SlideShare a Scribd company logo

Risk Management and Remediation

Download as PPTX, PDF
Carahsoft
Carahsoft

Speakers: Kurt Van Etten, Symantec Director, Product Management Stephen Brown, Arellia, President Dan McManus, Arellia, Director of Sales

BusinessEconomy & Finance
1 of 32
Risk Management and Remediation Kurt Van Etten Stephen Brown Symantec Arellia Director, Product Management President Dan McManus Arellia Director of Sales Risk Management and Remediation 1
Agenda 1 Need to Move to Risk Management 2 Deeper Dive on Risk Manager 3 Remediation Risk Management and Remediation 2
Rapid Maturation of Information Security Risk Scoring & Cyberscope Management Reporting Continuous Monitoring • Focus on top priorities • Reporting to higher • Drive action to • Peer Comparison reduce risk • Collection of Data • Vulnerability • Configuration • Procedural Risk Management and Remediation 3
Symantec Approach to IT Risk Management How do IT risks How do you convey How do you affect your IT risks to your drive measurable mission? peers? risk reduction? CCS RISK MANAGER TRANSLATE INFLUENCE ACT Risk Management and Remediation 4
Introducing CCS Risk Manager CCS RISK MANAGER TRANSLATE INFLUENCE ACT » Define virtual » Convey IT risk in » Prioritize based on business assets business terms business impact » Connect related » Customized views » Align Security and IT assets for greater impact IT Operations » Create business » Justify new security » Track risk reduction view of IT risk investments over time Risk Management and Remediation 5
Current View of IT Risk – Technology Centric Risk Management and Remediation 6
Translating IT Risk Transaction Processing System Case Management Risk Management and Remediation 7
Translating IT Risk Transaction Processing System Case Management Risk Management and Remediation 8
Using Risk to Drive Accountability and Action Transaction Processing System Plan Current Projected Target Name Risk Objective Status Score Score Date Owner Plan A B Secure Configuration Completed Submitted 3.65 2.75 2.75 3/15/12 Bob Plan B C Patch Level Standard Completed Submitted 4.22 1.81 1.81 4/11/12 Joe Plan A Info Sec Standard Completed 2.23 2.23 1/10/12 Joe Plan D C Protect Web Servers Completed Submitted 3.51 2.10 2.10 2/28/12 Dave Risk Management and Remediation 9
CCS Risk Manager Highlights  Define a business asset you want to manage  Visualize and understand IT risk for this business asset  Prioritize remediation based on IT risk, not technical severity  Monitor risk reduction over time Risk Management and Remediation 10
Visualize and Understand IT Risk Enterprise Wide View of Business Risk Risk Overview for People’s Bank Risk & Compliance Sales Specialist Training - CCS Risk Manager 11
Visualize and Understand IT Risk Balanced View of Business and Operational Metrics Drill down to technical details Risk & Compliance Sales Specialist Training - CCS Risk Manager 12
Prioritize Remediation Based on Risk Risk Modeling Risk Management and Remediation 13
Prioritize Remediation Based on Risk Remediation Plan by Risk Objective Review & finalize remediation plan Risk Management and Remediation 14
Monitor Risk Reduction Over Time Manage Remediation Plans Track risk reduction for remediation plans Risk Management and Remediation 15
Effective Risk Management Data Driven View of Risk • Cross-reference multiple data points for a true view of risk 1 • Combine 3rd party data for ‘composite’ risk score • Easily digest and distill data from thousands of devices Ability to Show Business Value • Map IT assets to business assets 2 • Present relevant information to business peers • Flexible reporting – avoid costly re-mapping efforts Move Beyond Risk Assessment to Risk Monitoring & Management • Track objectives and monitor risk over time 3 • Develop action plans to manage entire remediation process • Demonstrate risk reduction over time Risk Management and Remediation 16
Effective Remediation • Remediation: The act or process of correcting a fault or deficiency • Automating Remediation can: – Fix 95% of Security Profile settings w/o manual intervention – Immediately address an environment’s post-audit vulnerability status – Provide significant ROI Risk Management and Remediation
