Risk Assessment Process NIST 800-30

•Als PPT, PDF herunterladen•

66 gefällt mir•33,766 views

timmcguinness

Wirtschaft & Finanzen Technologie

Risk Assessment Process Based on recommendations of the National Institute of Standards and Technology in “Risk Management Guide for Information Technology Systems” (special publication 800-30)

Goal of Risk Management Process ,[object Object],[object Object]

NIST Guide Purpose ,[object Object],[object Object]

Guide Structure ,[object Object],[object Object],[object Object],[object Object]

Risk Assessment – a definition ,[object Object]

Risk Assessment ,[object Object],[object Object],[object Object]

Definitions ,[object Object],[object Object],[object Object]

Definitions ,[object Object],[object Object]

Risk Assessment Methodology ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Vulnerability/Threat Pair Examples Dialing into the company’s network and accessing proprietary info Terminated employees Terminated employee ID’s are not removed from the system Obtaining unauthorized access to sensitive files based on known vulnerabilities Unauthorized users (e.g. terminated employees, hackers) Vendor has identified security flaws in system and patches have not been applied Water sprinklers being turned on Fire; negligent persons Water sprinklers used for fire suppression and no protective coverings in place Threat Action Threat-Source Vulnerability

Risk Assessment Methodology ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Risk Assessment Methodology ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Risk-Level Matrix Low 100 X 0.1 = 10 Low 50 X 0.1 = 5 Low 10 X 0.1 = 1 Low (0.1) Medium 100 X 0.5 = 50 Medium 50 X 0.5 = 25 Low 10 X 0.5 = 5 Medium (0.5) High 100 X 1.0 = 100 Medium 50 X 1.0 = 50 Low 10 X 1.0 = 10 High (1.0) High (100) Medium (50) Low (10) Impact Threat Likelihood

Risk Scale & Necessary Actions ,[object Object],[object Object],[object Object],Low ,[object Object],[object Object],[object Object],Medium ,[object Object],[object Object],[object Object],High Risk Description and Necessary Actions Risk Level

Weitere ähnliche Inhalte

Was ist angesagt?

What is iso 27001 ismsCraig Willetts ISO Expert

Introduction to NIST’s Risk Management Framework (RMF)Donald E. Hester

Infosec Audit Lecture_4Obrina Candra, CISA, ISMS-LA

NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak

PwC Point of View on Cybersecurity ManagementCA Technologies

Iso 27001 awarenessÃsħâr Ãâlâm

ISO 27001n|u - The Open Security Community

ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master

Information Security Management System ISO/IEC 27001:2005ControlCase

From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash

isms-presentation.pptHasnolAhmad2

ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB

ISMS Part Ikhushboo

Vulnerability Assessmentprimeteacher32

Why ISO27001 For My OrganisationVigilant Software

Defense In Depth Using NIST 800-30Kevin M. Moker, CFE, CISSP, ISSMP, CISM

Information Security Metrics - Practical Security MetricsJack Nichelson

27001 awareness TrainingDr Madhu Aman Sharma

Risk Assessment PowerPoint Presentation Slides SlideTeam

Patch and Vulnerability ManagementMarcelo Martins

Was ist angesagt? (20)

What is iso 27001 isms

Introduction to NIST’s Risk Management Framework (RMF)

Infosec Audit Lecture_4

NIST CyberSecurity Framework: An Overview

PwC Point of View on Cybersecurity Management

Iso 27001 awareness

ISO 27001

ISO 27001 - Information Security Management System

Information Security Management System ISO/IEC 27001:2005

From SIEM to SOC: Crossing the Cybersecurity Chasm

isms-presentation.ppt

ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know

ISMS Part I

Vulnerability Assessment

Why ISO27001 For My Organisation

Defense In Depth Using NIST 800-30

Information Security Metrics - Practical Security Metrics

27001 awareness Training

Risk Assessment PowerPoint Presentation Slides

Patch and Vulnerability Management

Andere mochten auch

Asset, Vulnerability, Threat, Risk & ControlMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master

Risks threats and vulnerabilitiesManish Chaurasia

Disaster vulnerability, risk and capacityIslamic University of Bangladesh

Natural hazards and disaster managementEternal University Baru Sahib, HP, India

Hazards & Types Of DisastersAbdullah Sachwani

Disaster Mitigation and ManagementJNTU

Disaster management pptAniket Pingale

Andere mochten auch (7)

Asset, Vulnerability, Threat, Risk & Control

Risks threats and vulnerabilities

Disaster vulnerability, risk and capacity

Natural hazards and disaster management

Hazards & Types Of Disasters

Disaster Mitigation and Management

Disaster management ppt

Ähnlich wie Risk Assessment Process NIST 800-30

Risk assessment managment and risk based audit approachn|u - The Open Security Community

1. security management practices7wounders

Unit V - Hazard Indentification Techniques.pptxNarmatha D

Optimization of different objective function in risk assessment systemAlexander Decker

Session 04_Risk Assessment Program for YSP_Risk Analysis IMuizz Anibire

Quality risk managementRavindraKumarGoyal

Review of Enterprise Security Risk ManagementRand W. Hirt

Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore UniversitySwaminath Sam

Session 02 Risk Assessment Program for YSP_The Risk Assessment ProcessMuizz Anibire

Critical systems specificationAryan Ajmer

ICH Q9 QUALITY RISK MANAGEMENT(QRM)saimsoleja

List of Current and Planned ControlsStep 4. Contr.docxsmile790243

Session 07_Risk Assessment Program for YSP_Risk EvaluationMuizz Anibire

Security assessment isaca sv presentation jan 2016EnterpriseGRC Solutions, Inc.

