SlideShare a Scribd company logo

Risk Management: A Holistic Organizational Approach

G
Graydon McKee

A presentation I gave at the 2008 MSIA Residency Week at Norwich University School of Graduate Studies.

Business
1 of 78
Risk Management A Holistic Organizational Approach Norwich University – School of Graduate Studies MSIA Residency June 9, 2008 – Morning Session
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Agenda ,[object Object],[object Object],[object Object],[object Object]
What is Risk Management? ,[object Object],[object Object]
The Need ,[object Object],[object Object],[object Object]
The Need Today’s organizations face many challenges: Death by Committee Undefined Compliance Criteria Reporting Issues Lack of Resources This challenge continues to grow especially when you add in additional lines of business and geographically diverse locations.
The Need ,[object Object],[object Object],[object Object]
Source: Privacy Rights Clearinghouse
The Benefits ,[object Object],[object Object]
The Benefits ,[object Object]
The Message ,[object Object],[object Object],[object Object]
Objectives ,[object Object],[object Object],[object Object],The essence of business is risk – the application of informed belief to contingencies whose outcomes can sometimes be predicted, but never known. ~ Judge William Chandler III
Risk Management ,[object Object],[object Object],[object Object],[object Object],[object Object]
Risk Assessment Process ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
System Categorization ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],How can you protect what you don’t know you have?
A Word about Categorization ,[object Object],[object Object]
Boundary Elements ,[object Object],[object Object],[object Object],[object Object],[object Object]
Boundary Elements ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Boundary Elements ,[object Object],[object Object],[object Object]
Boundary Elements ,[object Object]
Determining the Boundary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Determining the Boundary ,[object Object],[object Object],[object Object],[object Object],[object Object]
Determining the Boundary ,[object Object],[object Object],[object Object],[object Object],[object Object]
Determining the Boundary ,[object Object],[object Object]
Determining the Boundary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Boundary Summary ,[object Object]
Identifying Critical Information ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Identifying Critical Information ,[object Object],[object Object],[object Object],[object Object]
Identifying Critical Information ,[object Object],[object Object]
Identifying Critical Information ,[object Object],[object Object],[object Object]
System Wide Security Categorization ,[object Object],[object Object],[object Object],[object Object]
System Wide Security Categorization ,[object Object],[object Object]
Impact Levels ,[object Object],[object Object],[object Object],[object Object]
Low Impact* ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],* These definitions come from the FIPS 199
Moderate Impact ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
High Impact ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Impact Determination ,[object Object],[object Object]
Impact Determination ,[object Object],[object Object],[object Object],[object Object]
Aspects to Consider ,[object Object],[object Object],[object Object],[object Object],[object Object]
Aggregation ,[object Object],[object Object]
Aggregation ,[object Object]
Connectivity ,[object Object],[object Object]
Critical System Functionality ,[object Object]
Risk Assessment ,[object Object]
Threat Identification ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],The goal is to identify the potential for a threat source to use a specific vulnerability.
Vulnerability Identification ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Vulnerability: A flaw or weakness in system security procedures, design, implementation, or internal controls that could be used to create a security breach or a violation of the system’s security policy.
Control Analysis ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],The goal of this step is to review the security controls to determine if there are any that do not adequately minimize the likelihood or impact of an incident.
Likelihood Determination ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],The goal of this activity is to determine the probability of a particular vulnerability being exercised.
Impact Assessment ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],The goal for this activity is to determine the impact to the system and the organization’s mission.
Risk Determination ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],The goal of this step is to determine the overall level of risk to the system based on all the activities that we have performed so far.
Recommended Controls ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Recommended controls address the risks that are not deemed acceptable. The System Owner determines which controls to implement on a cost-benefit basis.
Now What? ,[object Object],[object Object],[object Object]
Control Implementation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Residual Risk ,[object Object],[object Object]
Where the rubber meets the road ,[object Object],[object Object]
Security and the SDLC – WHY? ,[object Object],[object Object],[object Object]
Incorporating Security into the SDLC ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Expressing Security Properties ,[object Object],[object Object]
Expressing Security Properties ,[object Object]
IT Security in the SDLC
Initiation ,[object Object],[object Object]
Initiation ,[object Object],[object Object],[object Object],[object Object]
Acquisition and Development ,[object Object],[object Object],[object Object]
Acquisition and Development ,[object Object],[object Object],[object Object],[object Object],[object Object]
A/D and Security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
A/D Tips ,[object Object],[object Object],[object Object]
Implementation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Implementation ,[object Object],[object Object]
Operations and Maintenance ,[object Object],[object Object],[object Object],[object Object],[object Object]
Operations and Maintenance ,[object Object],[object Object],[object Object],[object Object],[object Object]
Disposition ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Disposition – Security Considerations ,[object Object],[object Object],[object Object],[object Object],[object Object]
Keys to Risk Management Success ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Contact Information ,[object Object],[object Object],[object Object],[object Object]
Contributors ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Questions
Generic Blocks, Circles and Arrows - Copy/Paste the Objects Below or Use the Paint Brush on the Formatting Toolbar to Copy Colors onto Other Objects 1 1 Ascension Blue RGB Code: 42 - 57 -144 Standard RGB Code: 222 - 211 - 182 Ascension Green RGB Code: 152 - 202 - 60 Preferred Colors 1
Ascension refers Ascension Risk Management, a Limited Liability Company located in Gwinnett County, Georgia. Ascension is a woman owned company providing information risk management services to small and medium sized organizations within the public and private sectors. Ascension is dedicated to helping our clients “Create Opportunity from Risk”™. For more information please visit our website: www.ascensionriskmanagement.com

