Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Business Information Systems

Risk assessment

advertisement 
Risk assessment - TSD
Gard Thomassen, PhD
USIT, UIO
When to think of risks ?
• Before design
• During design
• When redesigning
• Basicly – always
• Who is responsible for the risk evaluation
– The Institution responsible for the data
System
outline
VM-server
HPC - Colossus
Gateway
n
1
Internet
Secure encrypted network
to special high volume
data production sites
1 (project)
1 (storage area)
Storage
Gard Thomassen,TSD 2.0
Doing risk assessment
• Three axis :
– Data confidenciality (only those with access get
access)
– Data integrity (data manipulation, deletion)
– Data accessibility (users get to data when they
want from where they want)
• Level of detail
– As easily read as possible, detailed where needed
to describe neccessary functions
Risk evaluation method
• Define the level of security needed based on data handled
• Based on technical solution and risk brainstorming we
listed all risk elements and evaluated them based on
– probability (1 -> 4)
– consequence (1 -> 4)
• Risks with sum (probability x consequene)
– [1-4) : Accepted or underlaid some extra routine
– [4-8) : Must be taken into account, can exist in a production
environment for a short time and fixes have been planned
– [8-16] : Unacceptable risk. Production stop, or compensated
immideately by manual controls and routines that brings the
level of risk down below 8.
• Risk evaluation details all risks > 3
Typical method would then be
• Brainstorm on all components and possible issues
–
–
–
–
–
–
–
–
–
–
Authentication
Authorization
Network / firewall
Virus / malware
Data import and export
Storage
HPC
Computers
Software / virtual machinges
Data harvesting
Who does risk assessment
• IT-security personell & System developers
• TSD has a “Change Advisory Board”
• Risk evaluation must be done when changes
to the system effect the risk-assessment
• All users must be informed of there is a
change in the risk asessment
When designing (secure) systems
• What are the laws and regulations for all
involved parties
• Who are typical data owner
• Who are the stakeholders
• Where do we get the funding
• Who has the final decision autorithy
Thank you
• Questions ?
Related documents
SUMMER LITERACY ACTIVITIES Put word
SUMMER LITERACY ACTIVITIES Put word
Fall 2004 syllabus Re+
Fall 2004 syllabus Re+
Original Cataloging Production Group (OCPG)
Original Cataloging Production Group (OCPG)
How to Fill Out and Submit a Shop Work Requests  Teams may request that parts be fabricated by TSD.  Prior to submitting any part for  manufacture, students are required to consult one of the TSD shop supervisors: Mike 
How to Fill Out and Submit a Shop Work Requests  Teams may request that parts be fabricated by TSD.  Prior to submitting any part for  manufacture, students are required to consult one of the TSD shop supervisors: Mike 
Budget Group minutes February 17, 2011
Budget Group minutes February 17, 2011
Tay-Sachs disease - Medical Genetics
Tay-Sachs disease - Medical Genetics
Online Lesson Plan Development Workshop
Online Lesson Plan Development Workshop
Who has sensitive data?
Who has sensitive data?
Available through Amazon and other online book retailers Temperature-dependent Sex Determination in Vertebrates
Available through Amazon and other online book retailers Temperature-dependent Sex Determination in Vertebrates
Quiz 1
Quiz 1
March 2015 - Princeton University Library
March 2015 - Princeton University Library
NCV7718GEVB Test Procedure
NCV7718GEVB Test Procedure
Download
advertisement