SlideShare une entreprise Scribd logo

Risky Business

Télécharger en tant que PPTX, PDF
Michael Scheidell
Michael Scheidell

Risk Management is more than just Risk Avoidance. Go beyond IT Audits, Security Assessments, checklists and checkboxes. Join Michael Scheidell, Certified CISO as you move beyond Risk Assessments and Risk Management into Risk Enablement. Risk Enablement is the process of developing an Enterprise Risk Management program that facilitates and encourages a strategy of supporting TAKING Risks. The requirement of any growing company. Find out how to build a culture of informed Enterprise Risk Management. (related whitepaper at http://blog.securityprivateers.com/2014/03/to-achieve-good-security-you-need-to.html

BusinessÉconomie & finance
1  sur  32
Michael Scheidell, CISSP, CCISO, SMIEEE RISKY BUSINESSPrepare and Defend. InfraGard slidesha.re/1H0uVSL
© 2014-2015 All Rights Reserved Security Priva(eers Sub headline AGENDAMichael Scheidell, CISSP, CCISO, SMIEEE Risky Business @scheidell 561-948-1305 / michael@securityprivateers.com http://www.securityprivateers.com • CISSP, Certified CISO • SE Regional Rep, Infragard National • Board Member, InfraGard, South Florida Members Alliance • Delegate to NIST CSF workshop • Retained CISO • Member ISSA, IAPP, ISACA, PMI, SFTA, CSA, FISA, IEEE • Patents in Network Security • Founded 3 technology companies
Sub headline AGENDAAGENDA © 2014 All Rights Reserved Security Priva(eers • Evolution, Revolution or Anarchy • Who is Responsible for IT Security? • Please Stop calling it InfoSec • IT Risk Management • Risk Officer / Risk Committee • Types of Risk Management • Risk of Too Much Management • Risk Management Frameworks • Do or Not Do. There is no Try
Restricted Access Evolution, Revolution or Anarchy
Restricted Access Evolution, Revolution or Anarchy Secrets
Restricted Access Evolution, Revolution or Anarchy Secrets Protection
Sub headline AGENDAWho is Responsible for IT Security Not My Job CFO IT Security Network Manager CIO Dir IT CEO
Please Stop Calling it Information Security Information Security Usually in the IT department, no visability into business practices. Revolves around the Information Security Policy and one of several InfoSec Frameworks. 1 IT Risk Management Without direct involvement with all stakeholders you can’t allocate resources or determine what to protect and why. 2
Executive Operations Information Technology Legal Finance CRO IT Retail Add in LOSS PREVENTION 1 Marketing PR for when things go wrong 2 Risk Management It’s Everyone’s Job Chief Risk Officer
From here to there and back again Risk Management Steps 1 Business Impact Analysis What will it cost us. Needed for DRP and BCP also. 2 Identify Risks Governance, Risk, Compliance 3 Priorize Mitigation Budget, Business Impact, Legal 4 Fund Failure It will happen. Decide what to do before it happens.
LIKELIHOOD CONSEQUENCES How likely is the event to occur ? What is the Severity of Injuries/potential damages/financial ? Almost certain - MODERATE RISK HIGH RISK HIGH RISK CRITICAL RISK CRITICAL RISK Expected in normal circumstances: 100% Likely - MODERATE RISK MODERATE RISK HIGH RISK HIGH RISK CRITICAL RISK Probably occur in most circumstances: 10% Possible - LOW RISK MODERATE RISK HIGH RISK HIGH RISK CRITICAL RISK Might occur at some time: 1% Unlikely - LOW RISK MODERATE RISK MODERATE RISK HIGH RISK HIGH RISK Could occur at some future time: 0.1% Rare - LOW RISK LOW RISK MODERATE RISK HIGH RISK HIGH RISK Only in exceptional circumstances: 0.01% Insignificant Minor Moderate Major Catastrophic No Injuries No Envir Impact < $1,000 Damage Some First Aid Low Envir Impact < $10K Damage External Medical Medium Impact < $100K Damage Extensive injuries High Envir Impact < $1MM Damage Death/Major injury Toxic Envir Impact > $1MM Damage
Enterprise Risk1 © Copyright 2014 security Priva(eers Sub headline AGENDATypes of Risk Management There is more than one way to go bankrupt Operational Risk2 Regulatory and Legal Risk3 Financial Risk4 Unknown Risk5 Where does Information Risk Management Fit?
Operational Risk Operational risks exist in every organization, regardless of its size, in any number of forms including hurricanes, blackouts, computer hacking, and organized fraud. Types of Risk Management Regulatory and Legal Risk International, Federal, State, Local, Legal and Industry Specific: Safe Harbor, GLBA, SOX, Sarbanes-Oxley, HIPAA, PCI Financial Risk The loss of key resources like funding through Credit Risk, Investment Risk, Liquidity Risk and Market Risk Enterprise Risk Enterprise risk management (ERM) is a framework to reduce earnings volatility through a robust risk governance structure and strong risk culture, supported by sound risk management capabilities. Unknown Risk “There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don’t know. But there are also unknown unknowns. There are things we don’t know we don’t know” Donald Rumsfeld
© Copyright 2014 Security Priva(eers Harvard Business Review, June 2012 Preventable Risks • Risks that can be controlled • Employee misconduct • Unauthorized, illegal • No strategic benefit • Manage pro-actively • Monitoring processes • Guiding behaviors • Rules-based compliance 1 Strategy Risks • Must Accept Some Risks • Lender Accepts Risk • R & D Spending • Not inherently undesirable • Higher Reward-Higher Risk • Rules-based won’t work Requires a risk-management system designed to reduce the probability that the assumed risks actually materialize and to improve the company’s ability to manage or contain risk events should they occur. 2 External Risks • Beyond Company Control • Natural Disasters • Political Disasters • Economic Disasters • Can’t prevent them • Can’t predict them • Focus on identification • Plan: • Business Impact Analysis • Disaster Recovery Plan • Business Continuity Plan • Insurance 3