ISO 31000 risk management processMuizz Anibire

crisc_wk_3.pptxdotco

Security risk managementG Prachi

INFORMATION SECURITY MANAGEMENTNi

Pharmaceutical Quality Risk Assessment Pharmaceutical

Ähnlich wie Risk Assessment Process NIST 800-30 (20)

Risk assessment managment and risk based audit approach

1. security management practices

Unit V - Hazard Indentification Techniques.pptx

Optimization of different objective function in risk assessment system

Session 04_Risk Assessment Program for YSP_Risk Analysis I

Quality risk management

Review of Enterprise Security Risk Management

Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University

Session 02 Risk Assessment Program for YSP_The Risk Assessment Process

Critical systems specification

ICH Q9 QUALITY RISK MANAGEMENT(QRM)

List of Current and Planned ControlsStep 4. Contr.docx

Session 07_Risk Assessment Program for YSP_Risk Evaluation

Security assessment isaca sv presentation jan 2016

ISO 31000 risk management process

crisc_wk_3.pptx

Security risk management

INFORMATION SECURITY MANAGEMENT

Pharmaceutical Quality Risk Assessment

Kürzlich hochgeladen

Certified Kala Jadu, Black magic specialist in Rawalpindi and Bangali Amil ba...batoole333

Toronto dominion bank investor presentation.pdfJinJiang6

uk-no 1 kala ilam expert specialist in uk and qatar kala ilam expert speciali...batoole333

Economics Presentation-2.pdf xxjshshsjsjsjwjwmordockmatt25

Strategic Resources May 2024 Corporate PresentationAdnet Communications

20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...Henry Tapper

FOREX FUNDAMENTALS: A BEGINNER'S GUIDE.pdfCocity Enterprises

劳伦森大学毕业证yyawb

Mahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot GirlsDeepika Singh

7 tips trading Deriv Accumulator OptionsVince Stanzione

W.D. Gann Theory Complete Information.pdfMillion-$-Knowledge {Million Dollar Knowledge}

Dubai Call Girls Deira O525547819 Dubai Call Girls Bur Dubai Multiplekojalpk89

+971565801893>>SAFE ORIGINAL ABORTION PILLS FOR SALE IN DUBAI,RAK CITY,ABUDHA...Health

Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...Call Girls Mumbai

Significant AI Trends for the Financial Industry in 2024 and How to Utilize Them360factors

Webinar on E-Invoicing for Fintech BelgiumFinTech Belgium

logistics industry development power point ppt.pdfSalimullah13

Abortion pills in Saudi Arabia (+919707899604)cytotec pills in dammamsamsungultra782445

Group 8 - Goldman Sachs & 1MDB Case StudiesNghiaPham100

Famous Kala Jadu, Kala ilam specialist in USA and Bangali Amil baba in Saudi ...mazhshah570

Kürzlich hochgeladen (20)

Certified Kala Jadu, Black magic specialist in Rawalpindi and Bangali Amil ba...

Toronto dominion bank investor presentation.pdf

uk-no 1 kala ilam expert specialist in uk and qatar kala ilam expert speciali...

Economics Presentation-2.pdf xxjshshsjsjsjwjw

Strategic Resources May 2024 Corporate Presentation

20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...

FOREX FUNDAMENTALS: A BEGINNER'S GUIDE.pdf

劳伦森大学毕业证

Mahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls

7 tips trading Deriv Accumulator Options

W.D. Gann Theory Complete Information.pdf

Dubai Call Girls Deira O525547819 Dubai Call Girls Bur Dubai Multiple

+971565801893>>SAFE ORIGINAL ABORTION PILLS FOR SALE IN DUBAI,RAK CITY,ABUDHA...

Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...

Significant AI Trends for the Financial Industry in 2024 and How to Utilize Them

Webinar on E-Invoicing for Fintech Belgium

logistics industry development power point ppt.pdf

Abortion pills in Saudi Arabia (+919707899604)cytotec pills in dammam

Group 8 - Goldman Sachs & 1MDB Case Studies

Famous Kala Jadu, Kala ilam specialist in USA and Bangali Amil baba in Saudi ...

Risk Assessment Process NIST 800-30

1. Risk Assessment Process Based on recommendations of the National Institute of Standards and Technology in “Risk Management Guide for Information Technology Systems” (special publication 800-30)

10.

11.

12. Vulnerability/Threat Pair Examples Dialing into the company’s network and accessing proprietary info Terminated employees Terminated employee ID’s are not removed from the system Obtaining unauthorized access to sensitive files based on known vulnerabilities Unauthorized users (e.g. terminated employees, hackers) Vendor has identified security flaws in system and patches have not been applied Water sprinklers being turned on Fire; negligent persons Water sprinklers used for fire suppression and no protective coverings in place Threat Action Threat-Source Vulnerability

13.

14.

15.

16.

17. Risk-Level Matrix Low 100 X 0.1 = 10 Low 50 X 0.1 = 5 Low 10 X 0.1 = 1 Low (0.1) Medium 100 X 0.5 = 50 Medium 50 X 0.5 = 25 Low 10 X 0.5 = 5 Medium (0.5) High 100 X 1.0 = 100 Medium 50 X 1.0 = 50 Low 10 X 1.0 = 10 High (1.0) High (100) Medium (50) Low (10) Impact Threat Likelihood

18.

19.

20.

Risk Assessment Process NIST 800-30

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (7)

Ähnlich wie Risk Assessment Process NIST 800-30

Ähnlich wie Risk Assessment Process NIST 800-30 (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Risk Assessment Process NIST 800-30