Submit Search
Upload
IT Risk Management
•
9 likes
•
3,743 views
C
chrismuffat
Follow
Enterprises are dependent on IT and need to cross IT silos for consistent risk management
Read less
Read more
Technology
Business
Economy & Finance
Report
Share
Report
Share
1 of 35
Recommended
IT Risk Management
IT Risk Management
Dinas Komunikasi dan Informatika
Mastering Information Technology Risk Management
Mastering Information Technology Risk Management
Goutama Bachtiar
Enterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment Form
Goutama Bachtiar
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30
timmcguinness
Trends in the commoditisation of information technology and the need for stra...
Trends in the commoditisation of information technology and the need for stra...
Alan McSweeney
AXELOS - PRINCE2® Foundation
AXELOS - PRINCE2® Foundation
Mirosław Dąbrowski C-level IT manager, CEO, Agile, ICF Coach, Speaker
Emotional intelligence - SoftSkills - Scci'14
Emotional intelligence - SoftSkills - Scci'14
SoftSkills-SCCI14
Project governance
Project governance
Glen Alleman
Recommended
IT Risk Management
IT Risk Management
Dinas Komunikasi dan Informatika
Mastering Information Technology Risk Management
Mastering Information Technology Risk Management
Goutama Bachtiar
Enterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment Form
Goutama Bachtiar
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30
timmcguinness
Trends in the commoditisation of information technology and the need for stra...
Trends in the commoditisation of information technology and the need for stra...
Alan McSweeney
AXELOS - PRINCE2® Foundation
AXELOS - PRINCE2® Foundation
Mirosław Dąbrowski C-level IT manager, CEO, Agile, ICF Coach, Speaker
Emotional intelligence - SoftSkills - Scci'14
Emotional intelligence - SoftSkills - Scci'14
SoftSkills-SCCI14
Project governance
Project governance
Glen Alleman
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
Goutama Bachtiar
Project Governance Model
Project Governance Model
Constient
Six Sigma For Managers
Six Sigma For Managers
Yodhia Antariksa
ISO 27005 Risk Assessment
ISO 27005 Risk Assessment
Smart Assessment
Ms project 2016 overview
Ms project 2016 overview
Maher Almohamad
Implementing Effective Enterprise Architecture
Implementing Effective Enterprise Architecture
Leo Shuster
Risk assessment principles and guidelines
Risk assessment principles and guidelines
Haris Tahir
Risk assessment presentation
Risk assessment presentation
mmagario
Asset, Vulnerability, Threat, Risk & Control
Asset, Vulnerability, Threat, Risk & Control
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
Risk Management
Risk Management
cgeorgeo
Introduction to IOT & Smart City
Introduction to IOT & Smart City
Dr. Mazlan Abbas
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk Management
jiricejka
Practical Use of Microsoft Project for Project Managers
Practical Use of Microsoft Project for Project Managers
Steve Gladstone
Structured Approach to Solution Architecture
Structured Approach to Solution Architecture
Alan McSweeney
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
charlottematthew16
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
Zilliz
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
More Related Content
Viewers also liked
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
Goutama Bachtiar
Project Governance Model
Project Governance Model
Constient
Six Sigma For Managers
Six Sigma For Managers
Yodhia Antariksa
ISO 27005 Risk Assessment
ISO 27005 Risk Assessment
Smart Assessment
Ms project 2016 overview
Ms project 2016 overview
Maher Almohamad
Implementing Effective Enterprise Architecture
Implementing Effective Enterprise Architecture
Leo Shuster
Risk assessment principles and guidelines
Risk assessment principles and guidelines
Haris Tahir
Risk assessment presentation
Risk assessment presentation
mmagario
Asset, Vulnerability, Threat, Risk & Control
Asset, Vulnerability, Threat, Risk & Control
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
Risk Management
Risk Management
cgeorgeo
Introduction to IOT & Smart City
Introduction to IOT & Smart City
Dr. Mazlan Abbas
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk Management
jiricejka
Practical Use of Microsoft Project for Project Managers
Practical Use of Microsoft Project for Project Managers
Steve Gladstone
Structured Approach to Solution Architecture
Structured Approach to Solution Architecture
Alan McSweeney
Viewers also liked
(14)
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
Project Governance Model
Project Governance Model
Six Sigma For Managers
Six Sigma For Managers
ISO 27005 Risk Assessment
ISO 27005 Risk Assessment
Ms project 2016 overview
Ms project 2016 overview
Implementing Effective Enterprise Architecture
Implementing Effective Enterprise Architecture
Risk assessment principles and guidelines
Risk assessment principles and guidelines
Risk assessment presentation
Risk assessment presentation
Asset, Vulnerability, Threat, Risk & Control
Asset, Vulnerability, Threat, Risk & Control
Risk Management
Risk Management
Introduction to IOT & Smart City
Introduction to IOT & Smart City
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk Management
Practical Use of Microsoft Project for Project Managers
Practical Use of Microsoft Project for Project Managers
Structured Approach to Solution Architecture
Structured Approach to Solution Architecture
Recently uploaded
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
charlottematthew16
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
Zilliz
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
ScyllaDB
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Alfredo García Lavilla
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Patryk Bandurski
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Wonjun Hwang
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Miki Katsuragi
Recently uploaded
(20)
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
IT Risk Management
1.
