SlideShare a Scribd company logo

Risk Management and Analysis Chapter 1-Introduction

Download as PPT, PDF
F
Fadi763971

Risk is the likelihood that a loss will occur. Losses occur when a threat exposes a vulnerability. Organizations of all sizes face risks. Some risks are so severe they cause a business to fail. Other risks are minor and can be accepted without another thought.

Education
1 of 22
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Risk Management and Analysis Introduction to Risk Management Introduction to Risk Management
Main Topics This chapter covers the following topics and concepts: •What risk is? •What risk relationship to threat, vulnerability, and loss?
Goals When you complete this chapter, you will be able to: •Define risk •Identify the major components of risk •Describe the relationship between threats, vulnerabilities, and impacts. •Define risk management •Describe risk management’s relationship with profitability and survivability •Explain the relationship between the cost of loss and the cost of risk management
Cont… •Describe how risk is perceived by different roles within an organization •Identify threats •List the different categories of threats •Describe techniques to identify vulnerabilities •Identify and define risk management techniques
What Is Risk? • Risk is the likelihood that a loss will occur. Losses occur when a threat exposes a vulnerability. • Organizations of all sizes face risks. Some risks are so severe they cause a business to fail. Other risks are minor and can be accepted without another thought. • Organizations use risk management techniques to identify and differentiate severe risks from minor risks. • When this is done properly, administrators and managers can intelligently decide what to do about any type of risk. • Thus, the end result is a decision to avoid, transfer, mitigate, or accept a risk.
Cont… • The common themes of these definitions are threat, vulnerability, and loss. • Here’s a short definition of each of these terms: - Threat—A threat is any activity that represents a possible danger. - Vulnerability—A vulnerability is a weakness. - Loss—A loss results in a compromise to business functions or assets. • Risks to organizations can result in a loss that negatively affects the business. • The overall goal is to reduce the losses that can occur from risk.
Classified the Effect of Risks on Businesses • Organization losses can be categorized into three levels: - (1) Business functions - (2) Business assets - (3) Driver of business costs
(1) Business functions • Business functions are the activities a business performs to provide services or sell products. • If any of these functions are negatively affected by any type of security risks, the organization won’t be able to sell as much. The organization will earn less revenue, resulting in an overall loss in terms of customers or profits.
Examples of Business functions and possible risks: • A Web site sells products on the Internet. If the Web site is attacked and fails, sales are lost. • Authors write articles that must be submitted by a deadline to be published. If the author’s PC becomes infected with a virus, the deadline passes and the article’s value is reduced. • Analysts compile reports used by management to make decisions. • Data is gathered from internal servers and Internet sources. If network connectivity fails, analysts won’t have access to current data. Management could make decisions based on inaccurate information.
Cont… • A warehouse application is used for shipping products that have been purchased. It identifies what has been ordered, where the products need to be sent, and where they are located. If the application fails, products aren’t shipped on time.
(2) Business assets • A business asset is anything that has measurable value to a company. If an asset has the potential of losing value, it is at risk. • Value is defined as the worth of an asset to a business. • Value can often be expressed in monetary terms, such as $5,000. • Assets can have both tangible and intangible values. • The tangible value is the actual cost of the asset. • The intangible value is value that cannot be measured by cost, such as client confidence.
Cont… Some examples of tangible assets are: • Computer systems—Servers, desktop PCs, and mobile computers are all tangible assets. • Network components—Routers, switches, firewalls, and any other components necessary to keep the network running are assets. • Software applications—Any application that can be installed on a computer system is considered a tangible asset. • Data—This includes the large-scale databases that are integral to many businesses. It also includes the data used and manipulated by each employee or customer.
