SlideShare une entreprise Scribd logo

Integrated Risk Management

Omicron Systems
Omicron Systems

A tool for efficiency and compliance, presented in 3rd CryCyIW Conference, Greece 2016.

Technologie
1  sur  26
Télécharger pour lire hors ligne
o The Problem / Complexity o ISO 31000 / 27001 / 20000 o NIST SP 800-30 rev.1 o Risk Management o Risk Modelling o The System / Login / Menu o Risk Assessment o Subsystems / Connection o Automation & Modelling o User Management o Internal Communication o Documentation & Support o Mitigation Strategy o Filters & Colours o Report Engine o Document Management o Risk Doc Templates o Risk Monitoring o Workflows o Audit Management o Reviews & Knowledge Mngt o Risk Scenario o Summary & Conclusion
Risk Migrate, so it’s difficult to identify them Grow fast suddenly ‘Hide’ due to limited physical oversight As systems have become more complex, integrated and connected to third parties, risks are growing exponentially and the security and control budget quickly reaches its limitations.
Risk Management – Principles and Guidelines Any type of risk, any type of industry Guide for conducting Risk Assessments USA Federal Information Systems & Organizations Security techniques – ISMS – Requirements IT Service Management - Requirements ITIL - COBIT
Establishing Context Risk Assessment Risk identification Risk analysis Risk evaluation Communication&Consultation Monitoring&Review Risk Treatment
Likelihood X Impact 5 categories used by Microsoft in the past. It provides a mnemonic for risk rating security threats. Base, Temporal and Environmental Metrics. Open Web Application Security Project 4 risk categories x 4 factors/impacts
A user identifies an event as a possible threat and opens a ticket to the system. He marks the record (priority field) as “Urgent” and an automated workflow sends a notification email to the team. In 5 minutes an engineer has received the notification. He examines the situation and creates a risk record to the system. Multiple incidents are recorded during the day from different users and for different things. Every manager sets the priorities for the next period, assigning activities to the members of his/her team. As he/she implements risk assessments, or approve mitigations, he always watches to key metrics and dashboard diagrams. Periodically and just before the external audits, he reviews all risks that have to be reviewed, he runs the report engine and conducts the risk assessment and treatment report. 2 times per year, top management reviews all the statistics and kpi’s. Especially, they want to know the most important things that happened and if the Targets are met.
• Evolving systems require good risk management • All members should collaborate during this process • Ideally, IT tools should be used for efficiency and compliance
We are trying our best! 1 str. Artis, Athens, GR www.osys.gr info@osys.gr 30 210 97 62 600 www.facebook.com/osys.gr @omicronsystems
Yiannis Issaris - Omicron Systems 3rd CryCybIW

Recommandé

Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Deepak Kamboj
 
Integrated risk management
Integrated risk managementIntegrated risk management
Integrated risk managementEndeavor Management
 
Risk Management & Information Security Management Systems
Risk Management & Information Security Management SystemsRisk Management & Information Security Management Systems
Risk Management & Information Security Management SystemsIT-Toolkits.org
 
Infographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionInfographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionCorporater
 
case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)ishan parikh production
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
App Showcase: Compliance
App Showcase: ComplianceApp Showcase: Compliance
App Showcase: ComplianceResolver Inc.
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 

Recommandé

Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Deepak Kamboj
 
Integrated risk management
Integrated risk managementIntegrated risk management
Integrated risk managementEndeavor Management
 
Risk Management & Information Security Management Systems
Risk Management & Information Security Management SystemsRisk Management & Information Security Management Systems
Risk Management & Information Security Management SystemsIT-Toolkits.org
 
Infographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionInfographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionCorporater
 
case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)ishan parikh production
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
App Showcase: Compliance
App Showcase: ComplianceApp Showcase: Compliance
App Showcase: ComplianceResolver Inc.
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 
Enterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormEnterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormGoutama Bachtiar
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementResolver Inc.
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk ManagementResolver Inc.
 
MISO L008 Disaster Recovery Plan
MISO L008 Disaster Recovery PlanMISO L008 Disaster Recovery Plan
MISO L008 Disaster Recovery PlanJan Wong
 
Risk and Business Continuity Management
Risk and Business Continuity Management Risk and Business Continuity Management
Risk and Business Continuity Management Continuity and Resilience
 
Directory: Regulatory & Risk Data
Directory: Regulatory & Risk DataDirectory: Regulatory & Risk Data
Directory: Regulatory & Risk DataConor Coughlan
 
Operational Risk Management and Bpm
Operational Risk Management and BpmOperational Risk Management and Bpm
Operational Risk Management and BpmNathaniel Palmer
 
Risk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingRisk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingContentAssets
 
CISSPills #3.04
CISSPills #3.04CISSPills #3.04
CISSPills #3.04Pierluigi Falcone, CISSP, CISM, CCSK, SABSA Foundation
 
Safety & Asset Integrity Excellence - A Study of Three Mile Island
Safety & Asset Integrity Excellence - A Study of Three Mile IslandSafety & Asset Integrity Excellence - A Study of Three Mile Island
Safety & Asset Integrity Excellence - A Study of Three Mile IslandKienbaum Consultants
 
Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk managementG3 intelligence Ltd
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 
Risk Management Case Study - Applied Concepts
Risk Management Case Study - Applied ConceptsRisk Management Case Study - Applied Concepts
Risk Management Case Study - Applied ConceptsResolver Inc.
 
