Cybersecurity Risk Research Center
-
Upload
risk-group-llc -
Category
Documents
-
view
64 -
download
0
Transcript of Cybersecurity Risk Research Center
http://www.riskgroupllc.com
http://www.riskgroupllc.com
+ (832) 971 8322
CYBERSECURITY RISK RESEARCH
CENTER
COPYRIGHT RISK GROUP LLC 1
Cyber-Security Risk Research Centre
In this era of interconnected and
interdependent digitalized global economy, the nature and
definition of security is going through a fundamental
transformation. The revolution in information technologies,
processes and connected computers are altering
everything-- from how we communicate to how we work,
how we bank, how we shop and how we go to war. The
emergence of this whole new world of cyberspace has,
and is been more or less like an alien territory today—where
there are very few knowns—and mostly unknowns.
The connected computers, information technology and digitalization capability
of information that is revolutionizing every aspect of society—has brought
nations: its governments, industries, organizations, academia and individuals
(NGIOA-I)—a fundamental ability to connect and access information—without
any obstacle and interference. This has leveled the NGIOA-I playing field and
has brought a possibility of progress, prosperity and pride. What needs to be
seen is whether the connected computers can bring communication and
collaboration or chaos and calamities!
While information technology on connected computers is
fundamentally shaking the status quo and the power structure of
NGIOA-I, it has also been instrumental in shaking the
fundamentals of security and pointing out the inadequacy and
ineffectiveness of its current form of definition, structure, nature
and response
For much of human history, the concept of security has largely revolved around
use of force and territorial integrity. As the definition and meaning of security is
getting fundamentally challenged and changed in the world of cyberspace,
COPYRIGHT RISK GROUP LLC 2
the blurring territorial boundaries and integrity are also becoming hard to define
and maintain. The notion that traditional security is about violence towards
respective nations—from within or across its geographical boundaries is now
outdated, and needs to be evaluated and updated. Just like in any traditional
physical security ecosystem, in cyberspace—and its ecosystem also, one is only
as strong as the weakest link in the chain. It is time nations’ collectively
incorporate a different, more accurate meaning of boundaries-if any, and of
security—irrespective of in space, cyberspace or geo-space.
The challenges and complexities of evolving threats and security has crossed
the barriers of space, ideology and politics—demanding a constructive
collaborative effort of all stakeholders. When the changing nature of threats are
bringing new sets of challenges and complexities, collective brainstorming is a
necessity and not an option—to have an objective evaluation of what is at
threat and how can it be secured!
While the debate on the structure and role of government, industries,
organizations, academia will continue in the coming years, any attempt to
redefine security needs to begin with identifying, understanding, incorporating
and broadening the definition and nature of threat.
While information technology provides tools and technology to
communicate information on connected computers, it also
provides tools and technology to misuse information
Connected computers and its ecosystem—that makes the cyberspace, brings
complex challenges and complexities. A cyber-security system –like any system
is made of collection of parts that have complex level of inter-connectivity and
inter-dependencies, designed to achieve a desired goal. In spite of this inter-
connectivity and inter-dependencies of collection of sub-parts of any and all
systems, there is currently no culture of collective brainstorming, identifying,
evaluating or managing risks across nations—and cyber-security is no exception.
Irrespective of whether it is a geo-security system or cyber-security system, any
and all systems needs to be evaluated holistically and collectively—not merely a
COPYRIGHT RISK GROUP LLC 3
sum of its parts (because whole is always more than sum of its parts)—but as a
complete functioning unit. When any complex system that is made up of a
collection of parts, not only the individual parts needs to be evaluated, but the
environment in which the parts operate, its internal and external processes—and
its entire ecosystem needs to be evaluated. The cyber-security system, like the
human body, comprises of different components that interacts in complex
ways—within and across the cyber space. Nations need to understand the
cyber-security atmosphere, technology, processes, people, management,
governance-- its inter-connectedness and inter-dependencies—within and
across the cyberspace as one complete system. Understanding the cyberspace
completely will help nations improve their cyber-security risk understanding and
capabilities.
