Professional Documents
Culture Documents
Presented by:
Group - 15
Kumar Mayank (14609038)
Rachit Mehrotra (14609157)
Coverage
Planning Enterprise Information Security
Protecting enterprise data.
Creating a security plan.
Developing a security policy.
Using technology to support security operations.
9/8/15
9/8/15
9/8/15
9/8/15
9/8/15
9/8/15
10
9/8/15
11
9/8/15
12
SOX
GLBA
HIPAA
FERPA
COPPA
Types Of Threats
Natural-Weather events
Environmental-Fire, power failure
Human-Cheat, fraud
Electronic
Malware
Bugs
Phishing mails
Bots & Botnets
Assessing Risk
Each threat is analyzed to determine its probability an
d impact.
Probability refers to likelihood that the threat will mate
rialize into an actual event.
Impact refers to loss that would occur.
Addressing Risk
Prioritizing Threats
Reducing Probability
Reducing Impact
Prioritizing threats
Acceptance- Risk identified & accepted. Impact is unde
rstood.
Avoidance-selecting an alternative option.
Mitigation-Additional protection or Alterations.
Transference-Insurance protections
Reducing Probability
Use of countermeasures against common threats.
Examples:
Threat
Countermeasures
Install a firewall
Reducing Impact
9/8/15
22