Risk Management Overview

• Importance of Risk Management
• Integration of Risk Management Into SDLC
• Key Roles

Risk Assessment

• System Characterization

System-Related Information

Information-Gathering Techniques

• Threat Identification

Threat-Source Identification

Motivation and Threat Actions

• Vulnerability Identification

Vulnerability Sources

System Security Testing

• Control Analysis

Control Methods

Control Categories

Control Analysis Technique

• Likelihood determination
• Impact Analysis
• Risk Determination

Risk Level Matrix

Description of Risk Level

• Control Recommendation
• Results Documentation

Risk Mitigation

• Risk Mitigation Options
• Risk Mitigation Strategy
• Approach for Control Implementation
• Control categories

Technical Security Controls

Management Security Controls

Operational Security Controls

• COST-Benefit Analysis
• Residual Risk

Evaluation and Assessment

• Good Security Practice
• Keys For Success