The impact of threats

451 views

Published on

It takes years to build trust
but a few seconds to destroy it.

Manage threats while you can because the biggest risk is the risk you don't see.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
451
On SlideShare
0
From Embeds
0
Number of Embeds
180
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

The impact of threats

  1. 1. Security  &  Risk  Management  
  2. 2. Firewalls,    An--­‐virus,    An--­‐spam  Security  guards,  Locks,  Nuts  &  bolts  It’s  all  about…  Security  is  not  about…  
  3. 3. Protec7ng  the  business  against  discon7nuity  as  a  result  of  danger  and  risk  
  4. 4. 1.  Damage  to  reputa-on  2.  Business  interrup-on  3.  Third  party  liability  4.  Distribu-on  or  supply  chain  failure  5.  Market  environment  Global  Risk  Management  Survey  AON,  april  2007  Your  concerns  
  5. 5. 6.  Regulatory/legisla-ve  changes  7.  Failure  to  aUract  or  retain  staff  8.  Market  risk  (financial)  9.  Physical  damage  10. Merger/acquisi-on/restruc-ng  11. Failure  of  disaster  recovery  plan  Global  Risk  Management  Survey  AON,  april  2007  More  concerns  
  6. 6. Shareholders  trust:   Customers  trust:  Corporate  viability   Business  integrity  Compe--ve  advantage   Service  availability  Brand  name  value  preserva-on   Protec-on  of  customers  sensi-ve  informa-on  Legal  and  regulatory  compliance  CHRISTOS  K.  DIMITRIADIS  in  Soa  &  Woa:  Informa-on  Security  from  a  Business  Perspec-ve  Reputa7on  =  Trust  
  7. 7. It  takes  years  to  build  trust  but  a  few  seconds  to  destroy  it    
  8. 8. Opera-onal  risk  Insurance  risk  Liquidity  risk  Market  risk  Credit  risk  Enterprise  risk  Types  of  risk  
  9. 9. The  risk  of  loss  resul-ng  from  inadequate  or  failed  internal  processes,  people  and  systems,  or  from  external  events.  Basel  II  Opera7onal  Risk  
  10. 10. Define  Measure  Analyze  Improve  Control  Managing  Risk  
  11. 11.    Threats  of  natural  origin;     Threats  due  to  (consciously  or            unconscious)  human  ac-on;     Threats  caused  by  technology.  Types  of  Threats  
  12. 12. Start  thinking  in  risks,  stop  thinking  in  security  measures  To  much  Mismatch  The  challenge  
  13. 13. •  Business  •  Processes  •  Informa-on  •  Assets  •  Staff  What  could  hit  (y)our…  
  14. 14. Low   High  Low  High  Probability  Impact  Risk  =  Impact  of  Risk  x  Probability  of  Occurrence  Risk  
  15. 15. Risk  taking  Risk  neutral  Risk  averse  Low   High  Low  High  Probability  Impact  Risk  appe7te  
  16. 16. Share  (transfer)  Avoidance  (eliminate)  Reten-on  (accept)  Reduc-on  (mi-gate)  Low   High  Low  High  Probability  Impact  Poten7al  risk  treatments  
  17. 17. The biggestrisk is therisk youdon’t see
  18. 18. Arson  Fire  Loss  of  loca-on  Loss  of  produc-on  Loss  of  turnover  Cause  and  effect  
  19. 19. DON’T AIM AT THE EFFECT,TRY TO PREVENT THE CAUSE
  20. 20. Think  outside  the  circle…  
  21. 21. ‘Everything should be made as simple as possible, but not simpler’!Albert  Einstein  Assess    Risks  Manage    Risks  Manage  Incidents  …and  keep  it  simple  
  22. 22. Reputa-on  damage  is  not  the  threat,  it’s  a  consequence  of  something  else.  Just  like:  •  Loss  of  turnover  •  Loss  of  customers  •  Bad  publicity  •  Regulators  sanc-ons  Reputa7on  
  23. 23. Do  you  want  them  to  be  compliant…             …or  ‘in  control’?  Compliance  versus  “in  control”  
  24. 24. Reading  a  book  about  skiing  does    not  mean  you  know  how  to  ski  (and  even  the  best    skiers  can  break  a  leg)  It’s  just  like  skiing  
  25. 25. Risk  is  percep7on  Whats  your  defini7on  of  skiing?  
  26. 26. Fire  Reputa-on  damage  Data  leakage  Burglary  Virus  Customer  loss   Regulators  sanc-ons  SPAM  Flooding  Power  failure  Fraud  Thel  Sabotage  Spionage  Errors  Bad  publicity  System  failure  Terrorism  Storm  Strikes  Incompetent  personnel  Effect:    discon-nuity  lost  sales  increased  costs  …and?  
  27. 27. And  if  all  goes  wrong  
  28. 28. Continuity!(based  on  risk  assessment)  The  holy  grail  www.B-­‐Mature.com  of  direct  contact  via  info@b-­‐mature.com    …most  organisa7ons  never  fully  mature,  they  simply  grow  taller    

×