SlideShare una empresa de Scribd logo
1 de 26
Descargar para leer sin conexión
Integrated Risk Management
o The Problem / Complexity
o ISO 31000 / 27001 / 20000
o NIST SP 800-30 rev.1
o Risk Management
o Risk Modelling
o The System / Login / Menu
o Risk Assessment
o Subsystems / Connection
o Automation & Modelling
o User Management
o Internal Communication
o Documentation & Support
o Mitigation Strategy
o Filters & Colours
o Report Engine
o Document Management
o Risk Doc Templates
o Risk Monitoring
o Workflows
o Audit Management
o Reviews & Knowledge Mngt
o Risk Scenario
o Summary & Conclusion
Risk
Migrate, so it’s difficult to identify them
Grow fast suddenly
‘Hide’ due to limited physical oversight
As systems have become more complex, integrated and connected to third parties, risks are growing exponentially and
the security and control budget quickly reaches its limitations.
Risk Management – Principles and
Guidelines
Any type of risk, any type of industry
Guide for conducting Risk Assessments
USA Federal Information Systems &
Organizations
Security techniques – ISMS –
Requirements
IT Service Management - Requirements
ITIL - COBIT
Establishing Context
Risk Assessment
Risk identification
Risk analysis
Risk evaluation
Communication&Consultation
Monitoring&Review
Risk Treatment
Likelihood X Impact
5 categories used by Microsoft in the past. It
provides a mnemonic for risk rating security
threats.
Base, Temporal and Environmental
Metrics.
Open Web Application Security Project
4 risk categories x 4 factors/impacts
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
A user identifies an event as a
possible threat and opens a
ticket to the system.
He marks the record (priority field) as
“Urgent” and an automated
workflow sends a notification
email to the team.
In 5 minutes an engineer has
received the notification. He
examines the situation and
creates a risk record to the
system.
Multiple incidents are recorded
during the day from different
users and for different things.
Every manager sets the priorities for
the next period, assigning
activities to the members of
his/her team.
As he/she implements risk
assessments, or approve
mitigations, he always
watches to key metrics and
dashboard diagrams.
Periodically and just before the
external audits, he reviews all
risks that have to be reviewed,
he runs the report engine and
conducts the risk assessment
and treatment report.
2 times per year, top management
reviews all the statistics and
kpi’s.
Especially, they want to know the
most important things that
happened and if the Targets
are met.
• Evolving systems require good risk management
• All members should collaborate during this process
• Ideally, IT tools should be used for efficiency and
compliance
We are trying our best!
1 str. Artis, Athens, GR
www.osys.gr
info@osys.gr
30 210 97 62 600
www.facebook.com/osys.gr
@omicronsystems
Yiannis Issaris - Omicron Systems
3rd CryCybIW

Más contenido relacionado

La actualidad más candente

Enterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormEnterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormGoutama Bachtiar
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementResolver Inc.
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk ManagementResolver Inc.
 
MISO L008 Disaster Recovery Plan
MISO L008 Disaster Recovery PlanMISO L008 Disaster Recovery Plan
MISO L008 Disaster Recovery PlanJan Wong
 
Directory: Regulatory & Risk Data
Directory: Regulatory & Risk DataDirectory: Regulatory & Risk Data
Directory: Regulatory & Risk DataConor Coughlan
 
Operational Risk Management and Bpm
Operational Risk Management and BpmOperational Risk Management and Bpm
Operational Risk Management and BpmNathaniel Palmer
 
Risk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingRisk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingContentAssets
 
Safety & Asset Integrity Excellence - A Study of Three Mile Island
Safety & Asset Integrity Excellence - A Study of Three Mile IslandSafety & Asset Integrity Excellence - A Study of Three Mile Island
Safety & Asset Integrity Excellence - A Study of Three Mile IslandKienbaum Consultants
 
Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk managementG3 intelligence Ltd
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 
Risk Management Case Study - Applied Concepts
Risk Management Case Study - Applied ConceptsRisk Management Case Study - Applied Concepts
Risk Management Case Study - Applied ConceptsResolver Inc.
 
