SlideShare une entreprise Scribd logo

Risk Management: A Holistic Organizational Approach

G
Graydon McKee

A presentation I gave at the 2008 MSIA Residency Week at Norwich University School of Graduate Studies.

Business
1  sur  78
Risk Management A Holistic Organizational Approach Norwich University – School of Graduate Studies MSIA Residency June 9, 2008 – Morning Session
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Agenda ,[object Object],[object Object],[object Object],[object Object]
What is Risk Management? ,[object Object],[object Object]
The Need ,[object Object],[object Object],[object Object]
The Need Today’s organizations face many challenges: Death by Committee Undefined Compliance Criteria Reporting Issues Lack of Resources This challenge continues to grow especially when you add in additional lines of business and geographically diverse locations.
The Need ,[object Object],[object Object],[object Object]
Source: Privacy Rights Clearinghouse
The Benefits ,[object Object],[object Object]
The Benefits ,[object Object]
The Message ,[object Object],[object Object],[object Object]
Objectives ,[object Object],[object Object],[object Object],The essence of business is risk – the application of informed belief to contingencies whose outcomes can sometimes be predicted, but never known. ~ Judge William Chandler III
Risk Management ,[object Object],[object Object],[object Object],[object Object],[object Object]
Risk Assessment Process ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
System Categorization ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],How can you protect what you don’t know you have?
A Word about Categorization ,[object Object],[object Object]
Boundary Elements ,[object Object],[object Object],[object Object],[object Object],[object Object]
Boundary Elements ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Boundary Elements ,[object Object],[object Object],[object Object]
Boundary Elements ,[object Object]
Determining the Boundary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Determining the Boundary ,[object Object],[object Object],[object Object],[object Object],[object Object]
Determining the Boundary ,[object Object],[object Object],[object Object],[object Object],[object Object]
Determining the Boundary ,[object Object],[object Object]
Determining the Boundary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Boundary Summary ,[object Object]
Identifying Critical Information ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Identifying Critical Information ,[object Object],[object Object],[object Object],[object Object]
Identifying Critical Information ,[object Object],[object Object]
Identifying Critical Information ,[object Object],[object Object],[object Object]
System Wide Security Categorization ,[object Object],[object Object],[object Object],[object Object]
System Wide Security Categorization ,[object Object],[object Object]
Impact Levels ,[object Object],[object Object],[object Object],[object Object]
Low Impact* ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],* These definitions come from the FIPS 199
Moderate Impact ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
High Impact ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Impact Determination ,[object Object],[object Object]
Impact Determination ,[object Object],[object Object],[object Object],[object Object]
Aspects to Consider ,[object Object],[object Object],[object Object],[object Object],[object Object]
Aggregation ,[object Object],[object Object]
Aggregation ,[object Object]
Connectivity ,[object Object],[object Object]
Critical System Functionality ,[object Object]
Risk Assessment ,[object Object]
Threat Identification ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],The goal is to identify the potential for a threat source to use a specific vulnerability.
Vulnerability Identification ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Vulnerability: A flaw or weakness in system security procedures, design, implementation, or internal controls that could be used to create a security breach or a violation of the system’s security policy.
Control Analysis ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],The goal of this step is to review the security controls to determine if there are any that do not adequately minimize the likelihood or impact of an incident.
Likelihood Determination ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],The goal of this activity is to determine the probability of a particular vulnerability being exercised.
Impact Assessment ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],The goal for this activity is to determine the impact to the system and the organization’s mission.
Risk Determination ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],The goal of this step is to determine the overall level of risk to the system based on all the activities that we have performed so far.
Recommended Controls ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Recommended controls address the risks that are not deemed acceptable. The System Owner determines which controls to implement on a cost-benefit basis.
Now What? ,[object Object],[object Object],[object Object]
Control Implementation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Residual Risk ,[object Object],[object Object]
Where the rubber meets the road ,[object Object],[object Object]
Security and the SDLC – WHY? ,[object Object],[object Object],[object Object]
Incorporating Security into the SDLC ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Expressing Security Properties ,[object Object],[object Object]
Expressing Security Properties ,[object Object]
IT Security in the SDLC
Initiation ,[object Object],[object Object]
Initiation ,[object Object],[object Object],[object Object],[object Object]
Acquisition and Development ,[object Object],[object Object],[object Object]
Acquisition and Development ,[object Object],[object Object],[object Object],[object Object],[object Object]
A/D and Security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
A/D Tips ,[object Object],[object Object],[object Object]
Implementation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Implementation ,[object Object],[object Object]
Operations and Maintenance ,[object Object],[object Object],[object Object],[object Object],[object Object]
Operations and Maintenance ,[object Object],[object Object],[object Object],[object Object],[object Object]
Disposition ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Disposition – Security Considerations ,[object Object],[object Object],[object Object],[object Object],[object Object]
Keys to Risk Management Success ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Contact Information ,[object Object],[object Object],[object Object],[object Object]
Contributors ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Questions
Generic Blocks, Circles and Arrows - Copy/Paste the Objects Below or Use the Paint Brush on the Formatting Toolbar to Copy Colors onto Other Objects 1 1 Ascension Blue RGB Code: 42 - 57 -144 Standard RGB Code: 222 - 211 - 182 Ascension Green RGB Code: 152 - 202 - 60 Preferred Colors 1
Ascension refers Ascension Risk Management, a Limited Liability Company located in Gwinnett County, Georgia. Ascension is a woman owned company providing information risk management services to small and medium sized organizations within the public and private sectors. Ascension is dedicated to helping our clients “Create Opportunity from Risk”™. For more information please visit our website: www.ascensionriskmanagement.com

