Security Planning Protocol Step 2: Risk Analysis

2-A. Identify Risks

Inventory your technology, data, & expertise*

Systems: internal & external extensions

Data: accuracy, integrity, security, privacy

Physical plant

People: staff, users, stakeholders

Measure potential impact of disruptive events
on organization if assets are…

Disclosed

Corrupted

Taken out of service

* Asset-based approach draws on work done by Software Engineering Institute at Carnegie-Mellon University
*

2-B. Assess Vulnerabilities & Threats

Systems: weakness may be inherent, created during installation or configuration, caused by maintenance or patterns of ( mis)use, or by attacks

Physical plant: exposure to power loss or spikes, floods or burst pipes, overheating or cold, vandalism or fire

Organization: inadequate policies, training, or staffing

People: accidental and intentional causes

2-C. Security Stress Tests

Diagnostic tests: Periphery, Internals, Shared Spaces

Operational Reviews

User evaluation

Architectural evaluation

Prioritize security gaps
Rank on impact, then probability

*

OUTCOME:
Security Project Description
A project description that includes goals, processes, resources, and decision-making standards.

Categories:

6/19/2013 10:30 AM	Texas CTO Clinic
6/20/2013	CETL Exam Administration; Austin, TX
6/27/2013	Florida CTO Clinic
7/18/2013	Missouri CTO Clinic

• Would you know what to do if you became a cybercrime victim?

• Learn how to protect yourself & your family.

• Protect all devices that connect to Internet.

• Keep passwords stored in a safe place

• different password for every account

Consortium for School Networking (CoSN) 1025 Vermont Avenue NW, Suite 1010 Washington, DC 20005-3599 Toll Free 866.267.8747 Telephone 202.861.2676 Fax 202.393.2011		Attribution-Noncommercial

Home | About CoSN | Privacy Policy | Press Room | Contact Us