At the moment, cyber threats and cyber-security are not clearly
understood by any nations: its governments, industries,
organizations, academia and individuals
In the cyberspace, information is critical for not only survival but also
sustainability—and hence becomes a critical necessity to protect it at all costs.
When the cyber space is riddled with challenges and complexities, it is vital to
have a cyber-security model that is dynamic, holistic, and collective-- and that
considers all variables and integration points of NGIO-I.
Cyber-security vulnerabilities does not arise only from only technology, but also
from inadequacies in governance, processes, management, culture, inter-
dependencies and integration. When each nation: its government, industries,
organizations, academia and individuals are now vulnerable to cyber-attacks, it
is important to understand that short term fixes, that are preferred over
identifying and fixing root cause of the problems generally do not work. The
approach to security is currently reactive—not only governments, but most of
the industries and organizations do not give importance to securing their
information data and are reactive in their response and do not invest
proactively in cyber-security. This reactive response approach limits entire
nation’s ability to have a proactive cyber- security risk management
capabilities.
COPYRIGHT RISK GROUP LLC 4
Information—irrespective of individuals, industries, organizations, academia or
governments across nations is at risk. Unless security becomes a collective
proactive initiative, there will be recurring incidents of cyber-attacks with varied
levels of impact and intensity. The increasing level of cyber-security challenges
from integration within, between and across NGIOA-I forces a collective mindset
and efforts for securing cyberspace.
In order to be able to minimize and manage-- any and all cyber-security risks, it
is important to understand every possible building block of cyberspace: its
framework, associated processes, technology, people and ecosystem. When
managing cyber security seems to be near impossible at the moment, it is
important to acknowledge that there is a need for collective understanding and
integrated NGIOA-I cyber-security framework without which, any and all efforts
will be meaningless.
Cyber-security requires an integrated approach with a common language.
While appropriate hardware and software is a fundamental necessity,
establishing effective cyber-security framework, integrated NGIOA-I approach,
structured processes is even more important.
What do we know about the cyberspace? Who does it belong to?
Who is accountable? Governments-Department of Defense?
Homeland Security? Industries? Organizations? Academia?
While going digital is a global age necessity, the question is whether going
digital is wise through open internet -- especially when nation’s digital
infrastructure is put together in a haste in silo—with no coordinated framework,
standards, policies and regulations. Unless there are significant advances in the
nature of digital infrastructure, its processes, technology, tools, accountability
and oversight, it is not only the privacy of NGIOA-I that is @ risk—everything is at
risk.
In an interconnected world, NGIOA-I need to be responsible for securing the
cyberspace. Relying on government alone to provide and enforce cyber-
security is like asking a thief to break in with doors and windows wide open. Each
COPYRIGHT RISK GROUP LLC 5
one of us—each NGIOA-I has a responsibility towards securing the cyber
space—just like each one of us has responsibility towards securing our valuables,
homes and businesses!!
Cyberspace cannot be secured if nations and its governments work in silo within
and across its national boundaries. The need for integration and collaboration
between NGIOA-I—within and across nation’s geographical boundaries is a
fundamental necessity for not only managing the cyberspace but to manage
any global threat! Time for NGIOA integration and collaboration is now!
Jayshree Pandya
Founder: Risk Group
http://www.riskgroupllc.com
+ (832)9718322
Risk Group pioneers value in Integrated NGIOA Risks
COPYRIGHT RISK GROUP LLC 6
Need for Integrated Risk Research Services
What risks are managed depends on what risks have been
identified!
RISKS ARE INEVITABLE. ALL THE TOOLS, TECHNOLOGY, PROCESSES, GUIDELINES
AND FRAMEWORK IN THE WORLD WON’T HELP, IF RISKS CANNOT BE ACCURATELY
IDENTIFIED, OBJECTIVELY EVALUATED AND PROACTIVELY MANAGED!
Everything has risks. It is the ability to take risks that gives rise to possibility of
progress and advancement. Progress and advancement is all about risk taking.