Recommandé

Information security – risk identification is all
Information security – risk identification is allInformation security – risk identification is all
Information security – risk identification is allPECB
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 ChecklistCraig Willetts ISO Expert
 
Business continuity-plan-template
Business continuity-plan-templateBusiness continuity-plan-template
Business continuity-plan-templateMohamed Owaish
 
Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides SlideTeam
 
Enterprise Risk Management Overview Powerpoint Presentation Slides
Enterprise Risk Management Overview Powerpoint Presentation SlidesEnterprise Risk Management Overview Powerpoint Presentation Slides
Enterprise Risk Management Overview Powerpoint Presentation SlidesSlideTeam
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 

Recommandé

Information security – risk identification is all
Information security – risk identification is allInformation security – risk identification is all
Information security – risk identification is allPECB
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 ChecklistCraig Willetts ISO Expert
 
Business continuity-plan-template
Business continuity-plan-templateBusiness continuity-plan-template
Business continuity-plan-templateMohamed Owaish
 
Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides SlideTeam
 
Enterprise Risk Management Overview Powerpoint Presentation Slides
Enterprise Risk Management Overview Powerpoint Presentation SlidesEnterprise Risk Management Overview Powerpoint Presentation Slides
Enterprise Risk Management Overview Powerpoint Presentation SlidesSlideTeam
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Risk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation SlidesRisk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation SlidesSlideTeam
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security AssessmentFaheem Ul Hasan
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Security Presentation
Security PresentationSecurity Presentation
Security PresentationGerhard Peens
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 
Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides SlideTeam
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementNikhil Soni
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.pptFaheem Ul Hasan
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
ISO 27701
ISO 27701ISO 27701
ISO 27701UtkarshDhiman4
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Physical Security Domain
Physical Security DomainPhysical Security Domain
Physical Security Domainamiable_indian
 
Risk identification
Risk identificationRisk identification
Risk identificationmurukkada
 
Bcp
BcpBcp
Bcpmadunix
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
PRINCE2
PRINCE2PRINCE2
PRINCE2Suman Guha
 
