competition 6 Procurement X Each company purchasing Implementation of own IT equipment- centralized manager to leading to compatibility oversee the control IT issues, over specified at the grup /underspecified machinery 7 Asset management X There are no current Purchase asset facility to register or management software manage the IT assets 8 Continuity- different X No current standard with Identify best practice information sets in the business no implementation of stored, recognized best practices centralized approach compatibility, for IS systems Inc. data management Version control and ,centralized data base usability 9 Training X Different levels of IT Provides a standardized awareness within the training approach business ,( employees ) 10 Data Access ability X All employees have access Introduce user profiles/ to customer information levels of access (data protection act) pertaining to job role 11 Infrastructure X Long time take to be back Emerge with branded management in the operations on products and reliable (computers) breakdowns suppliers
How Hayleys outlined the ITrisk, IT Risk The group *Implementation of sound IT policy Moderate depends on throughout the group is support by accurate, timely adequate systems and controls. information from *A contingency plan is in place to key computer mitigate the risk of IT failures. systems to enable *A central IT team is in place to support decision making IT within the Group. Risks associated with information technology are assessed in the process of “Enterprise Risk Management”. Use of licensed software ( with Microsoft Corporation ), closer monitoring of internet usage (for compliance with the group’s IT use policy)and mail server operations and the use of antivirus and firewall software, are some of the practices in place in the group. Also the decision of changing the group’s communication system is another risk factor it has some negative risk points but the positive effective to both IT infrastructure (security, control) and cost is high.

Recomendados

ITFM Business Brief
ITFM Business BriefITFM Business Brief
ITFM Business Briefwdjohnson1
 
Security on z/OS
Security on z/OSSecurity on z/OS
Security on z/OSIBM India Smarter Computing
 
Centralizing security on the mainframe
Centralizing security on the mainframeCentralizing security on the mainframe
Centralizing security on the mainframeArun Gopinath
 
Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...Global Business Events - the Heart of your Network.
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesHyTrust
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
eFrame® for Insurance Solvency II Stress Testing
eFrame® for Insurance Solvency II Stress TestingeFrame® for Insurance Solvency II Stress Testing
eFrame® for Insurance Solvency II Stress TestingSecondFloor
 

Recomendados

ITFM Business Brief
ITFM Business BriefITFM Business Brief
ITFM Business Briefwdjohnson1
 
Security on z/OS
Security on z/OSSecurity on z/OS
Security on z/OSIBM India Smarter Computing
 
Centralizing security on the mainframe
Centralizing security on the mainframeCentralizing security on the mainframe
Centralizing security on the mainframeArun Gopinath
 
Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...Global Business Events - the Heart of your Network.
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesHyTrust
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
eFrame® for Insurance Solvency II Stress Testing
eFrame® for Insurance Solvency II Stress TestingeFrame® for Insurance Solvency II Stress Testing
eFrame® for Insurance Solvency II Stress TestingSecondFloor
 
Ten ways to save money with Tivoli Storage Manager
Ten ways to save money with Tivoli Storage ManagerTen ways to save money with Tivoli Storage Manager
Ten ways to save money with Tivoli Storage ManagerIBM India Smarter Computing
 
Microsoft Forefront - Help Securely Enable Business by Managing Risk and Empo...
Microsoft Forefront - Help Securely Enable Business by Managing Risk and Empo...Microsoft Forefront - Help Securely Enable Business by Managing Risk and Empo...
Microsoft Forefront - Help Securely Enable Business by Managing Risk and Empo...Microsoft Private Cloud
 
Security operations center inhouse vs outsource
Security operations center inhouse vs outsourceSecurity operations center inhouse vs outsource
Security operations center inhouse vs outsourceNetmagic Solutions Pvt. Ltd.
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013Ian Sommerville
 
Risk Management
Risk ManagementRisk Management
Risk Managementrobertgk00
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud SecurityIT@Intel
 
Comprehensive integrated reporting fei article by david phillips mike willis ...
Comprehensive integrated reporting fei article by david phillips mike willis ...Comprehensive integrated reporting fei article by david phillips mike willis ...
Comprehensive integrated reporting fei article by david phillips mike willis ...Workiva
 
