SlideShare uma empresa Scribd logo

Risk View - InfoSec intro

Transferir como PPTX, PDF
C
cswinney
1 de 17
Rev2 IT Information Security Risk Management February 26, 2010
Today’s Discussion Agenda Rev2 Introduction RiskView Framework Examples Next Steps Goals Introduce RiskViewTM a decision support system which helps identify and focus on business- material risks Understand your risk-management focus areas & processes 2
Rev2 Risk Management InfoSec Risk Supply Chain Risk Service Delivery Risk RiskView replaces ad-hoc processes with a Fact-based, Scalable, Repeatable Framework Identify under controlled risk via business views Focus on the most material drivers “What-if” controls testing
But Big Exposure Plenty of Data Info sec tools and services regularly identify 100,000’s vulnerabilities Today RiskView provides a fact-based, scalable, repeatable process 4 Most companies collect large vulnerability data sets, but face big material risk in information security. Because… ,[object Object]
Perception vs. facts
Wasted money
On-going vulnerabilityValue is limited by… ,[object Object]
Inconsistent data
Wrong metrics
Changing process
Inadequate toolsHow do you prioritize 1 Million vulnerabilities?
Structure Systems Tools Info Sec Risk Mgt requires a formal strategy and organization approach An on-going formal process is needed to meet goals and execute strategy Special tools are required to consistently and efficiently analyze large data sets Key Elements Include ,[object Object]
Metrics—Consistent metrics for materiality of business impact
Risks and Policies—To identify risks and define policies to limit exposure
Compliance—Regular evaluations to learn policy compliance and violations
Risk Updates—Regular reviews for materiality score changes
Measures and Actions—Regular risk assessments with next steps to fix key findings

Recomendados

Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyAndrew Smart
 
Presenting Metrics to the Executive Team
Presenting Metrics to the Executive TeamPresenting Metrics to the Executive Team
Presenting Metrics to the Executive TeamJohn D. Johnson
 
Infographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionInfographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionCorporater
 
Integrated Risk Management
Integrated Risk ManagementIntegrated Risk Management
Integrated Risk ManagementOmicron Systems
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementResolver Inc.
 
App Showcase: Enterprise Risk Management
App Showcase: Enterprise Risk ManagementApp Showcase: Enterprise Risk Management
App Showcase: Enterprise Risk ManagementResolver Inc.
 
App Showcase: Compliance
App Showcase: ComplianceApp Showcase: Compliance
App Showcase: ComplianceResolver Inc.
 
'Re-writing' Infrastructure management
'Re-writing' Infrastructure management'Re-writing' Infrastructure management
'Re-writing' Infrastructure managementMovate
 

Recomendados

Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyAndrew Smart
 
Presenting Metrics to the Executive Team
Presenting Metrics to the Executive TeamPresenting Metrics to the Executive Team
Presenting Metrics to the Executive TeamJohn D. Johnson
 
Infographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionInfographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionCorporater
 
Integrated Risk Management
Integrated Risk ManagementIntegrated Risk Management
Integrated Risk ManagementOmicron Systems
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementResolver Inc.
 
App Showcase: Enterprise Risk Management
App Showcase: Enterprise Risk ManagementApp Showcase: Enterprise Risk Management
App Showcase: Enterprise Risk ManagementResolver Inc.
 
App Showcase: Compliance
App Showcase: ComplianceApp Showcase: Compliance
App Showcase: ComplianceResolver Inc.
 
'Re-writing' Infrastructure management
'Re-writing' Infrastructure management'Re-writing' Infrastructure management
'Re-writing' Infrastructure managementMovate
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
ERM Benchmarking Survey Results
ERM Benchmarking Survey ResultsERM Benchmarking Survey Results
ERM Benchmarking Survey ResultsResolver Inc.
 
Hello ERM - It's Time to Go
Hello ERM - It's Time to GoHello ERM - It's Time to Go
Hello ERM - It's Time to GoResolver Inc.
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk ManagementResolver Inc.
 
An Intro to Core
An Intro to CoreAn Intro to Core
An Intro to CoreResolver Inc.
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Development and implementation of metrics for information security risk asses...
Development and implementation of metrics for information security risk asses...Development and implementation of metrics for information security risk asses...
Development and implementation of metrics for information security risk asses...pero periuc
 
Allgress High Level Presentation
Allgress High Level PresentationAllgress High Level Presentation
Allgress High Level Presentatione9128
 
Third Party Risk Management Introduction
Third Party Risk Management IntroductionThird Party Risk Management Introduction
Third Party Risk Management IntroductionNaveen Grover
 
Spreadsheets vs Software for SOX Compliance
Spreadsheets vs Software for SOX ComplianceSpreadsheets vs Software for SOX Compliance
Spreadsheets vs Software for SOX ComplianceResolver Inc.
 