Every decision-whether it be for investment, innovation, product choice, market
penetration or strategy comes with risks and a possibility of failure. The
fundamental reality of risks and uncertainty brings a possibility of failure, and the
very promise of progress and prosperity— crushed and shattered. Amidst this, no
decision makers can stand unconcerned. It is in their own interests, and their
initiatives interest that they need to educate themselves with the knowledge
that is necessary and essential, to identify real risks and issues.
It is vital for nations: its governments, industries, organizations and
academia to be risk aware—to accurately anticipate, prepare
and plan!
No decision maker can live and operate in a culture that lacks basic
understanding and acknowledgement of risks. Neither can they deny or refuse
to take personal and professional responsibility of the decisions that they make;
nor can they refuse to take accountability and ownership of their decisions. No
decision maker can be in denial, or can develop tone deafness towards risks. It
is time to change, the culture habit of not identifying real risks, ignoring risks or
transferring risks.
Developing a culture of objective, non-partisan risk awareness is very critical
and vital to the success of any initiative or progress and development. This risk
aware culture will ultimately help ensure trust and understanding of critical risks
and issues, as well as its impact. Amidst exposure to turbulent times and its
COPYRIGHT RISK GROUP LLC 7
associated perils, no tools in the world can help meet any initiative’s objectives -
-whose risks are not identified. Risk identification is the key.
When risk transcends initiatives, industries, borders, cultures,
nations, societies and human existence, taking timely risk
initiatives, is a necessary forward-looking move.
As today’s risks are tomorrow’s crisis, there is a need to make transition from a
reactive approach to proactive for identifying, evaluating and managing risks.
Proactive Risk Identification is fundamental for progress and advancement and
it is an on-going process. Risk Group’s understanding of the changing global
fundamentals and years of research on risks facing nations: its governments,
industries, organizations and academia (NGIOA) will help:
Board of Directors
C-Suite
Executive Management
Senior Management
Decision Makers
Policy Makers
Investors
While traditional risk management can offer tools, technology, processes,
guidelines and framework, it cannot provide global insights and integrated
knowledge and understanding of globalized cyberspace risks—this is where Risk
Group steps in! Risk Group’s stellar reputation in global risk industry is derived
from its expertise in understanding of global age, changing global
fundamentals, defining broader problems of traditional risk management,
creating an advanced risk management practice, developing integrated risk
research designs, executing complex integrated studies, analyzing data and
identifying integrated risks that has the biggest impact on any initiative—to help
decision makers make the most informed decision possible.
All of Risk Group’s core competencies are supported by an
active commitment to on-going advanced risk research and
development programs!
COPYRIGHT RISK GROUP LLC 8
Risk Group’s passion in studying NGIOA (nations: its governments, industries,
organizations and academia) is to guide them towards excellence through
sustainable change. As integrated risk experts, Risk Group offers extensive risk
research, out of the box solutions, and future thinking in supporting all NGIOA to
face and overcome global challenges. Risk Group achieves this by engaging in
a dialogue with our clients to identify risks that matter, manage change and co-
create the meaning of risks and risk management!
Risk Group’s advanced risk research services will help you identify
integrated risks facing your decisions, be prepared and compete
in a digitalized global age
COPYRIGHT RISK GROUP LLC 9
Need for Cyber-Security Risk Research Services
Concerns about cyber-security risks are increasing across nations: its
governments, industries, organizations, academia-and individuals (NGIOA-I)! For
NGIOA-I, identifying, evaluating and understanding the many complex
interconnected and interdependent – internal and external sources to have
objective, risk centric, relevant, targeted and actionable information is like
finding a needle in a haystack: time-consuming, resource-intensive and
inefficient. This is where Risk Group can help-
With a global network of highly skilled integrated risk resources,
Risk Group is well positioned to provide NGIOA-I, the Cyber-
security Risk Research Centre that it needs.
