Upload
gabriel-gaby-bar-giora
View
136
Download
0
Embed Size (px)
Citation preview
Risk AssessmentRisk Assessment
““The Art of The Art of PreventionPrevention””
Assets are vulnerableAssets are vulnerableAxiomaticAxiomatic
Wherever there are Assets there are also Wherever there are Assets there are also ThreatsThreats.. The more valuable the assets the more dangerous are The more valuable the assets the more dangerous are
the threats.the threats. When a threat acts upon an asset damage will occur When a threat acts upon an asset damage will occur
= this we call = this we call RISKRISK . . According to the According to the Risk ImpactRisk Impact damage can range up to damage can range up to
Critical or “Total Loss”.Critical or “Total Loss”.
Know your ThreatsKnow your Threats Theft and Robbery Theft and Robbery Sabotage and TerrorSabotage and Terror Espionage and LeakageEspionage and Leakage Fraud and DeceptionFraud and Deception
Our VisionOur VisionMaintain a level of Prevention that Maintain a level of Prevention that
enables the Organization to keep enables the Organization to keep reaching its goals without as much reaching its goals without as much disturbance and damage to assets disturbance and damage to assets
and procedures as possible.and procedures as possible.
Our GoalOur GoalKnow your Risks Know your Risks Take appropriate security Take appropriate security
measures, to prevent Risks from measures, to prevent Risks from happening. happening.
Prepare for emergency in order to Prepare for emergency in order to maintain Business Continuity.maintain Business Continuity.
Our ObjectivesOur Objectives Secure plants or installations.Secure plants or installations. Secure IT systemsSecure IT systems Secure Data BasesSecure Data Bases Secure ManpowerSecure Manpower Form a security policyForm a security policyAssimilate the security policy.Assimilate the security policy.
The Principles of SecurityThe Principles of Security Passive securityPassive security . . Maintains control Maintains control
of the risks in order to spot and warn their of the risks in order to spot and warn their happening.happening.
Active securityActive security . . Reacts, prevents and Reacts, prevents and thwarts happening risks.thwarts happening risks.
Proactive securityProactive security . . Gathers Gathers information and warns of risks before they information and warns of risks before they happen.happen.
RememberRemember
All you do in the Physical All you do in the Physical domain you have to parallel in domain you have to parallel in
the virtual domain and vice the virtual domain and vice versaversa!!
The components of The components of Passive SecurityPassive Security
Control passages by advanced systems Control passages by advanced systems able to identify and record while able to identify and record while opening.opening.
Control by video recording Control by video recording Identify presence in secured spaces Identify presence in secured spaces
also for sensitive equipment.also for sensitive equipment.Warn when breached.Warn when breached.
The components of The components of Active SecurityActive Security
Neutralize (isolate and secure) identified risks when Neutralize (isolate and secure) identified risks when happening.happening.
Handle the neutralized risk in a secure “examination Handle the neutralized risk in a secure “examination and decision station” by designated teams.and decision station” by designated teams.
Removal of the danger or change the status of the Removal of the danger or change the status of the risk.risk.
Register the actions for debriefing and study.Register the actions for debriefing and study.
The components of The components of Proactive SecurityProactive Security
Gathering information from non-live Gathering information from non-live sources, to find and evaluate new sources, to find and evaluate new risks.risks.
Execution of industrial espionage for Execution of industrial espionage for defensive goals.defensive goals.
Study the behavior of rivals in order Study the behavior of rivals in order to assess risks in advance.to assess risks in advance.
RememberRemember
All you do in the Physical All you do in the Physical domain you have to parallel in domain you have to parallel in
the virtual domain and vice the virtual domain and vice versaversa!!
The needed characteristics areThe needed characteristics are In/out going and usage control In/out going and usage control
system.system. Protective envelope against outside Protective envelope against outside
risks.risks. Protective system against inside risks.Protective system against inside risks. Support, backup and continuity Support, backup and continuity
means.means.