Working With Risks Enterprise Operational Regulatory Financial Strategic Risks Preventable Risks External Risks Acceptable Risks
IT-related Risk Enterprise Risk Strategic Risk Environmental Risk Market Risk Credit Risk Operational Risk Sub headline AGENDAIT Risk in the Risk Hierarchy Where IT fits in IT Benefit/Value Enablement Risk IT Program and Project Delivery Risk IT Operations and Service Delivery Risk IT risk is a component of the overall risk universe of the enterprise. In many enterprises, IT-related risk is considered to be a component of operational risk, e.g., in the financial industry in the Basel II. However, even strategic risk can have an IT component to it, especially where IT is the key enabler of new business initiatives. The same applies for credit risk, where poor IT (security) can lead to lower credit ratings. For that reason it is better not to depict IT risk with a hierarchic dependency on one of the other risk categories, but perhaps as shown in the example given.
Sub headline AGENDAWorking with Risks COBIT 5 for Risk
Sub headline AGENDAIT Risk Frameworks NIST 800-37
Connect to Business Objectives Align IT Risk Management With ERM Balance Cost/Benefit of IT Risk Promote Fair and Open Discourse Establish Tone and Accountability at the Top Function as Part of Daily Activities Sub headline AGENDAIT Risk Frameworks ISACA’s RISK IT Framework Risk IT Principles
Sub headline AGENDAIT-related Risk Management Risk IT is not limited to information security. It covers all IT- related risks, including: • Late project delivery • Not achieving enough value from IT • Compliance • Misalignment • Obsolete or inflexible IT architecture • IT service delivery problems
You take the blue pill – the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill, … you stay in Wonderland, and I show you, how deep the rabbit-hole goes. Sub headline AGENDATwo choices This is your last chance ... After this, there is no turning back.
© Copyright 2014 Security Priva(eers Harvard Business Review, June 2012 Preventable Risks • Risks that can be controlled • Employee misconduct • Unauthorized, illegal • No strategic benefit • Manage pro-actively • Monitoring processes • Guiding behaviors • Rules-based compliance 1 Strategy Risks • Must Accept Some Risks • Lender Accepts Risk • R & D Spending • Not inherently undesirable • Higher Reward-Higher Risk • Rules-based won’t work Requires a risk-management system designed to reduce the probability that the assumed risks actually materialize and to improve the company’s ability to manage or contain risk events should they occur. 2 External Risks • Beyond Company Control • Natural Disasters • Political Disasters • Economic Disasters • Can’t prevent them • Can’t predict them • Focus on identification • Plan: • Business Impact Analysis • Disaster Recovery Plan • Business Continuity Plan • Insurance 3
Running with Scissors Why RISK is Good
Sub headline AGENDARisk of Too Much Management • What major systemic failure can you think of in Security and Privacy? • Where has too much Security eliminated Privacy and did nothing for Security? • Have you experienced too much security?
Sub headline AGENDA$93 Billion Dollars spent since 2001
Sub headline AGENDAWhere to put priorities • Identify • Risk Assessment • Likelihood • Logs • Security Alerts • Consequences • Business Impact Analysis • Data Valuation • Unavailable • Modified • Exfiltrated • Data Classification • Public • Private • Classified • THEN AUDIT
Sub headline AGENDAWhere to put priorities • Exfiltrated Public Data • State Code DB • DoS Ketchup Formula • Corrupt ICBM Codes • 40MM Dumps with PIN
Sub headline AGENDABusiness Impact Analysis Data Valuation / Data Classification Data Breach Profitibility BCP/DRP/RISK IT BIA Missing Backup Internet Outage Power Outage
Responsibility Executive Management (go to www.hotjobs.com) 1 Start to work Partner with other departments 2 Without a destination, any path will do. 3
© 2014 All Rights Reserved • Join InfraGard http://www.infragard.org/ • Join ISACA http://www.isaca.org • Join ISSA http://www.issa.org • Presentation: http://slidesha.re/1H0uVSL • Learn about RISK IT and COBIT • Training / Certifications: CISSP, CCISO, CRISC Sub headline AGENDANew Platform, Old Mistakes Keep doing the same thing hoping for different results
© 2014-2015 All Rights Reserved Risk Management Programs • Build your IT Risk Management Team • Help Management Implement RISK IT • Training • Web App Assessment • SDLC Review • IT Risk Assessments • Retained CISO Sub headline AGENDARisky Business Where to get Help @scheidell 561-948-1305 / michael@securityprivateers.com http://www.securityprivateers.com Call to set up an appointment for initial review

Recommandé

Technology leadership driving business innovation
Technology leadership driving business innovationTechnology leadership driving business innovation
Technology leadership driving business innovationJoAnna Cheshire
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 
Disaster management basics rev 1
Disaster management basics rev 1Disaster management basics rev 1
Disaster management basics rev 1Geary Sikich
 
Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - CopyRabah Odeh ITIL 5.0-OCP-CISA-PMP-OCP..etc
 
6 Pitfalls when Implementing Enterprise Risk Management
6 Pitfalls when Implementing Enterprise Risk Management6 Pitfalls when Implementing Enterprise Risk Management
6 Pitfalls when Implementing Enterprise Risk ManagementPECB
 
BIFM Risk Management Event 8th September 2016
BIFM Risk Management Event 8th September 2016BIFM Risk Management Event 8th September 2016
BIFM Risk Management Event 8th September 2016Whitbags
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
Improving Security Metrics
Improving Security MetricsImproving Security Metrics
Improving Security MetricsDoug Copley
 

Recommandé

Technology leadership driving business innovation
Technology leadership driving business innovationTechnology leadership driving business innovation
Technology leadership driving business innovationJoAnna Cheshire
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 
Disaster management basics rev 1
Disaster management basics rev 1Disaster management basics rev 1
Disaster management basics rev 1Geary Sikich
 
Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - CopyRabah Odeh ITIL 5.0-OCP-CISA-PMP-OCP..etc
 
6 Pitfalls when Implementing Enterprise Risk Management
6 Pitfalls when Implementing Enterprise Risk Management6 Pitfalls when Implementing Enterprise Risk Management
6 Pitfalls when Implementing Enterprise Risk ManagementPECB
 
BIFM Risk Management Event 8th September 2016
BIFM Risk Management Event 8th September 2016BIFM Risk Management Event 8th September 2016
BIFM Risk Management Event 8th September 2016Whitbags
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
Improving Security Metrics
Improving Security MetricsImproving Security Metrics
Improving Security MetricsDoug Copley
 
Formal Risk Assessment Workshop
Formal Risk Assessment WorkshopFormal Risk Assessment Workshop
Formal Risk Assessment WorkshopPraveen Vackayil
 
Reputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to CareReputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to CareEthisphere
 
Mtgt2017 preaccelerator day3
Mtgt2017 preaccelerator day3Mtgt2017 preaccelerator day3
Mtgt2017 preaccelerator day3Michelle Kleynhans
 
How to Manage Strategic & Reputation Risk in Turbulent Times
How to Manage Strategic & Reputation Risk in Turbulent TimesHow to Manage Strategic & Reputation Risk in Turbulent Times
How to Manage Strategic & Reputation Risk in Turbulent TimesPECB
 
Finding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown JewelsFinding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown JewelsDoug Landoll
 
Whose risk counts
Whose risk countsWhose risk counts
Whose risk countsDr Raj Thamotheram
 
Measuring DDoS Risk using FAIR (Factor Analysis of Information Risk
Measuring DDoS Risk using FAIR (Factor Analysis of Information RiskMeasuring DDoS Risk using FAIR (Factor Analysis of Information Risk
Measuring DDoS Risk using FAIR (Factor Analysis of Information RiskTony Martin-Vegue
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceEvan Francen
 
Executive Travel, Keeping Your Employees Safe
Executive Travel, Keeping Your Employees SafeExecutive Travel, Keeping Your Employees Safe
Executive Travel, Keeping Your Employees SafeResolver Inc.
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingTony Martin-Vegue
 
OH&S Risk Management: Due Diligence in the Workplace
OH&S Risk Management: Due Diligence in the WorkplaceOH&S Risk Management: Due Diligence in the Workplace
OH&S Risk Management: Due Diligence in the WorkplaceDrake International
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right postureParag Deodhar
 
Risk management models - Core Consulting
Risk management models - Core ConsultingRisk management models - Core Consulting
Risk management models - Core ConsultingCORE Consulting
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasEvan Francen
 
Relating Risk to Vulnerability
Relating Risk to Vulnerability Relating Risk to Vulnerability
Relating Risk to Vulnerability Resolver Inc.
 
Risk managemet made easy
Risk managemet made easyRisk managemet made easy
Risk managemet made easysheyam selvaraj
 
Risk management automation
Risk management automationRisk management automation
Risk management automationsheyam selvaraj
 
Grc t17
Grc t17Grc t17
Grc t17SelectedPresentations
 
Risk Management in Pilotage - By Mr. Marantis Stylianos
Risk Management in Pilotage - By Mr. Marantis StylianosRisk Management in Pilotage - By Mr. Marantis Stylianos
Risk Management in Pilotage - By Mr. Marantis StylianosISPO | International Standard for Maritime Pilot Organizations
 
Using ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernanceUsing ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernancePECB
 
Unhealthy Developing World Food Markets
Unhealthy Developing World Food MarketsUnhealthy Developing World Food Markets
Unhealthy Developing World Food MarketsThe Rockefeller Foundation
 
EGAP Dnipro Acceleration Program
EGAP Dnipro Acceleration ProgramEGAP Dnipro Acceleration Program
EGAP Dnipro Acceleration ProgramSergey Dovgopolyy
 

Contenu connexe

Tendances

Formal Risk Assessment Workshop
Formal Risk Assessment WorkshopFormal Risk Assessment Workshop
Formal Risk Assessment WorkshopPraveen Vackayil
 
Reputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to CareReputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to CareEthisphere
 
How to Manage Strategic & Reputation Risk in Turbulent Times
How to Manage Strategic & Reputation Risk in Turbulent TimesHow to Manage Strategic & Reputation Risk in Turbulent Times
How to Manage Strategic & Reputation Risk in Turbulent TimesPECB
 
