Professional Documents
Culture Documents
Presented by
Radhika Kumaran
I ME Software Engg
Overview of the presentation
This presentation deals with a four step process that is
used in most of the organizations today to evaluate
assets to be protected ,potential assailants and likely
method and tactics . The aim is to pull the results
together and outline the plan of action for investigating
in cyber security the ways that protect the most critical
organizational information and processes.
The Info Secure Method
Initially developed by the RAND corporation, this
method has gained popularity as it is flexible and
helps understanding the security that money can
buy.
It addresses three important questions essential to
information security systems:
1. Who are the likely assailants?
2. What are their potential methods and tactics?
3. What are the most important assets to protect?
Four Steps in Info
Secure
1. Ranking and Risk analysis
2. Methods of Protection
3. Gap Analysis and Ranking
4. Identify Course of Action
Step 1:Ranking and Risk Analysis
Company Recovrable 3 2 2 3
sensitive
business
plans
Travel Nuisance 1 1 1 1
information
Example history of assailants and risk
Organized 2 3 3 3
crime
Random crime 1 1 1 1
Insider 3 2 2 2
Step 2:Methods of
Protection
The next major step in Info Secure
method is to identify what types of
protection are available to counter
the threats identified in the previous
step. The organizations need to first
check the security landscape and
add necessary measures.
Example matrix of current practice