The Risk Paradox: Showcasing the Success of Security
The Risk Paradox: Showcasing the Success of SecurityThe Risk Paradox: Showcasing the Success of Security
The Risk Paradox: Showcasing the Success of SecurityResolver Inc.
 
Compliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCompliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCorporater
 
The Security Practitioner of the Future
The Security Practitioner of the FutureThe Security Practitioner of the Future
The Security Practitioner of the FutureResolver Inc.
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Resolver Inc.
 
Hernan Huwyler - 10 risk concepts to throw on the bonfire
Hernan Huwyler - 10 risk concepts to throw on the bonfireHernan Huwyler - 10 risk concepts to throw on the bonfire
Hernan Huwyler - 10 risk concepts to throw on the bonfireHernan Huwyler, MBA CPA
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementDevOps.com
 
App Showcase: Retail Loss Prevention
App Showcase: Retail Loss PreventionApp Showcase: Retail Loss Prevention
App Showcase: Retail Loss PreventionResolver Inc.
 
Safety & Asset Integrity Excellence - A Study of Three Mile Island
Safety & Asset Integrity Excellence - A Study of Three Mile IslandSafety & Asset Integrity Excellence - A Study of Three Mile Island
Safety & Asset Integrity Excellence - A Study of Three Mile IslandKienbaum Consultants
 
third party risk management best practices
third party risk management best practicesthird party risk management best practices
third party risk management best practicesSALIH AHMED ISLAM
 
Directory: Regulatory & Risk Data
Directory: Regulatory & Risk DataDirectory: Regulatory & Risk Data
Directory: Regulatory & Risk DataConor Coughlan
 
Uem2c5 01
Uem2c5 01Uem2c5 01
Uem2c5 01Laszlo J.Kremmer, MBA, CLC, PMP®
 
A coach szerepe a változásmenedzsmentben kremmer laszlo
A coach szerepe a változásmenedzsmentben kremmer laszloA coach szerepe a változásmenedzsmentben kremmer laszlo
A coach szerepe a változásmenedzsmentben kremmer laszloLaszlo J.Kremmer, MBA, CLC, PMP®
 

Mais conteúdo relacionado

Mais procurados

Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
ERM Benchmarking Survey Results
ERM Benchmarking Survey ResultsERM Benchmarking Survey Results
ERM Benchmarking Survey ResultsResolver Inc.
 
Hello ERM - It's Time to Go
Hello ERM - It's Time to GoHello ERM - It's Time to Go
Hello ERM - It's Time to GoResolver Inc.
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk ManagementResolver Inc.
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Development and implementation of metrics for information security risk asses...
Development and implementation of metrics for information security risk asses...Development and implementation of metrics for information security risk asses...
Development and implementation of metrics for information security risk asses...pero periuc
 
Allgress High Level Presentation
Allgress High Level PresentationAllgress High Level Presentation
Allgress High Level Presentatione9128
 
Third Party Risk Management Introduction
Third Party Risk Management IntroductionThird Party Risk Management Introduction
Third Party Risk Management IntroductionNaveen Grover
 
Spreadsheets vs Software for SOX Compliance
Spreadsheets vs Software for SOX ComplianceSpreadsheets vs Software for SOX Compliance
Spreadsheets vs Software for SOX ComplianceResolver Inc.
 
The Risk Paradox: Showcasing the Success of Security
The Risk Paradox: Showcasing the Success of SecurityThe Risk Paradox: Showcasing the Success of Security
The Risk Paradox: Showcasing the Success of SecurityResolver Inc.
 
Compliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCompliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCorporater
 
The Security Practitioner of the Future
The Security Practitioner of the FutureThe Security Practitioner of the Future
The Security Practitioner of the FutureResolver Inc.
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Resolver Inc.
 
Hernan Huwyler - 10 risk concepts to throw on the bonfire
Hernan Huwyler - 10 risk concepts to throw on the bonfireHernan Huwyler - 10 risk concepts to throw on the bonfire
Hernan Huwyler - 10 risk concepts to throw on the bonfireHernan Huwyler, MBA CPA
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementDevOps.com
 
App Showcase: Retail Loss Prevention
App Showcase: Retail Loss PreventionApp Showcase: Retail Loss Prevention
App Showcase: Retail Loss PreventionResolver Inc.
 
