Risk management automation

50 %
50 %
Information about Risk management automation

Published on March 10, 2014

Author: shyamdicaprio

Source: slideshare.net

Risk Management By Shyam

DISCLAIMER(S) • The opinion here represented are my personal ones and do not necessary reflect my employers views. • Registered brands belong to their legitimate owners. • The information contained in this presentation does not break any intellectual property, nor does it provide detailed information that may be in conflict with any laws (hopefully...) :) 2


Personal Risk Management 4

Ideal Risk Management A Prioritization process is followed whereby the risks with the greatest (impact) and the greatest probability (likelihood) of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled in descending order. 5

Impact vs Likelihood 6

Risk management methodologies • NIST SP 800-30 framework • ISO 27005 framework • ISO 31000 Risk Management principles and guidelines • PRISM framework •OWASP Risk rating methodology •COSO Enterprise risk management- Integrated framework •OCTAVE •ISF Information risk assessment methodologies (IRAM) •ISACA risk IT 7

Problem • These are somebody else’s vision of what risk management should be. • At best they are a guideline to give you examples of what others are doing. •At worst they make risk management look overly complicated and make it difficult to get started. 8

Defining Risk • Risk is the potential that a chosen action or activity (including the choice of inaction) will lead to a loss (an undesirable outcome). 9

Risk can apply to • Economic risk •Health, Safety, and Environment •IT and InfoSec •Insurance •Business and management •Finance •Security 10

Risk formula •Likelihood: The probability of something occurring. •Impact: The expected loss if that event occurs. •Classic formula •Risk= Likelihood*Impact 11

Make your risk formula fit you • Weighting Impact RISK= LIKELIHOODxIMPACT+IMPACT 12


Be Flexible!! •Risk management needs to be a custom fit for your organization and your formula needs to reflect that. •Your formula can (and likely will) change. •Wherever you are tracking risks should be able to dynamically update risk based on the updated formula. •No word documents •No excel documents •No static formats 14

Determining risks Convince your peers that documenting risks is CYOA and you’ll have more risks than you know what to do with. • Network vulnerability scanners •Application vulnerability scanners •Security mailing lists • Security blogs •Code Reviews 15

Evaluating a risk Is the risk acceptable? Is the likelihood or impact low enough that I’m willing to simply accept the consequences if it happens. Is the risk transferrable? •Could I purchase insurance or some other measure to transfer the impact of the risk to another party. Is the risk reducable? • Is there some sort of mitigation that could be put in place to reduce the impact or likelihood of the risk. 16

Determining a response 17

Risk management is cyclical 18

Risk review process • May depend on how lean your organization is on management structure. • Raise the visibility of high level risks. • High Risk =VP •Medium Risk =Director • Low Risk = Area Manager •Risk should be re-reviewed regularly. • High Risk = Monthly •Medium Risk = Semi-Monthly • Low Risk = Annually 19

Risk management is not • It is not a process for avoiding risk. •The aim of risk management is not to eliminate risk, rather to manage the risks involved in business activities to maximize opportunities and minimize adverse effects. •Note: Risk management is not the management of insurable risks. Insurance is an important way of transferring risk but most risks will be managed by other means. 20

Deriving Value • Order by risk level. •Group if the mitigations are the same. •Pass back to various teams stating that project X was approved for consideration in next budget cycle. 21

Tools for enterprise risk management •Most enterprise tools fall into a category called “GRC” (Governance, Risk & Compliance). These tools are easily $100+. •Bwise GRC Platform •RSA Archer eGRC •SAP GRC •Oracle GRC •Spreadsheets  •Any good tools out there? 22

FixNix Risk management 23

FixNix Document a risk 24

FixNix risk mitigation 25

FixNix risk review 26


GOOD Risk management A good risk management is that where the risks are easily managed , mitigated and continuously reviewed. 28

QUESTIONS?? Sheyamselvaraj Shyamdicaprio or gRc_sham or 29

Add a comment

Related pages

Risk Management in Automation and Power Industries

Risk in automation and power industries 1 Introduction Industry Landscape The risk management process has undergone rapid evolution since the last century.
Read more

Automation as a Component of IT Risk Management | ITworld

UC4 Software – As enterprise software is increasingly used to automate complex business processes, IT is becoming an increasingly important factor for ...
Read more

The Risks of Automation - Nonprofit Risk Management Center

February 24, 2010. The Risks of Automation By Melanie Lockwood Herman. During a recent flight to the west coast I had the opportunity to see a film titled ...
Read more

Project Management from Rockwell Automation

Rockwell Automation project managers can help reduce implementation time and risk with the use of standardized, tested, repeatable engineering and ...
Read more

Software Risk Management: Using the Automated Tools

Software Risk Management: Using the Automated Tools Sergey M. Avdoshin, Elena Y. Pesotskaya School of Software Engineering, Software Management Department ...
Read more

Risk Management for Laboratory Automation Projects

Risk management. To overcome possible poor implementation or failure of a LIMS or laboratory automation project, risk management should be ...
Read more

Automated Risk Management Using NIST Standards

Automated Risk Management Using NIST Standards ... The overall risk management process is shown below in graphical ... Automation Risk Management programs.
Read more

How to improve project risk management with automation ...

As a discipline, project risk management is an integral part of project management practices. It is found in common methodologies such as the PRINCE2 ...
Read more

Benefits of IT Risk Management Automation

All registrants will be entered into a draw to win an Apple iPad. Automating the IT Risk Management process is critical for organizations who want to ...
Read more

GRC Solutions | Modulo

GRC Solutions; Third Party Risk Management; ... When technology risk management and regulatory pressures complicate ... and risk scorecards; Automation: ...
Read more