Why Haven’t We Automated Remediation? • Auditing and Remediation – Security (Auditing) vs. Operations (Change Management) • SCAP Validated • Means that we can ingest SCAP audit results!!! • Standards Enable Security • Common language between security and management • Security results become Management Tasks • Automatic remediation for 6 well known configuration types • Registry settings • Local password policies • Security audit • Service configuration • Account lockout • Account privileges • Actionable, Automated, & Auditable 18 Risk Management and Remediation
Closed Loop Direct Remediation SCAP Audit Initiated • FDCC SCAP Audit Tool Remediation Tool • USGCB • STIG • CIS End Point 19 Risk Management and Remediation
Closed Loop Direct Remediation Audit Complete • Results Available SCAP Audit Tool Remediation Tool via Reporting Security Results  Management Tasks Remediation Tasks Executed End Point • Approval Manual and/or Automated 20 Risk Management and Remediation
Closed Loop Direct Remediation Remediation Complete • Results Available via SCAP Audit Tool Remediation Tool Reporting Remediation Complete • SCAP Audit Tool Notified SCAP Validation Audit End Point • FDCC, USGCB, etc. Risk Management and Remediation
Closed Loop Direct Remediation Validation Audit Complete SCAP Audit Tool Remediation Tool • Results Available via Reporting End Point 22 Risk Management and Remediation
Didn’t You Mention Something About ROI? Example: Windows 7 • Fix 95% of Security Profile settings w/o manual intervention •• Post “Typical” Install an environment’s post-audit vulnerability status Immediately address of Windows 7, run a USGCB audit • Windows 7 installation will be around 30% compliant • Provide a significant ROI to a customer (70% failure to comply) Manual Audit Costs Number of issues to address 100 Minutes per issue 5 Total Time (Hours) 8.33 Jr. Admin Salary $50,000 TOTAL COST $200.32 • Soft costs (unfactored): Lost productivity of Jr. Admin AND End User • Will need to perform remediation again after next audit! Risk Management and Remediation
Remediation Actions
Security Configuration Visibility
How Arellia Can Further Help Effective Risk Management D Removing End Users’ Administrator A Securing Local Admin Accounts & Rights Passwords Application Automating Whitelisting Remediation C B
Privilege Management: Increasing Security AND End User Productivity Privilege Management: The ability to enable or secure applications through the addition or removal of user rights. 1 in 14 Programs downloaded in Windows are malicious 43% 2011 MS Bulletins address Privilege Exploitation 110 Million Estimated new Windows 7 users in 2012 Annual cost savings per managed endpoint: $653 “moderately managed” vs. “locked and well-managed” Risk Management and Remediation
Windows 7 End User Accounts: High Security Posture AND End User Productivity “Ideal” end user model? “Privilege management and • Standard User with elevated application control tools help privileges for predetermined achievecustomer) functions (by total cost of ownership (TCO) Cannot be doneclose to third – reasonably without a that party tool of a locked and well-managed • Balances security needs user, while giving users some with end user productivity ability to control their – Security posture remains high systems.” – End user productivity remains high Gartner: “The Cost of Removing – Support costs at all levels Administrative Rights for the Wrong lowered Users” (April 2011) Risk Management and Remediation
Local Administrative Rights: The Interrogative Process •Who has Admin Access?!?!? •What was the justification? •When were these waivers last reviewed? •Where in my organization are these local end user accounts with admin rights? •Why aren’t my GPOs enough? Risk Management and Remediation
How Do I Fix This? • Local Admin Password: Randomization & Cycling • Discover local user accounts – Including accounts with admin rights • Group Membership Enforcement • Windows Service Account Management • Auditing of Administrator Account Usage • Local Security Inventory and Configuration • Compliance Reporting Risk Management and Remediation
www.arellia.com Item Description How to purchase Sold exclusively via Symantec sales and partners Buying Options Available in Symantec buying programs Contacts 800.889.8091 (Option 1) or SalesStaff@arellia.com Data Sheets www.arellia.com/solutions Forums / Documentation portal.arellia.com/wiki Videos (YouTube Channel) www.youtube.com/user/ArelliaSoftwareVideo Webcasts / Events www.arellia.com/events Blog www.arellia.com/blog Twitter @ArelliaSoftware Partner Portal arellia.channelplace.net
Thank you! Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Risk Management and Remediation 32

