World Library
 
 
 
 
 
 
 
 

Risk Management Guide for Information Technology Systems

By Stoneburner, Gary

Description
Technical Reference Publication

Excerpt
Introduction: Every organization has a mission. In this digital era, as organizations use automated information technology (IT) systems to process their information for better support of their missions, risk management plays a critical role in protecting an organization?s information assets, and therefore its mission, from IT-related risk. An effective risk management process is an important component of a successful IT security program. The principal goal of an organization?s risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization.

Table of Contents
TABLE OF CONTENTS 1. INTRODUCTION.............................................................................................................................................1 1.1 AUTHORITY................................................................................................................................................1 1.2 PURPOSE.....................................................................................................................................................1 1.3 OBJECTIVE .................................................................................................................................................2 1.4 TARGET AUDIENCE ....................................................................................................................................2 1.5 RELATED REFERENCES...............................................................................................................................3 1.6 GUIDE STRUCTURE.....................................................................................................................................3 2. RISK MANAGEMENT OVERVIEW .............................................................................................................4 2.1 IMPORTANCE OF RISK MANAGEMENT .........................................................................................................4 2.2 INTEGRATION OF RISK MANAGEMENT INTO SDLC.....................................................................................4 2.3 KEY ROLES ................................................................................................................................................6 3. RISK ASSESSMENT .......................................................................................................................................8 3.1 STEP 1: SYSTEM CHARACTERIZATION......................................................................................................10 3.1.1 System-Related Information................................................................................................................10 3.1.2 Information-Gathering Techniques .....................................................................................................11 3.2 STEP 2: THREAT IDENTIFICATION.............................................................................................................12 3.2.1 Threat-Source Identification................................................................................................................12 3.2.2 Motivation and Threat Actions ............................................................................................................13 3.3 STEP 3: VULNERABILITY IDENTIFICATION................................................................................................15 3.3.1 Vulnerability Sources..........................................................................................................................16 3.3.2 System Security Testing .......................................................................................................................17 3.3.3 Development of Security Requirements Checklist................................................................................18 3.4 STEP 4: CONTROL ANALYSIS....................................................................................................................19 3.4.1 Control Methods .................................................................................................................................20 3.4.2 Control Categories ..............................................................................................................................20 3.4.3 Control Analysis Technique.................................................................................................................20 3.5 STEP 5: LIKELIHOOD DETERMINATION.....................................................................................................21 3.6 STEP 6: IMPACT ANALYSIS .......................................................................................................................21 3.7 STEP 7: RISK DETERMINATION.................................................................................................................24 3.7.1 Risk-Level Matrix................................................................................................................................24 3.7.2 Description of Risk Level.....................................................................................................................25 3.8 STEP 8: CONTROL RECOMMENDATIONS ...................................................................................................26 3.9 STEP 9: RESULTS DOCUMENTATION.........................................................................................................26 4. RISK MITIGATION......................................................................................................................................27 4.1 RISK MITIGATION OPTIONS.......................................................................................................................27 4.2 RISK MITIGATION STRATEGY....................................................................................................................28 4.3 APPROACH FOR CONTROL IMPLEMENTATION............................................................................................29 4.4 CONTROL CATEGORIES .............................................................................................................................32 4.4.1 Technical Security Controls.................................................................................................................32 4.4.2 Management Security Controls............................................................................................................35 4.4.3 Operational Security Controls.............................................................................................................36 4.5 COST-BENEFIT ANALYSIS .........................................................................................................................37 4.6 RESIDUAL RISK ........................................................................................................................................39 5. EVALUATION AND ASSESSMENT............................................................................................................41 5.1 GOOD SECURITY PRACTICE.......................................................................................................................41 5.2 KEYS FOR SUCCESS ..................................................................................................................................41 Appendix A?Sample Interview Questions ............................................................................................................. A-1 Appendix B?Sample Risk Assessment Report Outline ...........................................................................................B-1

Click here to view

Book Id: WPLBN0000694131
Format Type: PDF eBook
File Size: 478.48 KB.
Reproduction Date: 2005
Full Text


Title: Risk Management Guide for Information Technology Systems  
Author: Stoneburner, Gary
Volume:
Language: English
Subject: Technology., Reference materials, Technology and literature
Collection: Techonology eBook Collection
Subcollection:
Historic
Publication Date:
Publisher:

This book will be permanently flagged as inappropriate and made unaccessible to everyone. Are you certain this book is inappropriate?
   