Safety & Asset Integrity Excellence - A Study of Three Mile Island
Safety & Asset Integrity Excellence - A Study of Three Mile IslandSafety & Asset Integrity Excellence - A Study of Three Mile Island
Safety & Asset Integrity Excellence - A Study of Three Mile IslandKienbaum Consultants
 
third party risk management best practices
third party risk management best practicesthird party risk management best practices
third party risk management best practicesSALIH AHMED ISLAM
 
Directory: Regulatory & Risk Data
Directory: Regulatory & Risk DataDirectory: Regulatory & Risk Data
Directory: Regulatory & Risk DataConor Coughlan
 

Mais procurados (20)

Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
 
ERM Benchmarking Survey Results
ERM Benchmarking Survey ResultsERM Benchmarking Survey Results
ERM Benchmarking Survey Results
 
Hello ERM - It's Time to Go
Hello ERM - It's Time to GoHello ERM - It's Time to Go
Hello ERM - It's Time to Go
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk Management
 
An Intro to Core
An Intro to CoreAn Intro to Core
An Intro to Core
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
 
Development and implementation of metrics for information security risk asses...
Development and implementation of metrics for information security risk asses...Development and implementation of metrics for information security risk asses...
Development and implementation of metrics for information security risk asses...
 
Allgress High Level Presentation
Allgress High Level PresentationAllgress High Level Presentation
Allgress High Level Presentation
 
Third Party Risk Management Introduction
Third Party Risk Management IntroductionThird Party Risk Management Introduction
Third Party Risk Management Introduction
 
Spreadsheets vs Software for SOX Compliance
Spreadsheets vs Software for SOX ComplianceSpreadsheets vs Software for SOX Compliance
Spreadsheets vs Software for SOX Compliance
 
The Risk Paradox: Showcasing the Success of Security
The Risk Paradox: Showcasing the Success of SecurityThe Risk Paradox: Showcasing the Success of Security
The Risk Paradox: Showcasing the Success of Security
 
Compliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCompliance Management Software | Corporate Compliance
Compliance Management Software | Corporate Compliance
 
The Security Practitioner of the Future
The Security Practitioner of the FutureThe Security Practitioner of the Future
The Security Practitioner of the Future
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security
 
Hernan Huwyler - 10 risk concepts to throw on the bonfire
Hernan Huwyler - 10 risk concepts to throw on the bonfireHernan Huwyler - 10 risk concepts to throw on the bonfire
Hernan Huwyler - 10 risk concepts to throw on the bonfire
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
 
App Showcase: Retail Loss Prevention
App Showcase: Retail Loss PreventionApp Showcase: Retail Loss Prevention
App Showcase: Retail Loss Prevention
 
Safety & Asset Integrity Excellence - A Study of Three Mile Island
Safety & Asset Integrity Excellence - A Study of Three Mile IslandSafety & Asset Integrity Excellence - A Study of Three Mile Island
Safety & Asset Integrity Excellence - A Study of Three Mile Island
 
third party risk management best practices
third party risk management best practicesthird party risk management best practices
third party risk management best practices
 
Directory: Regulatory & Risk Data
Directory: Regulatory & Risk DataDirectory: Regulatory & Risk Data
Directory: Regulatory & Risk Data
 

Destaque

Docência Online e seus processos de formação contemporâneos
Docência Online e seus processos de formação contemporâneosDocência Online e seus processos de formação contemporâneos
Docência Online e seus processos de formação contemporâneosAlice Costa
 
Az éves beszámoló
Az éves beszámolóAz éves beszámoló
Az éves beszámolóZita Mokrai
 

Destaque (8)

Uem2c5 01
Uem2c5 01Uem2c5 01
Uem2c5 01
 
A coach szerepe a változásmenedzsmentben kremmer laszlo
A coach szerepe a változásmenedzsmentben kremmer laszloA coach szerepe a változásmenedzsmentben kremmer laszlo
A coach szerepe a változásmenedzsmentben kremmer laszlo
 
Docência Online e seus processos de formação contemporâneos
Docência Online e seus processos de formação contemporâneosDocência Online e seus processos de formação contemporâneos
Docência Online e seus processos de formação contemporâneos
 
Eloadasanyag Nemzetkozi Penzugyi Rendszer
Eloadasanyag Nemzetkozi Penzugyi RendszerEloadasanyag Nemzetkozi Penzugyi Rendszer
Eloadasanyag Nemzetkozi Penzugyi Rendszer
 
Hotel Boscolo Budapest
Hotel Boscolo BudapestHotel Boscolo Budapest
Hotel Boscolo Budapest
 