Recommended

Risk Management Remediation Overview
Risk Management Remediation OverviewRisk Management Remediation Overview
Risk Management Remediation OverviewRuss Pizzuto
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
Social Enterprise Learning Toolkit (Risk Management Module)
Social Enterprise Learning Toolkit (Risk Management Module)Social Enterprise Learning Toolkit (Risk Management Module)
Social Enterprise Learning Toolkit (Risk Management Module)Enterprising Non-Profits
 
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012Ahmed Al Enizi
 
IT-Risk-Management Best Practice
IT-Risk-Management Best PracticeIT-Risk-Management Best Practice
IT-Risk-Management Best PracticeDigicomp Academy AG
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approachtschraider
 
Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - CopyRabah Odeh ITIL 5.0-OCP-CISA-PMP-OCP..etc
 
NIST 800 30 revision Sep 2012
NIST 800 30 revision Sep 2012NIST 800 30 revision Sep 2012
NIST 800 30 revision Sep 2012S Periyakaruppan CISM,ISO31000,C-EH,ITILF
 

Recommended

Risk Management Remediation Overview
Risk Management Remediation OverviewRisk Management Remediation Overview
Risk Management Remediation OverviewRuss Pizzuto
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
Social Enterprise Learning Toolkit (Risk Management Module)
Social Enterprise Learning Toolkit (Risk Management Module)Social Enterprise Learning Toolkit (Risk Management Module)
Social Enterprise Learning Toolkit (Risk Management Module)Enterprising Non-Profits
 
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012
Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012Ahmed Al Enizi
 
IT-Risk-Management Best Practice
IT-Risk-Management Best PracticeIT-Risk-Management Best Practice
IT-Risk-Management Best PracticeDigicomp Academy AG
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approachtschraider
 
Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - CopyRabah Odeh ITIL 5.0-OCP-CISA-PMP-OCP..etc
 
NIST 800 30 revision Sep 2012
NIST 800 30 revision Sep 2012NIST 800 30 revision Sep 2012
NIST 800 30 revision Sep 2012S Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk AssessmentSmart Assessment
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk AssessmentsJoAnna Cheshire
 
Information Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsInformation Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsVidyalankar Institute of Technology
 
Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01S Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Technology leadership driving business innovation
Technology leadership driving business innovationTechnology leadership driving business innovation
Technology leadership driving business innovationJoAnna Cheshire
 
Top 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programTop 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programPriyanka Aash
 
Information Secuirty Vulnerability Management
Information Secuirty Vulnerability ManagementInformation Secuirty Vulnerability Management
Information Secuirty Vulnerability Managementtschraider
 
Risk management(software engineering)
Risk management(software engineering)Risk management(software engineering)
Risk management(software engineering)Priya Tomar
 
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...Healthcare Network marcus evans
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016EnterpriseGRC Solutions, Inc.
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementNikhil Soni
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDoug Copley
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Riskamiable_indian
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1Denise Tawwab
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity AssessmentClaude Baudoin
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secureEnterpriseGRC Solutions, Inc.
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Managementvikasraina
 
Risk management ISO 27001 Standard
Risk management ISO 27001 StandardRisk management ISO 27001 Standard
Risk management ISO 27001 StandardTharindunuwan9
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpointrandalje86
 
Maintaining Brand Integrity at Scale - Affiliate Management Days SF 2015
Maintaining Brand Integrity at Scale - Affiliate Management Days SF 2015Maintaining Brand Integrity at Scale - Affiliate Management Days SF 2015
Maintaining Brand Integrity at Scale - Affiliate Management Days SF 2015Sam Engel
 
