Date post: | 06-Apr-2018 |
Category: |
Documents |
Upload: | safeerof2002 |
View: | 228 times |
Download: | 0 times |
8/2/2019 Abdulla Pres 2011
http://slidepdf.com/reader/full/abdulla-pres-2011 1/9
Introduction
Information is an asset, like other important business
assets.
Information is now exposed to a growing number and a
wide variety of threats and vulnerabilities.
Businesses are vulnerable to various kinds of information
risks inflicting varied damage and resulting in significant
losses.
“Security is like oxygen; when you have it, you take it for
granted, But when you don’t, getting it becomes the
immediate and pressing priority”
Joseph Nye, Harvard University.
8/2/2019 Abdulla Pres 2011
http://slidepdf.com/reader/full/abdulla-pres-2011 2/9
Reasons To choose theProblem
The importance of Security for
businesses and organization.
To enable organization to handle any
kind of security issues at any given
point of time. The needs for new techniques and best
practices to cop up with security threats.
8/2/2019 Abdulla Pres 2011
http://slidepdf.com/reader/full/abdulla-pres-2011 4/9
The lack of having good techniquesand practices to assess the securityrisks and good mitigation strategiesdecisions in organizations.
General Research Question :
What are the most effective risk assessments and mitigation strategies can be implemented efficiently in order to have a secured system?
Research Problem & Question
8/2/2019 Abdulla Pres 2011
http://slidepdf.com/reader/full/abdulla-pres-2011 5/9
Research Sub-Question
How are effective the current securityrisk assessments processes that areused?
How are effective the current mitigationstrategies that are practiced?
What are the best risk assessments
practices that meet organizationssecurity requirements?
What are the best practices of
mitigation strategies that suit the
8/2/2019 Abdulla Pres 2011
http://slidepdf.com/reader/full/abdulla-pres-2011 6/9
RESEARCH IMPORTANCE AND PURPOSE
Help organizations to carry out itsmission by having a secured system.
The research will guide the
management to make good mitigationstrategies decisions.
To find out innovative methods andtechniques of implementing the risk
assessments and mitigationstrategies.
To understand the various threats that
may occur in the security systems.
8/2/2019 Abdulla Pres 2011
http://slidepdf.com/reader/full/abdulla-pres-2011 7/9
Research ObjectivesTo clearly understand and specify what are the
different components of the risk assessmentprocesses.
To evaluate the current security riskassessment processes used by mostorganizations.
To understand and specify what are differentmitigation strategies in the information securitysystems used by organizations.
To evaluate the current mitigation strategies
used by most known organizations.Recommend the appropriate security risk
assessments that can be implemented indifferent environments.
8/2/2019 Abdulla Pres 2011
http://slidepdf.com/reader/full/abdulla-pres-2011 8/9
Definition of TermsMitigation: The combination of the probability of an
event and its consequence.Risk assessment: The process by which risks
are identified and the impact of those risksdetermined.
Risk management: The process of determining
an acceptable level of risk, assessing the currentlevel of risk, taking steps to reduce risk to theacceptable level, and maintaining that level ofrisk.
Threat: A potential cause of an unwanted impact
to a system or organization.Vulnerability: Any weakness, administrative
process, or act or physical exposure that makesan information asset susceptible to exploit by athreat.
8/2/2019 Abdulla Pres 2011
http://slidepdf.com/reader/full/abdulla-pres-2011 9/9
References Alan Calder & Steve Watkins, S. G. (2010). Information Security Risk Management for
ISO27001/ISO27002. IT Governance Ltd.
Andy Jones, D. A. (2005). Risk management for computer security: Protecting your
network and information assets. Butterworth-Heinemann. Bob Blakley, E. M. (2002). Information Security is Information Risk Management.
NSPW'01 , 97-104.
deloitte. (n.d.). IT Risk Assessment Methodology . Retrieved 5 24, 2011, fromwww.deloitte.com: http://www.deloitte.com/view/en_GR/gr/services/enterprise-risk-services/tools/it-risk-assessment-methodology/index.htm
Hoh Peter In, Y.-G. K.-J. (2005). A Security Risk Analysis Model for Information Systems.
AsiaSim , 505-513.
Jake Kouns, D. M. (2010). Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams. Wiley-Interscience.
Rees, J. J. (n.d.). Value at Risk: A methodology for Information Security RiskAssessment. . Krannert Graduate School of Management Purdue University .
Team, M.-S. I. (2005). Malware Threats and mitigation strategies. US-CERT Informational Whitepaper , 1-10.
Creative Research Systems. “Survey Design” The Survey System’s Tutorial . RevisedMay 2011.
http://www.surveysystem.com/sdesign.htm, accessed 18 May 2011.
Harold F. Tipton, M. K. (2007). Information Security Management Handbook, SixthEdition. Auerbach Publications .
Jule Hintzbergen, K. H. (2010). Foundations of Information Security Based on Iso27001