Regulatory Risk
Regulatory RiskRegulatory Risk
Regulatory Risknikatmalik
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30timmcguinness
 
L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)Jan Wong
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteHernan Huwyler, MBA CPA
 
A holistic approach to Safety and Asset Integrity Excellence
A holistic approach to Safety and Asset Integrity ExcellenceA holistic approach to Safety and Asset Integrity Excellence
A holistic approach to Safety and Asset Integrity ExcellenceKienbaum Consultants
 
Building an Effective AML Program
Building an Effective AML ProgramBuilding an Effective AML Program
Building an Effective AML ProgramCorporater
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Risk Assessment: Approach to enhance Network Security
Risk Assessment: Approach to enhance Network SecurityRisk Assessment: Approach to enhance Network Security
Risk Assessment: Approach to enhance Network SecurityIJCSIS Research Publications
 
File000170
File000170File000170
File000170Desmond Devendran
 

Contenu connexe

Tendances

Enterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormEnterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormGoutama Bachtiar
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementResolver Inc.
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk ManagementResolver Inc.
 
MISO L008 Disaster Recovery Plan
MISO L008 Disaster Recovery PlanMISO L008 Disaster Recovery Plan
MISO L008 Disaster Recovery PlanJan Wong
 
Directory: Regulatory & Risk Data
Directory: Regulatory & Risk DataDirectory: Regulatory & Risk Data
Directory: Regulatory & Risk DataConor Coughlan
 
Operational Risk Management and Bpm
Operational Risk Management and BpmOperational Risk Management and Bpm
Operational Risk Management and BpmNathaniel Palmer
 
Risk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingRisk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingContentAssets
 
Safety & Asset Integrity Excellence - A Study of Three Mile Island
Safety & Asset Integrity Excellence - A Study of Three Mile IslandSafety & Asset Integrity Excellence - A Study of Three Mile Island
Safety & Asset Integrity Excellence - A Study of Three Mile IslandKienbaum Consultants
 
Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk managementG3 intelligence Ltd
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 
Risk Management Case Study - Applied Concepts
Risk Management Case Study - Applied ConceptsRisk Management Case Study - Applied Concepts
Risk Management Case Study - Applied ConceptsResolver Inc.
 
Regulatory Risk
Regulatory RiskRegulatory Risk
Regulatory Risknikatmalik
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30timmcguinness
 
L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)Jan Wong
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteHernan Huwyler, MBA CPA
 
A holistic approach to Safety and Asset Integrity Excellence
A holistic approach to Safety and Asset Integrity ExcellenceA holistic approach to Safety and Asset Integrity Excellence
A holistic approach to Safety and Asset Integrity ExcellenceKienbaum Consultants
 
Building an Effective AML Program
Building an Effective AML ProgramBuilding an Effective AML Program
Building an Effective AML ProgramCorporater
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 

Tendances (20)

Enterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormEnterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment Form
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk Management
 
MISO L008 Disaster Recovery Plan
MISO L008 Disaster Recovery PlanMISO L008 Disaster Recovery Plan
MISO L008 Disaster Recovery Plan
 
Risk and Business Continuity Management
Risk and Business Continuity Management Risk and Business Continuity Management
Risk and Business Continuity Management
 
Directory: Regulatory & Risk Data
Directory: Regulatory & Risk DataDirectory: Regulatory & Risk Data
Directory: Regulatory & Risk Data
 
Operational Risk Management and Bpm
Operational Risk Management and BpmOperational Risk Management and Bpm
Operational Risk Management and Bpm
 
Risk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingRisk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in Manufacturing
 
CISSPills #3.04
CISSPills #3.04CISSPills #3.04
CISSPills #3.04
 
Safety & Asset Integrity Excellence - A Study of Three Mile Island
Safety & Asset Integrity Excellence - A Study of Three Mile IslandSafety & Asset Integrity Excellence - A Study of Three Mile Island
Safety & Asset Integrity Excellence - A Study of Three Mile Island
 
Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk management
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
 
Risk Management Case Study - Applied Concepts
Risk Management Case Study - Applied ConceptsRisk Management Case Study - Applied Concepts
Risk Management Case Study - Applied Concepts
 
Regulatory Risk
Regulatory RiskRegulatory Risk
Regulatory Risk
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30
 
L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
 
A holistic approach to Safety and Asset Integrity Excellence
A holistic approach to Safety and Asset Integrity ExcellenceA holistic approach to Safety and Asset Integrity Excellence
A holistic approach to Safety and Asset Integrity Excellence
 
Building an Effective AML Program
Building an Effective AML ProgramBuilding an Effective AML Program
Building an Effective AML Program
 
Information Security
Information SecurityInformation Security
Information Security
 

