Table of Contents
Lesson 3�
Objective 4
The Variable Nature of the Elements of Risk
Risk is Commonplace
Qualitative Data
Quantitative Data
Purpose of Risk Assessment�(Bottom Line)
Using Risk Management Terms -�The Catcher at Risk
Risk Assessment - Questions to Be Answered
Performing a Risk Assessment
Define the Purpose of the Assessment
Identify and Bound the Product or System - �Decide on Scope or Depth of Assessment
Organize for the Assessment
Define Relationships
What do Analysts do?
Information Sources
Threat Characteristics
Threat Sources
Adversarial Threat Characteristics
Gather and Exchange Information
Gather Information
Gather Information
Gather Information
Gather Information
Gather Information
Develop Attack Scenarios
Avenues of Attack
Determine Potential Consequences
Estimate Risk Parameters
Assessing Risk
Attack Scenario No. 1
Estimate of Risk�Attack Scenario #1
�Estimate of Risk�Attacks # 1 thru 8
Rating Overlay
Likelihood of Success�Attack Scenario #1
Risk Assessment Methodology
Risk Mitigation
Countermeasure Considerations
Cost Vs.. Benefit
The Catcher at Risk
Risk Mitigation - At What Cost?
Creating New Vulnerabilities
People Considerations
Time Consideration
Time Consideration
Risk Assessment Reality
Never Ending Cycle
|