Cont… • One of the early steps in risk management is associated with identifying the assets of a company and their associated costs. This data is used to prioritize risks for different assets. Once a risk is prioritized, it becomes easier to identify risk management processes to protect the asset.
Example: the effect risk on Business assets • Imagine that your company sells products via a Web site. The Web site earns $5,000 an hour in revenue. Now, imagine that the Web server hosting the Web site fails and is down for two hours. The costs to repair it total $1,000. What is the tangible loss? • Lost revenue—$5,000 times two hours = $10,000 • Repair costs—$1,000 • Total tangible value—$11,000
Cont... The intangible value isn’t as easy to calculate but is still very important. Imagine that several customers tried to make a purchase when the Web site was down. If the same product is available somewhere else, they probably bought the product elsewhere. That lost revenue is the tangible value. However, if the experience is positive with the other business, where will the customers go the next time they want to purchase this product? It’s very possible the other business has just gained new customers and you have lost some. That lost of customer confidence is intangible value.
Cont… • The intangible value includes: (1) Future lost revenue—Any additional purchases the customers make with the other company is a loss to your company. (2) Cost of gaining the customer—A lot of money is invested to attract customers. It is much easier to sell to a repeat customer than it is to acquire a new customer. If you lose a customer, you lose the investment. (3) Customer influence—Customers have friends, families, and business partners. They commonly share their experience with others, especially if the experience is exceptionally positive or negative.
(3) Driver of Business Costs • Risk is also a driver of business costs. Once risks are identified, steps can be taken to reduce or manage the risk. • Risks are often managed by implementing countermeasures or controls. • The costs of managing risk need to be considered in total business costs. • If too much money is spent on reducing risk, the overall profit is reduced. If too little money is spent on these controls, a loss could result from an easily avoidable threat and/or vulnerability.
(3) Driver of Business Costs Cont.…, Profitability Vs Survivability • Both profitability and survivability must be considered when considering risks. • Profitability: The ability of a company to make a profit. Profitability is calculated as revenues minus costs. • Survivability: The ability of a company to survive loss due to a risk. Some losses such as fire can be disastrous and cause the business to fail.
Profitability Vs Survivability Cont.…, • In terms of profitability, a loss can ruin a business. In terms of survivability, a loss may cause a company never to earn a profit. • The costs associated with risk management don’t contribute directly to revenue gains. Instead, these costs help to ensure that a company can continue to operate even if it incurs a loss.
Profitability Vs Survivability Cont.…, • When considering profitability and survivability, you will want to consider the following items: (1) Out-of-pocket costs—The cost to reduce risks comes from existing funds. (2) Lost opportunity costs—Money spent to reduce risks can’t be spent elsewhere. This may result in lost opportunities if the money could be used for some other purpose.
Profitability Vs Survivability Cont.…, (3) Future costs—Some countermeasures require ongoing or future costs. These costs could be for renewing hardware or software. Future costs can also include the cost of employees to implement the countermeasures. (4) Client/stakeholder confidence— The value of client and stakeholder confidence is also important. If risks aren’t addressed, clients or stakeholders may lose confidence when a threat exploits a vulnerability, resulting in a significant loss to the company.
Example: the risk on Driver of Business Costs • Consider antivirus software. The cost to install antivirus software on every computer in the organization can be quite high. Every dollar spent reduces the overall profit, and antivirus software doesn’t have the potential to add any profit. • However, what’s the alternative? If antivirus software is not installed, every system represents a significant risk. If any system becomes infected, a virus could release a worm as a payload and infect the entire network. Databases could be corrupted. Data on file servers could be erased. E­ mail servers could crash. The entire business could grind to a halt. If this happens too often or for too long the business could fail.