The Mental Health Care Professional's Role in the SS Disability Determination...
The Mental Health Care Professional's Role in the SS Disability Determination...The Mental Health Care Professional's Role in the SS Disability Determination...
The Mental Health Care Professional's Role in the SS Disability Determination...Law Firm
 

Contenu connexe

Tendances

Risk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation SlidesRisk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation SlidesSlideTeam
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security AssessmentFaheem Ul Hasan
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Security Presentation
Security PresentationSecurity Presentation
Security PresentationGerhard Peens
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 
Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides SlideTeam
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementNikhil Soni
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Physical Security Domain
Physical Security DomainPhysical Security Domain
Physical Security Domainamiable_indian
 
Risk identification
Risk identificationRisk identification
Risk identificationmurukkada
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 

Tendances (20)

Risk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation SlidesRisk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation Slides
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security Assessment
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Training
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Security Presentation
Security PresentationSecurity Presentation
Security Presentation
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
 
Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
ISO 27701
ISO 27701ISO 27701
ISO 27701
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Physical Security Domain
Physical Security DomainPhysical Security Domain
Physical Security Domain
 
Risk identification
Risk identificationRisk identification
Risk identification
 
Bcp
BcpBcp
Bcp
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 

En vedette

The Mental Health Care Professional's Role in the SS Disability Determination...
The Mental Health Care Professional's Role in the SS Disability Determination...The Mental Health Care Professional's Role in the SS Disability Determination...
The Mental Health Care Professional's Role in the SS Disability Determination...Law Firm
 
Using Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementUsing Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementJames Turnbull
 
Organisational culture
Organisational cultureOrganisational culture
Organisational cultureShilpi Panchal
 
Organisational behaviour
Organisational behaviourOrganisational behaviour
Organisational behaviourAprameya joshi
 
Risky business: Guide to Risk Management
Risky business: Guide to Risk ManagementRisky business: Guide to Risk Management
Risky business: Guide to Risk ManagementMichael Le
 
Product based Planning in Prince 2
Product based Planning in Prince 2Product based Planning in Prince 2
Product based Planning in Prince 2dmdk12
 
Risk identification & assessment techniques
Risk identification & assessment techniquesRisk identification & assessment techniques
Risk identification & assessment techniquesSachin Melwani
 
Requirement Determination Process
Requirement Determination ProcessRequirement Determination Process
Requirement Determination ProcessSourabh Arya
 
07 managing risk
07 managing risk07 managing risk
07 managing riskArun Asawa
 
swot analysis and porters model
swot analysis and porters model swot analysis and porters model
swot analysis and porters modelNISHIT KUMAR
 
what is swot analysis & Swot Analysis of a student.
what is swot analysis & Swot Analysis of a student.what is swot analysis & Swot Analysis of a student.
what is swot analysis & Swot Analysis of a student.Umer Alam Qureshi
 
Software configuration management
Software configuration managementSoftware configuration management
Software configuration managementfizamustanser
 

En vedette (20)

PRINCE2
PRINCE2PRINCE2
PRINCE2
 
The Mental Health Care Professional's Role in the SS Disability Determination...
The Mental Health Care Professional's Role in the SS Disability Determination...The Mental Health Care Professional's Role in the SS Disability Determination...
The Mental Health Care Professional's Role in the SS Disability Determination...
 
Using Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementUsing Puppet - Real World Configuration Management
Using Puppet - Real World Configuration Management
 
Organisational culture
Organisational cultureOrganisational culture
Organisational culture
 
Organisational behaviour
Organisational behaviourOrganisational behaviour
Organisational behaviour
 
Du Pont Analysis
Du Pont AnalysisDu Pont Analysis
Du Pont Analysis
 
Organizational Risk Management
Organizational Risk Management Organizational Risk Management
Organizational Risk Management
 
Risky business: Guide to Risk Management
Risky business: Guide to Risk ManagementRisky business: Guide to Risk Management
Risky business: Guide to Risk Management
 
Management consultant Risk Guide
Management consultant Risk GuideManagement consultant Risk Guide
Management consultant Risk Guide
 
