TAILIEUCHUNG - Lecture Information systems security - Chapter 9: Risk management

After studying chapter 9 you should be able to: Define risk and risk management, describe the components of risk management, list and describe vulnerability scanning tools, define penetration testing. | Risk Management Contents Define risk and risk management Describe the components of risk management List and describe vulnerability scanning tools Define penetration testing Risk Management, Assessment, and Mitigation One of the most important assets any organization possesses is its data Unfortunately, the importance of data is generally underestimated The first steps in data protection actually begin with understanding risks and risk management What Is Risk? In information security, a risk is the likelihood that a threat agent will exploit a vulnerability More generally, a risk can be defined as an event or condition that could occur And if it does occur, then it has a negative impact Risk generally denotes a potential negative impact to an asset Definition of Risk Management Realistically, risk cannot ever be entirely eliminated Would cost too much or take too long Rather, some degree of risk must always be assumed Risk management A systematic and structured approach to managing the potential for loss that is related to a threat Steps in Risk Management The first step or task in risk management is to determine the assets that need to be protected Asset identification The process of inventorying and managing these items Types of assets: Data Hardware Personnel Physical assets Software Attributes of Assets Along with the assets, the attributes of the assets need to be compiled Attributes are details Important to determine each item’s relative value Attributes of Assets Determining Relative Value Factors that should be considered in determining the relative value are: How critical is this asset to the goals of the organization? How difficult would it be to replace it? How much does it cost to protect it? How much revenue does it generate? Determining Relative Value Factors that should be considered in determining the relative value are: (continued) How quickly can it be replaced? What is the cost to replace it? What is the impact to the organization if this asset .

• An ninh - Bảo mật
• Information systems security
• Lecture Information systems security
• Information security
• Risk management
• Attributes of assets
• Determining relative value
• Lecture On safety and security of information systems
• On safety and security of information systems
• Introduction to information systems security
• History of information security
• Bài giảng Bảo mật hệ thống thông tin
• Goals of information security
• Security process
• Security topologies
• Wireless network security
• Wireless security protections
• IEEE 802
• 11 security
• Protecting systems
• Harden operating systems
• Communications based attack
• Conducting security audits
• Privilege audits
• Privilege management
• Controls for information security
• Accounting information systems
• Lecture Accounting information systems
• Hệ thống thông tin kế toán
• Trust services framework
• Potential risks
• Privilege escalation
• Các phần mềm có hại
• Cryptography basics
• Cryptographic terminology
• Transposition cipher
• Public key infrastructure
• Cryptographic attacks
• Public domain cryptography
• Access control
• Access control models
• Authentication models
• Virtual Private Network
• Authentication credentials
• Cryptographic hash funtionns
• Simple hash functions
• Requirements and security
• Accounting information systems
• Lecture Accounting information systems
• Information systems controls
• System reliability
• Management information systems
• Information systems
• Lecture Management information systems
• Computer based information systems
• Managing information resources
• Monitoring activity
• Intrusion detection
• Secure network
• Malicious attacks
• Malicious Attack
• The common types of malicious attacks
• Basic terminology of cryptography
• History of cryptography
• Symmetric cipher
• Symmetric ciphers
• Block cipher principles
• Data encryption standard
• Advanced encryption standard
• Asymmetric ciphers
• Principles of public Key cryptosystems
• Four parts of access control
• Types of access control
• Firewall concept
• Commercial firewalls
• Network Security Fundamentals
• Guide to Network Security Fundamentals
• Security Baselines
• Disable nonessential systems
• Introduction to management information systems
• Business information technology
• Information security management
• Data safeguards are available