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution PresentationMicrosoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution PresentationMicrosoft Private Cloud
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingRaghuraman Ramamurthy
 
Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Avirot Mitamura
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementSafeNet
 
2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccess2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccessasundaram1
 
Decision support systems
Decision support systemsDecision support systems
Decision support systemsjatin Sareen
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
Mtw03008 usen
Mtw03008 usenMtw03008 usen
Mtw03008 usenrjstevens
 
Computrace Laptop Security Solutions
Computrace Laptop Security SolutionsComputrace Laptop Security Solutions
Computrace Laptop Security Solutionsabe8512000
 
Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity ModelCSCJournals
 
Davis 5611 module3
Davis 5611 module3Davis 5611 module3
Davis 5611 module3stephanie_davis
 
Actualiteiten, verzekeringen en abonnementen, toepassingen
Actualiteiten, verzekeringen en abonnementen, toepassingenActualiteiten, verzekeringen en abonnementen, toepassingen
Actualiteiten, verzekeringen en abonnementen, toepassingenARAG_nl
 
Continental sibiu the blasters
Continental sibiu the blastersContinental sibiu the blasters
Continental sibiu the blastersRoman Panuta
 

Más contenido relacionado

La actualidad más candente

Ten ways to save money with Tivoli Storage Manager
Ten ways to save money with Tivoli Storage ManagerTen ways to save money with Tivoli Storage Manager
Ten ways to save money with Tivoli Storage ManagerIBM India Smarter Computing
 
Microsoft Forefront - Help Securely Enable Business by Managing Risk and Empo...
Microsoft Forefront - Help Securely Enable Business by Managing Risk and Empo...Microsoft Forefront - Help Securely Enable Business by Managing Risk and Empo...
Microsoft Forefront - Help Securely Enable Business by Managing Risk and Empo...Microsoft Private Cloud
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013Ian Sommerville
 
Risk Management
Risk ManagementRisk Management
Risk Managementrobertgk00
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud SecurityIT@Intel
 
Comprehensive integrated reporting fei article by david phillips mike willis ...
Comprehensive integrated reporting fei article by david phillips mike willis ...Comprehensive integrated reporting fei article by david phillips mike willis ...
Comprehensive integrated reporting fei article by david phillips mike willis ...Workiva
 
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution PresentationMicrosoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution PresentationMicrosoft Private Cloud
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingRaghuraman Ramamurthy
 
Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Avirot Mitamura
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementSafeNet
 
2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccess2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccessasundaram1
 
Decision support systems
Decision support systemsDecision support systems
Decision support systemsjatin Sareen
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
Mtw03008 usen
Mtw03008 usenMtw03008 usen
Mtw03008 usenrjstevens
 
Computrace Laptop Security Solutions
Computrace Laptop Security SolutionsComputrace Laptop Security Solutions
Computrace Laptop Security Solutionsabe8512000
 
Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity ModelCSCJournals
 

La actualidad más candente (19)

Ten ways to save money with Tivoli Storage Manager
Ten ways to save money with Tivoli Storage ManagerTen ways to save money with Tivoli Storage Manager
Ten ways to save money with Tivoli Storage Manager
 
Microsoft Forefront - Help Securely Enable Business by Managing Risk and Empo...
Microsoft Forefront - Help Securely Enable Business by Managing Risk and Empo...Microsoft Forefront - Help Securely Enable Business by Managing Risk and Empo...
Microsoft Forefront - Help Securely Enable Business by Managing Risk and Empo...
 
Security operations center inhouse vs outsource
Security operations center inhouse vs outsourceSecurity operations center inhouse vs outsource
Security operations center inhouse vs outsource
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud Security
 
Comprehensive integrated reporting fei article by david phillips mike willis ...
Comprehensive integrated reporting fei article by david phillips mike willis ...Comprehensive integrated reporting fei article by david phillips mike willis ...
Comprehensive integrated reporting fei article by david phillips mike willis ...
 
