SlideShare a Scribd company logo

Introduction to Scenario Based Risk Analysis

"
"Apolonio \"Apps\"" Garcia

Part 1 of 3 - Covers the foundational concepts related to scenario based risk analysis

Technology
1 of 27
© 2017 HealthGuard All rights reserved Introduction to Scenario Based Risk Analysis Part 1: Foundational Concepts
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Housekeeping ● Using Zoom / Meeting Interaction ● Webinar Recording
© 2017 HealthGuard All rights reserved Housekeeping – Zoom Meeting viewer interaction
© 2017 HealthGuard All rights reserved Housekeeping – Zoom Meeting viewer interaction
© 2017 HealthGuard All rights reserved Housekeeping – Zoom Meeting viewer interaction
© 2017 HealthGuard All rights reserved Our Speakers John Zuziak, Director of Information Security, Catholic Health Initiatives Apolonio “Apps” Garcia, Founder/President, HealthGuard
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved What is scenario based risk analysis? Basic scenario elements Benefits of scenario based analysis
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Audience Poll
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved What is scenario based risk analysis?
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Risk scenario analysis is a technique to make IT risk more concrete and tangible and to allow for proper risk analysis and assessment. It is a core approach to bring realism, insight, organisational engagement, improved analysis and structure to the complex matter of IT risk.” - ISACA
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Scenario analysis is a process of analyzing possible future events by considering alternative possible outcomes (sometimes called "alternative worlds"). Thus, scenario analysis, which is one of the main forms of projection, does not try to show one exact picture of the future. Instead, it presents several alternative future developments. - Wikipedia
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Basic Elements of a Risk Scenario
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Threat
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Threats
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Threat Asset
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Assets
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Threat Asset Loss Event / Effect
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Loss Event / Effect Confidentiality Integrity Availability Financial Loss (Open FAIR) ● Productivity ● Response ● Replacement ● Fines & Judgement ● Competitive Advantage ● Reputation Patient Safety (AHRQ Harm Scale) ● No Harm ● Mild Harm ● Moderate Harm ● Severe Harm ● Death Privacy ● Information Exposure ● Data Theft
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Threat Asset Acts On
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved ControlsThreat Asset
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Loss Event ControlsThreat Asset
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Threat Controls Primary Loss Event Threat Event Frequency Primary Loss Event Frequency & Magnitude Vulnerability Secondary Loss Event Frequency & Magnitude Secondary Loss Event
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Benefits of Scenario Based Risk Analysis
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Why do Scenario Based Risk Analysis? “Scenarios are a powerful tool in a risk manager’s armory—they help professionals ask the right questions and prepare for the unexpected. Scenario analysis has become a ‘new’ and best practice in enterprise risk management (ERM). - ISACA
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Why do Scenario Based Risk Analysis? “Risk scenario analysis is a structured process that leads to better understanding of the ways multiple factors may combine to create both vulnerabilities and opportunities. It is often applied to expand perceptions prior to formulating specific business plans by focusing on factors that often get dismissed or shortchanged.” “Risk scenario analysis helps overcome organizational resistance in discussions of low-probability events or events that have not occurred in the recent past. Such risks often receive low rankings in standard risk assessments, but they can be revealed to be very challenging when introduced within risk scenarios.” - PwC
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Scenario based risk analysis is an analysis methodology to prioritize and quantify risk and to take action. Scenario Risk Analysis summary in 3 words 1. Context 2. Context 3. Context
© 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Introduction to Scenario Based Risk Analysis - Part 2: How to Build a Scenario Wednesday, May 24th @ 1pm Register on Eventbrite

Recommended

Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
Risk Management Framework
Risk Management FrameworkRisk Management Framework
Risk Management FrameworkAnand Subramaniam
 
Risk management
Risk managementRisk management
Risk managementMECandPMV
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 

Recommended

Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
Risk Management Framework
Risk Management FrameworkRisk Management Framework
Risk Management FrameworkAnand Subramaniam
 
Risk management
Risk managementRisk management
Risk managementMECandPMV
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Key Risk Indicators - Concepts and Examples (Deloitte, 2014).pdf
Key Risk Indicators - Concepts and Examples (Deloitte, 2014).pdfKey Risk Indicators - Concepts and Examples (Deloitte, 2014).pdf
Key Risk Indicators - Concepts and Examples (Deloitte, 2014).pdfPars Six Sigma Excellence
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1Denise Tawwab
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cybersecurity for Critical National Infrastructure
Cybersecurity for Critical National InfrastructureCybersecurity for Critical National Infrastructure
Cybersecurity for Critical National InfrastructureDr David Probert
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Risk Management 101
Risk Management 101Risk Management 101
Risk Management 101Wil Rickards
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningKeyaan Williams
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance frameworkCeyeap
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Introduction to scenario based risk analysis part 3
Introduction to scenario based risk analysis part 3Introduction to scenario based risk analysis part 3
Introduction to scenario based risk analysis part 3"Apolonio \"Apps\"" Garcia
 
