Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Business Information Systems

Risk assessment

advertisement 
Risk assessment - TSD
Gard Thomassen, PhD
USIT, UIO
When to think of risks ?
• Before design
• During design
• When redesigning
• Basicly – always
• Who is responsible for the risk evaluation
– The Institution responsible for the data
System
outline
VM-server
HPC - Colossus
Gateway
n
1
Internet
Secure encrypted network
to special high volume
data production sites
1 (project)
1 (storage area)
Storage
Gard Thomassen,TSD 2.0
Doing risk assessment
• Three axis :
– Data confidenciality (only those with access get
access)
– Data integrity (data manipulation, deletion)
– Data accessibility (users get to data when they
want from where they want)
• Level of detail
– As easily read as possible, detailed where needed
to describe neccessary functions
Risk evaluation method
• Define the level of security needed based on data handled
• Based on technical solution and risk brainstorming we
listed all risk elements and evaluated them based on
– probability (1 -> 4)
– consequence (1 -> 4)
• Risks with sum (probability x consequene)
– [1-4) : Accepted or underlaid some extra routine
– [4-8) : Must be taken into account, can exist in a production
environment for a short time and fixes have been planned
– [8-16] : Unacceptable risk. Production stop, or compensated
immideately by manual controls and routines that brings the
level of risk down below 8.
• Risk evaluation details all risks > 3
Typical method would then be
• Brainstorm on all components and possible issues
–
–
–
–
–
–
–
–
–
–
Authentication
Authorization
Network / firewall
Virus / malware
Data import and export
Storage
HPC
Computers
Software / virtual machinges
Data harvesting
Who does risk assessment
• IT-security personell & System developers
• TSD has a “Change Advisory Board”
• Risk evaluation must be done when changes
to the system effect the risk-assessment
• All users must be informed of there is a
change in the risk asessment
When designing (secure) systems
• What are the laws and regulations for all
involved parties
• Who are typical data owner
• Who are the stakeholders
• Where do we get the funding
• Who has the final decision autorithy
Thank you
• Questions ?
Related documents
SUMMER LITERACY ACTIVITIES Put word
SUMMER LITERACY ACTIVITIES Put word
Fall 2004 syllabus Re+
Fall 2004 syllabus Re+
Original Cataloging Production Group (OCPG)
Original Cataloging Production Group (OCPG)
How to Fill Out and Submit a Shop Work Requests  Teams may request that parts be fabricated by TSD.  Prior to submitting any part for  manufacture, students are required to consult one of the TSD shop supervisors: Mike 
How to Fill Out and Submit a Shop Work Requests  Teams may request that parts be fabricated by TSD.  Prior to submitting any part for  manufacture, students are required to consult one of the TSD shop supervisors: Mike 
Budget Group minutes February 17, 2011
Budget Group minutes February 17, 2011
Tay-Sachs disease - Medical Genetics
Tay-Sachs disease - Medical Genetics
Online Lesson Plan Development Workshop
Online Lesson Plan Development Workshop
Who has sensitive data?
Who has sensitive data?
Available through Amazon and other online book retailers Temperature-dependent Sex Determination in Vertebrates
Available through Amazon and other online book retailers Temperature-dependent Sex Determination in Vertebrates
Quiz 1
Quiz 1
March 2015 - Princeton University Library
March 2015 - Princeton University Library
NCV7718GEVB Test Procedure
NCV7718GEVB Test Procedure
19psycho1
19psycho1
Zone selective interlocking (ZSI)
Zone selective interlocking (ZSI)
Treatment Storage or Disposal
Treatment Storage or Disposal
TIME SERIES ANALYSIS PROJECT
TIME SERIES ANALYSIS PROJECT
Electronic (Paperless) Trading Systems - Electronic Shipping
Electronic (Paperless) Trading Systems - Electronic Shipping
Prebiotic evolution of molecular assemblies: from molecules
Prebiotic evolution of molecular assemblies: from molecules
Wobbling Mode in Tantalum-167 Ryan Pifer US Naval Academy Physics Department
Wobbling Mode in Tantalum-167 Ryan Pifer US Naval Academy Physics Department
New Product Single Phase Full Wave Direct PWM Motor Driver
New Product Single Phase Full Wave Direct PWM Motor Driver
New Seminar
New Seminar
A CASE Strategy Proposal for the
A CASE Strategy Proposal for the
Download
advertisement