Risk Group’s Cyber-Security Risk Services can help NGIOA-I understand:
Cyberspace: Opportunities and Risks
Cyberspace Infrastructure: Current and Crucial
Cyberspace: Digital Assets and Valuation
Cyber-security Tools and Technology: Current and Crucial
Cyber-security Processes: Current and Crucial
Cyber-security Human Resources: Current and Crucial
Cyber-security Insurance: Current and Crucial
Cyber-warfare: From Geo wars to Cyber war
Risk Group’s Cyber-Security Risk Research Centre is being developed to help
nations: its governments, industries, organizations and academia make risk
informed and intelligent decisions.
How well do you understand cyberspace?
How secure is your organizations cyber infrastructure?
What is your organization’s cyber-security approach?
What is your organization’s cyber-security risk strategy?
What cyber-security capabilities do you have right now?
What cyber-security resources do you have right now?
What cyber-security processes do you have right now?
COPYRIGHT RISK GROUP LLC 10
Survival and success of nations: its government, industries, organizations and
academia are subject to uncertainty, gaps, strength, weaknesses, resources,
capabilities, motivation, risks-rewards and much more. The rapidly changing
fundamentals of the emerging cyberspace are creating unusual complexities
and challenges for every nation: its government, industries, organizations and
academia (NGIOA).
Because of the rapid pace of change in the cyberspace
ecosystem, cyber-security risk research has become a
fundamental need for survival
Cyber-security risks are most consequential for an ability to achieve objectives,
build, and protect value—and cyber-security risk research is about identifying
the risks that are most vital to achieving core objectives and goals.
Planning cyber strategy and managing cyber-security risks goes
hand in hand!
COPYRIGHT RISK GROUP LLC 11
Cyber-Security Risk Research Center’s Objectives
Without understanding independent and integrated cyber-
security risks, no nation: its government, industries, organizations
and academia can make appropriate investments, take
necessary initiatives, compete and succeed!
The objective of Cyber-Security Risk Research Centre is to:
Identify, analyze and respond to those cyber-security risks that could
potentially impact any organizations ability to realize its current and
strategic / operational objectives in cyberspace as well as geo-space.
Support the development of collaborative thinking about the integrated
cyber-security risk challenges facing nations: its government, industries,
organizations and academia.
Promote the ability of NGIOA-I to share common understanding and
awareness of threats facing NGIOA-so as to prepare an organization
ready to act independently but collaboratively.
Strengthen the resilience of an organization through systemic preparation
for the cyber threats that pose the greatest risks to its survival, security and
sustainability in cyberspace and geospace
Emerging Cyber-security threats
Emerging Cyber-
Security threats
Resources
Technology
Products
Processes
InvestmentSkills
Regulations
Cyber-Space Governance
Cyber-Space Knowledge
COPYRIGHT RISK GROUP LLC 12
Cyber-Security Risk Research Centre will merge the boundaries of
Geo-security, Cyber-security and Space-security
Understanding the nature of client objectives and their current challenges, Risk
Group will recommend the scope of the Risk Research Services.
Broad cyber-security scope:
Global cyber- security risks
Regional cyber-security risks
National cyber-security risks
Industry cyber-security risks
Organization cyber- security risks
Academia cyber-security risks
Individuals cyber- security risks
Narrow Scope:
Cyber-security technology risks
Cyber -security product risks
Cyber-security process risks
Cyber-security resource risks
The scope will determine the need for resources—both on-site as
well as off-site
COPYRIGHT RISK GROUP LLC 13
Cyber- Security Risk Research Approach
Risk Group’s proactive, objective, neutral and participatory
approach to cyber-security risks will help NGIOA take informed
decisions about risks facing their initiatives
Risk Group will draw risk data and information from
In house Risk Group research
Client interviews
Public information
All sources will be documented to promote credibility and transparency of the
risk identification and assessment. Given the uncertainty inherent in assessing
evolving cyber-security risks, a wide degree of uncertainty will be likely. Key
limitations and assumptions will be noted.
In spite of the inherent nature of uncertainties in cyber-space, risk
identification and analysis supports better decision-making
Risk Group’s approach to cyber-security risk research is designed to provide
maximum value, with integrity and privacy that is desired by the board rooms
and c-suites.