Recommended

Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapWAJAHAT IQBAL
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
Isaca crisc-courseware
Isaca crisc-coursewareIsaca crisc-courseware
Isaca crisc-coursewareLaxmi Bank
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30timmcguinness
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 

Recommended

Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapWAJAHAT IQBAL
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
Isaca crisc-courseware
Isaca crisc-coursewareIsaca crisc-courseware
Isaca crisc-coursewareLaxmi Bank
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30timmcguinness
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesManoj Agarwal
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainInfosecTrain
 
HITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to knowHITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to know➲ Stella Bridges
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Business Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryBusiness Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryEC-Council
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit ProcessRam Srivastava
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber SecurityLeon Fouche
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesGreenway Health
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
PRINCE2
PRINCE2PRINCE2
PRINCE2Suman Guha
 
The Mental Health Care Professional's Role in the SS Disability Determination...
The Mental Health Care Professional's Role in the SS Disability Determination...The Mental Health Care Professional's Role in the SS Disability Determination...
The Mental Health Care Professional's Role in the SS Disability Determination...Law Firm
 

More Related Content

What's hot

Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesManoj Agarwal
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainInfosecTrain
 
HITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to knowHITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to know➲ Stella Bridges
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Business Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryBusiness Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryEC-Council
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit ProcessRam Srivastava
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber SecurityLeon Fouche
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesGreenway Health
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 

What's hot (20)

Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | Infosectrain
 
HITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to knowHITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to know
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
Business Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryBusiness Continuity & Disaster Recovery
Business Continuity & Disaster Recovery
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit Process
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber Security
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
information security management
information security managementinformation security management
information security management
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
 

Viewers also liked

The Mental Health Care Professional's Role in the SS Disability Determination...
The Mental Health Care Professional's Role in the SS Disability Determination...The Mental Health Care Professional's Role in the SS Disability Determination...
The Mental Health Care Professional's Role in the SS Disability Determination...Law Firm
 
Using Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementUsing Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementJames Turnbull
 
Organisational culture
Organisational cultureOrganisational culture
Organisational cultureShilpi Panchal
 
Organisational behaviour
Organisational behaviourOrganisational behaviour
Organisational behaviourAprameya joshi
 
Risky business: Guide to Risk Management
Risky business: Guide to Risk ManagementRisky business: Guide to Risk Management
Risky business: Guide to Risk ManagementMichael Le
 
Product based Planning in Prince 2
Product based Planning in Prince 2Product based Planning in Prince 2
Product based Planning in Prince 2dmdk12
 
Risk identification & assessment techniques
Risk identification & assessment techniquesRisk identification & assessment techniques
Risk identification & assessment techniquesSachin Melwani
 
Requirement Determination Process
Requirement Determination ProcessRequirement Determination Process
Requirement Determination ProcessSourabh Arya
 
07 managing risk
07 managing risk07 managing risk
07 managing riskArun Asawa
 
swot analysis and porters model
swot analysis and porters model swot analysis and porters model
swot analysis and porters modelNISHIT KUMAR
 
what is swot analysis & Swot Analysis of a student.
what is swot analysis & Swot Analysis of a student.what is swot analysis & Swot Analysis of a student.
what is swot analysis & Swot Analysis of a student.Umer Alam Qureshi
 
Software configuration management
Software configuration managementSoftware configuration management
Software configuration managementfizamustanser
 

Viewers also liked (20)

PRINCE2
PRINCE2PRINCE2
PRINCE2
 
The Mental Health Care Professional's Role in the SS Disability Determination...
The Mental Health Care Professional's Role in the SS Disability Determination...The Mental Health Care Professional's Role in the SS Disability Determination...
The Mental Health Care Professional's Role in the SS Disability Determination...
 
