Systemic Approach of
RIsk Management
(SARIM)
Sébastien Pineau
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor...
Trusted Hub ?
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
ICT PUBLIC SUPPORT
POLITICAL LEVEL
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
ICT ENABLERS
INFRASTRUCTURES
ICT PUBLIC SUPPORT
ICT ENABLERS
SERVICES
POLITICAL LEVEL
RESEARCH
AND
DEVELOPMENT
MARKET ANAL...
POLITICAL LEVEL
ICT PUBLIC SUPPORT
RESEARCH
AND
DEVELOPMENT
REGULATORY
ENVIRONMENT
ICT ENABLERS
INFRASTRUCTURES
ICT ENABLE...
Bank
Data center
Telco
Gaming
ePayment
Scanning
Telco
Data center Data center
Telco
Cloud
Hospital
TelcoLaboratory
Integra...
Bank
Data center
Telco
Gaming
ePayment
Scanning
Telco
Data center Data center
Telco
Cloud
Hospital
TelcoLaboratory
Integra...
Bank
Data center
Telco
Gaming
ePayment
Scanning
Telco
Data center Data center
Telco
Cloud
Hospital
TelcoLaboratory
Integra...
Bank
Data center
Telco
Gaming
ePayment
Scanning
Telco
Data center Data center
Telco
Cloud
Hospital
TelcoLaboratory
Integra...
Bank
Data center
Telco
Gaming
ePayment
Scanning
Telco
Data center Data center
Telco
Cloud
Hospital
TelcoLaboratory
Integra...
Bank
Data center
Telco
Gaming
ePayment
Scanning
Telco
Data center Data center
Telco
Cloud
Hospital
TelcoLaboratory
Integra...
Telco
Telco
Telco
Telco
First challenge: sector
Bank
Data center
Gaming
ePayment
Scanning
Data center Data center
Cloud
Ho...
Telco
Telco
Telco
Telco
First challenge: sector
Infrastructure
External infrastructure services
Application components and...
Scanning
Data center
Bank
Data center
Telco
Gaming
ePaymentTelco
Data center
Telco
Cloud
Hospital
TelcoLaboratory
Integrat...
ScanningData center
Second challenge: B to B
ASSETS
VULNERABILITIES
CONTROLS
SERVICES
OBJECTIVES
IMPACTS
RISK
INTERFACE
Lu...
BankScanning
Data center Data center
Telco
Data center
Telco
Gaming
ePaymentTelco
Cloud
Hospital
TelcoLaboratory
Integrato...
BankScanning
Data center Data center
Telco
Third challenge: service system
Luxembourg Trusted ICT Ecosystem - Copyright CR...
Bank
Data center
Telco
Gaming
ePayment
Scanning
Telco
Data center Data center
Telco
Cloud
Hospital
TelcoLaboratory
Integra...
Previous experiences and partnerships
Previous and current projects:
- ISMS-PME, Cassis… - Grif, Progress
- Interoperabili...
Objectives and key figures
Objective 1 – Merge risk management methodologies and systemic concepts
Objective 2 – Define in...
Data center
Hospital
TelcoLaboratory
Health Modelling project
Radiology Lab
Doctor
Luxembourg Trusted ICT Ecosystem - Copy...
Data center
Hospital
TelcoLaboratory
Health Modelling project
Radiology Lab
Doctor
Luxembourg Trusted ICT Ecosystem - Copy...
Health Model
Architecture
Health Modelling project
Model
Transformation
Meta Model
Integration
Health Industry
Reference M...
Research agenda at
TUDOR/LIST
Prof. Dr. Eric Dubois
(Director of Service Science &
Innovation department)
Luxembourg Trust...
Bank
Data center
Telco
Gaming
ePayment
Scanning
Telco
Data center Data center
Telco
Cloud
Hospital
TelcoLaboratory
Integra...
Bank
Data center
Telco
Gaming
ePayment
Scanning
Telco
Data center Data center
Telco
Cloud
Hospital
TelcoLaboratory
Integra...
Bank
Data center
Telco
Gaming
ePayment
Scanning
Telco
Data center Data center
Telco
Cloud
Hospital
TelcoLaboratory
Integra...
Tudor’s Research Assets
Infrastructure
External infrastructure services
Application components and services
Roles and acto...
Research Goal: Towards an
Enterprise Architecture
Reference Model factory
Process
Reference
Framework
Enterprise
Architect...
From Tudor (Service Science & Innovation)
to Luxembourg Institute for Science and
Technology (IT for Innovative Services)
...
Knowledge-based
Decision Support
Cognitive systems helping human
experts making better decisions in
the context of ‘data d...
IT- Service Open Innovation
Integrated services in information security
SME awareness
Training
According to a PPP approach...
Upcoming SlideShare
Loading in …5
×

