The impact of threats
description
Transcript of The impact of threats
Security & Risk Management
Firewalls, An--‐virus, An--‐spam
Security guards, Locks,
Nuts & bolts
It’s all about…
Security is not about…
Protec7ng the business against discon7nuity as a result of danger and risk
1. Damage to reputa-on 2. Business interrup-on 3. Third party liability 4. Distribu-on or supply chain failure 5. Market environment
Global Risk Management Survey AON, april 2007
Your concerns
6. Regulatory/legisla-ve changes 7. Failure to aUract or retain staff 8. Market risk (financial)
9. Physical damage
10. Merger/acquisi-on/restruc-ng
11. Failure of disaster recovery plan
Global Risk Management Survey AON, april 2007
More concerns
Shareholders' trust: Customers' trust:
Corporate viability Business integrity
Compe--ve advantage Service availability
Brand name value preserva-on Protec-on of customers' sensi-ve informa-on
Legal and regulatory compliance
CHRISTOS K. DIMITRIADIS in Soa & Woa: Informa-on Security from a Business Perspec-ve
Reputa7on = Trust
It takes years to build trust but a few seconds to destroy it
Opera-onal risk
Insurance risk
Liquidity risk Market risk
Credit risk
Enterprise risk
Types of risk
The risk of loss resul-ng from inadequate or failed internal processes, people and systems, or from external events.
Basel II
Opera7onal Risk
Define
Measure
Analyze Improve
Control
Managing Risk
Threats of natural origin;
Threats due to (consciously or unconscious) human ac-on;
Threats caused by technology.
Types of Threats
Start thinking in risks, stop thinking in security measures
To much
Mismatch
The challenge
• Business • Processes • Informa-on • Assets • Staff
What could hit (y)our…
Low High
Low
High
Probability
Impact
Risk = Impact of Risk x Probability of Occurrence
Risk
Risk taking
Risk neutral
Risk averse
Low High
Low
High
Probability
Impact
Risk appe7te
Share (transfer)
Avoidance (eliminate)
Reten-on (accept)
Reduc-on (mi-gate)
Low High
Low
High
Probability
Impact
Poten7al risk treatments
The biggest risk is the risk you don’t see
Arson
Fire
Loss of loca-on
Loss of produc-on
Loss of turnover
Cause and effect
DON’T AIM AT THE EFFECT, TRY TO PREVENT THE CAUSE
Think outside the circle…
‘Everything should be made as simple as possible, but not simpler’!Albert Einstein
Assess Risks
Manage Risks
Manage Incidents
…and keep it simple
Reputa-on damage is not the threat, it’s a consequence of something else.
Just like: • Loss of turnover • Loss of customers • Bad publicity • Regulators sanc-ons
Reputa7on
Do you want them to be compliant…
…or ‘in control’?
Compliance versus “in control”
Reading a book about skiing does not mean you know how to ski
(and even the best skiers can break a leg)
It’s just like skiing
Risk is percep7on
Whats your defini7on of skiing?
Fire
Reputa-on damage
Data leakage
Burglary
Virus
Customer loss Regulators
sanc-ons
SPAM
Flooding
Power failure
Fraud
Thel
Sabotage
Spionage
Errors
Bad publicity
System failure
Terrorism
Storm Strikes Incompetent
personnel
Effect: discon-nuity lost sales
increased costs
…and?
And if all goes wrong
Continuity!(based on risk assessment)
The holy grail
www.B-‐Mature.com of direct contact via info@b-‐mature.com …most organisa7ons never fully mature, they simply grow taller