College aantekeningen

Digital risk & security samenvatting

Name: Digital risk & security samenvatting
SKU: doc_4696243
Rating: 3.50 (2 reviews)
Author: merelpeeraer

Beoordeling

3,5

(2)

Verkocht

Pagina's

149

Geüpload op

08-03-2024

Geschreven in

2022/2023

Notities van de les. Je mag de samenvatting meenemen naar het examen!

Instelling

Vak

Oeps! We kunnen je document nu niet laden. Probeer het nog eens of neem contact op met support.

Meld schending auteursrecht

Geschreven voor

Instelling: Universiteit Antwerpen (UA)
Studie: Handelsingenieur
Vak: Digital risk & Security

Alle documenten voor dit vak (1)

Documentinformatie

Geüpload op: 8 maart 2024
Aantal pagina's: 149
Geschreven in: 2022/2023
Type: College aantekeningen
Docent(en): Dirk steuperaert
Bevat: Alle colleges

Onderwerpen

digital risk security
digital
hib
tew

Voorbeeld van de inhoud

Digital risk and security
Inhoud
1. Introduction................................................................................................................................................. 4
1.1 Risk a short introduction ....................................................................................................................... 4
1.2 Risk management – context .................................................................................................................. 6
Risk- the big picture................................................................................................................................. 6
IT governance definitions ........................................................................................................................ 7
2. Risk & security Standards and Frameworks ................................................................................................ 8
2.1 risk & security references: Terminology and definitions .................................................................... 17
2.2 risk & security issues are real .............................................................................................................. 20
2.4 Risk & security references: A risk ontology: Fair ( factor analysis of information risk) ...................... 22
3. COBIT 2019 refresher ............................................................................................................................ 27
3.1 cobit as an I&T framework .................................................................................................................. 28
3.2 COBIT 2019 product architecture........................................................................................................ 30
3.2 Designing a tailored governance system: impact of design factors ................................................ 46
3.3 Designing a tailored governance system: Governance System Design Workflow ......................... 47
3.4 Performance management overview .................................................................................................. 53
Process performance: capability level................................................................................................... 54
Organisational structure performance management ........................................................................... 55
3.5 Information quality management ....................................................................................................... 57
4. The risk function and the security function .......................................................................................... 59
Practical COBIT Guidance for Risk & Security Management ................................................................. 59
4.1. The risk function ................................................................................................................................. 60
4.1.1. COBIT 2019 Governance Component Organisational structures ................................................ 60
4.1.2. COBIT 2019 Governance Component: Supporting Processes ..................................................... 61
4.1.3. COBIT 2019 Governance Component: Culture, Ethics & Behaviour ........................................... 62
4.1.5. COBIT 2019 Governance Component: Information .................................................................... 67
4.1.6. COBIT 2019 Governance Component: Services, Infrastructure, Applications ........................... 68
4.1.6. COBIT 2019 Governance Component: : People, Skills & Competences ...................................... 69
4.2. The security function .......................................................................................................................... 71
4.2.1. COBIT 2019 Information Security FA – Information Security Organisational Structures ........... 71

