## 1. Risk Management Basics

* **Asset:** Something valuable that needs protection (e.g., data, software).
* **Vulnerability:** Weakness that can be exploited.
* **Risk:** The potential for loss or damage when a threat exploits a vulnerability.

---

## 2. Risk Management Process (ISO 31000)

1. Identify vulnerabilities.
2. Identify threats.
3. Select tools and techniques to assess risk.
4. Assess risk qualitatively (descriptions, categories) or quantitatively (numbers).
5. Decide strategies against risks.
6. Consider countermeasures.

---

## 3. Example: Risk of Data Disclosure

| Before Controls                          | After Controls                                      |
| ---------------------------------------- | --------------------------------------------------- |
| Cost to recover data: \$1,000,000        | Effectiveness of access control: 60% risk reduction |
| Likelihood: 10% per year                 | Expected cost of incidents: \$40,000                |
| Risk exposure (expected cost): \$100,000 | Cost of access control software: \$25,000           |
|                                          | Expected total cost: \$65,000                       |
|                                          | **Savings per year: \$35,000**                      |

* **Risk reduction:** \$100,000 \* 60% = \$60,000 saved
* **Risk leverage:** (100,000 - 40,000) / 25,000 = 2.4 (money saved per dollar spent)
* **Return on Security Investment (ROSI):** (60,000 - 25,000) / 25,000 = 1.4 (profitability of security spend)

---

## 4. Practical Risk Assessment Exercise (Brightspace LMS)

* **a. Assets:** Identify 3 important assets in Brightspace (e.g., user data, course materials, authentication system).
* **b. Threats:** Identify 3 threat scenarios (e.g., data breach, denial of service, unauthorized access).
* **c. Impact:** Explain how each threat affects assets.
* **d. Quantify risks:** Estimate likelihood and impact.
* **e. Countermeasures:** Suggest one countermeasure per risk (e.g., encryption, rate limiting, access control).

---

## 5. Principles and Best Practices

### Design Principles

* **Separation of Duties (SoD):** Avoid conflicts by dividing tasks among different people (e.g., one person creates users, another approves).
* **Least Privilege:** Give users only the access they need, no more.

---

## 6. Standards and Frameworks

* **ISO/IEC 27000 series:** Info security management standards.
* **ISO 31000:** Risk management.
* **NIST 800-30:** Guide for risk assessments.
* **NIST 800-53:** Security and privacy controls.
* **ISACA COBIT:** IT systems management framework.

---

## 7. Risk Management Methods

* **Tabular methods:** Popular in industry (tables showing risks and controls).
* **Graphical methods:** More academic (diagrams, charts).

---

## 8. Threat Modeling: STRIDE Framework

| Threat                      | Concern                      | Countermeasures                                          |
| --------------------------- | ---------------------------- | -------------------------------------------------------- |
| **Spoofing**                | Can you trust the identity?  | Authentication, session management, digital certificates |
| **Tampering**               | Can data be changed?         | Digital signatures, access control, auditing             |
| **Repudiation**             | Can actions be denied?       | Logging, auditing, digital signatures                    |
| **Information Disclosure**  | Risk of data theft?          | Access control, encryption                               |
| **Denial of Service (DoS)** | Prevent service access?      | Rate limiting, boundary protection, redundancy           |
| **Elevation of Privilege**  | Unauthorized privilege gain? | Authorization, least privilege, input validation         |

---

## 9. STRIDE Threat Modeling Steps

1. Define key assets and security needs.
2. Create data flow diagrams (DFDs).
3. Draw trust boundaries (zones with different trust levels).
4. Identify threats crossing these boundaries.
5. Plan controls to mitigate threats.
6. Validate controls work.

---

## 10. STRIDE Example: E-commerce Book Webshop

* **Actors:** Customers and shop owner.
* **Processes:** Web application server.
* **Data Stores:** Sales DB, Books DB.
* **Interactions:** Customers send requests; app fetches data from DBs.

**Assets:** Databases, web app process
**Requirements:** Confidentiality, integrity, availability for sales data; integrity and availability for books data and web app.

---

## 11. STRIDE Threats in the Example

* Spoofing: Someone impersonates owner to get sales data.
* Tampering: Altering books or sales data.
* Repudiation: Customer denies having sent requests.
* DoS: Database offline, no response.
* Elevation of Privilege (EoP): Customer gains higher privilege.

---

## 12. Key Takeaways

* Risk management quantifies and prioritizes threats.
* Defensive strategies and controls should be based on assessed risks.
* Threat modeling helps brainstorm possible attacks and improve preparation.
* STRIDE is a practical method to identify common threats.