Click To View

Other Books I Looked at: Click to view all Books in my History


  • Stoneburner, Gary
    Risk Management Guide for Information Te... (by Stoneburner, Gary)
    (22)

Click To View

People also read these books: Click to view all Additional Books


  • Baulch, D. L.
    Evaluated Kinetic and Photochemical Data... (by Baulch, D. L.)
    (175)
  • Albus, James Sacra
    Toward Next-Generation Construction Mach... (by Albus, James Sacra)
    (175)
  • Reporting 
    (175)
  • Secure Cyberspace 
    (175)
  • Lyman, John L.
    Thermodynamic Properties of Dioxygen Dif... (by Lyman, John L.)
    (118)
  • Anderson, Orson L.
    Thermodynamic Functions and Properties o... (by Anderson, Orson L.)
    (200)
  • Tawara, H.
    Cross Sections and Related Data for Elec... (by Tawara, H.)
    (132)
  • Phelps, A. V.
    Cross Sections and Swarm Coefficients fo... (by Phelps, A. V.)
    (175)
  • Administrative Modifications 
    (132)
  • Indefinite Delivery Indefinite Quantity ... 
    (118)
  • Credit Card Purchases 
    (5)
  • Awards 
    (175)

Click To View

Other Books by Same Author: Click to view all books by Stoneburner, Gary


  • Stoneburner, Gary
    Itl Bulletin Series (by Stoneburner, Gary)
    (200)
  • Stoneburner, Gary
    Itl Bulletin Series (by Stoneburner, Gary)
    (175)
  • Stoneburner, Gary
    Common Criteria Protection Profilesaddre... (by Stoneburner, Gary)
    (200)
  • Stoneburner, Gary
    Risk Management Guide for Information Te... (by Stoneburner, Gary)
    (22)
  • Stoneburner, Gary
    Comparison of the Security Requirements ... (by Stoneburner, Gary)
    (175)
  • Stoneburner, Gary
    Computer Security (by Stoneburner, Gary)
    (175)
  • Stoneburner, Gary
    Computer Security (by Stoneburner, Gary)
    (200)
  • Stoneburner, Gary
    Computer Security (by Stoneburner, Gary)
    (118)
  • Stoneburner, Gary
    Computer Security (by Stoneburner, Gary)
    (155)
  • Stoneburner, Gary
    Nist Ir6985 (by Stoneburner, Gary)
    (155)

Click To View

Other Books with Same Subject: Click to view all books in Technology., Reference materials, Technology and literature


  • Shafranovich, Yakov
    Introduction to the Anti-Spam Research G... (by Shafranovich, Yakov)
    (175)
  • State Profiles 
    (200)
  • Floyd, Mary
    Digital Cinema 2001 Conference Proceedin... (by Floyd, Mary)
    (200)
  • Wang, Peiming
    Thermodynamic Properties of Aqueous Magn... (by Wang, Peiming)
    (132)
  • Chatterjee, B. K.
    Tables of Elastic Scattering Cross Secti... (by Chatterjee, B. K.)
    (200)
  • Bostelman, Roger V.
    Industrial Autonomous Vehicle Project Re... (by Bostelman, Roger V.)
    (118)
  • He, C. Y.
    Thermal Conductivity of the Elements (by He, C. Y.)
    (175)
  • Moore, Charlotte E.
    Selected Tables of Atomic Spectra (by Moore, Charlotte E.)
    (200)
  • Kudchadker, Shanti A.
    Ideal Gas Thermodynamic Properties of Ph... (by Kudchadker, Shanti A.)
    (155)
  • Bartle, K. D.
    Oiabilitiess F Solids and Liquids of Low... (by Bartle, K. D.)
    (132)

 
 
Copyright © 2010 World Public Library. All rights reserved. eBooks from World Public Library are sponsored by the World Public Library Association,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.