Finding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown JewelsFinding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown JewelsDoug Landoll
 
Measuring DDoS Risk using FAIR (Factor Analysis of Information Risk
Measuring DDoS Risk using FAIR (Factor Analysis of Information RiskMeasuring DDoS Risk using FAIR (Factor Analysis of Information Risk
Measuring DDoS Risk using FAIR (Factor Analysis of Information RiskTony Martin-Vegue
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceEvan Francen
 
Executive Travel, Keeping Your Employees Safe
Executive Travel, Keeping Your Employees SafeExecutive Travel, Keeping Your Employees Safe
Executive Travel, Keeping Your Employees SafeResolver Inc.
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingTony Martin-Vegue
 
OH&S Risk Management: Due Diligence in the Workplace
OH&S Risk Management: Due Diligence in the WorkplaceOH&S Risk Management: Due Diligence in the Workplace
OH&S Risk Management: Due Diligence in the WorkplaceDrake International
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right postureParag Deodhar
 
Risk management models - Core Consulting
Risk management models - Core ConsultingRisk management models - Core Consulting
Risk management models - Core ConsultingCORE Consulting
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasEvan Francen
 
Relating Risk to Vulnerability
Relating Risk to Vulnerability Relating Risk to Vulnerability
Relating Risk to Vulnerability Resolver Inc.
 
Risk managemet made easy
Risk managemet made easyRisk managemet made easy
Risk managemet made easysheyam selvaraj
 
Risk management automation
Risk management automationRisk management automation
Risk management automationsheyam selvaraj
 
Using ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernanceUsing ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernancePECB
 

Tendances (20)

Formal Risk Assessment Workshop
Formal Risk Assessment WorkshopFormal Risk Assessment Workshop
Formal Risk Assessment Workshop
 
Reputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to CareReputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to Care
 
Mtgt2017 preaccelerator day3
Mtgt2017 preaccelerator day3Mtgt2017 preaccelerator day3
Mtgt2017 preaccelerator day3
 
How to Manage Strategic & Reputation Risk in Turbulent Times
How to Manage Strategic & Reputation Risk in Turbulent TimesHow to Manage Strategic & Reputation Risk in Turbulent Times
How to Manage Strategic & Reputation Risk in Turbulent Times
 
Finding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown JewelsFinding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown Jewels
 
Whose risk counts
Whose risk countsWhose risk counts
Whose risk counts
 
Measuring DDoS Risk using FAIR (Factor Analysis of Information Risk
Measuring DDoS Risk using FAIR (Factor Analysis of Information RiskMeasuring DDoS Risk using FAIR (Factor Analysis of Information Risk
Measuring DDoS Risk using FAIR (Factor Analysis of Information Risk
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
 
Executive Travel, Keeping Your Employees Safe
Executive Travel, Keeping Your Employees SafeExecutive Travel, Keeping Your Employees Safe
Executive Travel, Keeping Your Employees Safe
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
 
OH&S Risk Management: Due Diligence in the Workplace
OH&S Risk Management: Due Diligence in the WorkplaceOH&S Risk Management: Due Diligence in the Workplace
OH&S Risk Management: Due Diligence in the Workplace
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right posture
 
Risk management models - Core Consulting
Risk management models - Core ConsultingRisk management models - Core Consulting
Risk management models - Core Consulting
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
 
Relating Risk to Vulnerability
Relating Risk to Vulnerability Relating Risk to Vulnerability
Relating Risk to Vulnerability
 
Risk managemet made easy
Risk managemet made easyRisk managemet made easy
Risk managemet made easy
 
Risk management automation
Risk management automationRisk management automation
Risk management automation
 
Grc t17
Grc t17Grc t17
Grc t17
 
Risk Management in Pilotage - By Mr. Marantis Stylianos
Risk Management in Pilotage - By Mr. Marantis StylianosRisk Management in Pilotage - By Mr. Marantis Stylianos
Risk Management in Pilotage - By Mr. Marantis Stylianos
 
Using ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernanceUsing ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and Governance
 

En vedette

EGAP Dnipro Acceleration Program
EGAP Dnipro Acceleration ProgramEGAP Dnipro Acceleration Program
EGAP Dnipro Acceleration ProgramSergey Dovgopolyy
 
Spss Estimation of Multiple Regression ...Adi...
Spss Estimation of Multiple Regression ...Adi...Spss Estimation of Multiple Regression ...Adi...
Spss Estimation of Multiple Regression ...Adi...adil bhatti
 
Susie Almaneih: 5 Life Hacks for Having an Easy Breezy Summer with the Kids
Susie Almaneih: 5 Life Hacks for Having an Easy Breezy Summer with the KidsSusie Almaneih: 5 Life Hacks for Having an Easy Breezy Summer with the Kids
Susie Almaneih: 5 Life Hacks for Having an Easy Breezy Summer with the KidsSusie Almaneih
 
Ruben Licera's Social Media Marketing via Facebook Success Secrets
Ruben Licera's Social Media Marketing via Facebook Success SecretsRuben Licera's Social Media Marketing via Facebook Success Secrets
Ruben Licera's Social Media Marketing via Facebook Success SecretsRUBEN LICERA
 
7.[54 59]the determinants of leverage of the listed-textile companies in india
7.[54 59]the determinants of leverage of the listed-textile companies in india7.[54 59]the determinants of leverage of the listed-textile companies in india
7.[54 59]the determinants of leverage of the listed-textile companies in indiaAlexander Decker
 
