8/4/2019 bs ppt (1)

1/9

BUSINESS RISK

MANAGEMENT

PRESENTED BY: Yash JainCLASS: XI-C

ROLL NO: 40

8/4/2019 bs ppt (1)

2/9

HOW MUCH TO INVEST INSECURITY?

How much is too much? Firewall Intrusion Detection/Prevention Guard

Biometrics Virtual Private Network Encrypted Data & Transmission Card Readers Policies & Procedures

Audit & Control Testing Antivirus / Spyware Wireless Security

How much is too little? Hacker attack Internal Fraud Loss of Confidentiality Stolen data Loss of Reputation Loss of Business Penalties Legal liability Theft & Misappropriation

8/4/2019 bs ppt (1)

3/9

RISK MANAGEMENT

Internal Factors External Factors

Legisla

tion

Indu

stryCulture

CorporateHistoryMan

agemen

ts

RiskTo

lerance

Organiza

tiona

l

Maturity

Structure

Risk Mgmt Strategies are determined by both internal & external factorsRisk Tolerance or Appetite: The level of risk that management is comfortable

with

8/4/2019 bs ppt (1)

4/9

RISK MANAGEMENT PROCESS

Establish

Scope &

Boundaries

Identification

Analysis

Evaluation

Avoid Reduce Transfer Retain

Accept Residual Risk

RiskCommunicatio

n

&Monitoring

RiskAssessment

Risk

Treatment

What assets & risks exist?

What does this risk cost?

What priorities shall we set?

What controls can we use?

What to investigate?What to consider?

8/4/2019 bs ppt (1)

5/9

RISK APPETITE

Do you operate your computer with or without antivirussoftware?

Do you have antispyware? Do you open emails with forwarded attachments from

friends or follow questionable web links?

Have you ever given your bank account information to aforeign emailer to make $$$?

What is your risk appetite?If liberal, is it due to risk acceptance or ignorance?

Companies too have risk appetites, decided after evaluatingrisk

8/4/2019 bs ppt (1)

6/9

CONTINUOUS RISK MGMT PROCESS

Identify &

Assess Risks

Develop Risk

Mgmt Plan

Implement Risk

Mgmt Plan

Proactive

Monitoring

Risk

Appetite

Risks change with time asbusiness & environment changes

Controls degrade over timeand are subject to failure

Countermeasures may opennew risks

8/4/2019 bs ppt (1)

7/9

SECURITY EVALUATION:RISK ASSESSMENT

Five Steps include:1. Assign Values to Assets:

Where are the Crown Jewels?1. Determine Loss due to Threats & Vulnerabilities

Confidentiality, Integrity, Availability1. Estimate Likelihood of Exploitation Weekly, monthly, 1 year, 10 years?

1. Compute Expected Loss Loss = Downtime + Recovery + Liability + Replacement Risk Exposure = ProbabilityOfVulnerability * $Loss

1. Treat Risk Survey & Select New Controls Reduce, Transfer, Avoid or Accept Risk Risk Leverage = (Risk exposure before reduction) (risk

exposure after reduction) / (cost of risk reduction)

8/4/2019 bs ppt (1)

8/9

CONCLUSIONWe studied various types of business risks,understood about them and their conceptsthoroughly. We can manage the business risk easilyby following regular essential steps.

8/4/2019 bs ppt (1)

9/9