Trusted Hub Luxembourg 2014 Conference : CRP Henri Tudor's presentation

591 views

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
591
On SlideShare
0
From Embeds
0
Number of Embeds
70
Actions
Shares
0
Downloads
5
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Trusted Hub Luxembourg 2014 Conference : CRP Henri Tudor's presentation

  1. 1. Systemic Approach of RIsk Management (SARIM) Sébastien Pineau Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  2. 2. Trusted Hub ? Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  3. 3. ICT PUBLIC SUPPORT POLITICAL LEVEL Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  4. 4. ICT ENABLERS INFRASTRUCTURES ICT PUBLIC SUPPORT ICT ENABLERS SERVICES POLITICAL LEVEL RESEARCH AND DEVELOPMENT MARKET ANALYSIS COMMUNICATION REGULATORY ENVIRONMENT Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  5. 5. POLITICAL LEVEL ICT PUBLIC SUPPORT RESEARCH AND DEVELOPMENT REGULATORY ENVIRONMENT ICT ENABLERS INFRASTRUCTURES ICT ENABLERS SERVICES MARKET ANALYSIS COMMUNICATION Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  6. 6. Bank Data center Telco Gaming ePayment Scanning Telco Data center Data center Telco Cloud Hospital TelcoLaboratory Integrator How do we manage the risks? Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  7. 7. Bank Data center Telco Gaming ePayment Scanning Telco Data center Data center Telco Cloud Hospital TelcoLaboratory Integrator How do we manage the risks? Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  8. 8. Bank Data center Telco Gaming ePayment Scanning Telco Data center Data center Telco Cloud Hospital TelcoLaboratory Integrator CSSF 12/544 - RBA Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  9. 9. Bank Data center Telco Gaming ePayment Scanning Telco Data center Data center Telco Cloud Hospital TelcoLaboratory Integrator Technical regulation for PSDC Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  10. 10. Bank Data center Telco Gaming ePayment Scanning Telco Data center Data center Telco Cloud Hospital TelcoLaboratory Integrator Data Protection Regulation Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  11. 11. Bank Data center Telco Gaming ePayment Scanning Telco Data center Data center Telco Cloud Hospital TelcoLaboratory Integrator Art. 13a Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  12. 12. Telco Telco Telco Telco First challenge: sector Bank Data center Gaming ePayment Scanning Data center Data center Cloud Hospital Laboratory Integrator Art. 13a Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  13. 13. Telco Telco Telco Telco First challenge: sector Infrastructure External infrastructure services Application components and services Roles and actors External application services External business services Damage claiming process Client Insurant InsurerArchiSurance Registration PaymentValuationAcceptance Customer information service Claims payment service Customer administration service Payment service CRM system Financial application Customer information service Claim registration service Claim registration service Claims administration service Policy administration Claim files service zSeries mainframe DB2 database Financial application EJBs Customer files service Sun Blade iPlanet app server Claim information service Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  14. 14. Scanning Data center Bank Data center Telco Gaming ePaymentTelco Data center Telco Cloud Hospital TelcoLaboratory Integrator Second challenge: B to B Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  15. 15. ScanningData center Second challenge: B to B ASSETS VULNERABILITIES CONTROLS SERVICES OBJECTIVES IMPACTS RISK INTERFACE Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  16. 16. BankScanning Data center Data center Telco Data center Telco Gaming ePaymentTelco Cloud Hospital TelcoLaboratory Integrator Third challenge: service system Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  17. 17. BankScanning Data center Data center Telco Third challenge: service system Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  18. 18. Bank Data center Telco Gaming ePayment Scanning Telco Data center Data center Telco Cloud Hospital TelcoLaboratory Integrator Fourth challenge: ecosystem Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  19. 19. Previous experiences and partnerships Previous and current projects: - ISMS-PME, Cassis… - Grif, Progress - Interoperability & modelling - Systemic approach - Regulator package Partners: Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  20. 20. Objectives and key figures Objective 1 – Merge risk management methodologies and systemic concepts Objective 2 – Define interoperable framework and tools to enable the risk interface Objective 3 – Build a set of service system measurement and KPI Objective 4 – Tool up the regulators for the visualization and the analysis of the ecosystem Objective 5 – Define architectural models for critical activities 2 years – FEDER support – 6 people involved – 2 PhD Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  21. 21. Data center Hospital TelcoLaboratory Health Modelling project Radiology Lab Doctor Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  22. 22. Data center Hospital TelcoLaboratory Health Modelling project Radiology Lab Doctor Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  23. 23. Health Model Architecture Health Modelling project Model Transformation Meta Model Integration Health Industry Reference Model Health National Reference Model IS Security Risk Reference Model Health Security Risk National Reference Model CASES Reference Model Health Industry Standards Sectorial Committee Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  24. 24. Research agenda at TUDOR/LIST Prof. Dr. Eric Dubois (Director of Service Science & Innovation department) Luxembourg Trusted ICT ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  25. 25. Bank Data center Telco Gaming ePayment Scanning Telco Data center Data center Telco Cloud Hospital TelcoLaboratory Integrator Compliance Issues - Regulations - Laws - Standards - Contracts - Best Practices - … Issues for the service system (interdependent entities) - Performance Transparency - Interoperable SLAs - Global level of trust Implementation costs for each enterprise: - Requirements interpretation - Deployment with some performance target - Audit of the performance
