Risk Assessment Methodologies

Security services: Risk Assessment Methodologies ESCoRTS SAB Bruxelles, Mai 2009 Philippe A. R. Schaeffer Chief Security Analyst TÜV Rheinland Secure iT GmbH

Precisely Right. Safe and sound. And a clear competitive edge. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],79 associated companies overseas. At 360 locations in 62 countries around the world. Wherever your market is: we are already there. And ready to help you with advice and assistance.

Overview of Topics ,[object Object],[object Object],[object Object]

Systematic Approach to Risk Assessment and the Treatment of Risks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Infrastructure Analysis What (assets) do we have? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Security Requirement Analysis How important are these? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Threat Analysis What could happen to them? ,[object Object],[object Object],[object Object],[object Object]

Risk Analysis How probable is that and how expensive would that be? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Risk Treatment Plan What can I do about it, how and when? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Operations How do I apply the measures and use them in operation ? ,[object Object],[object Object],[object Object]

Verification How and when must I verify if the measures are effective? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Overview Organisational Assessment ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Special Requirements of SCADA Environments (The Assessment Point of View) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Special Requirements of SCADA Environments Technical Assessment ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Overview Technical Assessment ,[object Object],[object Object],[object Object],[object Object]

Focus on some examples Access from not trustworthy networks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Focus on some examples Insecure protocols ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Focus on some examples Physical access ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

What it all comes down to: Organization, procedures and processes ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

“Other ways to do it” ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Risk Assessment Methodologies ,[object Object],[object Object],Philippe A. R. Schaeffer Chief Security Analyst TÜV Rheinland Secure iT GmbH Phone +49 221 806 2485 Email [email_address]

Risk Assessment Methodologies

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (18)

Ähnlich wie Risk Assessment Methodologies

Ähnlich wie Risk Assessment Methodologies (20)

Risk Assessment Methodologies

Hinweis der Redaktion