University of Oxford Logo University of OxfordSoftware Engineering - Home
On Facebook
Facebook
Follow us on twitter
Twitter
Linked in
Linked in
Google plus
Google plus
Digg
Digg
Pinterest
Pinterest
Stumble Upon
Stumble Upon

Security Risk Analysis and Management

The concept of risk is central to computer and information security, as understanding the exposure of the system to different threats enables security efforts to be prioritised. Through measurements and estimates of risk, security can be managed and cost-benefit decisions can be made. This course explores the principles and tools behind risk analysis for security, providing practical experience on a realistic case study.

Course dates

2nd March 2015Oxford University Department of Computer Science 0 places remaining.

Objectives

The successful participant will

  • be able to understand the main issues of risk in computer and information security;
  • be able to conduct a security risk analysis and make cost-benefit decisions based on this;
  • have an overview of how risk analysis can be used to make a business case for security.

Contents

Overview of Risk
Introduction to the terminology of risk; Risk analysis and management framework; Risk and the relationship to security and controls;
Assets, Harm & Threats
Types of harm; Impact valuation; Threat modelling;
Vulnerability Analysis
Baseline systems; Vulnerability analysis methods;
Risk Evaluation
Quantitative and Qualitative risk measurement;
Security Planning & Management
Security measures; Mapping vulnerabilities to mitigation techniques; COBIT; Security checklists; Security requirements; Risk standards;
Business Cases for Security
Building business cases; Saved losses;

Requirements

Participants should have a basic understanding of computer security to the level provided by the Security Principles course.