|
|
Assessment of approaches to security risk analysis
Koudela, Radek ; Doucek, Petr (advisor) ; Vachuda, Jan (referee)
Risk management is a process through which organizations are methodically devoted to the risks associated with their activities in order to get the biggest benefit from their business. It is also a rapidly developing field, where there is a variety of different approaches, methods, methodologies and standards in which may be little confusing. Therefore, this work offers a comprehensive and systematic view on the issue of risk analysis and management. Risk analysis is a cornerstone for effective security management of each company used for identification, description and quantification of risks, which should lead to acceptance of suitable measures for risk treatment. That is the reason why it requires a careful and methodical procedure described in this work. The main objective of this work is to analyse different approaches to risk analysis and management and thus highlight the importance of information security and protection of corporate assets. This approaches need to be understood as a different levels of detail of conducted risk analysis which will depend on initial maturity level (according to the CMM -- Capability Maturity Model) of information security process. The theoretical part of this thesis will explain relevant methodologies, techniques and procedure of risk analysis based on the ISO 27005 standard. From this part reader should learn what risk analysis is, what is it used for, how can it be carried out and what standards and methods can be used. The practical part will solve a real risk analysis project, which will demonstrate application of information obtained in the theoretical part.
|
guest ::
