Sumários
Standards and guidelines
18 Outubro 2018, 16:30 • Ana Respicio
Introduction to ISO/IEC 27005 and NP 31000; Enisa publications. Octave, Microsoft, Fair, and NIST SP800-30.
Controlling risk
11 Outubro 2018, 16:30 • Ana Respicio
A cost-benefit analysis using existing conceptual frameworks: the ALE model. Controlling risk strategies: avoidance, transfer, mitigation, acceptance, termination. Evaluation of risk controls; Maintain and perpetuate risk controls.
Risk assessment. Risk identification.
4 Outubro 2018, 18:30 • Ana Respicio
Risk assessment. Risk identification. Exercises.
Risk assessment
4 Outubro 2018, 16:30 • Ana Respicio
Risk assessment. Risk identification: classification and categorization of the assets; assets assessment (importance); assets ranking. Threats: identification; likelihood. The TVA table. Potential loss. Controls, risk mitigated by the control, uncertainty, risk determination. Documentation. Risk ranking.