bs ppt (1)
TRANSCRIPT
-
8/4/2019 bs ppt (1)
1/9
BUSINESS RISK
MANAGEMENT
PRESENTED BY: Yash JainCLASS: XI-C
ROLL NO: 40
-
8/4/2019 bs ppt (1)
2/9
HOW MUCH TO INVEST INSECURITY?
How much is too much? Firewall Intrusion Detection/Prevention Guard
Biometrics Virtual Private Network Encrypted Data & Transmission Card Readers Policies & Procedures
Audit & Control Testing Antivirus / Spyware Wireless Security
How much is too little? Hacker attack Internal Fraud Loss of Confidentiality Stolen data Loss of Reputation Loss of Business Penalties Legal liability Theft & Misappropriation
-
8/4/2019 bs ppt (1)
3/9
RISK MANAGEMENT
Internal Factors External Factors
Legisla
tion
Indu
stryCulture
CorporateHistoryMan
agemen
ts
RiskTo
lerance
Organiza
tiona
l
Maturity
Structure
Risk Mgmt Strategies are determined by both internal & external factorsRisk Tolerance or Appetite: The level of risk that management is comfortable
with
-
8/4/2019 bs ppt (1)
4/9
RISK MANAGEMENT PROCESS
Establish
Scope &
Boundaries
Identification
Analysis
Evaluation
Avoid Reduce Transfer Retain
Accept Residual Risk
RiskCommunicatio
n
&Monitoring
RiskAssessment
Risk
Treatment
What assets & risks exist?
What does this risk cost?
What priorities shall we set?
What controls can we use?
What to investigate?What to consider?
-
8/4/2019 bs ppt (1)
5/9
RISK APPETITE
Do you operate your computer with or without antivirussoftware?
Do you have antispyware? Do you open emails with forwarded attachments from
friends or follow questionable web links?
Have you ever given your bank account information to aforeign emailer to make $$$?
What is your risk appetite?If liberal, is it due to risk acceptance or ignorance?
Companies too have risk appetites, decided after evaluatingrisk
-
8/4/2019 bs ppt (1)
6/9
CONTINUOUS RISK MGMT PROCESS
Identify &
Assess Risks
Develop Risk
Mgmt Plan
Implement Risk
Mgmt Plan
Proactive
Monitoring
Risk
Appetite
Risks change with time asbusiness & environment changes
Controls degrade over timeand are subject to failure
Countermeasures may opennew risks
-
8/4/2019 bs ppt (1)
7/9
SECURITY EVALUATION:RISK ASSESSMENT
Five Steps include:1. Assign Values to Assets:
Where are the Crown Jewels?1. Determine Loss due to Threats & Vulnerabilities
Confidentiality, Integrity, Availability1. Estimate Likelihood of Exploitation Weekly, monthly, 1 year, 10 years?
1. Compute Expected Loss Loss = Downtime + Recovery + Liability + Replacement Risk Exposure = ProbabilityOfVulnerability * $Loss
1. Treat Risk Survey & Select New Controls Reduce, Transfer, Avoid or Accept Risk Risk Leverage = (Risk exposure before reduction) (risk
exposure after reduction) / (cost of risk reduction)
-
8/4/2019 bs ppt (1)
8/9
CONCLUSIONWe studied various types of business risks,understood about them and their conceptsthoroughly. We can manage the business risk easilyby following regular essential steps.
-
8/4/2019 bs ppt (1)
9/9