ISO 27005: Risk Management - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

ISO 27005: Risk Management

Description:

ISO 27005: Risk Management * * IT Project Life Cycle Microsoft Operation Framework * Risk * Basic Criteria ... – PowerPoint PPT presentation

Number of Views:4005
Avg rating:3.0/5.0
Slides: 28
Provided by: nec1
Category:
Tags: iso | management | risk

less

Transcript and Presenter's Notes

Title: ISO 27005: Risk Management


1
ISO 27005 Risk Management
2
(No Transcript)
3
IT Project Life Cycle
????????? Microsoft Operation Framework
4
????????? Risk
5
Basic Criteria
  • Risk Asset x Threat x Vulnerability
  • Threat Impact x Probability

6
?????????? 1-6
  • Step 1 Identifying Risks in Operations
  • Step 2 Analyzing and Prioritizing Risks
  • Step 3 Planning and Scheduling Risk Actions
  • Step 4 Tracking and Reporting Risk
  • Step 5 Controlling Risk
  • Step 6 Learning from Risk

????????? Microsoft Operation Framework
7
Step 1 Identifying Risks in Operations
8
Security Boundary
  • Asset gt Business Impact Analysis (BIA)
  • Category
  • HBI (High Business Impact)
  • MBI (Medium Business Impact)
  • LBI (Low business Impact)

9
BIA
  • Business Value (Major factor)
  • Life
  • Image Value
  • Financial Value
  • Asset Value
  • Threat
  • Maximum Tolerable Downtime (MTD)
  • Recovery Point Objective (RPO) Recovery Time
    Objective (RTO)

10
Business Value Asset/Financial/Image Value
11
SLE (single loss expectancy)
  • SLE Asset Value (AV) x Exposure Factor (EF)
  • Asset Value Capital Investment Cost
    Maintenance cost
  • Exposure Duration and Level of impact

12
ALE (Annual Loss Expectancy)
  • ALE SLE x ARO
  • ALE is Annual Loss Expectancy
  • SLE is Single Loss Expectancy
  • ARO is Annual Rate occurrence

13
Risk Assessment
  • Factors (Asset x Threat x Vulnerability)
  • Business Impact gt Asset
  • Threat
  • Vulnerability gt Control
  • Tools
  • RAFT Model
  • ISO 27005
  • Microsoft Operation Framework

14
Risk Management
  • Risk Assessment
  • Risk Analysis
  • Risk Identification
  • Risk Estimation
  • Risk Evaluation/Selection
  • Risk Treatment (Corrective Action Plan)

15
Risk Assessment with MOF
16
Step 2 Analyzing and Prioritizing Risks
17
Risk Analysis with MOF
  • Framework1 gt Framework2(Collection)

18
Step 3 Planning and Scheduling Risk Actions
19
Risk Identification
  • Identification on MOF framework 2 or framework 3
    gt See on Asset Vulnerability

20
Step 4 Tracking and Reporting Risk
21
Risk Estimate
  • See on Summary Risk and Control

22
Step 5 Controlling Risk
23
Risk Evaluation or Selection
  • Risk Score

24
Step 6 Learning from Risk
25
Risk Treatment
  • Risk Reduction
  • Risk Retention
  • Risk Avoidance
  • Risk Transfer

26
Corrective Action Plan (CAP)
  • Executive Summary Report
  • Business application Threat
  • Corrective Action Plan
  • Decision making by Top Executive
  • Accept gt communication
  • Reject gt Reevaluation and Risk Retention

27
After that
  • Communication
  • Monitoring Review
  • Improvement
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "ISO 27005: Risk Management" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!