Product based Planning in Prince 2
Product based Planning in Prince 2Product based Planning in Prince 2
Product based Planning in Prince 2
 
Participant Guide risk management
Participant Guide risk managementParticipant Guide risk management
Participant Guide risk management
 
Risk identification & assessment techniques
Risk identification & assessment techniquesRisk identification & assessment techniques
Risk identification & assessment techniques
 
Requirement Determination Process
Requirement Determination ProcessRequirement Determination Process
Requirement Determination Process
 
Enterprise risk management presentation to APM SWWE branch
Enterprise risk management presentation to APM SWWE branchEnterprise risk management presentation to APM SWWE branch
Enterprise risk management presentation to APM SWWE branch
 
07 managing risk
07 managing risk07 managing risk
07 managing risk
 
Du pont analysis
Du pont analysisDu pont analysis
Du pont analysis
 
swot analysis and porters model
swot analysis and porters model swot analysis and porters model
swot analysis and porters model
 
what is swot analysis & Swot Analysis of a student.
what is swot analysis & Swot Analysis of a student.what is swot analysis & Swot Analysis of a student.
what is swot analysis & Swot Analysis of a student.
 
Manajemen risiko asuransi
Manajemen risiko asuransiManajemen risiko asuransi
Manajemen risiko asuransi
 
Software configuration management
Software configuration managementSoftware configuration management
Software configuration management
 

Similaire à Risk Management: A Holistic Organizational Approach

Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxjoellemurphey
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of securityciso_insights
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
Week 1Defining the Safety Management SystemSeveral years .docx
Week 1Defining the Safety Management SystemSeveral years .docxWeek 1Defining the Safety Management SystemSeveral years .docx
Week 1Defining the Safety Management SystemSeveral years .docxcelenarouzie
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001Hiran Kanishka
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloJohn Intindolo
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docxLynellBull52
 
Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftAppsian
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfalokkesh
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxChapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxwalterl4
 

Similaire à Risk Management: A Holistic Organizational Approach (20)

Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 
Week 1Defining the Safety Management SystemSeveral years .docx
Week 1Defining the Safety Management SystemSeveral years .docxWeek 1Defining the Safety Management SystemSeveral years .docx
Week 1Defining the Safety Management SystemSeveral years .docx
 
800-37.pptx
800-37.pptx800-37.pptx
800-37.pptx
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
Testing
TestingTesting
Testing
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_Intindolo
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
 
Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoft
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxChapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
 

Dernier

Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchirictsugar
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadAyesha Khan
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 

Dernier (20)

Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchir
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 

Risk Management: A Holistic Organizational Approach

  • 1. Risk Management A Holistic Organizational Approach Norwich University – School of Graduate Studies MSIA Residency June 9, 2008 – Morning Session
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. The Need Today’s organizations face many challenges: Death by Committee Undefined Compliance Criteria Reporting Issues Lack of Resources This challenge continues to grow especially when you add in additional lines of business and geographically diverse locations.
  • 7.
  • 8. Source: Privacy Rights Clearinghouse
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.
  • 60. IT Security in the SDLC
  • 61.
  • 62.
  • 63.
  • 64.
  • 65.
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 75.
  • 77. Generic Blocks, Circles and Arrows - Copy/Paste the Objects Below or Use the Paint Brush on the Formatting Toolbar to Copy Colors onto Other Objects 1 1 Ascension Blue RGB Code: 42 - 57 -144 Standard RGB Code: 222 - 211 - 182 Ascension Green RGB Code: 152 - 202 - 60 Preferred Colors 1
  • 78. Ascension refers Ascension Risk Management, a Limited Liability Company located in Gwinnett County, Georgia. Ascension is a woman owned company providing information risk management services to small and medium sized organizations within the public and private sectors. Ascension is dedicated to helping our clients “Create Opportunity from Risk”™. For more information please visit our website: www.ascensionriskmanagement.com