Upload File

protec’ng*informaon*assets* · 2015-06-22 · mis$5206$protecng$informa/on$assets$ gregsenko...

  • Home
  • Documents
  • Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *
25
MIS 5206 Protec/ng Informa/on Assets Greg Senko Protec’ng Informa’on Assets Week 4 Risk Evaluation

Upload: others

Post on 20-Mar-2020

4 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Protec'ng  Informa'on  Assets  -­‐  Week  4  -­‐  

 Risk Evaluation

 

Page 2: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

MIS5206  Week  4  •  In the News •  Readings

–  2009 Vacca Chapters 14, 35 –  2012 Vacca Chapters 15, 35 –  HDFC BANK: SECURING ONLINE BANKING –  ISACA RiskIT Framework pp. 47- 96

•  Week 3 Material Highlights •  Risk Evaluation •  Test Taking Tip •  Quiz

Page 3: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

In  the  News  

h>p://fcw.com/ar'cles/2014/09/12/trust-­‐issues.aspx    It  is  no  secret  that  the  U.S.  government  is  desperate  to  prevent  another  large-­‐scale  leak  of  classified  informa'on  like  the  one  carried  out  by  Edward  Snowden  last  year.  And  the  role  technology  is  playing  in  this  pursuit  could  have  long-­‐term  consequences  for  federal  agencies'  rela'onships  with  their  employees.  

Page 4: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Reading  

•  Vacca Chapter 15 – 35

•  Case: HDFC BANK

•  ISACA RiskIT Framework pp. 47 - 96

Page 5: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Week  3:  Data  Classifica'on  Process  and  Models  

5

Page 6: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Week  3:  Data  Classifica'on  Process  and  Models  

6

Why  is  data  classifica'on  important?  

•  Focuses  a>en'on  on  the  iden'fica'on  and  valua'on  of  informa'on  assets    

•  Is  the  basis  for  access  control  policy  and  processes  

Page 7: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Case:  HDFC  Banking  

7

Let’s  discuss  the  case:  

•  What  is  the  role  of  employee  security  awareness  training  in  the  overall  security  risk  management  strategy?    

•  To  what  extent  should  a  company  a>empt  to  educate  their  customers  about  security  concerns?    

•  What  are  some  of  the  methods  a  company  can  use  to  raise  security  awareness?    

Page 8: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Case:  HDFC  Banking  

8

Case  Study  due  10/2:  •  Via  email  •  Due  by  mid-­‐night    Tuesday  9/30  

1.  What  if  anything  should  HDFC  do  to  make  exis'ng  customers  more  secure?  

2.  How  should  HDFC  deal  with  customers  who,  while  signed-­‐up,  do  not  use  online  banking  services?  

3.  At  this  point,  should  HDFC  bank  outsource  secure  data  and  transac'ons?    

Page 9: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Risk Evaluation  

Risk  evalua/on  is  the  process  of  iden/fying  risk  Risk  Scenarios  and  describing  their  poten/al    

Business  impact  

Page 10: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

The  RiskIT  Framework  

10

The  risk  management  process  model  groups  key  ac'vi'es  into  a  number  of  processes.  These  processes  are  grouped  into  three  domains.  The  process  model  will  appear  familiar  to  users  of  COBIT  and  Val  IT:  substan'al  guidance  is  provided  on  the  key  ac'vi'es  within  each  process,  responsibili'es  for  the  process,  informa'on  flows  between  processes  and  performance  management  of  the  process.  

Page 11: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Risk  Evalua'on  -­‐  Key  Components  Collect  Data    

Iden'fy  relevant  data  to  enable  effec've  IT-­‐related  risk  iden'fica'on,  analysis  and  repor'ng    

Analyze  Risk      

Develop  useful  informa'on  to  support  risk  decisions  that  take  into  account  the  business  impact  of  risk  factors  

Maintain  Risk  Profile  

Maintain  and  up-­‐to-­‐date  and  complete  inventory  of  known  risks  and  a>ributes  as  understood  in  the  context  of  IT  controls  and  business  processes  

Page 12: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Collect  Data  

Page 13: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Collect  Data  

Page 14: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Analyze  Risk  

Page 15: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Analyze  Risk  

Page 16: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Maintain  Risk  Profile  

Page 17: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Maintain  Risk  Profile  

Page 18: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Test  Taking  Tip  

18

Focus  on  the  “highest  likelihood”  answers  for  test  taking  efficiency    

Here’s  why:  •  Some  of  the  answers  use  unfamiliar  terms  and  stand  out  as  unlikely  and  

can  therefore  be  discarded  immediately    •  Some  answers  are  clearly  wrong  and  you  can  recognize  them  based  on  

your  familiarity  with  the  subject  •  The  correct  answer  may  require  a  careful  reading  of  the  wording  of  the  

ques'on  and  elimina'ng  the  unlikely  answers  early  in  the  evalua'on  process  helps  you  focus  on  key  concepts  for  making  the  choice  

-­‐  Eliminate  any  “probably  wrong”  answers  first  -­‐  

Page 19: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Test  Taking  Tip  

19

Example:    

The  promo'on  manager  of  Northeast  Electronics  has  been  made  the  owner  of  the  department’s  printers  and  other  resources.  The  manager  can  now  designate  who  in  the  department  can  use  the  the  large  format  printer.  What  term  is  used  to  describe  this  type  of  access  control?  