We Got a Warning Letter – Now What? How to Keep Calm in a Compliance Storm
We Got a Warning Letter – Now What? How to Keep Calm in a Compliance StormWe Got a Warning Letter – Now What? How to Keep Calm in a Compliance Storm
We Got a Warning Letter – Now What? How to Keep Calm in a Compliance StormDesign World
 

More Related Content

What's hot

Technology leadership driving business innovation
Technology leadership driving business innovationTechnology leadership driving business innovation
Technology leadership driving business innovationJoAnna Cheshire
 
Top 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programTop 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programPriyanka Aash
 
Information Secuirty Vulnerability Management
Information Secuirty Vulnerability ManagementInformation Secuirty Vulnerability Management
Information Secuirty Vulnerability Managementtschraider
 
Risk management(software engineering)
Risk management(software engineering)Risk management(software engineering)
Risk management(software engineering)Priya Tomar
 
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...Healthcare Network marcus evans
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementNikhil Soni
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDoug Copley
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Riskamiable_indian
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1Denise Tawwab
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity AssessmentClaude Baudoin
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Managementvikasraina
 
Risk management ISO 27001 Standard
Risk management ISO 27001 StandardRisk management ISO 27001 Standard
Risk management ISO 27001 StandardTharindunuwan9
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpointrandalje86
 

What's hot (20)

ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk Assessments
 
Information Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsInformation Serurity Risk Assessment Basics
Information Serurity Risk Assessment Basics
 
Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01
 
Technology leadership driving business innovation
Technology leadership driving business innovationTechnology leadership driving business innovation
Technology leadership driving business innovation
 
Top 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programTop 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk program
 
Information Secuirty Vulnerability Management
Information Secuirty Vulnerability ManagementInformation Secuirty Vulnerability Management
Information Secuirty Vulnerability Management
 
Risk management(software engineering)
Risk management(software engineering)Risk management(software engineering)
Risk management(software engineering)
 
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program Effectiveness
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Risk
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
 
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity Assessment
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secure
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Management
 
Risk management ISO 27001 Standard
Risk management ISO 27001 StandardRisk management ISO 27001 Standard
Risk management ISO 27001 Standard
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpoint
 

Viewers also liked

Maintaining Brand Integrity at Scale - Affiliate Management Days SF 2015
Maintaining Brand Integrity at Scale - Affiliate Management Days SF 2015Maintaining Brand Integrity at Scale - Affiliate Management Days SF 2015
Maintaining Brand Integrity at Scale - Affiliate Management Days SF 2015Sam Engel
 
We Got a Warning Letter – Now What? How to Keep Calm in a Compliance Storm
We Got a Warning Letter – Now What? How to Keep Calm in a Compliance StormWe Got a Warning Letter – Now What? How to Keep Calm in a Compliance Storm
We Got a Warning Letter – Now What? How to Keep Calm in a Compliance StormDesign World
 
Fueling Strategic Transformation at Emirates National Oil Company
Fueling Strategic Transformation at Emirates National Oil CompanyFueling Strategic Transformation at Emirates National Oil Company
Fueling Strategic Transformation at Emirates National Oil CompanyRafael Lemaitre
 
A Case for Strategic Transformation of I.T. - A C.E.O.s Perspective
A Case for Strategic Transformation of I.T. - A C.E.O.s PerspectiveA Case for Strategic Transformation of I.T. - A C.E.O.s Perspective
A Case for Strategic Transformation of I.T. - A C.E.O.s PerspectiveRangam Bir
 
Mobile Medical Devices: A Trip to the Trenches of Design and Test
Mobile Medical Devices: A Trip to the Trenches of Design and TestMobile Medical Devices: A Trip to the Trenches of Design and Test
Mobile Medical Devices: A Trip to the Trenches of Design and TestSterling Medical Devices
 
Leveraging PowerPivot
Leveraging PowerPivotLeveraging PowerPivot
Leveraging PowerPivotDan English
 
CFPB Hot Topics in 2016
CFPB Hot Topics in 2016 CFPB Hot Topics in 2016
CFPB Hot Topics in 2016 Experian
 