Using Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementUsing Puppet - Real World Configuration Management
Using Puppet - Real World Configuration Management
 
Organisational culture
Organisational cultureOrganisational culture
Organisational culture
 
Organisational behaviour
Organisational behaviourOrganisational behaviour
Organisational behaviour
 
Du Pont Analysis
Du Pont AnalysisDu Pont Analysis
Du Pont Analysis
 
Organizational Risk Management
Organizational Risk Management Organizational Risk Management
Organizational Risk Management
 
Risky business: Guide to Risk Management
Risky business: Guide to Risk ManagementRisky business: Guide to Risk Management
Risky business: Guide to Risk Management
 
Management consultant Risk Guide
Management consultant Risk GuideManagement consultant Risk Guide
Management consultant Risk Guide
 
Product based Planning in Prince 2
Product based Planning in Prince 2Product based Planning in Prince 2
Product based Planning in Prince 2
 
Participant Guide risk management
Participant Guide risk managementParticipant Guide risk management
Participant Guide risk management
 
Risk identification & assessment techniques
Risk identification & assessment techniquesRisk identification & assessment techniques
Risk identification & assessment techniques
 
Requirement Determination Process
Requirement Determination ProcessRequirement Determination Process
Requirement Determination Process
 
Enterprise risk management presentation to APM SWWE branch
Enterprise risk management presentation to APM SWWE branchEnterprise risk management presentation to APM SWWE branch
Enterprise risk management presentation to APM SWWE branch
 
07 managing risk
07 managing risk07 managing risk
07 managing risk
 
Du pont analysis
Du pont analysisDu pont analysis
Du pont analysis
 
swot analysis and porters model
swot analysis and porters model swot analysis and porters model
swot analysis and porters model
 
what is swot analysis & Swot Analysis of a student.
what is swot analysis & Swot Analysis of a student.what is swot analysis & Swot Analysis of a student.
what is swot analysis & Swot Analysis of a student.
 
Manajemen risiko asuransi
Manajemen risiko asuransiManajemen risiko asuransi
Manajemen risiko asuransi
 
Software configuration management
Software configuration managementSoftware configuration management
Software configuration management
 

Similar to Risk Management: A Holistic Organizational Approach

Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxjoellemurphey
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of securityciso_insights
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
Week 1Defining the Safety Management SystemSeveral years .docx
Week 1Defining the Safety Management SystemSeveral years .docxWeek 1Defining the Safety Management SystemSeveral years .docx
Week 1Defining the Safety Management SystemSeveral years .docxcelenarouzie
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001Hiran Kanishka
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloJohn Intindolo
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docxLynellBull52
 
Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftAppsian
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfalokkesh
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxChapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxwalterl4
 

Similar to Risk Management: A Holistic Organizational Approach (20)

Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 
Week 1Defining the Safety Management SystemSeveral years .docx
Week 1Defining the Safety Management SystemSeveral years .docxWeek 1Defining the Safety Management SystemSeveral years .docx
Week 1Defining the Safety Management SystemSeveral years .docx
 
800-37.pptx
800-37.pptx800-37.pptx
800-37.pptx
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
Testing
TestingTesting
Testing
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_Intindolo
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
 
Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoft
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxChapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
 

Recently uploaded

Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 DelhiCall Girls in Delhi
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insightsseri bangash
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaShree Krishna Exports
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfOnline Income Engine
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 

Recently uploaded (20)

Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insights
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in India
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdf
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 

Risk Management: A Holistic Organizational Approach

  • 1. Risk Management A Holistic Organizational Approach Norwich University – School of Graduate Studies MSIA Residency June 9, 2008 – Morning Session
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. The Need Today’s organizations face many challenges: Death by Committee Undefined Compliance Criteria Reporting Issues Lack of Resources This challenge continues to grow especially when you add in additional lines of business and geographically diverse locations.
  • 7.
  • 8. Source: Privacy Rights Clearinghouse
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.
  • 60. IT Security in the SDLC
  • 61.
  • 62.
  • 63.
  • 64.
  • 65.
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 75.
  • 77. Generic Blocks, Circles and Arrows - Copy/Paste the Objects Below or Use the Paint Brush on the Formatting Toolbar to Copy Colors onto Other Objects 1 1 Ascension Blue RGB Code: 42 - 57 -144 Standard RGB Code: 222 - 211 - 182 Ascension Green RGB Code: 152 - 202 - 60 Preferred Colors 1
  • 78. Ascension refers Ascension Risk Management, a Limited Liability Company located in Gwinnett County, Georgia. Ascension is a woman owned company providing information risk management services to small and medium sized organizations within the public and private sectors. Ascension is dedicated to helping our clients “Create Opportunity from Risk”™. For more information please visit our website: www.ascensionriskmanagement.com