A.  Mandatory  B.  Role-­‐Based  C.  Discre'onary  D.  Distributed  

       Answer:  C  

Page 20: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Test  Taking  Tip  

20

Example:    

The  promo'on  manager  of  Northeast  Electronics  has  been  made  the  owner  of  the  department’s  printers  and  other  resources.  The  manager  can  now  designate  who  in  the  department  can  use  the  the  large  format  printer.  What  term  is  used  to  describe  this  type  of  access  control?  

A.  Mandatory  B.  Role-­‐Based  C.  Discre'onary  D.  Distributed  

       Answer:  C  

Nothing  seems  mandatory  about  this  scenario  

Page 21: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Test  Taking  Tip  

21

Example:    

The  promo'on  manager  of  Northeast  Electronics  has  been  made  the  owner  of  the  department’s  printers  and  other  resources.  The  manager  can  now  designate  who  in  the  department  can  use  the  the  large  format  printer.  What  term  is  used  to  describe  this  type  of  access  control?  

A.  Mandatory  B.  Role-­‐Based  C.  Discre'onary  D.  Distributed  

       Answer:  C  

Maybe  ….  

Page 22: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Test  Taking  Tip  

22

Example:    

The  promo'on  manager  of  Northeast  Electronics  has  been  made  the  owner  of  the  department’s  printers  and  other  resources.  The  manager  can  now  designate  who  in  the  department  can  use  the  the  large  format  printer.  What  term  is  used  to  describe  this  type  of  access  control?  

A.  Mandatory  B.  Role-­‐Based  C.  Discre'onary  D.  Distributed  

       Answer:  C  

Nothing  about  roles  other  than  manager  in  the  ques'on  

Page 23: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Test  Taking  Tip  

23

Example:    

The  promo'on  manager  of  Northeast  Electronics  has  been  made  the  owner  of  the  department’s  printers  and  other  resources.  The  manager  can  now  designate  who  in  the  department  can  use  the  the  large  format  printer.  What  term  is  used  to  describe  this  type  of  access  control?  

A.  Mandatory  B.  Role-­‐Based  C.  Discre'onary  D.  Distributed  

       Answer:  C  

Page 24: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Test  Taking  Tip  

24

Example:    

The  promo'on  manager  of  Northeast  Electronics  has  been  made  the  owner  of  the  department’s  printers  and  other  resources.  The  manager  can  now  designate  who  in  the  department  can  use  the  the  large  format  printer.  What  term  is  used  to  describe  this  type  of  access  control?  

A.  Mandatory  B.  Role-­‐Based  C.  Discre'onary  D.  Distributed  

             Answer:  C  

Page 25: Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *

MIS  5206  Protec/ng  Informa/on  Assets  Greg  Senko  

Quiz  

25


entropy(accoun,ng - Consortium status update | MIT ... · Thermodynamics(and(Informaon?(• Claude(Shannon(correlated(thermodynamics(and(informaon(theory(in(MTC(• Shannon(demonstrated(entropy(to(be(equivalentto(ashortage

Ecosystem)Spectral)Informaon) System)(EcoSIS):))

Protecng the Naon’s Crical Assets · 2019-07-15 · § Business or mission analysis § Stakeholder needs and requirements definition § System requirements definition § Architecture

NPIN Naonal Prevenon Informaon Network · PDF file• NPIN Naonal Prevenon Informaon Network www ... Windows Internet Explorer provided by ITSO asianhealth org 794.htm ... Natural

HBL Income Fund 01 - 32 Pages · HBL Cash Fund Fund Informaon Trustee report to the Unit Holders Auditors report to the Unit Holders Condensed Interim Statement of Assets and Liabilies

Contact Informaon - Alamance-Burlington School System · Contact Informaon: ... about enrollment in the retiree group of the State Health Plan. Note: ... Email: [email protected] Email:

CAREERS IN INFORMATION TECHNOLOGY · in the field of informaon technology, you might want to turn your hobby into a career. Today, informaon is paramount and informaon technology