More Related Content

PPTX
COSO Vs ERM - NMIMS INDORE
Naresh Parandhaman
 
DOCX
CHAPTER 1Risk Management FundamentalsCopyright © 202
EstelaJeffery653
 
DOCX
40 Rotman Magazine Spring 2007The vast majority of today.docx
tamicawaysmith
 
PPTX
Chapter 1 - Risk Management - 2nd Semester - M.Com - Bangalore University
Swaminath Sam
 
PPTX
Overview of Risk Management in Information Security.pptx
FaizanAli393009
 
PPT
1 business risks
Kirrti Karrta
 
PPT
1 business risks
Kirrti Karrta
 
PDF
Business Risk
Mark Garratt
 
COSO Vs ERM - NMIMS INDORE
Naresh Parandhaman
 
CHAPTER 1Risk Management FundamentalsCopyright © 202
EstelaJeffery653
 
40 Rotman Magazine Spring 2007The vast majority of today.docx
tamicawaysmith
 
Chapter 1 - Risk Management - 2nd Semester - M.Com - Bangalore University
Swaminath Sam
 
Overview of Risk Management in Information Security.pptx
FaizanAli393009
 
1 business risks
Kirrti Karrta
 
1 business risks
Kirrti Karrta
 
Business Risk
Mark Garratt
 

Similar to Risk Management and Analysis Chapter 1-Introduction (20)

PDF
IIA Facilitated Risk Workshop
Ersoy AKSOY
 
PPTX
Managing Risk and Uncertainty in Business.pptx
Tope Osanyintuyi
 
PPT
CAVR 2009 Risk Management PPT
Volunteer Alberta
 
PDF
From technology risk_to_enterprise_risk_the_new_frontier
Ramsés Gallego
 
PPTX
Module 3 - BCA - Introduction of Security Fundamental.pptx
bhargavi890
 
PPTX
Audit Audit Commite And Risk Management
Manoj Agarwal
 
PDF
DRIDeckFinalMar3
Chris Mandel, RF, ARM-E
 
PPTX
Risk Management with technology involvement.pptx
raalalmanzorucl
 
DOCX
Risk & Risk Management Ideas, Thoughts & Perspectives for new CEOs CIOs CTOs...
Patrick A.
 
PPT
ERM Presentation
H Contrex
 
PPTX
IntroDUCTION-------to-Business-Risk.pptx
MehakSharma494224
 
PPTX
Risk managment
sapna moodautia
 
PDF
Risk & Advisory Services: Quarterly Risk Advisor May 2016
CBIZ, Inc.
 
PPT
C:\fakepath\1. introduction to risk managment
sartaj hussain
 
PPT
Itb Chap 14
lindy23
 
PPT
The importance of risk management in business
r2financial
 
PDF
BSBRSK401A Identify risk and apply risk management processes vers 0.1.pptx
Brian Hallinan
 
PDF
Risk Management in Business
paperpublications3
 
PPT
Itb Chap 14
Brad McCullough
 
PDF
Euro-FEM Module 7 : Risk analysis
AthanasiaIoannidou
 
IIA Facilitated Risk Workshop
Ersoy AKSOY
 
Managing Risk and Uncertainty in Business.pptx
Tope Osanyintuyi
 
CAVR 2009 Risk Management PPT
Volunteer Alberta
 
From technology risk_to_enterprise_risk_the_new_frontier
Ramsés Gallego
 
Module 3 - BCA - Introduction of Security Fundamental.pptx
bhargavi890
 
Audit Audit Commite And Risk Management
Manoj Agarwal
 
DRIDeckFinalMar3
Chris Mandel, RF, ARM-E
 
Risk Management with technology involvement.pptx
raalalmanzorucl
 
Risk & Risk Management Ideas, Thoughts & Perspectives for new CEOs CIOs CTOs...
Patrick A.
 
ERM Presentation
H Contrex
 
IntroDUCTION-------to-Business-Risk.pptx
MehakSharma494224
 
Risk managment
sapna moodautia
 
Risk & Advisory Services: Quarterly Risk Advisor May 2016
CBIZ, Inc.
 
