O UNIT 6. Risk Management Response. Risk Management, Response, and Recovery for IT Systems

Transcription

1 6 isk anagement esponse isk anagement, esponse, and ecovery for ystems

2 opics for this nit Quantitative and qualitative risk assessment approaches Business impact analysis (B) Business continuity plan (BP) Disaster recovery plan (DP) lements of an incident response plan

3 Basic ules ever spend more to protect an asset ever spend more to protect an asset than it is worth Don t waste money on risks without a Don t waste money on risks without a reasonable probability of it occurring

4 erminology isk the probability that something bad will happen Vulnerability flaw or weakness that t can be exploited hreat the potential that a vulnerability will be exploited mpact the harm that can be done by a threat if it happens

5 isk anagement ssessment -process used to identify and evaluate risks isks are quantified based on importance or impact severity isks are prioritized voidance preventing known risks eduction reducing the impact of known risks when they can not be avoided itigation minimizing the damage

6 isk ssessment teps dentify threats and vulnerabilities. dentify the likelihood that a risk will occur dentify asset values Determine the impact of a risk Determine the usefulness of a safeguard or control

7 isk ssessment pproaches Quantitative ses numbers, such as dollar values Qualitative o dollar values Determines risk level based on probability and impact of a risk

8 Quantitative isk ssessment L X = L ingle loss expectancy (L) otal loss expected from a single incident nnual rate of occurrence () umber of times an incident is expected to occur in a year nnual loss expectancy (L) xpected loss for a year

9 Qualitative isk ssessment isk level = Probability X mpact Probability Likelihood a threat will exploit a vulnerability mpact egative result if a risk occurs

10 ountermeasure trategies isk assignment insurance or using hosted services isk acceptance decide that the cost of preventing is too expensive isk avoidance not take the risk at all

11 ountermeasure osts Product cost initial price and maintenance mplementation cost additional infrastructure t changes ompatibility cost usually training nvironmental cost power consumption, cooling, etc raining costs Productivity cost higher help desk cost, slower response, etc

12 ountermeasure ontrols Detective recognize that a threat is present. D (intruder detection systems) are examples Preventive can block firewalls and D orrective can take steps to prevent future attacks. P (ntruder prevention systems) are examples

13 mportance of isk ssessments s part of the overall risk management process Helps you evaluate control effectiveness upports decision making an help organizations remain in compliance with laws and regulations

14 Business ontinuation Plan (BP) plan designed to help an organization continue to operate during and after a disruption overs all functions of a business: systems, facilities, and personnel Generally includes only mission-critical systems

15 BP lements Purpose and scope ssumptions and planning principles ystem description and architecture esponsibilities otification or activation phase ecovery and reconstitution phases Plan training, testing, and exercises Plan maintenance

16 Disaster ecovery Plan (DP) ncludes the specific steps and procedures to recover from a disaster s part of a BP mportant terms: ritical business function (B) aximum acceptable outage () ecovery time objectives ()

17 DP lements Purpose and scope Disaster or emergency declaration ommunications mergency response and activities ecovery steps and procedures ritical business operations ecovery operations ritical operations, customer service, and operations recovery

18 Business mpact nalysis (B) study that identifies the Bs and s of a DP tudies include interviews, surveys, meetings, and so on. dentifies the impact to the business if one or more functions fails dentifies the priority of different critical systems

19 B lements cope bjectives t is affected by size of the organization. or small organization, scope could include entire organization. or larger organizations, scope may include only certain areas.

20 Plan omputer ncident esponse eam () plan outlines steps taken during a response effort and the roles and responsibilities of the team ncludes the five Ws + H: Who launched the attack? What type of attack occurred? Where the attack occurred? When the attack occurred? Why the attack occurred? How the attack occurred?

21 Personnel eam Leader - his individual takes charge of the incident and directs other members' activities nformation ecurity embers people trained in network security devices and recovery procedures etwork dministrators know the network resources Physical ecurity Personnel - know the different types of surveillance methods, such as recording cameras, used within the organization

22 Personnel Legal Personnel - provide advice on the organization s legal responsibilities and legal remedies Human esources (H) - if an employee violates the acceptable use policy (P), they know the company policy for dealing with the problem Public elations (P) provide damage control to the company s image to customers, vendors, and stockholders of the organization

23 ncident esponse Plan otification otification esponse ecovery and follow-up D t ti Documentation

24 ummary ou can protect data and business functions with a BP, DP, B, and incident response plan. isk assessments include quantitative and qualitative approaches.

25 Lab 6 oday s lab is also your homework assignment ach group will be given a fictitious company and it will beuptoyou your team toceatet create the following: Business mpact nalysis isk nalysis Business continuity it Plan Disaster ecovery Plan ext week each group will give a 10 minute presentation on your plan