Online Wiring Informaon

Large&Scale&Machine&Learning&for& Informaon&Retrieval&blong/LSML-tutorial-cikm... · Large&Scale&Machine&Learning&for& Informaon&Retrieval& &Bo&Long,&Liang&Zhang& LinkedIn&Applied&Relevance&Science&

Informaon Brochure For Students

PLAN OF SALVATION Stascal Informaon · PLAN OF SALVATION Stascal Informaon GOD LOVES YOU. “For God so loved the world, that He gave his only begotten Son, that whosoever believeth

Women in Informaon and Communicaon Technology (ICT) · Networks · Services · People Mandeep Saini Head of So8ware Development Women in Informaon and Communicaon Technology (ICT)

AIC and BIC for Simple Models of Severely Complex Data · Informaon Criterion (AIC) and Bayesian Informaon Criterion (BIC). When modeling covariance structure, a discrepancy func:on

Human Rights and Informaon Access in a Digital Worldd-scholarship.pitt.edu/35470/1/Corrall HR and IA (2018...Digital literacy at VT Libraries • includes data, informaon, media, and

Session 1: Protecng the ASEAN Community from Evolving ... · Session 1: Protecng the ASEAN Community from Evolving Polical-Security Challenges ASEAN and Japan Should Take a Firmer

Proposed Rezoning and Plan Amendment • Informaon Session

Searching for Credible Informaon via Social Media Mininghuanliu/papers/BJUT12222016.pdfArizona State University Data Mining and Machine Learning Lab Searching for Credible Informaon

Park Informaon Climate Hotel Facilies

Introduc)on to ROS · • The publish/subscribe paern is very useful to broadcast informaon asynchronously. This means that once a node receives some informaon (e.g., a compass sensor

CS6200 Informaon&Retrieval& - Northeastern University · 2013. 9. 25. · CS6200 Informaon&Retrieval& David&Smith& College&of&Computer&and&Informaon&Science& Northeastern&University&

INFO/CS(4302( Web(Informaon(Systems - Cornell University · INFO/CS(4302(Web(Informaon(Systems (FT2012(Week(7:(RESTful(Webservice(APIs((H(Bernhard(Haslhofer(H(

INFO/CS(4302( Web(Informaon(Systems( - Cornell University...Example(Web(Informaon(System(Architecture(Web Application (Relational) Database / In-memory store / File-based store Raw

TaintART: A Prac-cal Mul--level Informaon-Flow Tracking ... · TaintART: A Prac-cal Mul--level Informaon-Flow Tracking System for Android RunTime Mingshen Sun, Tao Wei, John C.S

Part1:%Introduc.on%to%RLS%1.1%Spec.% Part2 ...for%represen.ng%informaon%necessary%for%robo.c%usage.% – Coordinatesystem/coordinatereferencesystemdefinions for%pose%or%iden.ty%informaon.%

Chemical Safety and Hazard Informaon in PubChem - dchas.org · Chemical Safety and Hazard Informaon in PubChem Jian Zhang*, Paul Thiessen, Asta Gindulyte, Leah McEwen, Ralph Stuart,

INFO/CS(4302( Web(Informaon(Systems( · 2013. 2. 6. · INFO/CS(4302(Web(Informaon(Systems(FT2012((Week 3: The(Web(Architecture:((handsDon(hEp(((Lecture(5)((TheresaVelden ’

Annual Report 2019-20 Corporate Informaon

Informaon)Literacy) - dspace-unipr.cineca.itdspace-unipr.cineca.it/bitstream/1889/2699/1/Basili-Parma-2015-03.pdf · Informaon) Literacy)T)Culturadell’Informazione ) Parma,)10)marzo)2015)

Don’t forget, members can look up contact informaon for

Medical Of ce Space for Lease€¦ · 3300 NW 56th St., Oklahoma City, OK 73112 Artesian Medical Building Medical Of ce Space for Lease This informaon is provided for informaon purposes

Informaon Governance at UW Medicine A Prac(cal Approach

Informaon)Infrastructures:) the)oil)and)gas)industry) · Informaon)Infrastructures:) the)oil)and)gas)industry) EricM) ... Production and loss figures for KPI’s ... gas and availability

For More Informaon, Please Contact: STEEL LIMITED J. N ...203.197.123.30/recruit/Adv/Paramedical Brochure.pdf · J. N. Tata Vocational Training Institute For More Informaon, Please

The$world$inside$words:$informaon$ …The$world$inside$words:$informaon$ extrac1on$and$labeling$in$low$ resource$languages$through$ subwordmodels RobertMunro$ CEO,$Idibon$ (research$while$atStanford

Personal informaon management systems and …abiteboul.com/PRESENTATION/16.PimsThymeflow.pdfPersonal informaon management systems and knowledge integra-on Serge Abiteboul Inria & Ecole