1

, 4.2.2. COBIT 2019 Information Security FA – Information Security Specific Organisational Structures -
CISO ....................................................................................................................................................... 72
4.2.3. COBIT 2019 Information Security FA – Information Security Specific Organisational Structures
............................................................................................................................................................... 73
4.2.4. COBIT 2019 Information Security FA – Information Security: Processes .................................... 74
4.2.5. COBIT 2019 Information Security FA: Culture, Ethics & Behaviour............................................. 76
4.2.6. COBIT 2019 Information Security FA: Information...................................................................... 79
4.2.7. COBIT 2019 Information Security FA: Services ............................................................................ 80
5. Risk Governance .................................................................................................................................... 82
COBIT 2019 – EDM03: Ensure Risk Optimisation ...................................................................................... 82
SFIA V7 – responsibility levels ............................................................................................................... 86
COBIT 2019 – EDM03: Ensure Risk Optimisation SFIA V7 – BURM (Business Risk Management) ....... 86
COBIT 2019 – EDMO3 – ensure risk optimisation ................................................................................. 87
5.1. Risk taxonomy .............................................................................................................................. 87
5.1.1. Risk taxonomy: expressing and describing risk .................................................................... 87
5.1.2. Quantitative vs qualitative ................................................................................................... 87
5.1.3. Frequent vs Bayesian views ................................................................................................. 88
5.1.4. A simple view?...................................................................................................................... 89
5.1.5. Example sets of business impact criteria ............................................................................. 89
5.2. Risk taxonomy, risk appetite, risk capacity................................................................................... 93
5.2.1. Definitions risk appetite – tolerance- capacity..................................................................... 93
5.2.2. Risk map & risk appetite....................................................................................................... 94
6. Risk management .................................................................................................................................. 95
6.1. Risk management process ............................................................................................................ 95
6.1.1. AP012: managed risk ............................................................................................................ 95
6.1.2. SFIA V7 – responsibility levels .............................................................................................. 99
6.1.3. COBIT 2019 – APO12: Managed Risk SFIA V7 – INAS (Information Assurance) .................. 99
7. Risk identification ................................................................................................................................ 102
7.1. Risk scenarios.............................................................................................................................. 102
7.1.1. COBIT 2019 – Components of risk scenarios...................................................................... 102
7.1.2. COBIT (and FAIR) risk scenarios .......................................................................................... 104
7.1.3. COBIT 2019 Risk scenario categories ................................................................................. 104
7.1.4. FAIR risk scenarios .............................................................................................................. 106
7.2. Generic guidance on working with risk scenarios ...................................................................... 107
Risk scenario guidance (1) ................................................................................................................... 107

2

, Risk scenario guidance (2) ................................................................................................................... 107
Risk scenario guidance (3) ................................................................................................................... 107
Risk scenario guidance (4) ................................................................................................................... 108
Risk scenario guidance (5) ................................................................................................................... 108
Risk scenario guidance (6) ................................................................................................................... 109
Risk scenario guidance (7) ................................................................................................................... 109
Risk scenario guidance (8) ................................................................................................................... 110
Risk scenario guidance (9) ................................................................................................................... 110
8. Risk analysis ......................................................................................................................................... 112
8.1. Qualitative risk analysis ................................................................................................................... 113
8.1.1. risk analysis flow........................................................................................................................ 113
8.2.2. Some examples .................................................................................................................. 114
8.2. Quantitative risk analysis ............................................................................................................ 120
8.2.1. Measuring risk .................................................................................................................... 120
8.2.2. Calibration .......................................................................................................................... 121
8.2.3. The risk analysis process in FAIR ........................................................................................ 123
Tools .................................................................................................................................................... 128
8.3. Risk aggregation ......................................................................................................................... 129
9. Risk response ....................................................................................................................................... 133
9.1. risk response options ....................................................................................................................... 134
9.1.1. risk response parameters .......................................................................................................... 136
9.1.2. Risk response: mitigation ( COBIT 2019) ................................................................................... 136
9.2. Business case for risk response .................................................................................................. 139
9.3. Risk reporting/communication ................................................................................................... 141
9.3.1. Components of I&T risk communication............................................................................ 142
9.3.2. Quality requirements for I&T risk reporting ...................................................................... 143
9.4. Examples of risk related information items ............................................................................... 145
9.4.1. Risk profile .......................................................................................................................... 145
9.4.2. Risk factors ......................................................................................................................... 145
9.4.3. Inputs/outputs AP012 ........................................................................................................ 146
9.5. key risk indicators ....................................................................................................................... 146
9.5.1. key risk indicators – definition ........................................................................................... 146
9.5.2. Leading and lagging indicators ........................................................................................... 147
9.5.3. Selection criteria ................................................................................................................ 147

3

, 9.5.4. Key risk indicators benefits ................................................................................................ 148
9.5.5. Challenges for key risk indicators ....................................................................................... 148
9.5.6. Source of KRI’s .................................................................................................................... 149

1. Introduction
1.1 Risk a short introduction

Risk is one of these things that many people define in different ways. Things will happen (u don’t know
what, when and which impact), but you can’t just stay home because bad things will happen (even though
there are risks, the enterprise still has to complete their missions).

