6 isk anagement esponse isk anagement, esponse, and ecovery for ystems
opics for this nit Quantitative and qualitative risk assessment approaches Business impact analysis (B) Business continuity plan (BP) Disaster recovery plan (DP) lements of an incident response plan
Basic ules ever spend more to protect an asset ever spend more to protect an asset than it is worth Don t waste money on risks without a Don t waste money on risks without a reasonable probability of it occurring
erminology isk the probability that something bad will happen Vulnerability flaw or weakness that t can be exploited hreat the potential that a vulnerability will be exploited mpact the harm that can be done by a threat if it happens
isk anagement ssessment -process used to identify and evaluate risks isks are quantified based on importance or impact severity isks are prioritized voidance preventing known risks eduction reducing the impact of known risks when they can not be avoided itigation minimizing the damage
isk ssessment teps dentify threats and vulnerabilities. dentify the likelihood that a risk will occur dentify asset values Determine the impact of a risk Determine the usefulness of a safeguard or control
isk ssessment pproaches Quantitative ses numbers, such as dollar values Qualitative o dollar values Determines risk level based on probability and impact of a risk
Quantitative isk ssessment L X = L ingle loss expectancy (L) otal loss expected from a single incident nnual rate of occurrence () umber of times an incident is expected to occur in a year nnual loss expectancy (L) xpected loss for a year
Qualitative isk ssessment isk level = Probability X mpact Probability Likelihood a threat will exploit a vulnerability mpact egative result if a risk occurs
ountermeasure trategies isk assignment insurance or using hosted services isk acceptance decide that the cost of preventing is too expensive isk avoidance not take the risk at all
ountermeasure osts Product cost initial price and maintenance mplementation cost additional infrastructure t changes ompatibility cost usually training nvironmental cost power consumption, cooling, etc raining costs Productivity cost higher help desk cost, slower response, etc
ountermeasure ontrols Detective recognize that a threat is present. D (intruder detection systems) are examples Preventive can block firewalls and D orrective can take steps to prevent future attacks. P (ntruder prevention systems) are examples
mportance of isk ssessments s part of the overall risk management process Helps you evaluate control effectiveness upports decision making an help organizations remain in compliance with laws and regulations
Business ontinuation Plan (BP) plan designed to help an organization continue to operate during and after a disruption overs all functions of a business: systems, facilities, and personnel Generally includes only mission-critical systems
BP lements Purpose and scope ssumptions and planning principles ystem description and architecture esponsibilities otification or activation phase ecovery and reconstitution phases Plan training, testing, and exercises Plan maintenance
Disaster ecovery Plan (DP) ncludes the specific steps and procedures to recover from a disaster s part of a BP mportant terms: ritical business function (B) aximum acceptable outage () ecovery time objectives ()
DP lements Purpose and scope Disaster or emergency declaration ommunications mergency response and activities ecovery steps and procedures ritical business operations ecovery operations ritical operations, customer service, and operations recovery
Business mpact nalysis (B) study that identifies the Bs and s of a DP tudies include interviews, surveys, meetings, and so on. dentifies the impact to the business if one or more functions fails dentifies the priority of different critical systems
B lements cope bjectives t is affected by size of the organization. or small organization, scope could include entire organization. or larger organizations, scope may include only certain areas.
Plan omputer ncident esponse eam () plan outlines steps taken during a response effort and the roles and responsibilities of the team ncludes the five Ws + H: Who launched the attack? What type of attack occurred? Where the attack occurred? When the attack occurred? Why the attack occurred? How the attack occurred?
Personnel eam Leader - his individual takes charge of the incident and directs other members' activities nformation ecurity embers people trained in network security devices and recovery procedures etwork dministrators know the network resources Physical ecurity Personnel - know the different types of surveillance methods, such as recording cameras, used within the organization
Personnel Legal Personnel - provide advice on the organization s legal responsibilities and legal remedies Human esources (H) - if an employee violates the acceptable use policy (P), they know the company policy for dealing with the problem Public elations (P) provide damage control to the company s image to customers, vendors, and stockholders of the organization
ncident esponse Plan otification otification esponse ecovery and follow-up D t ti Documentation
ummary ou can protect data and business functions with a BP, DP, B, and incident response plan. isk assessments include quantitative and qualitative approaches.
Lab 6 oday s lab is also your homework assignment ach group will be given a fictitious company and it will beuptoyou your team toceatet create the following: Business mpact nalysis isk nalysis Business continuity it Plan Disaster ecovery Plan ext week each group will give a 10 minute presentation on your plan