|Published (Last):||6 October 2012|
|PDF File Size:||10.47 Mb|
|ePub File Size:||9.34 Mb|
|Price:||Free* [*Free Regsitration Required]|
ISO elaborates different methods on treating risk related to information security, which help organizations to mitigate risks. Khachab has a wide range of information risk management and IT procurement skills earned through more than 30 years of experience in the US and Middle East.
He has established a strong reputation and proven record of delivering benefits to clients by teaching information risk management and MIS to businesses and universities. SlideShare Explore Search You. Submit Search. Successfully reported this slideshow. We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare. Like this presentation? Why not share! Embed Size px. Start on. Show related SlideShares at end. WordPress Shortcode. Published in: Education. Full Name Comment goes here. Are you sure you want to Yes No. Soad Medhat. Show More. No Downloads. Views Total views. Actions Shares. Embeds 0 No embeds. No notes for slide. Risk treatment process b. Risk treatment options c. Risk treatment plan Risk treatment 2. Risk Treatment 3. Identification of existing controls 3.
Identification of vulnerabilities 3. Identification of consequences 4. Assessment of consequences 4. Risk Treatment 7.
Risk Acceptance 2. ContextEstablishment 9. Risk Monitoring and Review 3. Risk Identification 4. Risk Analysis 5. Risk Evaluation 7. Risk Management ProgrammeRisk Assessment 9. Risk Monitoring and Review 8. Risk Communication and Consultation 5. Risk Treatment Options ISO , clause 9 Risk Modification Introducing, removing or altering controls so that the residual risk can be reassessed as being acceptable Risk Retention The management decided to accept the actual level of risk Risk Sharing Decision to share risks with external parties: insurance or outsourcing Risk Avoidance Cancellation or modification of an activity or set of activities related to risk Risk Modification Risk Sharing Risk Retention Risk Avoidance 6.
Risk Modification ISO , clause 9. Risk Retention ISO , clause 9. Risk Avoidance ISO , clause 9. Risk Avoidance Examples 1. By ceasing certain activities e. By removing the assets from an area at risk do not store sensitive documents on the corporate Intranet, or move the servers to the 4th floor to avoid a risk of flooding 3.
Deciding not to exchange sensitive information with third parties if adequate protection is not guaranteed Risk Sharing ISO , clause 9. Risk Sharing Possible methods There are two main methods of risk sharing: 1. Insurance: Any other form of covering risks contracted by an organization in exchange for paying a premium 2. Outsourcing: Transfer of all or part of a business activity to an external partner Risk Treatment Options 2.
Risk Removal This option consists of removing the risk source. This option is feasible only in the unlikely event that the organization has the possibility of removing the source of the risk, which is not really applicable in information security Ex: Lobbying to have a law revoked. ISO , clause 5. Increasing Risk A risk treatment option? Increase the exposure to risk if the organization can take advantage of more opportunities 2.
Reduce the level of security control if the costs exceed the benefits Treated Risk Risk eliminated with controls 1. Residual Risk Risk remaining after treatment of risk Management must be aware of the residual risks and accept responsibility for them Inherent Risk All risks without accounting for controls 2 1 You just clipped your first slide! Clipping is a handy way to collect important slides you want to go back to later.
Now customize the name of a clipboard to store your clips. Visibility Others can see my Clipboard. Cancel Save.
ISO/IEC 27005:2018 Information Security Risk Management Training Course
Search this site. Information security controls are imperfect in various ways: controls can be overwhelmed or undermined e. Consequently, information security incidents are bound to occur to some extent, even in organizations that take their information security extremely seriously. The standard covers the processes for managing information security events, incidents and vulnerabilities. It cross-references that section and explain its relationship to the ISO27k eForensics standards.