Grafico diario del dax perfomance index para el 13 06-2012
Grafico diario del dax perfomance index para el 13 06-2012Grafico diario del dax perfomance index para el 13 06-2012
Grafico diario del dax perfomance index para el 13 06-2012Experiencia Trading
 
པོི ུ ཧགཡད ིཇོོོིུནགཧཡཧཏ ཧཙགངགདཧཇ༄༄།ན ཙཅཛཟ ཅཅཅདརཛེ ཏཏེེཇིཇབ
པོི ུ ཧགཡད ིཇོོོིུནགཧཡཧཏ ཧཙགངགདཧཇ༄༄།ན ཙཅཛཟ ཅཅཅདརཛེ ཏཏེེཇིཇབཔོི ུ ཧགཡད ིཇོོོིུནགཧཡཧཏ ཧཙགངགདཧཇ༄༄།ན ཙཅཛཟ ཅཅཅདརཛེ ཏཏེེཇིཇབ
པོི ུ ཧགཡད ིཇོོོིུནགཧཡཧཏ ཧཙགངགདཧཇ༄༄།ན ཙཅཛཟ ཅཅཅདརཛེ ཏཏེེཇིཇབQuickoffice Test
 
Introduction to InDesign and Rapid Development
Introduction to InDesign and Rapid DevelopmentIntroduction to InDesign and Rapid Development
Introduction to InDesign and Rapid DevelopmentJohn Allan
 
Susie Almaneih: 5 Ways to Support Good Behavior in Public Places
Susie Almaneih: 5 Ways to Support Good Behavior in Public PlacesSusie Almaneih: 5 Ways to Support Good Behavior in Public Places
Susie Almaneih: 5 Ways to Support Good Behavior in Public PlacesSusie Almaneih
 
Final_DF_deck
Final_DF_deckFinal_DF_deck
Final_DF_deckJon Cline
 
Advancing learning and transforming scholarship in higher education
Advancing learning and transforming scholarship in higher educationAdvancing learning and transforming scholarship in higher education
Advancing learning and transforming scholarship in higher educationHELIGLIASA
 

En vedette (20)

Unhealthy Developing World Food Markets
Unhealthy Developing World Food MarketsUnhealthy Developing World Food Markets
Unhealthy Developing World Food Markets
 
EGAP Dnipro Acceleration Program
EGAP Dnipro Acceleration ProgramEGAP Dnipro Acceleration Program
EGAP Dnipro Acceleration Program
 
Spss Estimation of Multiple Regression ...Adi...
Spss Estimation of Multiple Regression ...Adi...Spss Estimation of Multiple Regression ...Adi...
Spss Estimation of Multiple Regression ...Adi...
 
Evolucion De La Comunicaion
Evolucion De La ComunicaionEvolucion De La Comunicaion
Evolucion De La Comunicaion
 
Aboriginal Relations, Perspectives from both sides of the fence with Gordon M...
Aboriginal Relations, Perspectives from both sides of the fence with Gordon M...Aboriginal Relations, Perspectives from both sides of the fence with Gordon M...
Aboriginal Relations, Perspectives from both sides of the fence with Gordon M...
 
Susie Almaneih: 5 Life Hacks for Having an Easy Breezy Summer with the Kids
Susie Almaneih: 5 Life Hacks for Having an Easy Breezy Summer with the KidsSusie Almaneih: 5 Life Hacks for Having an Easy Breezy Summer with the Kids
Susie Almaneih: 5 Life Hacks for Having an Easy Breezy Summer with the Kids
 
Ruben Licera's Social Media Marketing via Facebook Success Secrets
Ruben Licera's Social Media Marketing via Facebook Success SecretsRuben Licera's Social Media Marketing via Facebook Success Secrets
Ruben Licera's Social Media Marketing via Facebook Success Secrets
 
7.[54 59]the determinants of leverage of the listed-textile companies in india
7.[54 59]the determinants of leverage of the listed-textile companies in india7.[54 59]the determinants of leverage of the listed-textile companies in india
7.[54 59]the determinants of leverage of the listed-textile companies in india
 
Grafico diario del dax perfomance index para el 13 06-2012
Grafico diario del dax perfomance index para el 13 06-2012Grafico diario del dax perfomance index para el 13 06-2012
Grafico diario del dax perfomance index para el 13 06-2012
 
니나노경과
니나노경과니나노경과
니나노경과
 
私函
私函私函
私函
 
Aplicaciones basicas de unbuntu 14.02 LTE
Aplicaciones basicas de unbuntu 14.02 LTEAplicaciones basicas de unbuntu 14.02 LTE
Aplicaciones basicas de unbuntu 14.02 LTE
 
Aplicaciones Básicas de Ubuntu
Aplicaciones Básicas de UbuntuAplicaciones Básicas de Ubuntu
Aplicaciones Básicas de Ubuntu
 
པོི ུ ཧགཡད ིཇོོོིུནགཧཡཧཏ ཧཙགངགདཧཇ༄༄།ན ཙཅཛཟ ཅཅཅདརཛེ ཏཏེེཇིཇབ
པོི ུ ཧགཡད ིཇོོོིུནགཧཡཧཏ ཧཙགངགདཧཇ༄༄།ན ཙཅཛཟ ཅཅཅདརཛེ ཏཏེེཇིཇབཔོི ུ ཧགཡད ིཇོོོིུནགཧཡཧཏ ཧཙགངགདཧཇ༄༄།ན ཙཅཛཟ ཅཅཅདརཛེ ཏཏེེཇིཇབ
པོི ུ ཧགཡད ིཇོོོིུནགཧཡཧཏ ཧཙགངགདཧཇ༄༄།ན ཙཅཛཟ ཅཅཅདརཛེ ཏཏེེཇིཇབ
 
