(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
Project risk analysis
1.
2.
3.
4. Project risk analysis has a broad range of
applications, just as the definition of a project is
broad. Project risk analysis is concerned with the
assessment of the risks and uncertainties that
threaten a project.
5. What is Project?
A temporary endeavor undertaken to create a
unique product of service.
In the broadest sense a project is specific, finite
task to accomplished; whether large or small scale; long
or short run.
What is Risk?
The probability that a particular threat will exploit
a particular vulnerability.
6. Risk analysis is the review of the risks associated
with a particular event or action. It is applied to
projects, information technology, security issues
and any action where risks may be analyzed on a
quantitative and qualitative basis. Risk analysis
is a component of risk management.
6
8. Risk Analysis
1. Calculate the (quantitative) likelihood
of each identified hazard
2. Calculate the (quantitative)
consequences that are expected to
occur for each hazard
3. Develop a locally-tailored qualitative
system of measurement
4. Translate all quantitative data into
qualitative measures
8
9. Who should be Involved?
Security Experts
Internal domain experts
Managers responsible for implementing
controls
Slide #9
13. Threats
An expression of intention to inflict evil
injury or damage
Attacks against key security services
Confidentiality, integrity, availability
Slide #13
14. Vulnerabilities
Flaw or weakness in system that can be
exploited to violate system integrity.
Security Procedures
Design
Implementation
Threats trigger vulnerabilities
Accidental
Malicious
Slide #14
15. Controls/Countermeasures
Mechanisms or procedures for
mitigating vulnerabilities
Prevent
Detect
Recover
Understand cost and coverage of control
Controls follow vulnerability and threat
analysis
Slide #15
16. Risk/Control Trade Offs
Only Safe Asset is a Dead Asset
Asset that is completely locked away is safe,
but useless
Trade-off between safety and availablity
Do not waste effort on efforts with low loss
value
Don’t spend resources to protect garbage
Control only has to be good enough, not
absolute
Make it tough enough to discourage enemy Slide #16
17. Types of Risk Analysis
Quantitative
Assigns real numbers to costs of safeguards and damage
Annual loss exposure (ALE)
Probability of event occurring
Can be unreliable/inaccurate
Qualitative
Judges an organization’s risk to threats
Based on judgment, intuition, and experience
Ranks the seriousness of the threats for the sensitivity of the
asserts
Subjective, lacks hard numbers to justify return on investment
Slide #17
18. Quantitative vs. Qualitative
Quantitative Analysis
Uses mathematical/
statistical data to derive
numerical descriptions
of risk
More precise analysis
More difficult to
perform
Qualitative
Uses defined terms
(words) to describe and
categorize risk
Less precise analysis
Easier to perform
Session 18
20. Direct Losses
Fatalities
Injuries
Repair and replacement of damaged or
destroyed public and private structures
Relocation costs/temporary housing
Loss of business inventory/agriculture
Loss of income/rental costs
Community response costs
Cleanup costs
20
21. Indirect Losses
Loss of income
Input/output losses of businesses
Reductions in business /personal spending
– “ripple effects”
Loss of institutional knowledge
Mental illness
Bereavement
22. Tangible Losses
Cost of building repair/replacement
Response costs
Loss of inventory
Loss of income
22
24. Quantitative Analysis Outline
1. Identify and value assets
2. Determine vulnerabilities and impact
3. Estimate likelihood of exploitation
4. Compute Annual Loss Exposure
5. Survey applicable controls and their
costs
6. Project annual savings from control
25. Quantitative
Risk = Risk-impact x Risk-Probability
Loss of car: risk-impact is cost to
replace car, e.g. $10,000
Probability of car loss: 0.10
Risk = 10,000 x 0.10 = 1,000
General measured per year
Annual Loss Exposure (ALE)
Slide #25
26. Qualitative Risk Analysis
Generally used in Information Security
Hard to make meaningful valuations and
meaningful probabilities
Relative ordering is faster and more important
Many approaches to performing qualitative
risk analysis
Same basic steps as quantitative analysis
Still identifying asserts, threats, vulnerabilities, and
controls
Just evaluating importance differently
Slide #26
27. Problem Identify
Step 1: Identify Scope
Bound the problem
Step 2: Assemble team
Include subject matter experts, management in
charge of implementing, users
Step 3: Identify Threats
Pick from lists of known threats
Brainstorm new threats
Mixing threats and vulnerabilities here...
Slide #27
28. Threat prioritization
Prioritize threats for each assert
Likelihood of occurrence
Define a fixed threat rating
Associate a rating with each threat
Approximation to the risk probability in
quantitative approach
Slide #28
29. Loss Impact
With each threat determine loss impact
Define a fixed ranking
Used to prioritize damage to asset from
threat
Slide #29
30. Changes in Human Activities
Population Growth
Economic Growth
Technological Innovation
Social Expectations
Growing Interdependence
30
31. In project risk analysis can understand that
project may be risk or not. what ever the
risk it may be high or low the investor
take decision.
31