Regulatory Risk
Regulatory RiskRegulatory Risk
Regulatory Risknikatmalik
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30timmcguinness
 
L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)Jan Wong
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteHernan Huwyler, MBA CPA
 
A holistic approach to Safety and Asset Integrity Excellence
A holistic approach to Safety and Asset Integrity ExcellenceA holistic approach to Safety and Asset Integrity Excellence
A holistic approach to Safety and Asset Integrity ExcellenceKienbaum Consultants
 
Building an Effective AML Program
Building an Effective AML ProgramBuilding an Effective AML Program
Building an Effective AML ProgramCorporater
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 

La actualidad más candente (20)

Enterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormEnterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment Form
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk Management
 
MISO L008 Disaster Recovery Plan
MISO L008 Disaster Recovery PlanMISO L008 Disaster Recovery Plan
MISO L008 Disaster Recovery Plan
 
Risk and Business Continuity Management
Risk and Business Continuity ManagementRisk and Business Continuity Management
Risk and Business Continuity Management
 
Directory: Regulatory & Risk Data
Directory: Regulatory & Risk DataDirectory: Regulatory & Risk Data
Directory: Regulatory & Risk Data
 
Operational Risk Management and Bpm
Operational Risk Management and BpmOperational Risk Management and Bpm
Operational Risk Management and Bpm
 
Risk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingRisk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in Manufacturing
 
CISSPills #3.04
CISSPills #3.04CISSPills #3.04
CISSPills #3.04
 
Safety & Asset Integrity Excellence - A Study of Three Mile Island
Safety & Asset Integrity Excellence - A Study of Three Mile IslandSafety & Asset Integrity Excellence - A Study of Three Mile Island
Safety & Asset Integrity Excellence - A Study of Three Mile Island
 
Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk management
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
 
Risk Management Case Study - Applied Concepts
Risk Management Case Study - Applied ConceptsRisk Management Case Study - Applied Concepts
Risk Management Case Study - Applied Concepts
 
Regulatory Risk
Regulatory RiskRegulatory Risk
Regulatory Risk
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30
 
L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
 
A holistic approach to Safety and Asset Integrity Excellence
A holistic approach to Safety and Asset Integrity ExcellenceA holistic approach to Safety and Asset Integrity Excellence
A holistic approach to Safety and Asset Integrity Excellence
 
Building an Effective AML Program
Building an Effective AML ProgramBuilding an Effective AML Program
Building an Effective AML Program
 
Information Security
Information SecurityInformation Security
Information Security
 

Similar a Integrated Risk Management

Risk Assessment: Approach to enhance Network Security
Risk Assessment: Approach to enhance Network SecurityRisk Assessment: Approach to enhance Network Security
Risk Assessment: Approach to enhance Network SecurityIJCSIS Research Publications
 
INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTINFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTNi
 
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptxPRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptxGraciaSuratos
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniyaseraljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniYaser Alrefai
 
RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™CPaschal
 
Risk Analysis
Risk AnalysisRisk Analysis
Risk AnalysisCIToolkit
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security ChallengesJorge Sebastiao
 
Risk Assessment And Its Effects On The Workplace
Risk Assessment And Its Effects On The WorkplaceRisk Assessment And Its Effects On The Workplace
Risk Assessment And Its Effects On The WorkplaceMarie Stars
 
Online Training Information Security Management
Online Training Information Security ManagementOnline Training Information Security Management
Online Training Information Security Managementeasy2comply
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDoug Copley
 
Ultimate Guide to EHS Management.pptx
Ultimate Guide to EHS Management.pptxUltimate Guide to EHS Management.pptx
Ultimate Guide to EHS Management.pptxBIS Safety
 
Optimization of different objective function in risk assessment system
Optimization of different objective function in risk assessment  systemOptimization of different objective function in risk assessment  system
Optimization of different objective function in risk assessment systemAlexander Decker
 

Similar a Integrated Risk Management (20)

Risk Assessment: Approach to enhance Network Security
Risk Assessment: Approach to enhance Network SecurityRisk Assessment: Approach to enhance Network Security
Risk Assessment: Approach to enhance Network Security
 