  26. 26. Bank Data center Telco Gaming ePayment Scanning Telco Data center Data center Telco Cloud Hospital TelcoLaboratory Integrator Research proposal based on architectural models supporting enterprise transformation Luxembourg Trusted ICT ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  27. 27. Bank Data center Telco Gaming ePayment Scanning Telco Data center Data center Telco Cloud Hospital TelcoLaboratory Integrator Research proposal based on architectural models supporting enterprise transformation Infrastructure External infrastructure services Application components and services Roles and actors External application services External business services Damage claiming process Client Insurant InsurerArchiSurance Registration PaymentValuationAcceptance Customer information service Claims payment service Customer administration service Payment service CRM system Financial application Customer information service Claim registration service Claim registration service Claims administration service Policy administration Claim files service zSeries mainframe DB2 database Financial application EJBs Customer files service Sun Blade iPlanet app server Claim information service Enterprise architecture framework is a formal and highly structured way of viewing and defining an enterprise (Zachman 87) for the purpose of governing its transformation - TOGAF: a detailed method and a set of supporting tools for developing an enterprise architecture. - ArchiMate: a language for modelling Enterprise Architecture Luxembourg Trusted ICT ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  28. 28. Tudor’s Research Assets Infrastructure External infrastructure services Application components and services Roles and actors External application services External business services Damage claiming process Client Insurant InsurerArchiSurance Registration PaymentValuationAcceptance Customer information service Claims payment service Customer administration service Payment service CRM system Financial application Customer information service Claim registration service Claim registration service Claims administration service Policy administration Claim files service zSeries mainframe DB2 database Financial application EJBs Customer files service Sun Blade iPlanet app server Claim information service Enhancement of ArchiMate models for capturing ‘objective’ performance indicators associated with the compliance requirements Maturity Models Enhancement of ArchiMate models for capturing service systems (interdependencies, SLA interoperability) Enterprise Engineering Pearl ASINE Luxembourg Trusted ICT ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  29. 29. Research Goal: Towards an Enterprise Architecture Reference Model factory Process Reference Framework Enterprise Architecture Reference Model Infrastructure External infrastructure services Application components and services Roles and actors External application services External business services Damage claiming process Client Insurant InsurerArchiSurance Registration PaymentValuationAcceptance Customer information service Claims payment service Customer administration service Payment service CRM system Financial application Customer information service Claim registration service Claim registration service Claims administration service Policy administration Claim files service zSeries mainframe DB2 database Financial application EJBs Customer files service Sun Blade iPlanet app server Claim information service Process Assesment Measurement Structured Text - Regulations - Laws - Standards - Contracts - Best Practices - … Architecture blueprints: - Reducing the work of individual entities for deploying compliant solutions - Allowing entities to demonstrate their level of performance in terms of objective measures - SLAs interoperability - Guarantee the transparency and level of assurance of the service system to its customers (Trust) Luxembourg Trusted ICT ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  30. 30. From Tudor (Service Science & Innovation) to Luxembourg Institute for Science and Technology (IT for Innovative Services) Luxembourg Trusted ICT ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  31. 31. Knowledge-based Decision Support Cognitive systems helping human experts making better decisions in the context of ‘data deluge’ Trusted Service Systems Digital information models for designing and monitoring dynamic and adaptive networked services IT-Service Innovation in a Living Lab setting IT-Service Design Research Cycle IT-services Innovation Management Application Domains Luxembourg Trusted ICT ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
  32. 32. IT- Service Open Innovation Integrated services in information security SME awareness Training According to a PPP approach and a platform steering the RDI agenda according to socio-economic priorities Systemic risk management Information security policies Assessment of information security maturity Risk management Information security management system Interoperability

×