QAdvis - software risk management based on IEC/ISO 62304
QAdvis - software risk management based on IEC/ISO 62304QAdvis - software risk management based on IEC/ISO 62304
QAdvis - software risk management based on IEC/ISO 62304Robert Ginsberg
 
2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls FactoryNathan Anderson
 
Digital Business 2020: Getting There from Here, Part II
Digital Business 2020: Getting There from Here, Part IIDigital Business 2020: Getting There from Here, Part II
Digital Business 2020: Getting There from Here, Part IICognizant
 
EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...
EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...
EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...YourEncoreInc
 
Clinical Evaluation in the EU for Medical Devices: Understanding the Changes ...
Clinical Evaluation in the EU for Medical Devices: Understanding the Changes ...Clinical Evaluation in the EU for Medical Devices: Understanding the Changes ...
Clinical Evaluation in the EU for Medical Devices: Understanding the Changes ...Greenlight Guru
 
AIA SOX Conference May 2009 - CCM & Data Analytics
AIA SOX Conference May 2009 - CCM & Data AnalyticsAIA SOX Conference May 2009 - CCM & Data Analytics
AIA SOX Conference May 2009 - CCM & Data Analyticsprosenzw69
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
 
Effective medical device validation introduction manual advance
Effective medical device validation introduction manual advanceEffective medical device validation introduction manual advance
Effective medical device validation introduction manual advanceguest2d7d1cac
 
Transform IT Operations with CSC
Transform IT Operations with CSCTransform IT Operations with CSC
Transform IT Operations with CSCAmazon Web Services
 
Achieving Operational Excellence in the Upstream Oil and Gas Industry with th...
Achieving Operational Excellence in the Upstream Oil and Gas Industry with th...Achieving Operational Excellence in the Upstream Oil and Gas Industry with th...
Achieving Operational Excellence in the Upstream Oil and Gas Industry with th...Rolta
 
Transform IT Operations and Management
Transform IT Operations and ManagementTransform IT Operations and Management
Transform IT Operations and ManagementAmazon Web Services
 

Viewers also liked (20)

Maintaining Brand Integrity at Scale - Affiliate Management Days SF 2015
Maintaining Brand Integrity at Scale - Affiliate Management Days SF 2015Maintaining Brand Integrity at Scale - Affiliate Management Days SF 2015
Maintaining Brand Integrity at Scale - Affiliate Management Days SF 2015
 
We Got a Warning Letter – Now What? How to Keep Calm in a Compliance Storm
We Got a Warning Letter – Now What? How to Keep Calm in a Compliance StormWe Got a Warning Letter – Now What? How to Keep Calm in a Compliance Storm
We Got a Warning Letter – Now What? How to Keep Calm in a Compliance Storm
 
Oil & Gas Themes 2016
Oil & Gas Themes 2016Oil & Gas Themes 2016
Oil & Gas Themes 2016
 
Fueling Strategic Transformation at Emirates National Oil Company
Fueling Strategic Transformation at Emirates National Oil CompanyFueling Strategic Transformation at Emirates National Oil Company
Fueling Strategic Transformation at Emirates National Oil Company
 
A Case for Strategic Transformation of I.T. - A C.E.O.s Perspective
A Case for Strategic Transformation of I.T. - A C.E.O.s PerspectiveA Case for Strategic Transformation of I.T. - A C.E.O.s Perspective
A Case for Strategic Transformation of I.T. - A C.E.O.s Perspective
 
Mobile Medical Devices: A Trip to the Trenches of Design and Test
Mobile Medical Devices: A Trip to the Trenches of Design and TestMobile Medical Devices: A Trip to the Trenches of Design and Test
Mobile Medical Devices: A Trip to the Trenches of Design and Test
 
Leveraging PowerPivot
Leveraging PowerPivotLeveraging PowerPivot
Leveraging PowerPivot
 
CFPB Hot Topics in 2016
CFPB Hot Topics in 2016 CFPB Hot Topics in 2016
CFPB Hot Topics in 2016
 
QAdvis - software risk management based on IEC/ISO 62304
QAdvis - software risk management based on IEC/ISO 62304QAdvis - software risk management based on IEC/ISO 62304
QAdvis - software risk management based on IEC/ISO 62304
 
2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory
 
Digital Business 2020: Getting There from Here, Part II
Digital Business 2020: Getting There from Here, Part IIDigital Business 2020: Getting There from Here, Part II
Digital Business 2020: Getting There from Here, Part II
 
EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...
EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...
EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...
 