File000170
File000170File000170
File000170
 
INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTINFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENT
 
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptxPRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
 
Dealing with Operational and Ecosystem Risk
Dealing with Operational and Ecosystem RiskDealing with Operational and Ecosystem Risk
Dealing with Operational and Ecosystem Risk
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
Dj24712716
Dj24712716Dj24712716
Dj24712716
 
RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™
 
Risk Analysis
Risk AnalysisRisk Analysis
Risk Analysis
 
Level 2
Level 2Level 2
Level 2
 
Level 2
Level 2Level 2
Level 2
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security Challenges
 
Risk Assessment And Its Effects On The Workplace
Risk Assessment And Its Effects On The WorkplaceRisk Assessment And Its Effects On The Workplace
Risk Assessment And Its Effects On The Workplace
 
Online Training Information Security Management
Online Training Information Security ManagementOnline Training Information Security Management
Online Training Information Security Management
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program Effectiveness
 
Information Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsInformation Serurity Risk Assessment Basics
Information Serurity Risk Assessment Basics
 
Ultimate Guide to EHS Management.pptx
Ultimate Guide to EHS Management.pptxUltimate Guide to EHS Management.pptx
Ultimate Guide to EHS Management.pptx
 
Optimization of different objective function in risk assessment system
Optimization of different objective function in risk assessment  systemOptimization of different objective function in risk assessment  system
Optimization of different objective function in risk assessment system
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course Preview
 

Último

Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 

Último (20)

Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 

Integrated Risk Management

  • 2. o The Problem / Complexity o ISO 31000 / 27001 / 20000 o NIST SP 800-30 rev.1 o Risk Management o Risk Modelling o The System / Login / Menu o Risk Assessment o Subsystems / Connection o Automation & Modelling o User Management o Internal Communication o Documentation & Support o Mitigation Strategy o Filters & Colours o Report Engine o Document Management o Risk Doc Templates o Risk Monitoring o Workflows o Audit Management o Reviews & Knowledge Mngt o Risk Scenario o Summary & Conclusion
  • 3. Risk Migrate, so it’s difficult to identify them Grow fast suddenly ‘Hide’ due to limited physical oversight As systems have become more complex, integrated and connected to third parties, risks are growing exponentially and the security and control budget quickly reaches its limitations.
  • 4. Risk Management – Principles and Guidelines Any type of risk, any type of industry Guide for conducting Risk Assessments USA Federal Information Systems & Organizations Security techniques – ISMS – Requirements IT Service Management - Requirements ITIL - COBIT
  • 5. Establishing Context Risk Assessment Risk identification Risk analysis Risk evaluation Communication&Consultation Monitoring&Review Risk Treatment
  • 6. Likelihood X Impact 5 categories used by Microsoft in the past. It provides a mnemonic for risk rating security threats. Base, Temporal and Environmental Metrics. Open Web Application Security Project 4 risk categories x 4 factors/impacts
  • 23. A user identifies an event as a possible threat and opens a ticket to the system. He marks the record (priority field) as “Urgent” and an automated workflow sends a notification email to the team. In 5 minutes an engineer has received the notification. He examines the situation and creates a risk record to the system. Multiple incidents are recorded during the day from different users and for different things. Every manager sets the priorities for the next period, assigning activities to the members of his/her team. As he/she implements risk assessments, or approve mitigations, he always watches to key metrics and dashboard diagrams. Periodically and just before the external audits, he reviews all risks that have to be reviewed, he runs the report engine and conducts the risk assessment and treatment report. 2 times per year, top management reviews all the statistics and kpi’s. Especially, they want to know the most important things that happened and if the Targets are met.
  • 24. • Evolving systems require good risk management • All members should collaborate during this process • Ideally, IT tools should be used for efficiency and compliance
  • 25. We are trying our best! 1 str. Artis, Athens, GR www.osys.gr info@osys.gr 30 210 97 62 600 www.facebook.com/osys.gr @omicronsystems
  • 26. Yiannis Issaris - Omicron Systems 3rd CryCybIW