Security and Risk Management

1 Security & Risk Mgmnt Copyright Doug Knehr

Click on the above link for a condensed view (not all links opened) of my deep research and expertise in Security and Risk Management covering the following areas:

1.Security and Risk Management

Critical Areas
Data Breaches
Conducting a Business Impact Analysis (BIA)
Continuous improvement
Threat Modeling
Determining potential attacks
Performing a Reduction Analysis
Technologies and processes used to remediate threats
Integrating security risk considerations into acquisitions strategy and practice
Third-Party assessments
Minimum security requirements
Service-Level requirements
Appropriate levels of awareness, training, and education within an organization
Periodic reviews for content relevancy”
Security Principles
Security & Risk Governance
Industry best practices (i.e., NIST, ITIL, ISO 27000, COSO, and COBIT). ”
Mechanisms for the board of directors and management to have the proper oversight to manage the risk to the enterprise to an acceptable level.”
Purpose of governance
Board of directors should:
Be informed about information security
Set direction to drive policy and strategy
Provide resources to security efforts
Assign management responsibilities
Set priorities
Support changes required
Define cultural values related to risk assessment
Obtain assurance from internal or external auditors
Insist that security investments are made measurable and reported on for program effectiveness.”

Security Mgmnt
Interrelationship of Security & Risk Mgmnt
Common Business Issues Affecting Security Risk mgmnt
Governance Committees –
Governance Committees – A governance committee is responsible for recruiting and maintaining the governance board for an organization. ”

Security Roles and Responsibilities
Security Activities
How its done
Implementing Metrics
“Security Council”
Review and Audit the Security Program”
Establish Control Frameworks for Governance
Global Legal and Regulatory Issues
Develop and Implement Security Policy
Business Continuity (BC) & Disaster Recovery (DR) Requirements
Personnel security
Risk Mgmnt Concept
Risk Assessment Process (NIST – National Institute of Standards and Technology)
Security & Audit Frameworks
ID threats and vulnerabilities
Risk assessment analysis
Risk Mitigation
Risk Acceptance
Counter Measures
Type of controls
Access Control Types
Control assessment/ monitoring measurement
Tangible and intangible Asset Valuation
Continuous Improvement
Risk Mgmnt Frameworks
Create a risk inventory of risks and counter measures
Threat Modeling
enables informed decision making on application security risk
procedure to id objectives and vulnerabilities and then define countermeasures to the threats
Determining Potential attacks and reduction analysis
Technologies and processes to reduce threats
Acquisitions Strategy
Security Education Training & Awareness
Formal Training
Creating security awareness course
Creating culture of awareness
Job Training
Performance Metrics

COPYRIGHT Douglas S. Knehr Esq.,MBA, CIPM, CIPP, CISSP  (in Training)

Doug at DougKnehr . com