Information Security Risk Assessment Toolkit by Mark Talabis & Jason Martin
Author:Mark Talabis & Jason Martin
Language: eng
Format: epub
ISBN: 9781597499750
Publisher: Elsevier Inc.
Published: 2012-10-23T16:00:00+00:00
Chapter 4
Information Security Risk Assessment: Data Analysis
Information in this chapter:
• Introduction
• Compiling Observations from Organizational Risk Documents
• Preparation of Threat and Vulnerability Catalogs
• Overview of the System Risk Computation
• Designing the Impact Analysis Scheme
• Designing the Control Analysis Scheme
• Designing the Likelihood Analysis Scheme
• Putting it Together and the Final Risk Score
Introduction
In the scope of the overall information security risk assessment project, data analysis is the phase where we start trying to make sense of the collected data. In this phase our focus is on consolidating all of the information that we have gathered through the previous data collection activities. We will then display and summarize the information collected into a form that will allow us to make conclusions, based on the data.
At this point, the assessor will have likely collected quite a bit of data stored in various containers. Depending on the container selected, these could be spreadsheets, databases or even an application containing all the data from your interviews, the application survey, the control survey, and the various security documents and statistics collected. Various techniques such as formulas, decision matrices, and computations will then be applied to this data in order to give the assessor a view that will facilitate the development of findings and conclusions which are ultimately the product of the actual risk analysis. Thus, this phase can be considered as a mid-point between raw data collection and extrapolation of the actual findings and conclusions derived from the data.
The risk assessment framework that the assessor has adopted will heavily influence the techniques involved in data analysis. The various risk assessment frameworks such as OCTAVE, NIST FAIR, and ISO provide various formulas and decision matrices, some more prescriptive than others, to allow for the computation of risk. The results of these computations are the final product for the data analysis phase and will play an important part in our analysis of overall risk. In this chapter, we will be leveraging guidance from the NIST framework to compute for risk since it is one of the most flexible; however, we will provide some discussion about how other frameworks approach this step. While we will be leveraging guidance from NIST to illustrate the process our primary objective is to guide you through a method that will allow you to apply our approach to any given risk assessment framework and should not be read as a “how to” on executing a full NIST aligned assessment.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Bad Blood by John Carreyrou(5735)
Principles: Life and Work by Ray Dalio(5294)
Rich Dad Poor Dad by Robert T. Kiyosaki(5111)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4115)
The Confidence Code by Katty Kay(3538)
Thinking in Bets by Annie Duke(3503)
American Kingpin by Nick Bilton(2947)
Delivering Happiness by Tony Hsieh(2905)
Playing to Win_ How Strategy Really Works by A.G. Lafley & Roger L. Martin(2764)
Project Animal Farm: An Accidental Journey into the Secret World of Farming and the Truth About Our Food by Sonia Faruqi(2646)
Brotopia by Emily Chang(2574)
I Live in the Future & Here's How It Works by Nick Bilton(2504)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2493)
The Content Trap by Bharat Anand(2478)
The Power of Habit by Charles Duhigg(2464)
The Marketing Plan Handbook: Develop Big-Picture Marketing Plans for Pennies on the Dollar by Robert W. Bly(2398)
The Tyranny of Metrics by Jerry Z. Muller(2381)
Building a StoryBrand by Donald Miller(2336)
Applied Empathy by Michael Ventura(2316)