Clinical Evaluation in the EU for Medical Devices: Understanding the Changes ...
Clinical Evaluation in the EU for Medical Devices: Understanding the Changes ...Clinical Evaluation in the EU for Medical Devices: Understanding the Changes ...
Clinical Evaluation in the EU for Medical Devices: Understanding the Changes ...
 
AIA SOX Conference May 2009 - CCM & Data Analytics
AIA SOX Conference May 2009 - CCM & Data AnalyticsAIA SOX Conference May 2009 - CCM & Data Analytics
AIA SOX Conference May 2009 - CCM & Data Analytics
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
 
Effective medical device validation introduction manual advance
Effective medical device validation introduction manual advanceEffective medical device validation introduction manual advance
Effective medical device validation introduction manual advance
 
Transform IT Operations with CSC
Transform IT Operations with CSCTransform IT Operations with CSC
Transform IT Operations with CSC
 
Achieving Operational Excellence in the Upstream Oil and Gas Industry with th...
Achieving Operational Excellence in the Upstream Oil and Gas Industry with th...Achieving Operational Excellence in the Upstream Oil and Gas Industry with th...
Achieving Operational Excellence in the Upstream Oil and Gas Industry with th...
 
Transform IT Operations and Management
Transform IT Operations and ManagementTransform IT Operations and Management
Transform IT Operations and Management
 
CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
 

Similar to Risk Management and Remediation

Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLPRobert Kloots
 
Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Best Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementBest Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementResolver Inc.
 
CONF. 404- Effective risk management and avoiding project disasters. A pragma...
CONF. 404- Effective risk management and avoiding project disasters. A pragma...CONF. 404- Effective risk management and avoiding project disasters. A pragma...
CONF. 404- Effective risk management and avoiding project disasters. A pragma...PMI-Montréal
 
Ta Security
Ta SecurityTa Security
Ta Securityjothsna
 
TA security
TA securityTA security
TA securitykesavars
 
S thomas sfield
S thomas sfieldS thomas sfield
S thomas sfieldNASAPMC
 
Solvency II - Programme Assurance
Solvency II - Programme AssuranceSolvency II - Programme Assurance
Solvency II - Programme Assurancegainline
 
Risk leadership perspectives Risk Manager of the Year
Risk leadership perspectives Risk Manager of the YearRisk leadership perspectives Risk Manager of the Year
Risk leadership perspectives Risk Manager of the YearKarl Davey
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdfdotco
 
D team weekly powerpoint presentation spqm
D team weekly powerpoint presentation spqmD team weekly powerpoint presentation spqm
D team weekly powerpoint presentation spqmMiraj Mhaisuria
 
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk ManagementKen Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk ManagementJamesMooreCo
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAnand Subramaniam
 
Solvency II -The Practicalities Around Programme Governance & Data
Solvency II -The Practicalities Around Programme Governance & Data Solvency II -The Practicalities Around Programme Governance & Data
Solvency II -The Practicalities Around Programme Governance & Data gainline
 
Integrating Risk With Earned Value
Integrating Risk With Earned ValueIntegrating Risk With Earned Value
Integrating Risk With Earned ValueGlen Alleman
 
[weave] Risk and Compliance - Less but Better, Optimizing controls
[weave] Risk and Compliance - Less but Better, Optimizing controls[weave] Risk and Compliance - Less but Better, Optimizing controls
[weave] Risk and Compliance - Less but Better, Optimizing controlsonepoint x weave
 
Operational Risk Educational Courses to be held in Kenya
Operational Risk Educational Courses to be held in KenyaOperational Risk Educational Courses to be held in Kenya
Operational Risk Educational Courses to be held in Kenyachasecooper
 

Similar to Risk Management and Remediation (20)

Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLP
 
Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012
 
Operational risks
Operational risksOperational risks
Operational risks
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontier
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
Best Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementBest Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability Management
 
CONF. 404- Effective risk management and avoiding project disasters. A pragma...
CONF. 404- Effective risk management and avoiding project disasters. A pragma...CONF. 404- Effective risk management and avoiding project disasters. A pragma...
CONF. 404- Effective risk management and avoiding project disasters. A pragma...
 