COPYRIGHT RISK GROUP LLC 14
Cyber-Security Risk Research Methodology
Risk Group approach will be tailored to the needs of the
organization
Risk Group Methodology
Cyber-security risks, impact an organization’s ability to achieve its current and
strategic objectives. Cyber-security risk research is a process to identify, evaluate
and communicate the risks facing current and strategic objectives. This process
protects and creates value for shareholder/investors.
Cyber-security risk management is a process to identify, evaluate and
manage cyber-security risks. Cyber-security risk research needs to be
an on-going process.
Risk Group will
Research and review cyber-security risks impacting the
sector/industry/nation to achieve a preliminary understanding of the risks
facing organization
COPYRIGHT RISK GROUP LLC 15
Prepare an initial risk review that will help understand the cyber-security
risks facing organization
Collaborate and achieve a deeper understanding of the strategic risks
facing organization through meetings, interviews and brainstorming
sessions with c-suites, executive management, boardroom etc.
Evaluate the understanding of cyber-security risks and risk management
processes by organization
Review and record the cyber-security risk profile of the organization (Risk
Group views + organization views)
Communicate the cyber-security risk profile to the stakeholders
Perform regular cyber-security risk research reviews
Understanding of cyber-security risks is the foundation to
preparedness
Cyber-security risk research will provide nations: its government, industries,
organizations and academia a clear view of risk variables to which they may be
exposed –collectively or individually. An on-going thorough integrated risk
analysis will empower the decision-makers with a better decision making criteria
and process. A structured integrated risk research would allow organization
within any NGIOA be better prepared to meet its goals and objectives.
Risk Group research would not be based on purely what
organizations think their risks are—but would also have Risk Group
internal thought leaders add to what the risks are—that would
help complete the risk profile
COPYRIGHT RISK GROUP LLC 16
Cyber-Security Risk Research Plan
The cyber-security risk research would be conducted with a view that the
primary purpose of any organization is to meet the shareholders / investors’
expectations. Any unforeseen and unidentified cyber-security risk compromises
the ability to support its fundamental objectives
Understand the organization
o Understand organizations objectives, strategies, business model,
culture, technology, operations, resource model, working practices,
communication protocol and so on
o Understand the broader challenges facing the organization,
industry and nation through Risk Group internal research
o Understand the challenges as experienced by the organization and
its executives
Understand the cyber-security challenges facing organization
Evaluate the cyber-security risks
o Cyber-security risks that can be managed by the organization
o Cyber-security risks that have interdependencies and needs
collaboration of NGIOA to be managed
Develop a cyber-security risk profile
Communicate the cyber-security risk profile
Risk research frequency is established –quarterly recommended
Risk Research plans will be revised as necessary
An objective, independent, cyber-security risk analysis plays a
significant role in the development and sustainability of any
initiative / and or organization within any NGIOA.
COPYRIGHT RISK GROUP LLC 17
Cyber-Security Risk Research Deliverables
A Cyber-Security Risk Map: Cyber-security risks will be individually rated and
summarized. A cyber-security risk map will reveal which risks are most significant
and should be the focus of management for mitigation / and or management.
It will also enable analysis of risk interdependencies that will help them evaluate
whether there is need for collaboration within the sector/ industry/nation for
possible mitigation/ and or management of risks.
A Cyber-Security Risk Report: A cyber-security risk report will detail the
identification, evaluation and communication of the identified cyber-security
risks
COPYRIGHT RISK GROUP LLC 18
RISK GROUP HOPES TO PARTNER WITH NATIONS: ITS GOVERNMENT, INDUSTRIES,
ORGANIZATIONS AND ACADEMIA (NGIOA) FOR THE SUPPORT OF INDEPENDENT
AND INTERDEPENDENT CYBERSECURITY RISK RESEARCH THAT IS IN CONSONANT
WITH ITS MISSION OF GLOBAL PEACE THROUGH RISK MANAGEMENT!
It is our belief that collaboration between and across NGIOA will be mutually
beneficial to all cybersecurity stakeholders across nations—for not only the
identification and understanding of critical Cyber-security risks, cyber space and
its ecosystem (for what risks are managed depends on what risks are identified),
but also raising awareness of the much-needed critical risks of the
interconnected and interdependent global age.
