Sumários

Standards and guidelines

18 Outubro 2018, 16:30 Ana Respicio

Introduction to ISO/IEC 27005 and NP 31000; Enisa publications. Octave, Microsoft, Fair, and  NIST SP800-30. 

Controlling risk

11 Outubro 2018, 18:30 Ana Respicio

Controlling risk: exercises.

Controlling risk

11 Outubro 2018, 16:30 Ana Respicio

A cost-benefit analysis using existing conceptual frameworks: the ALE model. Controlling risk strategies: avoidance, transfer, mitigation, acceptance, termination. Evaluation of risk controls; Maintain and perpetuate risk controls.

Risk assessment. Risk identification.

4 Outubro 2018, 18:30 Ana Respicio

Risk assessment. Risk identification. Exercises.

Risk assessment

4 Outubro 2018, 16:30 Ana Respicio

Risk assessment. Risk identification: classification and categorization of the assets; assets assessment (importance); assets ranking. Threats: identification; likelihood. The TVA table. Potential loss. Controls, risk mitigated by the control, uncertainty, risk determination. Documentation. Risk ranking.