+ IT Risk Management Information
Security & Privacy Conference - Paris Christopher Muffat 16 February 2012 © SecRisk Consulting Ltd – Christopher Muffat 2012
2.
+
Agenda Overview Why Care About IT-related Risk? IT Incidents: the Quiz (IT Happened!) What’s IT Risk? How to manage it? Threat & Incident Management Insight 2011: Verizon Study The Challenge – Visibility on complex IT Infrastructure. Internal Threat External Threat Fraud & Investigation IT Risk Governance IT Risk : the Technology Centric legacy. Integrating IT Risk within ERM IT Risk Management: the Hidden Benefit Question ? © SecRisk Consulting Ltd – Christopher Muffat 2012
3.
+ Overview
IT Risk Management © SecRisk Consulting Ltd – Christopher Muffat 2012
4.
+
Overview Why Care About IT-related Risk? Enterprises are dependent on IT Need to cross IT silos of risk management Important to integrate with existing levels of risk management practices © SecRisk Consulting Ltd – Christopher Muffat 2012
5.
+
Overview Why Care About IT-related Risk? An IT risk management program is crucial in not only managing the enterprise's exposure to risks, but also improving overall business decision making. Enterprises must periodically assess and continuously improve their risk management maturity levels. © SecRisk Consulting Ltd – Christopher Muffat 2012
6.
+ Overview
Getting visibility on IT Risk © SecRisk Consulting Ltd – Christopher Muffat 2012
7.
+
Overview IT Risk Management: What? Visibility on IT Risk. The domain of IT Risk can be visually represented as 4 intersecting landscapes of: Threat Asset Impact Control understand and manage risk The organization’s capability to requires information from each landscape. Security metrics, then, should create knowledge that improves management’s capability to make decisions and execute on them. © SecRisk Consulting Ltd – Christopher Muffat 2012
8.
+
Overview IT Risk Management: What? Visibility on IT Risk. Business Impact IT Control Operational Preventative Legal Detective Reputation Limitative Asset Landscape: IT Threat Information Compromising Integrity IT Infrastructure Confidentiality Involving Data Breach Business Processes Availability Disruption of IT Services © SecRisk Consulting Ltd – Christopher Muffat 2012
9.
+
Overview IT Risk Management: How? 3 Essentials Activities Risk Governance Responsibility and accountability for risk Risk appetite and tolerance Awareness and communication Risk culture Risk Evaluation Risk scenarios Business impact descriptions Risk Response Key risk indicators (KRIs) Risk response definition and prioritization © SecRisk Consulting Ltd – Christopher Muffat 2012
10.
+
Overview IT Risk Management: How? Standards and Frameworks. Type of Standards and Frameworks available: Enterprise risk management oriented IT Security oriented Hybrid: Risk-IT (ISACA) © SecRisk Consulting Ltd – Christopher Muffat 2012
11.
+
Overview IT Risk Management: How? e-GRC: From tactical to strategic tool The e-GRC platform market has expanded from a tactical focus on regulatory compliance to a strategic focus on enterprise risk management. Many vendors are looking toward the next market phase, which includes adding or integrating with business performance management and score carding capabilities. Source: Gartner © SecRisk Consulting Ltd – Christopher Muffat 2012
12.
+ Overview
IT Risk Incident: The QUIZ © SecRisk Consulting Ltd – Christopher Muffat 2012
13.
+
Overview IT Risk Management: IT Happened Rogue & Unauthorized Trading 2011: Rogue trader has caused it an 2008: The trading loss incident for estimated loss of €2 billion, stunning breach of trust, forgery and a beleaguered banking industry that unauthorized use of the bank's has proven vulnerable to computers. unauthorized trades. Financial Loss: €2 Billions Financial Loss: €5 Billions Reputation impact: ***** Reputation impact: ***** © SecRisk Consulting Ltd – Christopher Muffat 2012
14.
