Garantie de satisfaction à 100% Disponible immédiatement après paiement En ligne et en PDF Tu n'es attaché à rien
logo-home
Digital risk & security samenvatting €7,09   Ajouter au panier

Notes de cours

Digital risk & security samenvatting

 96 vues  8 fois vendu

Notities van de les. Je mag de samenvatting meenemen naar het examen!

Aperçu 4 sur 149  pages

  • 8 mars 2024
  • 149
  • 2022/2023
  • Notes de cours
  • Dirk steuperaert
  • Toutes les classes
Tous les documents sur ce sujet (1)
avatar-seller
merelpeeraer
Digital risk and security
Inhoud
1. Introduction................................................................................................................................................. 4
1.1 Risk a short introduction ....................................................................................................................... 4
1.2 Risk management – context .................................................................................................................. 6
Risk- the big picture................................................................................................................................. 6
IT governance definitions ........................................................................................................................ 7
2. Risk & security Standards and Frameworks ................................................................................................ 8
2.1 risk & security references: Terminology and definitions .................................................................... 17
2.2 risk & security issues are real .............................................................................................................. 20
2.4 Risk & security references: A risk ontology: Fair ( factor analysis of information risk) ...................... 22
3. COBIT 2019 refresher ............................................................................................................................ 27
3.1 cobit as an I&T framework .................................................................................................................. 28
3.2 COBIT 2019 product architecture........................................................................................................ 30
3.2 Designing a tailored governance system: impact of design factors ................................................ 46
3.3 Designing a tailored governance system: Governance System Design Workflow ......................... 47
3.4 Performance management overview .................................................................................................. 53
Process performance: capability level................................................................................................... 54
Organisational structure performance management ........................................................................... 55
3.5 Information quality management ....................................................................................................... 57
4. The risk function and the security function .......................................................................................... 59
Practical COBIT Guidance for Risk & Security Management ................................................................. 59
4.1. The risk function ................................................................................................................................. 60
4.1.1. COBIT 2019 Governance Component Organisational structures ................................................ 60
4.1.2. COBIT 2019 Governance Component: Supporting Processes ..................................................... 61
4.1.3. COBIT 2019 Governance Component: Culture, Ethics & Behaviour ........................................... 62
4.1.5. COBIT 2019 Governance Component: Information .................................................................... 67
4.1.6. COBIT 2019 Governance Component: Services, Infrastructure, Applications ........................... 68
4.1.6. COBIT 2019 Governance Component: : People, Skills & Competences ...................................... 69
4.2. The security function .......................................................................................................................... 71
4.2.1. COBIT 2019 Information Security FA – Information Security Organisational Structures ........... 71


1

, 4.2.2. COBIT 2019 Information Security FA – Information Security Specific Organisational Structures -
CISO ....................................................................................................................................................... 72
4.2.3. COBIT 2019 Information Security FA – Information Security Specific Organisational Structures
............................................................................................................................................................... 73
4.2.4. COBIT 2019 Information Security FA – Information Security: Processes .................................... 74
4.2.5. COBIT 2019 Information Security FA: Culture, Ethics & Behaviour............................................. 76
4.2.6. COBIT 2019 Information Security FA: Information...................................................................... 79
4.2.7. COBIT 2019 Information Security FA: Services ............................................................................ 80
5. Risk Governance .................................................................................................................................... 82
COBIT 2019 – EDM03: Ensure Risk Optimisation ...................................................................................... 82
SFIA V7 – responsibility levels ............................................................................................................... 86
COBIT 2019 – EDM03: Ensure Risk Optimisation SFIA V7 – BURM (Business Risk Management) ....... 86
COBIT 2019 – EDMO3 – ensure risk optimisation ................................................................................. 87
5.1. Risk taxonomy .............................................................................................................................. 87
5.1.1. Risk taxonomy: expressing and describing risk .................................................................... 87
5.1.2. Quantitative vs qualitative ................................................................................................... 87
5.1.3. Frequent vs Bayesian views ................................................................................................. 88
5.1.4. A simple view?...................................................................................................................... 89
5.1.5. Example sets of business impact criteria ............................................................................. 89
5.2. Risk taxonomy, risk appetite, risk capacity................................................................................... 93
5.2.1. Definitions risk appetite – tolerance- capacity..................................................................... 93
5.2.2. Risk map & risk appetite....................................................................................................... 94
6. Risk management .................................................................................................................................. 95
6.1. Risk management process ............................................................................................................ 95
6.1.1. AP012: managed risk ............................................................................................................ 95
6.1.2. SFIA V7 – responsibility levels .............................................................................................. 99
6.1.3. COBIT 2019 – APO12: Managed Risk SFIA V7 – INAS (Information Assurance) .................. 99
7. Risk identification ................................................................................................................................ 102
7.1. Risk scenarios.............................................................................................................................. 102
7.1.1. COBIT 2019 – Components of risk scenarios...................................................................... 102
7.1.2. COBIT (and FAIR) risk scenarios .......................................................................................... 104
7.1.3. COBIT 2019 Risk scenario categories ................................................................................. 104
7.1.4. FAIR risk scenarios .............................................................................................................. 106
7.2. Generic guidance on working with risk scenarios ...................................................................... 107
Risk scenario guidance (1) ................................................................................................................... 107

