vi minh toại - security risk management, tough path to success
TRANSCRIPT
![Page 1: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/1.jpg)
Security Risk Management, tough path to success
Presenter: Vi Minh ToaiDate: Sep 10, 2016
Security Bootcamp 2016 - Dong Thap
![Page 2: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/2.jpg)
Xin cảm ơn các nhà tài trợ
![Page 3: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/3.jpg)
Who am I?• 10+ years of working experience in IT industry.• IT Security Manager of RMIT Vietnam University.• Certificates: CISSP, CISM, CEH• Email: [email protected]
![Page 4: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/4.jpg)
Something you should know:
• Silence your phone.• Raise questions at the end of the present. • WC.• Emergency exit.
![Page 5: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/5.jpg)
Agenda• Several Vietnam Security Incidents in 2016• Security Risk Management
![Page 6: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/6.jpg)
Several Vietnam Security Incidents in 2016• May 2016: TPBank• July 2016: Vietnam Airlines (Jul 29)• August 2016: Vietcombank (Aug 04, Aug 16, Aug 19)
![Page 7: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/7.jpg)
Security incident – Vietnam Airlines
Vietnam Airlines
![Page 8: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/8.jpg)
Security incident - Vietnam Airlines (cont.)• Possible Impact: • Flight safety.• Reputation lost. (TRUST)• Over 400,000 accounts of Vietnam Airlines’ members
were leaked.• Delays of flights: more than 100 flights: 64 from TSN, 30
from Noi Bai.• Current customer password must be changed.• Cost.• Time.
(Statistic extracts from VietnamNet, VNExpress, Vietnam Airlines website)
![Page 9: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/9.jpg)
Security Incident - Vietcombank
Vietcombank
![Page 10: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/10.jpg)
Security Incident- Vietcombank (cont.)• Possible Impact: • VND200 million ($8,929) had been stolen.• VCB stock went down (VND 4000 billion were gone).• Reputation lost. (TRUST)(Statistics extract from tuoitrenews, vietnamnet website)
Look up the RISKS -> Set up Controls -> Cover Actions -> Reduce the IMPACT
![Page 11: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/11.jpg)
Security Risk ManagementRisk is:“The effect of uncertainty on the ability of an organisation to meet its
objectives.” (ISO 31000:2009)
Risk Management is:the process of identifying and assessing the risk, reducing it to an
acceptable level, and ensuring it remains at that level.
![Page 12: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/12.jpg)
Security Risk Management (cont.)
Risk = Threats x Vulnerabilities x
![Page 13: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/13.jpg)
3 components of CIA Triad
![Page 14: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/14.jpg)
The relationships among the different security concepts
![Page 15: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/15.jpg)
Important of Security Risk Managementa. Better oversight of organizational assets.b. Minimized loss.c. Identification of threats, vulnerabilities and risk.d. Prioritization of risk response efforts.e. Legal and regulatory compliance.f. Increased likelihood of project success.g. Better incident and business continuity management.
![Page 16: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/16.jpg)
Several types of information security riska. Physical damageb. Human interactionc. Equipment malfunctiond. Inside and outside attackse. Misuse of dataf. Loss of datag. Application error
![Page 17: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/17.jpg)
Risk Type
“Above the line”“Below the line”
![Page 18: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/18.jpg)
Risk level matrix
![Page 19: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/19.jpg)
Security Risk Management (cont.) - Controls
Control types:a.Administrativeb.Technicalc. Physical
![Page 20: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/20.jpg)
Security Risk Management (cont.) - Controls
Controls Functionalities:a.Preventiveb.Detectivec. Correctived.Deterrente.Recoveryf. Compensating
![Page 21: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/21.jpg)
Risk Management Process
![Page 22: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/22.jpg)
Methodologies for Risk Assessment
a.Quantitative Risk Assessmentb.Qualitative Risk Assessmentc. Semi-quantitative Risk Assessment
Reference:d.NIST SP800-30e.FRAP (Facilitated Risk Analysis Process)f. OCTAVE (Operationally Critical Threat, Asset, and
Vulnerability Evaluation)g.ISO/IEC 31010
![Page 23: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/23.jpg)
Risk Treatment
a.Avoid the riskb.Reduce the riskc. Transfer the riskd.Accept the risk
![Page 24: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/24.jpg)
What is an effective risk management?
a.Senior management support.b.Suitable Risk Management Framework.c. Effective Risk Management Process.d.Communication.
![Page 25: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/25.jpg)
References
CISSP All-in-One Exam Guide 7th Edition, Shon Harris – Fernando Maymi
ISACA CRISC Review Manual 2015 ISACA CISM Review Manual 2015 NIST SP800-30 Google Search
![Page 26: Vi Minh Toại - Security Risk Management, tough path to success](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a25bad1a28abb92b8b4a35/html5/thumbnails/26.jpg)
Questions and Answers
THANK YOU!!!HAVE A NICE WEEKEND