SlideShare a Scribd company logo

Risk Management Life Cycle – 4-1-4.pptx

Download as PPTX, PDF
A
AlejandroDaricz2

.

Technology
1 of 8
Risk Management Life Cycle – 4-1-4 CASP+ - CAS-004
What is the Risk Management Lifecycle? Risk Management Lifecycle Identify Assess Control Review Risk Management.. Policies and processes used by an organization to locate, describe, prioritize, and mitigate risks in a consistent and repeatable way. Identify—Recognize Assess—Analyze Control—Reduce Review—Re-evaluate
What are Risk Frameworks? o The basis of a risk management program o An authoritative reference o Select based on unique attributes and features (one size fits YOU !!!) o NIST Cybersecurity Framework (CSF) o NIST Risk Management Framework (RMF) o ISO 31000: 2018 - Risk Management Guidelines o Control Objectives for Information and Related Technologies (COBIT) o Committee of Sponsoring Organizations of the Treadway Commission, (COSO) Enterprise Risk Management — Integrated Framework
NIST Cybersecurity Framework Goals o Consistent and cost-effective application of security controls o Repeatable processes and assessment results o Technology neutral and flexible o Understanding of enterprise-wide mission risks o Implement an efficient risk-based security and privacy program
NIST Cybersecurity Framework (CSF) Categories Functions Identify Protect Detect Respond Recover Asset Management Business Environment Governance Risk Assessment Risk Management Strategy Access Control Awareness and Training Data Security Info Protection Processes and Procedure Maintenance Anomalies and Events Security Continuous Monitoring Detection Processes Response Planning Communication s Analysis Mitigation Improvements Recovery Planning Improvements Communication s Protective Technology Supply Chain Risk Management
NIST Risk Management Framework (RMF) Steps Categorize System Select Controls Implement Controls Assess Controls Authorize System Monitor Controls Prepare
NIST RMF Goals Consistent and cost- effective application of security controls Repeatable processes and assessment results Technology neutral and flexible Understanding of enterprise-wide mission risks Implement an efficient risk-based security and privacy program
Control Categories & Objectives People Technology Process

Recommended

ISO 9001-2015: New Risk Requirements
ISO 9001-2015: New Risk RequirementsISO 9001-2015: New Risk Requirements
ISO 9001-2015: New Risk RequirementsMasterControl
 
PECB Webinar: Risk-management in IT intensive SMEs
PECB Webinar: Risk-management in IT intensive SMEsPECB Webinar: Risk-management in IT intensive SMEs
PECB Webinar: Risk-management in IT intensive SMEsPECB
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsRob Arnold
 
IT-Risk-Management Best Practice
IT-Risk-Management Best PracticeIT-Risk-Management Best Practice
IT-Risk-Management Best PracticeDigicomp Academy AG
 
Building Practical Risk Application into your QMS
Building Practical Risk Application into your QMSBuilding Practical Risk Application into your QMS
Building Practical Risk Application into your QMSPECB
 
ISO 9001:2015 Overview. Presentation for Training (Preview)
ISO 9001:2015 Overview. Presentation for Training (Preview) ISO 9001:2015 Overview. Presentation for Training (Preview)
ISO 9001:2015 Overview. Presentation for Training (Preview) Centauri Business Group Inc.
 
Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentNicholas Davis
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 

Recommended

ISO 9001-2015: New Risk Requirements
ISO 9001-2015: New Risk RequirementsISO 9001-2015: New Risk Requirements
ISO 9001-2015: New Risk RequirementsMasterControl
 
PECB Webinar: Risk-management in IT intensive SMEs
PECB Webinar: Risk-management in IT intensive SMEsPECB Webinar: Risk-management in IT intensive SMEs
PECB Webinar: Risk-management in IT intensive SMEsPECB
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsRob Arnold
 
IT-Risk-Management Best Practice
IT-Risk-Management Best PracticeIT-Risk-Management Best Practice
IT-Risk-Management Best PracticeDigicomp Academy AG
 
Building Practical Risk Application into your QMS
Building Practical Risk Application into your QMSBuilding Practical Risk Application into your QMS
Building Practical Risk Application into your QMSPECB
 
ISO 9001:2015 Overview. Presentation for Training (Preview)
ISO 9001:2015 Overview. Presentation for Training (Preview) ISO 9001:2015 Overview. Presentation for Training (Preview)
ISO 9001:2015 Overview. Presentation for Training (Preview) Centauri Business Group Inc.
 
Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentNicholas Davis
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 
Rob kloots presentation_issa_spain
Rob kloots presentation_issa_spainRob kloots presentation_issa_spain
Rob kloots presentation_issa_spainRobert Kloots
 
ISO 27005 - Digital Trust Framework
ISO 27005 - Digital Trust FrameworkISO 27005 - Digital Trust Framework
ISO 27005 - Digital Trust FrameworkMaganathin Veeraragaloo
 
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
A Sustainable Supply Chain: 4 Things to Tell Management
A Sustainable Supply Chain: 4 Things to Tell ManagementA Sustainable Supply Chain: 4 Things to Tell Management
A Sustainable Supply Chain: 4 Things to Tell ManagementJohn E Griggs, Ph.D.
 
Centralized operations – Risk, Control, and Compliance
Centralized operations – Risk, Control, and ComplianceCentralized operations – Risk, Control, and Compliance
Centralized operations – Risk, Control, and CompliancePECB
 
MAPPING_ISO27001_TO_COBIT4.1
MAPPING_ISO27001_TO_COBIT4.1MAPPING_ISO27001_TO_COBIT4.1
MAPPING_ISO27001_TO_COBIT4.1Christopher OPARAUGO, MBA, CGEIT, CISM, CRISC
 
RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016Rohit Chawda
 
#corpriskforum2016 - Alex Dali
#corpriskforum2016 - Alex Dali#corpriskforum2016 - Alex Dali
#corpriskforum2016 - Alex DaliAlexei Sidorenko, CRMP
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Rahul Bhan (CA, CIA, MBA)
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Nidhi Gupta
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Nidhi Gupta
 
Presentation_20110802213554
Presentation_20110802213554Presentation_20110802213554
Presentation_20110802213554P Karlin Panggalo.SE.MM.Ak.CA.CFA.CCM
 
Risk Management Fundamentals
Risk Management FundamentalsRisk Management Fundamentals
Risk Management Fundamentalsmikaelastafrace
 
Isms
IsmsIsms
Ismspenetration Tester
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
 
Risk seminar - john crawley & emer mc aneny
Risk seminar - john crawley & emer mc anenyRisk seminar - john crawley & emer mc aneny
Risk seminar - john crawley & emer mc anenyИван Вали-Пур
 
Master thesis defence Shu Pei Oei
Master thesis defence Shu Pei OeiMaster thesis defence Shu Pei Oei
Master thesis defence Shu Pei OeiMIPLM
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Risk Management Institution of Australasia
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 

More Related Content

Similar to Risk Management Life Cycle – 4-1-4.pptx

Rob kloots presentation_issa_spain
Rob kloots presentation_issa_spainRob kloots presentation_issa_spain
Rob kloots presentation_issa_spainRobert Kloots
 
A Sustainable Supply Chain: 4 Things to Tell Management
A Sustainable Supply Chain: 4 Things to Tell ManagementA Sustainable Supply Chain: 4 Things to Tell Management
A Sustainable Supply Chain: 4 Things to Tell ManagementJohn E Griggs, Ph.D.
 
Centralized operations – Risk, Control, and Compliance
Centralized operations – Risk, Control, and ComplianceCentralized operations – Risk, Control, and Compliance
Centralized operations – Risk, Control, and CompliancePECB
 
RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016Rohit Chawda
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Nidhi Gupta
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Nidhi Gupta
 
Risk Management Fundamentals
Risk Management FundamentalsRisk Management Fundamentals
Risk Management Fundamentalsmikaelastafrace
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
 
Risk seminar - john crawley & emer mc aneny
Risk seminar - john crawley & emer mc anenyRisk seminar - john crawley & emer mc aneny
Risk seminar - john crawley & emer mc anenyИван Вали-Пур
 
Master thesis defence Shu Pei Oei
Master thesis defence Shu Pei OeiMaster thesis defence Shu Pei Oei
Master thesis defence Shu Pei OeiMIPLM
 

Similar to Risk Management Life Cycle – 4-1-4.pptx (20)

Rob kloots presentation_issa_spain
Rob kloots presentation_issa_spainRob kloots presentation_issa_spain
Rob kloots presentation_issa_spain
 
ISO 27005 - Digital Trust Framework
ISO 27005 - Digital Trust FrameworkISO 27005 - Digital Trust Framework
ISO 27005 - Digital Trust Framework
 
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
 
A Sustainable Supply Chain: 4 Things to Tell Management
A Sustainable Supply Chain: 4 Things to Tell ManagementA Sustainable Supply Chain: 4 Things to Tell Management
A Sustainable Supply Chain: 4 Things to Tell Management
 