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution PresentationMicrosoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution Presentation
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcing
 
Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key Management
 
2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccess2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccess
 
Decision support systems
Decision support systemsDecision support systems
Decision support systems
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
 
Mtw03008 usen
Mtw03008 usenMtw03008 usen
Mtw03008 usen
 
Computrace Laptop Security Solutions
Computrace Laptop Security SolutionsComputrace Laptop Security Solutions
Computrace Laptop Security Solutions
 
Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity Model
 

Destacado

Actualiteiten, verzekeringen en abonnementen, toepassingen
Actualiteiten, verzekeringen en abonnementen, toepassingenActualiteiten, verzekeringen en abonnementen, toepassingen
Actualiteiten, verzekeringen en abonnementen, toepassingenARAG_nl
 
Continental sibiu the blasters
Continental sibiu the blastersContinental sibiu the blasters
Continental sibiu the blastersRoman Panuta
 
Aan en verkoop onroerend goed
Aan en verkoop onroerend goedAan en verkoop onroerend goed
Aan en verkoop onroerend goedARAG_nl
 
How to change facebook privacy settings
How to change facebook privacy settingsHow to change facebook privacy settings
How to change facebook privacy settingsahhduckies
 
Kansen en risico’s bij verhuur van te koop staande woningen
Kansen en risico’s bij verhuur van te koop staande woningenKansen en risico’s bij verhuur van te koop staande woningen
Kansen en risico’s bij verhuur van te koop staande woningenARAG_nl
 
Flexibiliteit tijdens de arbeidsovereenkomst
Flexibiliteit tijdens de arbeidsovereenkomstFlexibiliteit tijdens de arbeidsovereenkomst
Flexibiliteit tijdens de arbeidsovereenkomstARAG_nl
 
Cleartelligence Html5 Dashboards
Cleartelligence Html5 DashboardsCleartelligence Html5 Dashboards
Cleartelligence Html5 Dashboardseroikola
 
Ishvinder pal singh( mba) copy
Ishvinder pal singh( mba) copyIshvinder pal singh( mba) copy
Ishvinder pal singh( mba) copy123ishvinder
 
My future vacation
My future vacationMy future vacation
My future vacationSinahi Simon
 
ENFERMEDADES RESPIRATORIAS
ENFERMEDADES RESPIRATORIASENFERMEDADES RESPIRATORIAS
ENFERMEDADES RESPIRATORIASSinahi Simon
 
Pedoman supervisi akademik
Pedoman supervisi akademikPedoman supervisi akademik
Pedoman supervisi akademikGozain Mudzakir
 

Destacado (16)

Davis 5611 module3
Davis 5611 module3Davis 5611 module3
Davis 5611 module3
 
Actualiteiten, verzekeringen en abonnementen, toepassingen
Actualiteiten, verzekeringen en abonnementen, toepassingenActualiteiten, verzekeringen en abonnementen, toepassingen
Actualiteiten, verzekeringen en abonnementen, toepassingen
 
Continental sibiu the blasters
Continental sibiu the blastersContinental sibiu the blasters
Continental sibiu the blasters
 
ieudla Google reader
ieudla Google reader ieudla Google reader
ieudla Google reader
 
11v3 ch10
11v3 ch1011v3 ch10
11v3 ch10
 
Aan en verkoop onroerend goed
Aan en verkoop onroerend goedAan en verkoop onroerend goed
Aan en verkoop onroerend goed
 
How to change facebook privacy settings
How to change facebook privacy settingsHow to change facebook privacy settings
How to change facebook privacy settings
 
Bab02
Bab02Bab02
Bab02
 
Kansen en risico’s bij verhuur van te koop staande woningen
Kansen en risico’s bij verhuur van te koop staande woningenKansen en risico’s bij verhuur van te koop staande woningen
Kansen en risico’s bij verhuur van te koop staande woningen
 
Flexibiliteit tijdens de arbeidsovereenkomst
Flexibiliteit tijdens de arbeidsovereenkomstFlexibiliteit tijdens de arbeidsovereenkomst
Flexibiliteit tijdens de arbeidsovereenkomst
 
Cleartelligence Html5 Dashboards
Cleartelligence Html5 DashboardsCleartelligence Html5 Dashboards
Cleartelligence Html5 Dashboards
 
Ishvinder pal singh( mba) copy
Ishvinder pal singh( mba) copyIshvinder pal singh( mba) copy
Ishvinder pal singh( mba) copy
 
5618 group presentation
5618 group presentation5618 group presentation
5618 group presentation
 