Risk Group intends to carry out independent and integrated
Cyber-security risk research to advance the frontiers of
Cyberspace and its ecosystem.
Risk Group’s Cyber-security Risk Research Centre and its projects will not be of
only intellectual interest and debate but also provide practical and forward
looking understanding and guidance for the survival and sustainability of
NGIOAs in the digitalized Global Age. In addition it will also provide operational
guidance for the development of useful products, processes and services to
make Cyberspace and its ecosystem secure.
Risk Group is available to enter into agreement for both public as well as private
research. Depending on the scope, Risk Group research will be either
independent or interdependent and will depend on collaboration and support
of NGIOA.
A valuable benefit of Risk Group approach to Cyber-security Risk
Research is Collaboration, Cooperation and Comprehension.
COPYRIGHT RISK GROUP LLC 19
Cyber-Security Risk Research and Advisory Pricing
Risk Group offers Fixed Price framework for funding Sponsored Strategic Risk
Research as well as Advisory Services.
FIXED PRICE CYBER-SECURITY RISK RESEARCH FUNDING FRAMEWORK: Under this
framework, Risk Group and the client organization agrees upon a fixed-price
arrangement based on the best estimate of costs needed to complete the
Cyber-Security Risk Research, which can be adjusted if the parties agree or if the
client organization requests additional work.
FIXED PRICE CYBER-SECURITY RISK ADVISORY SERVICES: Depending on the scope
of the advisory services, Risk Group and the client organization will agree upon a
fixed price yearly advisory services fees.
COPYRIGHT RISK GROUP LLC 20
Cyber-Security Risk Research Areas: On-going Research
Topic #
Cyber-Space
Research Areas
Scope of
Research
Fixed Price
Research
Funding
(USD)
Details
Comments
1 Blurring
boundaries :
Geospace -
Cyberspace-
Interplanetary
Space
2 Traditional-
Security to Cyber-
Security
3 Cyberspace:
Need for
Integrated Cyber-
Governance
4 Cyberspace:
Evolving
Regulations and
Compliance
5 Cyber-Security
Technologies:
Current and
Needed
6 Cyber-Systems:
Unknowns
7 Cyber-Security
Standards: Need
for common
language
8 Cyberspace:
Privacy and
Identity
Management
9 Cyber-Security:
Beyond Hackers
and Crackers
10 Cyberspace: Its
impact on Geo-
space
11 Cyberspace: Laws
and Law
Enforcement
12 Cyberspace:
Leveled Playing
Field
COPYRIGHT RISK GROUP LLC 21
13 Cyberspace:
Computer
Forensics
14 Cyberspace:
Information Data
Flow
15 Cyberspace:
Blurring
boundaries with
traditional
geography
16 Cyberspace:
Crime and
Criminals
17 Cyberspace:
Impact on
Commerce
18 Cyberspace:
Impact on
Healthcare
19 Cyberspace:
Impact on
Economy
20 Cyberspace:
Impact on Military
21 Cyberspace:
Impact on
Government
22 Cyberspace:
Impact on Nations
Culture
23 Cyberspace:
Impact on Society
24 Cyberspace:
Impact on
Innovation and
Entrepreneurship
25 Cyberspace:
Impact on
Banking
26 Cyberspace:
Impact on
Communication
and Media
27 Cyberspace:
Evolving
Authentication
protocols
28 Cyberspace:
Liability and
Cyber-insurance
COPYRIGHT RISK GROUP LLC 22
29
Cyber warfare
30
Cyberspace:
Impact on Energy
Infrastructure
31
Cyberspace:
Impact on
Transportation
Infrastructure
32
Cyberspace:
Impact on
Financial
Infrastructure
33
Cyberspace: A
key to Global
Peace
Risk Group is in process of identifying additional areas of interest for Cyber-
security Risk Research. In case Sponsoring Organization suggests research
topics relevant to their interests, Risk Group, after internal evaluation of cost will
quote the Fixed Price of suggested work-
INFORMATION
For further information, contact Risk Group at +832 971 8322