2

, Risk scenario guidance (2) ................................................................................................................... 107
Risk scenario guidance (3) ................................................................................................................... 107
Risk scenario guidance (4) ................................................................................................................... 108
Risk scenario guidance (5) ................................................................................................................... 108
Risk scenario guidance (6) ................................................................................................................... 109
Risk scenario guidance (7) ................................................................................................................... 109
Risk scenario guidance (8) ................................................................................................................... 110
Risk scenario guidance (9) ................................................................................................................... 110
8. Risk analysis ......................................................................................................................................... 112
8.1. Qualitative risk analysis ................................................................................................................... 113
8.1.1. risk analysis flow........................................................................................................................ 113
8.2.2. Some examples .................................................................................................................. 114
8.2. Quantitative risk analysis ............................................................................................................ 120
8.2.1. Measuring risk .................................................................................................................... 120
8.2.2. Calibration .......................................................................................................................... 121
8.2.3. The risk analysis process in FAIR ........................................................................................ 123
Tools .................................................................................................................................................... 128
8.3. Risk aggregation ......................................................................................................................... 129
9. Risk response ....................................................................................................................................... 133
9.1. risk response options ....................................................................................................................... 134
9.1.1. risk response parameters .......................................................................................................... 136
9.1.2. Risk response: mitigation ( COBIT 2019) ................................................................................... 136
9.2. Business case for risk response .................................................................................................. 139
9.3. Risk reporting/communication ................................................................................................... 141
9.3.1. Components of I&T risk communication............................................................................ 142
9.3.2. Quality requirements for I&T risk reporting ...................................................................... 143
9.4. Examples of risk related information items ............................................................................... 145
9.4.1. Risk profile .......................................................................................................................... 145
9.4.2. Risk factors ......................................................................................................................... 145
9.4.3. Inputs/outputs AP012 ........................................................................................................ 146
9.5. key risk indicators ....................................................................................................................... 146
9.5.1. key risk indicators – definition ........................................................................................... 146
9.5.2. Leading and lagging indicators ........................................................................................... 147
9.5.3. Selection criteria ................................................................................................................ 147


3

, 9.5.4. Key risk indicators benefits ................................................................................................ 148
9.5.5. Challenges for key risk indicators ....................................................................................... 148
9.5.6. Source of KRI’s .................................................................................................................... 149




1. Introduction
1.1 Risk a short introduction

Risk is one of these things that many people define in different ways. Things will happen (u don’t know
what, when and which impact), but you can’t just stay home because bad things will happen (even though
there are risks, the enterprise still has to complete their missions).

Risk is about uncertainty:

➢ Uncertainty over
o What is going to happen?
o When it is going to happen?
o How big the impact will be?
➢ Yet, organisations need to manage this uncertainty, because:
o NOT travelling the road is not an option
o Risk should not distract us from our goals…

Highly publicised risk is not always the most important risk, there is need a consistent and systematic
overview of all risks.

The real cause of the problem is quit important.

➢ Need for a method for consistently analysing risk down to root cause
➢ Need for a mechanism to distinguish small from big risk
➢ If we quantify risk we need solid methods and reliable data to do so

Risks relates to objectives

➢ Example: if you want to cross a bridge safely and dry there is much risk
But if the objective is to have fun there probably won’t be a lot of risk

Detectability

➢ You know what to look for, i.e. what constitutes risk for you and what not…
o In other words: what are the relevant risk scenarios for your organisation?
➢ Once known, risk can be analysed, controls can be implemented, monitoring is applied to
recognise risk occurrence and to respond as appropriate

 U have to able to detect risk, have to know what can happen, knowing what to look for. Only
then u can see how bad they are and take counter measures


4

Les avantages d'acheter des résumés chez Stuvia:

Qualité garantie par les avis des clients

Qualité garantie par les avis des clients

Les clients de Stuvia ont évalués plus de 700 000 résumés. C'est comme ça que vous savez que vous achetez les meilleurs documents.

L’achat facile et rapide

L’achat facile et rapide

Vous pouvez payer rapidement avec iDeal, carte de crédit ou Stuvia-crédit pour les résumés. Il n'y a pas d'adhésion nécessaire.

Focus sur l’essentiel

Focus sur l’essentiel

Vos camarades écrivent eux-mêmes les notes d’étude, c’est pourquoi les documents sont toujours fiables et à jour. Cela garantit que vous arrivez rapidement au coeur du matériel.

Foire aux questions

Qu'est-ce que j'obtiens en achetant ce document ?

Vous obtenez un PDF, disponible immédiatement après votre achat. Le document acheté est accessible à tout moment, n'importe où et indéfiniment via votre profil.

Garantie de remboursement : comment ça marche ?

Notre garantie de satisfaction garantit que vous trouverez toujours un document d'étude qui vous convient. Vous remplissez un formulaire et notre équipe du service client s'occupe du reste.

Auprès de qui est-ce que j'achète ce résumé ?

Stuvia est une place de marché. Alors, vous n'achetez donc pas ce document chez nous, mais auprès du vendeur merelpeeraer. Stuvia facilite les paiements au vendeur.

Est-ce que j'aurai un abonnement?

Non, vous n'achetez ce résumé que pour €7,09. Vous n'êtes lié à rien après votre achat.

Peut-on faire confiance à Stuvia ?

4.6 étoiles sur Google & Trustpilot (+1000 avis)

62890 résumés ont été vendus ces 30 derniers jours

Fondée en 2010, la référence pour acheter des résumés depuis déjà 14 ans

Commencez à vendre!
€7,09  8x  vendu
  • (0)
  Ajouter