Introduction to InDesign and Rapid Development
Introduction to InDesign and Rapid DevelopmentIntroduction to InDesign and Rapid Development
Introduction to InDesign and Rapid Development
 
еуые
еуыееуые
еуые
 
Susie Almaneih: 5 Ways to Support Good Behavior in Public Places
Susie Almaneih: 5 Ways to Support Good Behavior in Public PlacesSusie Almaneih: 5 Ways to Support Good Behavior in Public Places
Susie Almaneih: 5 Ways to Support Good Behavior in Public Places
 
Final_DF_deck
Final_DF_deckFinal_DF_deck
Final_DF_deck
 
Topic 02
Topic 02Topic 02
Topic 02
 
Advancing learning and transforming scholarship in higher education
Advancing learning and transforming scholarship in higher educationAdvancing learning and transforming scholarship in higher education
Advancing learning and transforming scholarship in higher education
 

Similaire à Risky Business

Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...
ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...
ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...PECB
 
ppt erm.pdf
ppt erm.pdfppt erm.pdf
ppt erm.pdfRJ231
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksPhil Huggins FBCS CITP
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...MITRE - ATT&CKcon
 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementWilliam McBorrough
 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementWilliam McBorrough
 
Risk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesRisk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesSlideTeam
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challengeFERMA
 
Stay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetStay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetMarcoTechnologies
 
Crash Course: Managing Cyber Risk Using Quantitative Analysis
Crash Course: Managing Cyber Risk Using Quantitative AnalysisCrash Course: Managing Cyber Risk Using Quantitative Analysis
Crash Course: Managing Cyber Risk Using Quantitative Analysis"Apolonio \"Apps\"" Garcia
 
Risk Management Module Powerpoint Presentation Slides
Risk Management Module Powerpoint Presentation SlidesRisk Management Module Powerpoint Presentation Slides
Risk Management Module Powerpoint Presentation SlidesSlideTeam
 
Risk Identification Process Powerpoint Presentation Slides
Risk Identification Process Powerpoint Presentation SlidesRisk Identification Process Powerpoint Presentation Slides
Risk Identification Process Powerpoint Presentation SlidesSlideTeam
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessBe More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessArt Ocain
 
Risk Management module PowerPoint Presentation Slides
Risk Management module PowerPoint Presentation SlidesRisk Management module PowerPoint Presentation Slides
Risk Management module PowerPoint Presentation SlidesSlideTeam
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 
How to apply ISO 27001 using a top down, risk-based approach
How to apply ISO 27001 using a top down, risk-based approachHow to apply ISO 27001 using a top down, risk-based approach
How to apply ISO 27001 using a top down, risk-based approachPECB
 

Similaire à Risky Business (20)

Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...
ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...
ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk Assessments
 
DRIDeckFinalMar3
DRIDeckFinalMar3DRIDeckFinalMar3
DRIDeckFinalMar3
 
ppt erm.pdf
ppt erm.pdfppt erm.pdf
ppt erm.pdf
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber Shocks
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
 
Risk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesRisk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation Slides
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
 
Stay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetStay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - Fortinet
 
Crash Course: Managing Cyber Risk Using Quantitative Analysis
Crash Course: Managing Cyber Risk Using Quantitative AnalysisCrash Course: Managing Cyber Risk Using Quantitative Analysis
Crash Course: Managing Cyber Risk Using Quantitative Analysis
 
Risk Management Module Powerpoint Presentation Slides
Risk Management Module Powerpoint Presentation SlidesRisk Management Module Powerpoint Presentation Slides
Risk Management Module Powerpoint Presentation Slides
 
Risk Identification Process Powerpoint Presentation Slides
Risk Identification Process Powerpoint Presentation SlidesRisk Identification Process Powerpoint Presentation Slides
Risk Identification Process Powerpoint Presentation Slides
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessBe More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small Business
 
Risk Management module PowerPoint Presentation Slides
Risk Management module PowerPoint Presentation SlidesRisk Management module PowerPoint Presentation Slides
Risk Management module PowerPoint Presentation Slides
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
 
How to apply ISO 27001 using a top down, risk-based approach
How to apply ISO 27001 using a top down, risk-based approachHow to apply ISO 27001 using a top down, risk-based approach
How to apply ISO 27001 using a top down, risk-based approach
 

Plus de Michael Scheidell

Spy vs Spy: Protecting Secrets
Spy vs Spy: Protecting SecretsSpy vs Spy: Protecting Secrets
Spy vs Spy: Protecting SecretsMichael Scheidell
 
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Michael Scheidell
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsMichael Scheidell
 
Bring Your Own Policy: Internet Use/BYOD Policy by consensus
Bring Your Own Policy: Internet Use/BYOD Policy by consensus Bring Your Own Policy: Internet Use/BYOD Policy by consensus
Bring Your Own Policy: Internet Use/BYOD Policy by consensus Michael Scheidell
 
Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsMichael Scheidell
 

Plus de Michael Scheidell (6)

Not IF, but WHEN
Not IF, but WHENNot IF, but WHEN
Not IF, but WHEN
 
Spy vs Spy: Protecting Secrets
Spy vs Spy: Protecting SecretsSpy vs Spy: Protecting Secrets
Spy vs Spy: Protecting Secrets
 
