Page 26 - PowerPoint Presentation
P. 26
• Breach - A breach is the occurrence of a security mechanism being bypassed or
thwarted by a threat agent.
The elements asset, threat, vulnerability, exposure, risk, and safeguard are related, as
shown in Figure 2.4. Threats exploit vulnerabilities, which results in exposure. Exposure is
risk, and risk is mitigated by safeguards. Safeguards protect assets that are endangered by
threats.
Figure 2.4 : The elements of risk
Identify Threats and Vulnerabilities
An essential part of risk management is identifying and examining threats. This
involves creating an exhaustive list of all possible threats for the organization’s identified
assets.
Risk Assessment/Analysis
Risk management/analysis is primarily an exercise for upper management. It is their
responsibility to initiate and support risk analysis and assessment by defining the scope and
purpose of the endeavor. There are two risk assessment methodologies:
• Quantitative risk analysis assigns real dollar figures to the loss of an asset.
• Qualitative risk analysis assigns subjective and intangible values to the loss of an
asset.
Quantitative Risk Analysis
The quantitative method results in concrete probability percentages. That means the end
result is a report that has dollar figures for levels of risk, potential loss, cost of
countermeasures, and value of safeguards. The six major steps or phases in quantitative risk
analysis are as follows:
• Inventory assets, and assign a value (asset value, or AV).
ITEC106 – Systems Security Mr. John Mark L. Dula