Tematika vezetoi szamvitel_-_2010. tavaszi félév
Tematika vezetoi szamvitel_-_2010. tavaszi félévTematika vezetoi szamvitel_-_2010. tavaszi félév
Tematika vezetoi szamvitel_-_2010. tavaszi félév
 
jQuery Behaviours
jQuery BehavioursjQuery Behaviours
jQuery Behaviours
 
Az éves beszámoló
Az éves beszámolóAz éves beszámoló
Az éves beszámoló
 

Semelhante a Risk View - InfoSec intro

Cyber metrics for KPIs and KRIs to measure risks and highlight trends
Cyber metrics for KPIs and KRIs to measure risks and highlight trendsCyber metrics for KPIs and KRIs to measure risks and highlight trends
Cyber metrics for KPIs and KRIs to measure risks and highlight trendsSkillweed
 
5 steps for better risk assessment
5 steps for better risk assessment5 steps for better risk assessment
5 steps for better risk assessmentDrMohammedFarid
 
Risk Assessment Framework
Risk Assessment FrameworkRisk Assessment Framework
Risk Assessment FrameworkJhurt7103
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAPPECB
 
Security risk management
Security risk managementSecurity risk management
Security risk managementbrijesh singh
 
Assessment Of Risk Mitigation
Assessment Of Risk MitigationAssessment Of Risk Mitigation
Assessment Of Risk MitigationEneni Oduwole
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
Business case for Information Security program
Business case for Information Security programBusiness case for Information Security program
Business case for Information Security programWilliam Godwin
 
Enterprise-wide Risk Assessment Presentation, dated 03-08-11
Enterprise-wide Risk Assessment Presentation, dated 03-08-11Enterprise-wide Risk Assessment Presentation, dated 03-08-11
Enterprise-wide Risk Assessment Presentation, dated 03-08-11wcooling
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
Enterprise Risk Management-Paper
Enterprise Risk Management-PaperEnterprise Risk Management-Paper
Enterprise Risk Management-PaperPierre Samson
 
SAM Susceptibility Index Assessment v1
SAM Susceptibility Index Assessment v1SAM Susceptibility Index Assessment v1
SAM Susceptibility Index Assessment v1Jim Hussey
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of securityciso_insights
 
Process Maturity Assessment
Process Maturity AssessmentProcess Maturity Assessment
Process Maturity Assessmentpchronis
 
ERM Presentation
ERM PresentationERM Presentation
ERM PresentationH Contrex
 

Semelhante a Risk View - InfoSec intro (20)

Cyber metrics for KPIs and KRIs to measure risks and highlight trends
Cyber metrics for KPIs and KRIs to measure risks and highlight trendsCyber metrics for KPIs and KRIs to measure risks and highlight trends
Cyber metrics for KPIs and KRIs to measure risks and highlight trends
 
5 steps for better risk assessment
5 steps for better risk assessment5 steps for better risk assessment
5 steps for better risk assessment
 
Risk Assessment Framework
Risk Assessment FrameworkRisk Assessment Framework
Risk Assessment Framework
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptx
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Allgress_Brochure
Allgress_BrochureAllgress_Brochure
Allgress_Brochure
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
It62015 slides
It62015 slidesIt62015 slides
It62015 slides
 
Assessment Of Risk Mitigation
Assessment Of Risk MitigationAssessment Of Risk Mitigation
Assessment Of Risk Mitigation
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
 
Business case for Information Security program
Business case for Information Security programBusiness case for Information Security program
Business case for Information Security program
 
Enterprise-wide Risk Assessment Presentation, dated 03-08-11
Enterprise-wide Risk Assessment Presentation, dated 03-08-11Enterprise-wide Risk Assessment Presentation, dated 03-08-11
Enterprise-wide Risk Assessment Presentation, dated 03-08-11
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
 
Enterprise Risk Management-Paper
Enterprise Risk Management-PaperEnterprise Risk Management-Paper
Enterprise Risk Management-Paper
 
Risk Product.pptx
Risk Product.pptxRisk Product.pptx
Risk Product.pptx
 
SAM Susceptibility Index Assessment v1
SAM Susceptibility Index Assessment v1SAM Susceptibility Index Assessment v1
SAM Susceptibility Index Assessment v1
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
 
Process Maturity Assessment
Process Maturity AssessmentProcess Maturity Assessment
Process Maturity Assessment
 
ERM Presentation
ERM PresentationERM Presentation
ERM Presentation
 

Risk View - InfoSec intro