World Library  

Risk Management Guide for Information Technology Systems

By Stoneburner, Gary

Description
Technical Reference Publication

Excerpt
Introduction: Every organization has a mission. In this digital era, as organizations use automated information technology (IT) systems to process their information for better support of their missions, risk management plays a critical role in protecting an organization?s information assets, and therefore its mission, from IT-related risk. An effective risk management process is an important component of a successful IT security program. The principal goal of an organization?s risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization.

Table of Contents
TABLE OF CONTENTS 1. INTRODUCTION.............................................................................................................................................1 1.1 AUTHORITY................................................................................................................................................1 1.2 PURPOSE.....................................................................................................................................................1 1.3 OBJECTIVE .................................................................................................................................................2 1.4 TARGET AUDIENCE ....................................................................................................................................2 1.5 RELATED REFERENCES...............................................................................................................................3 1.6 GUIDE STRUCTURE.....................................................................................................................................3 2. RISK MANAGEMENT OVERVIEW .............................................................................................................4 2.1 IMPORTANCE OF RISK MANAGEMENT .........................................................................................................4 2.2 INTEGRATION OF RISK MANAGEMENT INTO SDLC.....................................................................................4 2.3 KEY ROLES ................................................................................................................................................6 3. RISK ASSESSMENT .......................................................................................................................................8 3.1 STEP 1: SYSTEM CHARACTERIZATION......................................................................................................10 3.1.1 System-Related Information................................................................................................................10 3.1.2 Information-Gathering Techniques .....................................................................................................11 3.2 STEP 2: THREAT IDENTIFICATION.............................................................................................................12 3.2.1 Threat-Source Identification................................................................................................................12 3.2.2 Motivation and Threat Actions ............................................................................................................13 3.3 STEP 3: VULNERABILITY IDENTIFICATION................................................................................................15 3.3.1 Vulnerability Sources..........................................................................................................................16 3.3.2 System Security Testing .......................................................................................................................17 3.3.3 Development of Security Requirements Checklist................................................................................18 3.4 STEP 4: CONTROL ANALYSIS....................................................................................................................19 3.4.1 Control Methods .................................................................................................................................20 3.4.2 Control Categories ..............................................................................................................................20 3.4.3 Control Analysis Technique.................................................................................................................20 3.5 STEP 5: LIKELIHOOD DETERMINATION.....................................................................................................21 3.6 STEP 6: IMPACT ANALYSIS .......................................................................................................................21 3.7 STEP 7: RISK DETERMINATION.................................................................................................................24 3.7.1 Risk-Level Matrix................................................................................................................................24 3.7.2 Description of Risk Level.....................................................................................................................25 3.8 STEP 8: CONTROL RECOMMENDATIONS ...................................................................................................26 3.9 STEP 9: RESULTS DOCUMENTATION.........................................................................................................26 4. RISK MITIGATION......................................................................................................................................27 4.1 RISK MITIGATION OPTIONS.......................................................................................................................27 4.2 RISK MITIGATION STRATEGY....................................................................................................................28 4.3 APPROACH FOR CONTROL IMPLEMENTATION............................................................................................29 4.4 CONTROL CATEGORIES .............................................................................................................................32 4.4.1 Technical Security Controls.................................................................................................................32 4.4.2 Management Security Controls............................................................................................................35 4.4.3 Operational Security Controls.............................................................................................................36 4.5 COST-BENEFIT ANALYSIS .........................................................................................................................37 4.6 RESIDUAL RISK ........................................................................................................................................39 5. EVALUATION AND ASSESSMENT............................................................................................................41 5.1 GOOD SECURITY PRACTICE.......................................................................................................................41 5.2 KEYS FOR SUCCESS ..................................................................................................................................41 Appendix A?Sample Interview Questions ............................................................................................................. A-1 Appendix B?Sample Risk Assessment Report Outline ...........................................................................................B-1

Click here to view

Book Id: WPLBN0000694131
Format Type: PDF eBook
File Size: 478.48 KB.
Reproduction Date: 2005
Full Text


Title: Risk Management Guide for Information Technology Systems  
Author: Stoneburner, Gary
Volume:
Language: English
Subject: Technology., Reference materials, Technology and literature
Collection: Techonology eBook Collection
Subcollection:
Historic
Publication Date:
Publisher:
QR link for Risk Management Guide for Information Technology Systems
Add to Book Shelf
Flag as Inappropriate
Email this Book
 

Click To View

Other Books I Looked at: Click to view all Books in my History


  • Risk Management Guide for Information Te... (by )
    Book Rating (22)
Scroll Left
Scroll Right

Click To View

People also read these books: Click to view all Additional Books


  • Evaluated Kinetic and Photochemical Data... (by )
    Book Rating (175)
  • Toward Next-Generation Construction Mach... (by )
    Book Rating (175)
  • Reporting 
    Book Rating (175)
  • Secure Cyberspace 
    Book Rating (175)
  • Thermodynamic Properties of Dioxygen Dif... (by )
    Book Rating (118)
  • Thermodynamic Functions and Properties o... (by )
    Book Rating (200)
  • Cross Sections and Related Data for Elec... (by )
    Book Rating (132)
  • Cross Sections and Swarm Coefficients fo... (by )
    Book Rating (175)
  • Administrative Modifications 
    Book Rating (132)
  • Indefinite Delivery Indefinite Quantity ... 
    Book Rating (118)
  • Credit Card Purchases 
    Book Rating (5)
  • Awards 
    Book Rating (175)
Scroll Left
Scroll Right

Click To View

Other Books by Same Author: Click to view all books by Stoneburner, Gary


  • Itl Bulletin Series (by )
    Book Rating (200)
  • Itl Bulletin Series (by )
    Book Rating (175)
  • Common Criteria Protection Profilesaddre... (by )
    Book Rating (200)
  • Risk Management Guide for Information Te... (by )
    Book Rating (22)
  • Comparison of the Security Requirements ... (by )
    Book Rating (175)
  • Computer Security (by )
    Book Rating (175)
  • Computer Security (by )
    Book Rating (200)
  • Computer Security (by )
    Book Rating (118)
  • Computer Security (by )
    Book Rating (155)
  • Nist Ir6985 (by )
    Book Rating (155)
Scroll Left
Scroll Right

Click To View

Other Books with Same Subject: Click to view all books in Technology., Reference materials, Technology and literature


  • Introduction to the Anti-Spam Research G... (by )
    Book Rating (175)
  • State Profiles 
    Book Rating (200)
  • Digital Cinema 2001 Conference Proceedin... (by )
    Book Rating (200)
  • Thermodynamic Properties of Aqueous Magn... (by )
    Book Rating (132)
  • Tables of Elastic Scattering Cross Secti... (by )
    Book Rating (200)
  • Industrial Autonomous Vehicle Project Re... (by )
    Book Rating (118)
  • Thermal Conductivity of the Elements (by )
    Book Rating (175)
  • Selected Tables of Atomic Spectra (by )
    Book Rating (200)
  • Ideal Gas Thermodynamic Properties of Ph... (by )
    Book Rating (155)
  • Oiabilitiess F Solids and Liquids of Low... (by )
    Book Rating (132)
Scroll Left
Scroll Right

 
Desktop View       Kiosk View

Copyright © World Public Library. All rights reserved. eBooks from World Public Library are sponsored by the World Public Library Association,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.