Introduction to scenario based risk analysis part 2
Introduction to scenario based risk analysis part 2Introduction to scenario based risk analysis part 2
Introduction to scenario based risk analysis part 2"Apolonio \"Apps\"" Garcia
 

More Related Content

What's hot

Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Key Risk Indicators - Concepts and Examples (Deloitte, 2014).pdf
Key Risk Indicators - Concepts and Examples (Deloitte, 2014).pdfKey Risk Indicators - Concepts and Examples (Deloitte, 2014).pdf
Key Risk Indicators - Concepts and Examples (Deloitte, 2014).pdfPars Six Sigma Excellence
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1Denise Tawwab
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cybersecurity for Critical National Infrastructure
Cybersecurity for Critical National InfrastructureCybersecurity for Critical National Infrastructure
Cybersecurity for Critical National InfrastructureDr David Probert
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Risk Management 101
Risk Management 101Risk Management 101
Risk Management 101Wil Rickards
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningKeyaan Williams
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance frameworkCeyeap
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 

What's hot (20)

Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation Slides
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
 
Key Risk Indicators - Concepts and Examples (Deloitte, 2014).pdf
Key Risk Indicators - Concepts and Examples (Deloitte, 2014).pdfKey Risk Indicators - Concepts and Examples (Deloitte, 2014).pdf
Key Risk Indicators - Concepts and Examples (Deloitte, 2014).pdf
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
 
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Cybersecurity for Critical National Infrastructure
Cybersecurity for Critical National InfrastructureCybersecurity for Critical National Infrastructure
Cybersecurity for Critical National Infrastructure
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Risk Management 101
Risk Management 101Risk Management 101
Risk Management 101
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic Planning
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation Slides
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance framework
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
 

Similar to Introduction to Scenario Based Risk Analysis

Introduction to scenario based risk analysis part 3
Introduction to scenario based risk analysis part 3Introduction to scenario based risk analysis part 3
Introduction to scenario based risk analysis part 3"Apolonio \"Apps\"" Garcia
 
Introduction to scenario based risk analysis part 2
Introduction to scenario based risk analysis part 2Introduction to scenario based risk analysis part 2
Introduction to scenario based risk analysis part 2"Apolonio \"Apps\"" Garcia
 
Risks of being an enterprenuer
Risks of being an enterprenuerRisks of being an enterprenuer
Risks of being an enterprenuerSPIIPE
 
Beyond the Equity Risk Premia
Beyond the Equity Risk PremiaBeyond the Equity Risk Premia
Beyond the Equity Risk PremiaWindham Labs
 
How to Establish a Culture of Safety Excellence
How to Establish a Culture of Safety ExcellenceHow to Establish a Culture of Safety Excellence
How to Establish a Culture of Safety ExcellencePECB
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017Doug Copley
 
High Performance Security Report - High Technology
High Performance Security Report - High TechnologyHigh Performance Security Report - High Technology
High Performance Security Report - High TechnologyAccenture Security
 
Smu seminar 2014_03_26 v3
Smu seminar 2014_03_26 v3Smu seminar 2014_03_26 v3
Smu seminar 2014_03_26 v3Patrick Florer
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Puneet Kukreja
 
PMexpo17 - How to manage risks you didnt know you were taking - David Hillson
PMexpo17 - How to manage risks you didnt know you were taking - David HillsonPMexpo17 - How to manage risks you didnt know you were taking - David Hillson
PMexpo17 - How to manage risks you didnt know you were taking - David HillsonPMexpo
 
Economic Value Chains - costing the impact of risk by "Colin Sandall - Senior...
Economic Value Chains - costing the impact of risk by "Colin Sandall - Senior...Economic Value Chains - costing the impact of risk by "Colin Sandall - Senior...
Economic Value Chains - costing the impact of risk by "Colin Sandall - Senior...Project Controls Expo
 
Big Data Analytics for Insurance Business
Big Data Analytics for Insurance BusinessBig Data Analytics for Insurance Business
Big Data Analytics for Insurance BusinessPanBI
 
