6 Quick Steps for N00bs Understanding Risk Assessments

Risk DiagramAlthough this article came out a few months ago I’ve been meaning to put it out there as it may give those unfamiliar with addressing risk a good overview of what’s involved. In this case study the author focuses on doing a security assessment for a cloud system but the same approach could be used in almost any IT scenario. Yes, this article will probably get poo-pooed by the risk gurus out there but I think it does a nice job introducing the topic.

The basic scenario is is as follows…

via InfosecIsland.com

Faced with a steep bill for securing a new cloud application, a client asked us to help find a way to reduce their risk exposure at the lowest possible cost.

By using the Business Threat Modeling methodology and PTA (Practical Threat Analysis) software, we were able to build a risk mitigation plan that mitigated 80% of the total risk exposure in dollars at half the original security budget proposed by the vendor.

This paper describes a customer case study of a risk analysis for a next generation call accounting system provided as a cloud service.

Continued here.

The author then goes on to describe details of the process they followed. These included going through the following steps.

  • Step 1: Identify Assets
  • Step 2: Identify Vulnerabilities
  • Step 3: Define Countermeasures
  • Step 4: Build Threat Scenarios
  • Step 5: Understand the calculated Risk
  • Step 6: Optimize Countermeasures

In the end they were able to get a nice balance between implemented countermeasures (and their associated cost) and the amount of risk they were willing to accept.

#####

Well at a high level that is pretty much it but I’d encourage you to read the full case study to fill in the gaps. Today’s post image is from SANS.org.

8 comments for “6 Quick Steps for N00bs Understanding Risk Assessments

  1. March 8, 2012 at 7:36 pm

    # 6 Quick Steps for N00bs Understanding Risk Assessments http://t.co/6nvCsIcO

  2. March 8, 2012 at 10:16 pm

    #NoVABlogger 6 Quick Steps for N00bs Understanding Risk Assessments http://t.co/RpwGN4Ov

  3. March 8, 2012 at 11:35 pm

    Blogged: 6 Quick Steps for N00bs Understanding Risk Assessments http://t.co/cTU98Cd7

  4. March 9, 2012 at 1:37 am

    6 Quick Steps for N00bs Understanding Risk Assessments http://t.co/vUrKTQuX

  5. March 9, 2012 at 10:27 am

    So what’s a risk assessment? Here are some basics along with a case study. http://t.co/PhGTS16o

  6. March 9, 2012 at 10:27 am

    So what’s a risk assessment? Here are some basics along with a case study. http://t.co/JCUQq3rp

  7. March 9, 2012 at 9:45 pm

    6 Quick Steps for N00bs Understanding Risk Assessments http://t.co/PhGTS16o

  8. March 9, 2012 at 9:45 pm

    6 Quick Steps for N00bs Understanding Risk Assessments http://t.co/JCUQq3rp

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.