C:\fakepath\1. introduction to risk managment
sartaj hussain
 
Itb Chap 14
lindy23
 
The importance of risk management in business
r2financial
 
BSBRSK401A Identify risk and apply risk management processes vers 0.1.pptx
Brian Hallinan
 
Risk Management in Business
paperpublications3
 
Itb Chap 14
Brad McCullough
 
Euro-FEM Module 7 : Risk analysis
AthanasiaIoannidou
 
Ad

Recently uploaded (20)

PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
Basic Mud Logging Guide for educational purpose
wdandworks
 
PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PDF
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PPTX
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Basic Mud Logging Guide for educational purpose
wdandworks
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
Institutional Correction lecture only . . .
limvtheghins
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
Ad

Risk Management and Analysis Chapter 1-Introduction

  • 1. Risk Management and Analysis Introduction to Risk Management Introduction to Risk Management
  • 2. Main Topics This chapter covers the following topics and concepts: •What risk is? •What risk relationship to threat, vulnerability, and loss?
  • 3. Goals When you complete this chapter, you will be able to: •Define risk •Identify the major components of risk •Describe the relationship between threats, vulnerabilities, and impacts. •Define risk management •Describe risk management’s relationship with profitability and survivability •Explain the relationship between the cost of loss and the cost of risk management
  • 4. Cont… •Describe how risk is perceived by different roles within an organization •Identify threats •List the different categories of threats •Describe techniques to identify vulnerabilities •Identify and define risk management techniques
  • 5. What Is Risk? • Risk is the likelihood that a loss will occur. Losses occur when a threat exposes a vulnerability. • Organizations of all sizes face risks. Some risks are so severe they cause a business to fail. Other risks are minor and can be accepted without another thought. • Organizations use risk management techniques to identify and differentiate severe risks from minor risks. • When this is done properly, administrators and managers can intelligently decide what to do about any type of risk. • Thus, the end result is a decision to avoid, transfer, mitigate, or accept a risk.
  • 6. Cont… • The common themes of these definitions are threat, vulnerability, and loss. • Here’s a short definition of each of these terms: - Threat—A threat is any activity that represents a possible danger. - Vulnerability—A vulnerability is a weakness. - Loss—A loss results in a compromise to business functions or assets. • Risks to organizations can result in a loss that negatively affects the business. • The overall goal is to reduce the losses that can occur from risk.
  • 7. Classified the Effect of Risks on Businesses • Organization losses can be categorized into three levels: - (1) Business functions - (2) Business assets - (3) Driver of business costs
  • 8. (1) Business functions • Business functions are the activities a business performs to provide services or sell products. • If any of these functions are negatively affected by any type of security risks, the organization won’t be able to sell as much. The organization will earn less revenue, resulting in an overall loss in terms of customers or profits.
  • 9. Examples of Business functions and possible risks: • A Web site sells products on the Internet. If the Web site is attacked and fails, sales are lost. • Authors write articles that must be submitted by a deadline to be published. If the author’s PC becomes infected with a virus, the deadline passes and the article’s value is reduced. • Analysts compile reports used by management to make decisions. • Data is gathered from internal servers and Internet sources. If network connectivity fails, analysts won’t have access to current data. Management could make decisions based on inaccurate information.
  • 10. Cont… • A warehouse application is used for shipping products that have been purchased. It identifies what has been ordered, where the products need to be sent, and where they are located. If the application fails, products aren’t shipped on time.
  • 11. (2) Business assets • A business asset is anything that has measurable value to a company. If an asset has the potential of losing value, it is at risk. • Value is defined as the worth of an asset to a business. • Value can often be expressed in monetary terms, such as $5,000. • Assets can have both tangible and intangible values. • The tangible value is the actual cost of the asset. • The intangible value is value that cannot be measured by cost, such as client confidence.
  • 12. Cont… Some examples of tangible assets are: • Computer systems—Servers, desktop PCs, and mobile computers are all tangible assets. • Network components—Routers, switches, firewalls, and any other components necessary to keep the network running are assets. • Software applications—Any application that can be installed on a computer system is considered a tangible asset. • Data—This includes the large-scale databases that are integral to many businesses. It also includes the data used and manipulated by each employee or customer.