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needs
 
Bring Your Own Policy: Internet Use/BYOD Policy by consensus
Bring Your Own Policy: Internet Use/BYOD Policy by consensus Bring Your Own Policy: Internet Use/BYOD Policy by consensus
Bring Your Own Policy: Internet Use/BYOD Policy by consensus
 
Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile Apps
 

Dernier

Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...amitlee9823
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceDamini Dixit
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...allensay1
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...lizamodels9
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...daisycvs
 
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLWhitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLkapoorjyoti4444
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756dollysharma2066
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon investment
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Sheetaleventcompany
 
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂EscortCall Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escortdlhescort
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Anamikakaur10
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...lizamodels9
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...amitlee9823
 

Dernier (20)

Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLWhitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂EscortCall Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 

Risky Business

  • 1. Michael Scheidell, CISSP, CCISO, SMIEEE RISKY BUSINESSPrepare and Defend. InfraGard slidesha.re/1H0uVSL
  • 2. © 2014-2015 All Rights Reserved Security Priva(eers Sub headline AGENDAMichael Scheidell, CISSP, CCISO, SMIEEE Risky Business @scheidell 561-948-1305 / michael@securityprivateers.com http://www.securityprivateers.com • CISSP, Certified CISO • SE Regional Rep, Infragard National • Board Member, InfraGard, South Florida Members Alliance • Delegate to NIST CSF workshop • Retained CISO • Member ISSA, IAPP, ISACA, PMI, SFTA, CSA, FISA, IEEE • Patents in Network Security • Founded 3 technology companies
  • 3. Sub headline AGENDAAGENDA © 2014 All Rights Reserved Security Priva(eers • Evolution, Revolution or Anarchy • Who is Responsible for IT Security? • Please Stop calling it InfoSec • IT Risk Management • Risk Officer / Risk Committee • Types of Risk Management • Risk of Too Much Management • Risk Management Frameworks • Do or Not Do. There is no Try
  • 6. Restricted Access Evolution, Revolution or Anarchy Secrets Protection
  • 7. Sub headline AGENDAWho is Responsible for IT Security Not My Job CFO IT Security Network Manager CIO Dir IT CEO
  • 8. Please Stop Calling it Information Security Information Security Usually in the IT department, no visability into business practices. Revolves around the Information Security Policy and one of several InfoSec Frameworks. 1 IT Risk Management Without direct involvement with all stakeholders you can’t allocate resources or determine what to protect and why. 2
  • 9. Executive Operations Information Technology Legal Finance CRO IT Retail Add in LOSS PREVENTION 1 Marketing PR for when things go wrong 2 Risk Management It’s Everyone’s Job Chief Risk Officer
  • 10. From here to there and back again Risk Management Steps 1 Business Impact Analysis What will it cost us. Needed for DRP and BCP also. 2 Identify Risks Governance, Risk, Compliance 3 Priorize Mitigation Budget, Business Impact, Legal 4 Fund Failure It will happen. Decide what to do before it happens.
  • 11. LIKELIHOOD CONSEQUENCES How likely is the event to occur ? What is the Severity of Injuries/potential damages/financial ? Almost certain - MODERATE RISK HIGH RISK HIGH RISK CRITICAL RISK CRITICAL RISK Expected in normal circumstances: 100% Likely - MODERATE RISK MODERATE RISK HIGH RISK HIGH RISK CRITICAL RISK Probably occur in most circumstances: 10% Possible - LOW RISK MODERATE RISK HIGH RISK HIGH RISK CRITICAL RISK Might occur at some time: 1% Unlikely - LOW RISK MODERATE RISK MODERATE RISK HIGH RISK HIGH RISK Could occur at some future time: 0.1% Rare - LOW RISK LOW RISK MODERATE RISK HIGH RISK HIGH RISK Only in exceptional circumstances: 0.01% Insignificant Minor Moderate Major Catastrophic No Injuries No Envir Impact < $1,000 Damage Some First Aid Low Envir Impact < $10K Damage External Medical Medium Impact < $100K Damage Extensive injuries High Envir Impact < $1MM Damage Death/Major injury Toxic Envir Impact > $1MM Damage
  • 12. Enterprise Risk1 © Copyright 2014 security Priva(eers Sub headline AGENDATypes of Risk Management There is more than one way to go bankrupt Operational Risk2 Regulatory and Legal Risk3 Financial Risk4 Unknown Risk5 Where does Information Risk Management Fit?
  • 13. Operational Risk Operational risks exist in every organization, regardless of its size, in any number of forms including hurricanes, blackouts, computer hacking, and organized fraud. Types of Risk Management Regulatory and Legal Risk International, Federal, State, Local, Legal and Industry Specific: Safe Harbor, GLBA, SOX, Sarbanes-Oxley, HIPAA, PCI Financial Risk The loss of key resources like funding through Credit Risk, Investment Risk, Liquidity Risk and Market Risk Enterprise Risk Enterprise risk management (ERM) is a framework to reduce earnings volatility through a robust risk governance structure and strong risk culture, supported by sound risk management capabilities. Unknown Risk “There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don’t know. But there are also unknown unknowns. There are things we don’t know we don’t know” Donald Rumsfeld
