Integrated Risk Management
-
Upload
omicron-systems -
Category
Technology
-
view
233 -
download
0
Transcript of Integrated Risk Management
![Page 1: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/1.jpg)
![Page 2: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/2.jpg)
o The Problem / Complexity
o ISO 31000 / 27001 / 20000
o NIST SP 800-30 rev.1
o Risk Management
o Risk Modelling
o The System / Login / Menu
o Risk Assessment
o Subsystems / Connection
o Automation & Modelling
o User Management
o Internal Communication
o Documentation & Support
o Mitigation Strategy
o Filters & Colours
o Report Engine
o Document Management
o Risk Doc Templates
o Risk Monitoring
o Workflows
o Audit Management
o Reviews & Knowledge Mngt
o Risk Scenario
o Summary & Conclusion
![Page 3: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/3.jpg)
Risk
Migrate, so it’s difficult to identify them
Grow fast suddenly
‘Hide’ due to limited physical oversight
As systems have become more complex, integrated and connected to third parties, risks are growing exponentially and
the security and control budget quickly reaches its limitations.
![Page 4: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/4.jpg)
Risk Management – Principles and
Guidelines
Any type of risk, any type of industry
Guide for conducting Risk Assessments
USA Federal Information Systems &
Organizations
Security techniques – ISMS –
Requirements
IT Service Management - Requirements
ITIL - COBIT
![Page 5: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/5.jpg)
Establishing Context
Risk Assessment
Risk identification
Risk analysis
Risk evaluation
Com
munic
ation &
Consultation
Monitoring &
Revie
w
Risk Treatment
![Page 6: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/6.jpg)
Likelihood X Impact
5 categories used by Microsoft in the past. It
provides a mnemonic for risk rating security
threats.
Base, Temporal and Environmental
Metrics.
Open Web Application Security Project
4 risk categories x 4 factors/impacts
![Page 7: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/7.jpg)
![Page 8: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/8.jpg)
![Page 9: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/9.jpg)
![Page 10: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/10.jpg)
![Page 11: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/11.jpg)
![Page 12: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/12.jpg)
![Page 13: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/13.jpg)
![Page 14: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/14.jpg)
![Page 15: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/15.jpg)
![Page 16: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/16.jpg)
![Page 17: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/17.jpg)
![Page 18: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/18.jpg)
![Page 19: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/19.jpg)
![Page 20: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/20.jpg)
![Page 21: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/21.jpg)
![Page 22: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/22.jpg)
![Page 23: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/23.jpg)
A user identifies an event as a
possible threat and opens a
ticket to the system.
He marks the record (priority field) as
“Urgent” and an automated
workflow sends a notification
email to the team.
In 5 minutes an engineer has
received the notification. He
examines the situation and
creates a risk record to the
system.
Multiple incidents are recorded
during the day from different
users and for different things.
Every manager sets the priorities for
the next period, assigning
activities to the members of
his/her team.
As he/she implements risk
assessments, or approve
mitigations, he always
watches to key metrics and
dashboard diagrams.
Periodically and just before the
external audits, he reviews all
risks that have to be reviewed,
he runs the report engine and
conducts the risk assessment
and treatment report.
2 times per year, top management
reviews all the statistics and
kpi’s.
Especially, they want to know the
most important things that
happened and if the Targets
are met.
![Page 24: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/24.jpg)
• Evolving systems require good risk management
• All members should collaborate during this process
• Ideally, IT tools should be used for efficiency and
compliance
![Page 25: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/25.jpg)
We are trying our best!
1 str. Artis, Athens, GR
www.osys.gr
30 210 97 62 600
www.facebook.com/osys.gr
@omicronsystems
![Page 26: Integrated Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062902/58ee02a61a28abe4498b4667/html5/thumbnails/26.jpg)
Yiannis Issaris - Omicron Systems
3rd CryCybIW