Formula For Case Intake Success
Formula For Case Intake SuccessFormula For Case Intake Success
Formula For Case Intake SuccessMyMeds&Me
 
How to Manage Strategic & Reputation Risk in Turbulent Times
How to Manage Strategic & Reputation Risk in Turbulent TimesHow to Manage Strategic & Reputation Risk in Turbulent Times
How to Manage Strategic & Reputation Risk in Turbulent TimesPECB
 
Europe Insurance Innovation Award 2017 - Healix
Europe Insurance Innovation Award 2017 - HealixEurope Insurance Innovation Award 2017 - Healix
Europe Insurance Innovation Award 2017 - HealixThe Digital Insurer
 
5 Project Risk Identification Tools I Use & How You Can Use Them Too
5 Project Risk Identification Tools I Use & How You Can Use Them Too5 Project Risk Identification Tools I Use & How You Can Use Them Too
5 Project Risk Identification Tools I Use & How You Can Use Them TooSHAZEBALIKHAN1
 
Dec2016 - Calculating and Managing Environmental Counterparty Risk
Dec2016 - Calculating and Managing Environmental Counterparty RiskDec2016 - Calculating and Managing Environmental Counterparty Risk
Dec2016 - Calculating and Managing Environmental Counterparty RiskJohn Rosengard
 
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App RiskMobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App RiskNowSecure
 
Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con...
Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con...Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con...
Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con...riscoss-eu
 

Similar to Introduction to Scenario Based Risk Analysis (20)

Introduction to scenario based risk analysis part 3
Introduction to scenario based risk analysis part 3Introduction to scenario based risk analysis part 3
Introduction to scenario based risk analysis part 3
 
Introduction to scenario based risk analysis part 2
Introduction to scenario based risk analysis part 2Introduction to scenario based risk analysis part 2
Introduction to scenario based risk analysis part 2
 
Risks of being an enterprenuer
Risks of being an enterprenuerRisks of being an enterprenuer
Risks of being an enterprenuer
 
Beyond the Equity Risk Premia
Beyond the Equity Risk PremiaBeyond the Equity Risk Premia
Beyond the Equity Risk Premia
 
How to Establish a Culture of Safety Excellence
How to Establish a Culture of Safety ExcellenceHow to Establish a Culture of Safety Excellence
How to Establish a Culture of Safety Excellence
 
Risk descriptions from 'Coconut island' risk workshop
Risk descriptions from 'Coconut island' risk workshopRisk descriptions from 'Coconut island' risk workshop
Risk descriptions from 'Coconut island' risk workshop
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
 
High Performance Security Report - High Technology
High Performance Security Report - High TechnologyHigh Performance Security Report - High Technology
High Performance Security Report - High Technology
 
Smu seminar 2014_03_26 v3
Smu seminar 2014_03_26 v3Smu seminar 2014_03_26 v3
Smu seminar 2014_03_26 v3
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
 
PMexpo17 - How to manage risks you didnt know you were taking - David Hillson
PMexpo17 - How to manage risks you didnt know you were taking - David HillsonPMexpo17 - How to manage risks you didnt know you were taking - David Hillson
PMexpo17 - How to manage risks you didnt know you were taking - David Hillson
 
Economic Value Chains - costing the impact of risk by "Colin Sandall - Senior...
Economic Value Chains - costing the impact of risk by "Colin Sandall - Senior...Economic Value Chains - costing the impact of risk by "Colin Sandall - Senior...
Economic Value Chains - costing the impact of risk by "Colin Sandall - Senior...
 
Big Data Analytics for Insurance Business
Big Data Analytics for Insurance BusinessBig Data Analytics for Insurance Business
Big Data Analytics for Insurance Business
 
Formula For Case Intake Success
Formula For Case Intake SuccessFormula For Case Intake Success
Formula For Case Intake Success
 
How to Manage Strategic & Reputation Risk in Turbulent Times
How to Manage Strategic & Reputation Risk in Turbulent TimesHow to Manage Strategic & Reputation Risk in Turbulent Times
How to Manage Strategic & Reputation Risk in Turbulent Times
 
Europe Insurance Innovation Award 2017 - Healix
Europe Insurance Innovation Award 2017 - HealixEurope Insurance Innovation Award 2017 - Healix
Europe Insurance Innovation Award 2017 - Healix
 
5 Project Risk Identification Tools I Use & How You Can Use Them Too
5 Project Risk Identification Tools I Use & How You Can Use Them Too5 Project Risk Identification Tools I Use & How You Can Use Them Too
5 Project Risk Identification Tools I Use & How You Can Use Them Too
 
Dec2016 - Calculating and Managing Environmental Counterparty Risk
Dec2016 - Calculating and Managing Environmental Counterparty RiskDec2016 - Calculating and Managing Environmental Counterparty Risk
Dec2016 - Calculating and Managing Environmental Counterparty Risk
 
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App RiskMobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
 
Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con...
Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con...Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con...
Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con...
 

