Security Risk Analysis and Management
The concept of risk is central to computer and information security, as understanding the exposure of the system to different threats enables security efforts to be prioritised. Through measurements and estimates of risk, security can be managed and cost-benefit decisions can be made. This course explores the principles and tools behind risk analysis for security, providing practical experience on a realistic case study.
Frequency
This course normally runs twice a year.
Course dates
| 14th October 2024 | Oxford University Department of Computer Science - Held in the Department | 11 places remaining. |
| 9th June 2025 | Oxford University Department of Computer Science - Held in the Department | 15 places remaining. |
Objectives
The successful participant will
- be able to understand the main issues of risk in computer and information security;
- be able to conduct a security risk analysis and make cost-benefit decisions based on this;
- have an overview of how risk analysis can be used to make a business case for security.
Contents
- Overview of Risk
- Introduction to the terminology of risk; Risk analysis and management framework; Risk and the relationship to security and controls;
- Assets, Harm & Threats
- Types of harm; Impact valuation; Threat modelling;
- Vulnerability Analysis
- Baseline systems; Vulnerability analysis methods;
- Risk Evaluation
- Quantitative and Qualitative risk measurement;
- Security Planning & Management
- Security measures; Mapping vulnerabilities to mitigation techniques; COBIT; Security checklists; Security requirements; Risk standards;
- Business Cases for Security
- Building business cases; Saved losses;
Requirements
Participants should have a basic understanding of computer security to the level provided by the Security Principles course.