+
Overview IT Risk Management: IT Happened Data leakage 2010: Worldwide electronic leader 2008: Failing to properly manage had to interrupt its gaming network the risks associated with the security during 23 days, due to hacking acts, of customer information, in the due to data leakage of 100 millions context of an outsourcing program client accounts, 58 claims. in South Africa. Financial Loss: €130 M Financial Loss: €2 M (FSA Fine) Reputation impact: ***** Reputation impact: ** © SecRisk Consulting Ltd – Christopher Muffat 2012
15.
+
Overview IT Risk Management: IT Happened Information System Failure 2010: One of Singapore's largest banks, 2010: Industrial Average of one of the G8 suffered a major IT system crash country plunged about 1000 points (around affecting the bank’s commercial and consumer 9%), only to recover flash crash losses within banking systems. The bank has been minutes, due unusual sell of E-Mini blamed by the Monetary Authority of S&P 500 contracts and high-frequency Singapore insufficient (MAS) for trades. oversight of the maintenance, functional and operational practices and controls employed by its provider IBM. Financial Loss: US stock market Flash Crash Financial Loss: €135 M Reputation impact: n/a Reputation impact: *** © SecRisk Consulting Ltd – Christopher Muffat 2012
16.
+
Overview IT Risk Management: IT Happened Data theft and Insider threat 2009: Personal details of 24000 2008: One of the largest worldwide Private Bank clients have been stolen and bank had lost a CD containing 180’000 given to the French tax authorities costumers’ information and have been by Herve Falciani, an IT specialist. FINMA fined by the FSA more than £3m for has reprimanded the bank for failing to adequately protect deficiencies in its internal organization confidential details from being lost or and IT controls. stolen. Lack of training, lack of IT security (no data encryption) have been highlighted as the main issue. Financial Loss: Unknown Financial Loss: €3,5 M (FSA Fine) Reputation impact: ***** Reputation impact: **** © SecRisk Consulting Ltd – Christopher Muffat 2012
17.
+ Threat &
Incident Management The Challenge: Visibility and Traceability © SecRisk Consulting Ltd – Christopher Muffat 2012
18.
+
Threat & Incident Management The Challenge: Visibility and Traceability IT Threats’ visibility and traceability challenge the IT Risk & IT Security professionals due to complex IT environment and evolved attacks. Understanding how the workstation, servers, network and application are is used, having a consolidated view and dashboard of the overall IT Risk posture is not an out-of-the-box tool. Knowing threats and risks to the infrastructure requires a detailed, structured and/or correlated Information System’s logs. Business-critical visibility into specific behaviors by end users for effective remediation by your security and operations teams is mandatory to ensure a reliable incident management service. © SecRisk Consulting Ltd – Christopher Muffat 2012
19.
+
Threat & Incident Management The Challenge: Visibility and Traceability on Threats The different type tools: External Threat: Firewall Intrusion Prevention System (IPS) Internal Threat: Antivirus DLP Desktop monitoring (Nexthink) Incident: Fraud & Investigation: SIEM Forensics (Encase) © SecRisk Consulting Ltd – Christopher Muffat 2012
20.
+ Threat &
Incident Management Technical Solution © SecRisk Consulting Ltd – Christopher Muffat 2012
21.
+
Threat & Incident Management External Threat Enterprise Network Firewall The enterprise network firewall market is one of the largest and most mature security markets. Network Firewall Leaders: Juniper Network Checkpoint Software Cisco McAfee Fortinet Palo Alto Networks The enterprise network firewall market has entered an evolutionary period, as disruption is brought on by increasingly sophisticated and targeted threats, virtualization, and business process changes. © SecRisk Consulting Ltd – Christopher Muffat 2012
22.
+
Threat & Incident Management External Threat Network Intrusion Prevention System (IPS) Network intrusion prevention systems (IPSs) can detect and block attacks, and can act as prepatch shields for system and application. IPSs include intrusion detection as a subset of capabilities, and have long since eclipsed the detection-only market Network IPS Leaders: Tipping Point McAfee Source Fire Cisco Juniper Network The network IPS market continues to mature and evolve, and has become a due-diligence safeguard. Evolving threats mean that vendors that stand still risk becoming irrelevant © SecRisk Consulting Ltd – Christopher Muffat 2012
23.
+
Threat & Incident Management Internal Threat Malware Malware effectiveness continues to accelerate, while vendors are busy polishing increasingly ineffective solutions and doing little to fundamentally reduce the attack surface and protect users. Antivirus Leaders: Symantec McAfee Trend Micro Vendors did not show considerable movement since couple of years. Malware detection accuracy has not improved significantly, while malware is improving in efficiency and volume. © SecRisk Consulting Ltd – Christopher Muffat 2012
24.