Risk is about uncertainty:

➢ Uncertainty over
o What is going to happen?
o When it is going to happen?
o How big the impact will be?
➢ Yet, organisations need to manage this uncertainty, because:
o NOT travelling the road is not an option
o Risk should not distract us from our goals…

Highly publicised risk is not always the most important risk, there is need a consistent and systematic
overview of all risks.

The real cause of the problem is quit important.

➢ Need for a method for consistently analysing risk down to root cause
➢ Need for a mechanism to distinguish small from big risk
➢ If we quantify risk we need solid methods and reliable data to do so

Risks relates to objectives

➢ Example: if you want to cross a bridge safely and dry there is much risk
But if the objective is to have fun there probably won’t be a lot of risk

Detectability

➢ You know what to look for, i.e. what constitutes risk for you and what not…
o In other words: what are the relevant risk scenarios for your organisation?
➢ Once known, risk can be analysed, controls can be implemented, monitoring is applied to
recognise risk occurrence and to respond as appropriate

 U have to able to detect risk, have to know what can happen, knowing what to look for. Only
then u can see how bad they are and take counter measures

4

€7,09

Krijg toegang tot het volledige document:

100% tevredenheidsgarantie

Direct beschikbaar na je betaling

Lees online óf als PDF

Geen vaste maandelijkse kosten

Maak kennis met de verkoper

merelpeeraer

3,5

(2)

Beoordelingen van geverifieerde kopers

Alle 2 reviews worden weergegeven

rikvancleynenbreugel Handelsingenieur · 15 beoordelingen

7 maanden geleden

salmaahansal Master In Digital Business Engineering · 14 beoordelingen

4 maanden geleden

3,5

2 beoordelingen

Betrouwbare reviews op Stuvia

Alle beoordelingen zijn geschreven door echte Stuvia-gebruikers na geverifieerde aankopen.

Maak kennis met de verkoper

merelpeeraer Aeres Hogeschool

Bekijk profiel

Volgen

Verkocht

Lid sinds

6 jaar

Aantal volgers

Documenten

Laatst verkocht

6 maanden geleden

3,5

2 beoordelingen

Recent door jou bekeken

Waarom studenten kiezen voor Stuvia

Gemaakt door medestudenten, geverifieerd door reviews

Kwaliteit die je kunt vertrouwen: geschreven door studenten die slaagden en beoordeeld door anderen die dit document gebruikten.

Niet tevreden? Kies een ander document

Geen zorgen! Je kunt voor hetzelfde geld direct een ander document kiezen dat beter past bij wat je zoekt.

Betaal zoals je wilt, start meteen met leren

Geen abonnement, geen verplichtingen. Betaal zoals je gewend bent via iDeal of creditcard en download je PDF-document meteen.

“Gekocht, gedownload en geslaagd. Zo makkelijk kan het dus zijn.”

Alisha Student

Veelgestelde vragen

Wat krijg ik als ik dit document koop?

Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.

Tevredenheidsgarantie: hoe werkt dat?

Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.

Van wie koop ik deze samenvatting?

Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper merelpeeraer. Stuvia faciliteert de betaling aan de verkoper.

Zit ik meteen vast aan een abonnement?

Nee, je koopt alleen deze samenvatting voor €7,09. Je zit daarna nergens aan vast.

Is Stuvia te vertrouwen?

4,6 sterren op Google & Trustpilot (+1000 reviews) Afgelopen 30 dagen zijn er 42103 samenvattingen verkocht Opgericht in 2010, al 15 jaar dé plek om samenvattingen te kopen

Digital risk & security samenvatting

Geschreven voor

Documentinformatie

Onderwerpen

Voorbeeld van de inhoud

Meer vakken binnen Universiteit Antwerpen (UA) > Handelsingenieur

Beoordelingen van geverifieerde kopers

Maak kennis met de verkoper

Recent door jou bekeken

Waarom studenten kiezen voor Stuvia

Gemaakt door medestudenten, geverifieerd door reviews

Niet tevreden? Kies een ander document

Betaal zoals je wilt, start meteen met leren

Veelgestelde vragen

Wat krijg ik als ik dit document koop?

Tevredenheidsgarantie: hoe werkt dat?

Van wie koop ik deze samenvatting?

Zit ik meteen vast aan een abonnement?

Is Stuvia te vertrouwen?