Security Risk Management. Business Continuity Management

Practice Time: Provide examples of disasters.

Create a full list of natural disasters Create a full list of man-made disasters Categorize listed disasters using classification by nature* Categorize listed disasters using classification by impacted objects*

Disaster	Man-made / Natural	Nature	Impacted object
Heavy Rains	Natural	Meteorological	Infrastructure
War	Man-made	Social	Human resources

Select and describe 5 security risks Select and describe risk assessment scale Declare the acceptable risk level For the selected risk scenarios assess Likelihood = Probability = Rate of Occurrence For the selected risk scenarios assess Severity level = Impact = Criticality rank

Prioritize the selected 5 risks by the assessed Risk level For all selected 5 security risks identify appropriate risk response strategy For the most critical 2 security risks identify suitable mitigations controls Prioritize the listed mitigation activities

Select 1 security related process from the list of the processes located on the next slide Identify all groups of assets and resources business process relies on Identify all individual assets selected business process relies on Select scale for asset evaluation Value each asset Select the limit from which asset is considered to be critical for operations Use Ishikawa fishbone diagram to illustrate results Assign MTD, RTO and RPO corresponding to each asset value Based on assigned recovery time, establish the sequence of recovery

Asset Management Process Access Management Process Employees Onboarding/Offboarding Process Physical Security Management Process Backup and Recovery Process Security Incident Management Process Security Audit Process

Security Awareness and Training Process Vulnerability Management Process Patch Management Process Penetration Testing Process Business Continuity Management Process Security Risk Management Process Security Compliance Management Process Change Management Process