+
Threat & Incident Management Internal Threat Data Loss Prevention (DLP) The Data Loss Prevention market has gone through a significant shift. Vendor consolidation has slowed, and the market has bifurcated into “high-end” enterprise capabilities and “low-end” channel capabilities offering more choices to organizations of all sizes and needs. DLP Leaders: Symantec McAfee Websense RSA DLP Strategy should address the fundamental question: Will channel DLP be sufficient to address the sensitive data requirement? © SecRisk Consulting Ltd – Christopher Muffat 2012
25.
+
Threat & Incident Management Fraud & Investigation Security Information Event Management (SIEM) Broad adoption of SIEM technology is driven by both security and compliance needs. Targeted attack discovery requires effective user activity, data access and application activity monitoring. SIEM Leaders: HP/ArcSight RSA Envison Q1 Labs Symentec Loglogic SIM - Security Information Management: log management and compliance reporting. SEM - Security Event Management: real time monitoring and incident management for security-related event from network, security devices, systems and applications. SIEM provides a mix of compliance and threat management capabilities but remains difficult to implement within complex IT environment. © SecRisk Consulting Ltd – Christopher Muffat 2012
26.
+ Threat &
Incident Management Insight © SecRisk Consulting Ltd – Christopher Muffat 2012
27.
+
Threat & Incident Management Insight 2011 How do breaches occur? Who is behind data breaches? XX% utilized some form of hacking XX% stemmed from external agents XX% incorporated malware XX% implicated insiders XX% involved physical attacks X% involved multiple parties XX% resulted from privilege misuse <X% resulted from business partners XX% employed social tactics What commonalities exist? XX% of victims were targets of opportunity XX% of attacks were not highly difficult XX% of all data was compromised from servers 2011 Study XX % were discovered by a third party XX% of breaches were avoidable through Source: Verizon simple or intermediate controls © SecRisk Consulting Ltd – Christopher Muffat 2012
28.
+
Threat & Incident Management Insight 2011 How do breaches occur? Who is behind data breaches? 50% utilized some form of hacking 92% stemmed from external agents 49% incorporated malware 17% implicated insiders 29% involved physical attacks 9% involved multiple parties 17% resulted from privilege misuse <1% resulted from business partners 11% employed social tactics What commonalities exist? 83% of victims were targets of opportunity 92% of attacks were not highly difficult 76% of all data was compromised from servers 2011 Study 86 % were discovered by a third party 96% of breaches were avoidable through simple or intermediate controls © SecRisk Consulting Ltd – Christopher Muffat 2012
29.
+ Governance
IT Risk Management © SecRisk Consulting Ltd – Christopher Muffat 2012
30.
+
IT Risk Governance IT Risk : the Technology Centric legacy The technology centric legacy brought IT Risk above the ITO (Chief Information Risk Officer), which does not allow an easy way to understand the business risk requirements. IT Operation Risk Management Business Operational Internal IT Risk IT Security Continuity Risk Control © SecRisk Consulting Ltd – Christopher Muffat 2012
31.
+
IT Risk Governance Integrating IT Risk within ERM Good business security and risk management requires mature continuity management, compliance, identity and access management, information security management, privacy, and risk management practices. © SecRisk Consulting Ltd – Christopher Muffat 2012
32.
+
IT Risk Governance Integrating IT Risk within ERM Improvements in maturity across this 6 security and risk management domains means moving beyond a technology-centric approach to one that takes into account the enterprise's business requirements and associated risks. Risk Management Information Security Compliance Privacy Identity & Access Management Business Continuity © SecRisk Consulting Ltd – Christopher Muffat 2012
33.
+
IT Risk Governance the Hidden Benefits As maturity improves on IT Risk programs (based on the 6 security and risk areas), the risk posture of the organization also improves, leading to reduced costs and improved performance. Reaching the highest level of program maturity may not be possible, but continuous process improvement to advance maturity levels is possible and necessary. © SecRisk Consulting Ltd – Christopher Muffat 2012
34.
Any Question?
+ IT Risk Management © SecRisk Consulting Ltd – Christopher Muffat 2012
35.
Thanks
+ Christopher Muffat christopher.muffat(at)gmail.com LinkedIn: http://uk.linkedin.com/in/informationsecurityrisk Twitter: https://twitter.com/#!/TheDataBreach © SecRisk Consulting Ltd – Christopher Muffat 2012