Centralized operations – Risk, Control, and Compliance
Centralized operations – Risk, Control, and ComplianceCentralized operations – Risk, Control, and Compliance
Centralized operations – Risk, Control, and Compliance
 
MAPPING_ISO27001_TO_COBIT4.1
MAPPING_ISO27001_TO_COBIT4.1MAPPING_ISO27001_TO_COBIT4.1
MAPPING_ISO27001_TO_COBIT4.1
 
RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016
 
#corpriskforum2016 - Alex Dali
#corpriskforum2016 - Alex Dali#corpriskforum2016 - Alex Dali
#corpriskforum2016 - Alex Dali
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
 
Presentation_20110802213554
Presentation_20110802213554Presentation_20110802213554
Presentation_20110802213554
 
Risk Management Fundamentals
Risk Management FundamentalsRisk Management Fundamentals
Risk Management Fundamentals
 
Isms
IsmsIsms
Isms
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
 
Risk seminar - john crawley & emer mc aneny
Risk seminar - john crawley & emer mc anenyRisk seminar - john crawley & emer mc aneny
Risk seminar - john crawley & emer mc aneny
 
Master thesis defence Shu Pei Oei
Master thesis defence Shu Pei OeiMaster thesis defence Shu Pei Oei
Master thesis defence Shu Pei Oei
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
 

Recently uploaded

WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?Mark Billinghurst
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfSrushith Repakula
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024TopCSSGallery
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureFemke de Vroome
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelreely ones
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 

Recently uploaded (20)

WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreel
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 

Risk Management Life Cycle – 4-1-4.pptx

  • 1. Risk Management Life Cycle – 4-1-4 CASP+ - CAS-004
  • 2. What is the Risk Management Lifecycle? Risk Management Lifecycle Identify Assess Control Review Risk Management.. Policies and processes used by an organization to locate, describe, prioritize, and mitigate risks in a consistent and repeatable way. Identify—Recognize Assess—Analyze Control—Reduce Review—Re-evaluate
  • 3. What are Risk Frameworks? o The basis of a risk management program o An authoritative reference o Select based on unique attributes and features (one size fits YOU !!!) o NIST Cybersecurity Framework (CSF) o NIST Risk Management Framework (RMF) o ISO 31000: 2018 - Risk Management Guidelines o Control Objectives for Information and Related Technologies (COBIT) o Committee of Sponsoring Organizations of the Treadway Commission, (COSO) Enterprise Risk Management — Integrated Framework
  • 4. NIST Cybersecurity Framework Goals o Consistent and cost-effective application of security controls o Repeatable processes and assessment results o Technology neutral and flexible o Understanding of enterprise-wide mission risks o Implement an efficient risk-based security and privacy program
  • 5. NIST Cybersecurity Framework (CSF) Categories Functions Identify Protect Detect Respond Recover Asset Management Business Environment Governance Risk Assessment Risk Management Strategy Access Control Awareness and Training Data Security Info Protection Processes and Procedure Maintenance Anomalies and Events Security Continuous Monitoring Detection Processes Response Planning Communication s Analysis Mitigation Improvements Recovery Planning Improvements Communication s Protective Technology Supply Chain Risk Management
  • 6. NIST Risk Management Framework (RMF) Steps Categorize System Select Controls Implement Controls Assess Controls Authorize System Monitor Controls Prepare
  • 7. NIST RMF Goals Consistent and cost- effective application of security controls Repeatable processes and assessment results Technology neutral and flexible Understanding of enterprise-wide mission risks Implement an efficient risk-based security and privacy program
  • 8. Control Categories & Objectives People Technology Process

Editor's Notes

  1. The NIST Cybersecurity Framework is a leading source of directions for cybersecurity programs of any size. By following NIST CSF, small and medium businesses experience fewer breaches and compliance issues for protection against cyberattacks. Created through collaboration between industry and government, the voluntary Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. Source: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf https://www.nist.gov/cyberframework/online-learning/uses-and-benefits-framework
  2. The NIST RMF Goals include: A consistent and cost-effective application of security across your infrastructure. This is how you implement security defenses within your organization. Repeatable processes provides consistent and comparable assessment results. A technology neutral and flexible approach means it can fit for any type or size organization Understanding of enterprise-wide mission risks ties cybersecurity to business processes. All of this is to implement an efficient, risk-based information security and privacy program. Understanding cyber risks and taking a risk-based approach to security improves an organization’s effectiveness, efficiency, and depth of protection.