Recently uploaded

JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data SciencePaolo Missier
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxMarkSteadman7
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseWSO2
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringWSO2
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...caitlingebhard1
 

Recently uploaded (20)

JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 

Introduction to Scenario Based Risk Analysis

  • 1. © 2017 HealthGuard All rights reserved Introduction to Scenario Based Risk Analysis Part 1: Foundational Concepts
  • 2. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Housekeeping ● Using Zoom / Meeting Interaction ● Webinar Recording
  • 3. © 2017 HealthGuard All rights reserved Housekeeping – Zoom Meeting viewer interaction
  • 4. © 2017 HealthGuard All rights reserved Housekeeping – Zoom Meeting viewer interaction
  • 5. © 2017 HealthGuard All rights reserved Housekeeping – Zoom Meeting viewer interaction
  • 6. © 2017 HealthGuard All rights reserved Our Speakers John Zuziak, Director of Information Security, Catholic Health Initiatives Apolonio “Apps” Garcia, Founder/President, HealthGuard
  • 7. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved What is scenario based risk analysis? Basic scenario elements Benefits of scenario based analysis
  • 8. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Audience Poll
  • 9. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved What is scenario based risk analysis?
  • 10. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Risk scenario analysis is a technique to make IT risk more concrete and tangible and to allow for proper risk analysis and assessment. It is a core approach to bring realism, insight, organisational engagement, improved analysis and structure to the complex matter of IT risk.” - ISACA
  • 11. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Scenario analysis is a process of analyzing possible future events by considering alternative possible outcomes (sometimes called "alternative worlds"). Thus, scenario analysis, which is one of the main forms of projection, does not try to show one exact picture of the future. Instead, it presents several alternative future developments. - Wikipedia
  • 12. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Basic Elements of a Risk Scenario
  • 13. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Threat
  • 14. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Threats
  • 15. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Threat Asset
  • 16. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Assets
  • 17. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Threat Asset Loss Event / Effect
  • 18. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Loss Event / Effect Confidentiality Integrity Availability Financial Loss (Open FAIR) ● Productivity ● Response ● Replacement ● Fines & Judgement ● Competitive Advantage ● Reputation Patient Safety (AHRQ Harm Scale) ● No Harm ● Mild Harm ● Moderate Harm ● Severe Harm ● Death Privacy ● Information Exposure ● Data Theft
  • 19. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Threat Asset Acts On
  • 20. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved ControlsThreat Asset
  • 21. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Loss Event ControlsThreat Asset
  • 22. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Threat Controls Primary Loss Event Threat Event Frequency Primary Loss Event Frequency & Magnitude Vulnerability Secondary Loss Event Frequency & Magnitude Secondary Loss Event
  • 23. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Benefits of Scenario Based Risk Analysis
  • 24. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Why do Scenario Based Risk Analysis? “Scenarios are a powerful tool in a risk manager’s armory—they help professionals ask the right questions and prepare for the unexpected. Scenario analysis has become a ‘new’ and best practice in enterprise risk management (ERM). - ISACA
  • 25. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Why do Scenario Based Risk Analysis? “Risk scenario analysis is a structured process that leads to better understanding of the ways multiple factors may combine to create both vulnerabilities and opportunities. It is often applied to expand perceptions prior to formulating specific business plans by focusing on factors that often get dismissed or shortchanged.” “Risk scenario analysis helps overcome organizational resistance in discussions of low-probability events or events that have not occurred in the recent past. Such risks often receive low rankings in standard risk assessments, but they can be revealed to be very challenging when introduced within risk scenarios.” - PwC
  • 26. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Scenario based risk analysis is an analysis methodology to prioritize and quantify risk and to take action. Scenario Risk Analysis summary in 3 words 1. Context 2. Context 3. Context
  • 27. © 2017 HealthGuard All rights reserved © 2017 HealthGuard All rights reserved Introduction to Scenario Based Risk Analysis - Part 2: How to Build a Scenario Wednesday, May 24th @ 1pm Register on Eventbrite