Similaire à Integrated Risk Management

Risk Assessment: Approach to enhance Network Security
Risk Assessment: Approach to enhance Network SecurityRisk Assessment: Approach to enhance Network Security
Risk Assessment: Approach to enhance Network SecurityIJCSIS Research Publications
 
INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTINFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTNi
 
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptxPRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptxGraciaSuratos
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniyaseraljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniYaser Alrefai
 
RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™CPaschal
 
Risk Analysis
Risk AnalysisRisk Analysis
Risk AnalysisCIToolkit
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security ChallengesJorge Sebastiao
 
Online Training Information Security Management
Online Training Information Security ManagementOnline Training Information Security Management
Online Training Information Security Managementeasy2comply
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDoug Copley
 
Ultimate Guide to EHS Management.pptx
Ultimate Guide to EHS Management.pptxUltimate Guide to EHS Management.pptx
Ultimate Guide to EHS Management.pptxBIS Safety
 
Optimization of different objective function in risk assessment system
Optimization of different objective function in risk assessment systemOptimization of different objective function in risk assessment system
Optimization of different objective function in risk assessment systemAlexander Decker
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 Englishguest5bd7a1
 

Similaire à Integrated Risk Management (20)

Risk Assessment: Approach to enhance Network Security
Risk Assessment: Approach to enhance Network SecurityRisk Assessment: Approach to enhance Network Security
Risk Assessment: Approach to enhance Network Security
 
File000170
File000170File000170
File000170
 
INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTINFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENT
 
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptxPRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
 
Dealing with Operational and Ecosystem Risk
Dealing with Operational and Ecosystem RiskDealing with Operational and Ecosystem Risk
Dealing with Operational and Ecosystem Risk
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
Dj24712716
Dj24712716Dj24712716
Dj24712716
 
RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™
 
Risk Analysis
Risk AnalysisRisk Analysis
Risk Analysis
 
Level 2
Level 2Level 2
Level 2
 
Level 2
Level 2Level 2
Level 2
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security Challenges
 
Online Training Information Security Management
Online Training Information Security ManagementOnline Training Information Security Management
Online Training Information Security Management
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program Effectiveness
 
Information Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsInformation Serurity Risk Assessment Basics
Information Serurity Risk Assessment Basics
 
Ultimate Guide to EHS Management.pptx
Ultimate Guide to EHS Management.pptxUltimate Guide to EHS Management.pptx
Ultimate Guide to EHS Management.pptx
 
Optimization of different objective function in risk assessment system
Optimization of different objective function in risk assessment systemOptimization of different objective function in risk assessment system
Optimization of different objective function in risk assessment system
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course Preview
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 English
 

Dernier

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Dernier (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Integrated Risk Management

  • 1.
  • 2. o The Problem / Complexity o ISO 31000 / 27001 / 20000 o NIST SP 800-30 rev.1 o Risk Management o Risk Modelling o The System / Login / Menu o Risk Assessment o Subsystems / Connection o Automation & Modelling o User Management o Internal Communication o Documentation & Support o Mitigation Strategy o Filters & Colours o Report Engine o Document Management o Risk Doc Templates o Risk Monitoring o Workflows o Audit Management o Reviews & Knowledge Mngt o Risk Scenario o Summary & Conclusion
  • 3. Risk Migrate, so it’s difficult to identify them Grow fast suddenly ‘Hide’ due to limited physical oversight As systems have become more complex, integrated and connected to third parties, risks are growing exponentially and the security and control budget quickly reaches its limitations.
  • 4. Risk Management – Principles and Guidelines Any type of risk, any type of industry Guide for conducting Risk Assessments USA Federal Information Systems & Organizations Security techniques – ISMS – Requirements IT Service Management - Requirements ITIL - COBIT
  • 5. Establishing Context Risk Assessment Risk identification Risk analysis Risk evaluation Communication&Consultation Monitoring&Review Risk Treatment
  • 6. Likelihood X Impact 5 categories used by Microsoft in the past. It provides a mnemonic for risk rating security threats. Base, Temporal and Environmental Metrics. Open Web Application Security Project 4 risk categories x 4 factors/impacts
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23. A user identifies an event as a possible threat and opens a ticket to the system. He marks the record (priority field) as “Urgent” and an automated workflow sends a notification email to the team. In 5 minutes an engineer has received the notification. He examines the situation and creates a risk record to the system. Multiple incidents are recorded during the day from different users and for different things. Every manager sets the priorities for the next period, assigning activities to the members of his/her team. As he/she implements risk assessments, or approve mitigations, he always watches to key metrics and dashboard diagrams. Periodically and just before the external audits, he reviews all risks that have to be reviewed, he runs the report engine and conducts the risk assessment and treatment report. 2 times per year, top management reviews all the statistics and kpi’s. Especially, they want to know the most important things that happened and if the Targets are met.
  • 24. • Evolving systems require good risk management • All members should collaborate during this process • Ideally, IT tools should be used for efficiency and compliance
  • 25. We are trying our best! 1 str. Artis, Athens, GR www.osys.gr info@osys.gr 30 210 97 62 600 www.facebook.com/osys.gr @omicronsystems
  • 26. Yiannis Issaris - Omicron Systems 3rd CryCybIW