Wirtschaftsinformatik (Fach) / IT Risk Management (Lektion)

In dieser Lektion befinden sich 118 Karteikarten

IT Risk Management Uni Koblenz

Diese Lektion wurde von Irec42 erstellt.

Lektion lernen

zurück  |  weiter 3 / 3

  • Planning for Incidences - identify organizations's key processes - identify critical underlaying technology & services - identify critical stakeholder relationships - identify alternative approaches - Establis (a) plan(s) that can be effectively activates - Provide real operational alternatives
  • Identity and Access Management (IAM) - Defintion and Purpose IAM is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons Purpose: -IAM addresses the mission-critical need to ensures appropriate access to resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements
  • Planning for Business continuity - maintaining business during and after and incident to an accaptable level - procedures to guide continuity and/or timely recovery of business operations - categories:     - Disaster Recovery     - Contingency     - Operational Continuity     - Business continuity
  • Identity and Access Management (IAM) - Phases Configuration Phase -Registration -Provisioning -Authorisation Operation Phase -Self-identification -Authentification -Access Control
  • Contingency Planning - Process of preparing for unexpected events - Prepare for, detect, react to, recover from these events - BIA - Plans to deal with contingencies     - Incident Response Plan     - Disaster Recovery Plan     - Business Continuity Plan
  • Creating Contingency Planning Documents 1. Develop the policy statement 2. Conduct the BIA 3. Identify preventive controls 4. Develop recovery strategies 5. Develop IT contingency plans 6. Plan testing, training and exercises 7. Plan maintenance
  • Access Control Policies & Models -Discretionary Access Control (DAC) --controls access based on the identity of the requestor and on access rules stating what requestors are and are not allowed to to -mandatory access control (MAC) --controls access based on comparing security labels with security clearances -role-based access control (RBAC) --controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles -attribute-based access control (ABAC) --controls access based on attributes of the user, the resource to be accessed, and current environmental conditions
  • Business Impact Analysis - Provides detailed scenarios of effects of potential attacks - Risk management identifies attacks - BIA assumes contols have failed - Overview:     - Threat attack identification and priorization     - Business Unit Analysis     - Attack success scenario development     - Potential Damage Assessment     - Subordinate plan classification
  • Business Unit Analysis - Analysis and priorization ofbusiness functions - Independently evaluate all departments, units, etc. - Prioritize revenue producing functions - Effects of incidents and attacks (outcomes? best, worst, most likely) - Potential damage assessment
  • Business Impact Analysis Steps 1. Select individuals to interview for data-gathering 2. Create data-gathering techniques 3. Identify the company's critical business functions 4. Identify the resources these functions depend upon 5. Calculate how long functions can survive without resources 6. Identify vulnerabilities and threats to these functions 7. Calculate risk for each function 8. Document and report to management
  • Disaster Recovery Plan (DRP) - Purpose Key role of DRP is to re-establish operations entails preparation for and recovery from a disaster responsibility of the IT community, security department
  • Incident Response Plan 1. Preperation 2. Identification 3. Containment 4. Analysis and Eradication 5. Recovery
  • Disaster Recovery Plan (DRP) - Process 1. Develop the DR planning policy statement 2. Review the BIA 3. Identify preventive controls 4. Develop recovery strategies 5. Develop the DR plan document 7. Plan testing, training and exercises 8. Plan maintenance
  • Business Continuity Planning (BCP) - Goal Provide an immediate and appropriate response to emergency situations protect lives and ensure safety reduce business impact resume critical business functions
  • Business Continuity Planning (BCP) - Process 1. Develop the BC planning policy statement 2. Review the BIA 3. Identify preventive controls 4. Develop relocation strategies 5. develop the continuity plan 6. Plan testing, training, and exercises 7. Plan maintenance
  • Recovery Strategy: Sites Hot Site:- leased or rented facility-ready to operate within hours- expensive Warm Site:- leased or rented facility- partially configured with some equipment- cheaper Cold site:- Leased or rented facility- Basic utilities- No computer equipment
  • Recovery Mechanisms vs. Strategies Preventive Mechnisms -reduce possibility of experiencing a disaster - in case of disaster hits recovery strategies -processes on how to resue company after a disaster takes place -alternate sites for facilities -implementing emergency response procedures
  • Data Backups Full Backup:- All data- Set teh archive bit to 0- Longer to backup and restore Differential:- Files that have been changed since last full backup- Does not affect archive bit- Longer to backup, quicker to restore Incremental:- Files that have benn modified sinde last full or incremental backup- Sets archive bit to 0- Quicker to backup, longer to restore

zurück  |  weiter 3 / 3