My future vacation
My future vacationMy future vacation
My future vacation
 
ENFERMEDADES RESPIRATORIAS
ENFERMEDADES RESPIRATORIASENFERMEDADES RESPIRATORIAS
ENFERMEDADES RESPIRATORIAS
 
Pedoman supervisi akademik
Pedoman supervisi akademikPedoman supervisi akademik
Pedoman supervisi akademik
 

Similar a Risk management

Gaining efficiency and business value through effective management of your IT...
Gaining efficiency and business value through effective management of your IT...Gaining efficiency and business value through effective management of your IT...
Gaining efficiency and business value through effective management of your IT...IBM India Smarter Computing
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Redspin, Inc.
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityarms8586
 
Software Vulnerabilities Risk Remediation
Software Vulnerabilities Risk RemediationSoftware Vulnerabilities Risk Remediation
Software Vulnerabilities Risk RemediationBruce Hafner
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up EMC
 
Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Carl Booth
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksEmmanuel Oshogwe Akpeokhai
 
G01.2013 magic quadrant for endpoint protection platforms
G01.2013 magic quadrant for endpoint protection platformsG01.2013 magic quadrant for endpoint protection platforms
G01.2013 magic quadrant for endpoint protection platformsSatya Harish
 
Advocate Consulting Mobile Device Management Brochure
Advocate Consulting Mobile Device Management BrochureAdvocate Consulting Mobile Device Management Brochure
Advocate Consulting Mobile Device Management BrochureJon Prete
 
Advocate Consulting - Mobile Device Management
Advocate Consulting - Mobile Device ManagementAdvocate Consulting - Mobile Device Management
Advocate Consulting - Mobile Device ManagementAdvocate Consulting
 
How can maximize your storage capabilities by using IBM backup & restore solu...
How can maximize your storage capabilities by using IBM backup & restore solu...How can maximize your storage capabilities by using IBM backup & restore solu...
How can maximize your storage capabilities by using IBM backup & restore solu...Agora Group
 
Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftAppsian
 
Management information system question and answers
Management information system question and answersManagement information system question and answers
Management information system question and answerspradeep acharya
 
MT50 Data is the new currency: Protect it!
MT50 Data is the new currency: Protect it!MT50 Data is the new currency: Protect it!
MT50 Data is the new currency: Protect it!Dell EMC World
 
Thread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalThread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalRobin Lutchansky
 
Norman Patch and Remediation
Norman Patch and RemediationNorman Patch and Remediation
Norman Patch and RemediationKavlieBorge
 

Similar a Risk management (20)

Ssw03005 usen1
Ssw03005 usen1Ssw03005 usen1
Ssw03005 usen1
 
Gaining efficiency and business value through effective management of your IT...
Gaining efficiency and business value through effective management of your IT...Gaining efficiency and business value through effective management of your IT...
Gaining efficiency and business value through effective management of your IT...
 
IANS-2008
IANS-2008IANS-2008
IANS-2008
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile security
 
Software Vulnerabilities Risk Remediation
Software Vulnerabilities Risk RemediationSoftware Vulnerabilities Risk Remediation
Software Vulnerabilities Risk Remediation
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up
 
Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External Attacks
 
G01.2013 magic quadrant for endpoint protection platforms
G01.2013 magic quadrant for endpoint protection platformsG01.2013 magic quadrant for endpoint protection platforms
G01.2013 magic quadrant for endpoint protection platforms
 
Advocate Consulting Mobile Device Management Brochure
Advocate Consulting Mobile Device Management BrochureAdvocate Consulting Mobile Device Management Brochure
Advocate Consulting Mobile Device Management Brochure
 
Advocate Consulting - Mobile Device Management
Advocate Consulting - Mobile Device ManagementAdvocate Consulting - Mobile Device Management
Advocate Consulting - Mobile Device Management
 
CSEC630 individaul assign
CSEC630 individaul assignCSEC630 individaul assign
CSEC630 individaul assign
 
How can maximize your storage capabilities by using IBM backup & restore solu...
How can maximize your storage capabilities by using IBM backup & restore solu...How can maximize your storage capabilities by using IBM backup & restore solu...
How can maximize your storage capabilities by using IBM backup & restore solu...
 
Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoft
 
Management information system question and answers
Management information system question and answersManagement information system question and answers
Management information system question and answers
 
MT50 Data is the new currency: Protect it!
MT50 Data is the new currency: Protect it!MT50 Data is the new currency: Protect it!
MT50 Data is the new currency: Protect it!
 
Thread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalThread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final Final
 
Norman Patch and Remediation
Norman Patch and RemediationNorman Patch and Remediation
Norman Patch and Remediation
 

Último

RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechNewman George Leech
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...noida100girls
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurSuhani Kapoor
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
DEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxDEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxRodelinaLaud
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 

Último (20)

RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman Leech
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Best Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting PartnershipBest Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting Partnership
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.
 
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
DEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxDEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docx
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 

Risk management

  • 1. 3.Create a risk management plan and indentify key areas of concern within the organization. Aneffective risk management process is an important component of a successful IT security program. The principle goal of an organization’s risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets. Therefor, the risk management process should not be treating primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization. Common threat sources: Natural Threats – Floods, earthquakes, landslides, tornadoes and other such events. Human Threats– Events that are either enabled by or caused by human beings, such as unintentional acts (inadvertent data entry) or deliberate actions (network based attacks, malicious software upload, unauthorized access to confidential information). Environmental Threads – Long-term power failure, pollution, chemicals, liquid leakage. To derive an overall likelihood rating that indicates the probability that a potential vulnerability may be exercised within the construct on the associated threat environment High - The threat source is highly motivated and sufficient capable, and controls to prevent the vulnerability from being exercised are ineffective. Medium - The threat source is motivated and capable, but controls are in place that may impede successful exercise of the vulnerability. Low - the threat source lacks motivation or capability, or controls are in place to prevent, or at last significantly impede, the vulnerability from being exercised. We will identify risks pertaining to the group in 4 main areas: 1. Risk identification 2. Risk probability 3. Risk impact 4. Mitigation and or corrective action
  • 2. Risk Management Plan Ref. Risk Identification Risk probability Risk impact Corrective actions No High Med Low 1 Distributed system X Open to attack resulting in Adequate firewall and system performance security settings, issues including failure, different sub nets, loss/corrupted or stolen domain & group policy data 2 Data storage X Current each site stores its Centralized servers own data sets and only with mirror backups – few sites have a proper introduce user profiles backup facility –Employee limiting access data, pay role, sales & enforcing segregation marketing, production of duties 3 X Ina event of a data loss System back up and Disaster Recovery unable to recover and Disaster recovery plan operate effectively 4 Software Licensing X The group holds 4% of the Proper assets export share in Sri Lanka management. Obtain not been with global common licensing for standard in IS/IT is an software for the entire impact to the reputation group and the competition 6 Procurement X Each company purchasing Implementation of own IT equipment- centralized manager to leading to compatibility oversee the control IT issues, over specified at the grup /underspecified machinery 7 Asset management X There are no current Purchase asset facility to register or management software manage the IT assets 8 Continuity- different X No current standard with Identify best practice information sets in the business no implementation of stored, recognized best practices centralized approach compatibility, for IS systems Inc. data management Version control and ,centralized data base usability 9 Training X Different levels of IT Provides a standardized awareness within the training approach business ,( employees ) 10 Data Access ability X All employees have access Introduce user profiles/ to customer information levels of access (data protection act) pertaining to job role 11 Infrastructure X Long time take to be back Emerge with branded management in the operations on products and reliable (computers) breakdowns suppliers
  • 3. How Hayleys outlined the ITrisk, IT Risk The group *Implementation of sound IT policy Moderate depends on throughout the group is support by accurate, timely adequate systems and controls. information from *A contingency plan is in place to key computer mitigate the risk of IT failures. systems to enable *A central IT team is in place to support decision making IT within the Group. Risks associated with information technology are assessed in the process of “Enterprise Risk Management”. Use of licensed software ( with Microsoft Corporation ), closer monitoring of internet usage (for compliance with the group’s IT use policy)and mail server operations and the use of antivirus and firewall software, are some of the practices in place in the group. Also the decision of changing the group’s communication system is another risk factor it has some negative risk points but the positive effective to both IT infrastructure (security, control) and cost is high.