  • 13. Cont… • One of the early steps in risk management is associated with identifying the assets of a company and their associated costs. This data is used to prioritize risks for different assets. Once a risk is prioritized, it becomes easier to identify risk management processes to protect the asset.
  • 14. Example: the effect risk on Business assets • Imagine that your company sells products via a Web site. The Web site earns $5,000 an hour in revenue. Now, imagine that the Web server hosting the Web site fails and is down for two hours. The costs to repair it total $1,000. What is the tangible loss? • Lost revenue—$5,000 times two hours = $10,000 • Repair costs—$1,000 • Total tangible value—$11,000
  • 15. Cont... The intangible value isn’t as easy to calculate but is still very important. Imagine that several customers tried to make a purchase when the Web site was down. If the same product is available somewhere else, they probably bought the product elsewhere. That lost revenue is the tangible value. However, if the experience is positive with the other business, where will the customers go the next time they want to purchase this product? It’s very possible the other business has just gained new customers and you have lost some. That lost of customer confidence is intangible value.
  • 16. Cont… • The intangible value includes: (1) Future lost revenue—Any additional purchases the customers make with the other company is a loss to your company. (2) Cost of gaining the customer—A lot of money is invested to attract customers. It is much easier to sell to a repeat customer than it is to acquire a new customer. If you lose a customer, you lose the investment. (3) Customer influence—Customers have friends, families, and business partners. They commonly share their experience with others, especially if the experience is exceptionally positive or negative.
  • 17. (3) Driver of Business Costs • Risk is also a driver of business costs. Once risks are identified, steps can be taken to reduce or manage the risk. • Risks are often managed by implementing countermeasures or controls. • The costs of managing risk need to be considered in total business costs. • If too much money is spent on reducing risk, the overall profit is reduced. If too little money is spent on these controls, a loss could result from an easily avoidable threat and/or vulnerability.
  • 18. (3) Driver of Business Costs Cont.…, Profitability Vs Survivability • Both profitability and survivability must be considered when considering risks. • Profitability: The ability of a company to make a profit. Profitability is calculated as revenues minus costs. • Survivability: The ability of a company to survive loss due to a risk. Some losses such as fire can be disastrous and cause the business to fail.
  • 19. Profitability Vs Survivability Cont.…, • In terms of profitability, a loss can ruin a business. In terms of survivability, a loss may cause a company never to earn a profit. • The costs associated with risk management don’t contribute directly to revenue gains. Instead, these costs help to ensure that a company can continue to operate even if it incurs a loss.
  • 20. Profitability Vs Survivability Cont.…, • When considering profitability and survivability, you will want to consider the following items: (1) Out-of-pocket costs—The cost to reduce risks comes from existing funds. (2) Lost opportunity costs—Money spent to reduce risks can’t be spent elsewhere. This may result in lost opportunities if the money could be used for some other purpose.
  • 21. Profitability Vs Survivability Cont.…, (3) Future costs—Some countermeasures require ongoing or future costs. These costs could be for renewing hardware or software. Future costs can also include the cost of employees to implement the countermeasures. (4) Client/stakeholder confidence— The value of client and stakeholder confidence is also important. If risks aren’t addressed, clients or stakeholders may lose confidence when a threat exploits a vulnerability, resulting in a significant loss to the company.
  • 22. Example: the risk on Driver of Business Costs • Consider antivirus software. The cost to install antivirus software on every computer in the organization can be quite high. Every dollar spent reduces the overall profit, and antivirus software doesn’t have the potential to add any profit. • However, what’s the alternative? If antivirus software is not installed, every system represents a significant risk. If any system becomes infected, a virus could release a worm as a payload and infect the entire network. Databases could be corrupted. Data on file servers could be erased. E­ mail servers could crash. The entire business could grind to a halt. If this happens too often or for too long the business could fail.