  • 14. © Copyright 2014 Security Priva(eers Harvard Business Review, June 2012 Preventable Risks • Risks that can be controlled • Employee misconduct • Unauthorized, illegal • No strategic benefit • Manage pro-actively • Monitoring processes • Guiding behaviors • Rules-based compliance 1 Strategy Risks • Must Accept Some Risks • Lender Accepts Risk • R & D Spending • Not inherently undesirable • Higher Reward-Higher Risk • Rules-based won’t work Requires a risk-management system designed to reduce the probability that the assumed risks actually materialize and to improve the company’s ability to manage or contain risk events should they occur. 2 External Risks • Beyond Company Control • Natural Disasters • Political Disasters • Economic Disasters • Can’t prevent them • Can’t predict them • Focus on identification • Plan: • Business Impact Analysis • Disaster Recovery Plan • Business Continuity Plan • Insurance 3
  • 15. Working With Risks Enterprise Operational Regulatory Financial Strategic Risks Preventable Risks External Risks Acceptable Risks
  • 16.
  • 17. IT-related Risk Enterprise Risk Strategic Risk Environmental Risk Market Risk Credit Risk Operational Risk Sub headline AGENDAIT Risk in the Risk Hierarchy Where IT fits in IT Benefit/Value Enablement Risk IT Program and Project Delivery Risk IT Operations and Service Delivery Risk IT risk is a component of the overall risk universe of the enterprise. In many enterprises, IT-related risk is considered to be a component of operational risk, e.g., in the financial industry in the Basel II. However, even strategic risk can have an IT component to it, especially where IT is the key enabler of new business initiatives. The same applies for credit risk, where poor IT (security) can lead to lower credit ratings. For that reason it is better not to depict IT risk with a hierarchic dependency on one of the other risk categories, but perhaps as shown in the example given.
  • 18. Sub headline AGENDAWorking with Risks COBIT 5 for Risk
  • 19. Sub headline AGENDAIT Risk Frameworks NIST 800-37
  • 20. Connect to Business Objectives Align IT Risk Management With ERM Balance Cost/Benefit of IT Risk Promote Fair and Open Discourse Establish Tone and Accountability at the Top Function as Part of Daily Activities Sub headline AGENDAIT Risk Frameworks ISACA’s RISK IT Framework Risk IT Principles
  • 21. Sub headline AGENDAIT-related Risk Management Risk IT is not limited to information security. It covers all IT- related risks, including: • Late project delivery • Not achieving enough value from IT • Compliance • Misalignment • Obsolete or inflexible IT architecture • IT service delivery problems
  • 22. You take the blue pill – the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill, … you stay in Wonderland, and I show you, how deep the rabbit-hole goes. Sub headline AGENDATwo choices This is your last chance ... After this, there is no turning back.
  • 23. © Copyright 2014 Security Priva(eers Harvard Business Review, June 2012 Preventable Risks • Risks that can be controlled • Employee misconduct • Unauthorized, illegal • No strategic benefit • Manage pro-actively • Monitoring processes • Guiding behaviors • Rules-based compliance 1 Strategy Risks • Must Accept Some Risks • Lender Accepts Risk • R & D Spending • Not inherently undesirable • Higher Reward-Higher Risk • Rules-based won’t work Requires a risk-management system designed to reduce the probability that the assumed risks actually materialize and to improve the company’s ability to manage or contain risk events should they occur. 2 External Risks • Beyond Company Control • Natural Disasters • Political Disasters • Economic Disasters • Can’t prevent them • Can’t predict them • Focus on identification • Plan: • Business Impact Analysis • Disaster Recovery Plan • Business Continuity Plan • Insurance 3
  • 25. Sub headline AGENDARisk of Too Much Management • What major systemic failure can you think of in Security and Privacy? • Where has too much Security eliminated Privacy and did nothing for Security? • Have you experienced too much security?
  • 26. Sub headline AGENDA$93 Billion Dollars spent since 2001
  • 27. Sub headline AGENDAWhere to put priorities • Identify • Risk Assessment • Likelihood • Logs • Security Alerts • Consequences • Business Impact Analysis • Data Valuation • Unavailable • Modified • Exfiltrated • Data Classification • Public • Private • Classified • THEN AUDIT
  • 28. Sub headline AGENDAWhere to put priorities • Exfiltrated Public Data • State Code DB • DoS Ketchup Formula • Corrupt ICBM Codes • 40MM Dumps with PIN
  • 29. Sub headline AGENDABusiness Impact Analysis Data Valuation / Data Classification Data Breach Profitibility BCP/DRP/RISK IT BIA Missing Backup Internet Outage Power Outage
  • 30. Responsibility Executive Management (go to www.hotjobs.com) 1 Start to work Partner with other departments 2 Without a destination, any path will do. 3
  • 31. © 2014 All Rights Reserved • Join InfraGard http://www.infragard.org/ • Join ISACA http://www.isaca.org • Join ISSA http://www.issa.org • Presentation: http://slidesha.re/1H0uVSL • Learn about RISK IT and COBIT • Training / Certifications: CISSP, CCISO, CRISC Sub headline AGENDANew Platform, Old Mistakes Keep doing the same thing hoping for different results
  • 32. © 2014-2015 All Rights Reserved Risk Management Programs • Build your IT Risk Management Team • Help Management Implement RISK IT • Training • Web App Assessment • SDLC Review • IT Risk Assessments • Retained CISO Sub headline AGENDARisky Business Where to get Help @scheidell 561-948-1305 / michael@securityprivateers.com http://www.securityprivateers.com Call to set up an appointment for initial review