Ta Security
Ta SecurityTa Security
Ta Security
 
TA security
TA securityTA security
TA security
 
S thomas sfield
S thomas sfieldS thomas sfield
S thomas sfield
 
Solvency II - Programme Assurance
Solvency II - Programme AssuranceSolvency II - Programme Assurance
Solvency II - Programme Assurance
 
Risk leadership perspectives Risk Manager of the Year
Risk leadership perspectives Risk Manager of the YearRisk leadership perspectives Risk Manager of the Year
Risk leadership perspectives Risk Manager of the Year
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdf
 
D team weekly powerpoint presentation spqm
D team weekly powerpoint presentation spqmD team weekly powerpoint presentation spqm
D team weekly powerpoint presentation spqm
 
Ken Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk ManagementKen Kurdziel: Enterprise Risk Management
Ken Kurdziel: Enterprise Risk Management
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management Process
 
Solvency II -The Practicalities Around Programme Governance & Data
Solvency II -The Practicalities Around Programme Governance & Data Solvency II -The Practicalities Around Programme Governance & Data
Solvency II -The Practicalities Around Programme Governance & Data
 
Integrating Risk With Earned Value
Integrating Risk With Earned ValueIntegrating Risk With Earned Value
Integrating Risk With Earned Value
 
[weave] Risk and Compliance - Less but Better, Optimizing controls
[weave] Risk and Compliance - Less but Better, Optimizing controls[weave] Risk and Compliance - Less but Better, Optimizing controls
[weave] Risk and Compliance - Less but Better, Optimizing controls
 
Operational Risk Educational Courses to be held in Kenya
Operational Risk Educational Courses to be held in KenyaOperational Risk Educational Courses to be held in Kenya
Operational Risk Educational Courses to be held in Kenya
 

More from Carahsoft

Cyber V. Shark Facts
Cyber V. Shark FactsCyber V. Shark Facts
Cyber V. Shark FactsCarahsoft
 
Adobe Government Technology Livestream Agenda
Adobe Government Technology Livestream AgendaAdobe Government Technology Livestream Agenda
Adobe Government Technology Livestream AgendaCarahsoft
 
Citizen Engagement Speakers
Citizen Engagement SpeakersCitizen Engagement Speakers
Citizen Engagement SpeakersCarahsoft
 
inTTENSITY Federal Social Media Summit
inTTENSITY Federal Social Media SummitinTTENSITY Federal Social Media Summit
inTTENSITY Federal Social Media SummitCarahsoft
 
Opening Keynote and Welcome
Opening Keynote and WelcomeOpening Keynote and Welcome
Opening Keynote and WelcomeCarahsoft
 
Symantec Government Technology Summit
Symantec Government Technology SummitSymantec Government Technology Summit
Symantec Government Technology SummitCarahsoft
 
Electronic Data Discovery
Electronic Data DiscoveryElectronic Data Discovery
Electronic Data DiscoveryCarahsoft
 
Endpoint Evolution
Endpoint EvolutionEndpoint Evolution
Endpoint EvolutionCarahsoft
 
Symantec Solutions Working Together
Symantec Solutions Working TogetherSymantec Solutions Working Together
Symantec Solutions Working TogetherCarahsoft
 
Data Center Virtualization
Data Center VirtualizationData Center Virtualization
Data Center VirtualizationCarahsoft
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for GovernmentCarahsoft
 
Mobile Management
Mobile ManagementMobile Management
Mobile ManagementCarahsoft
 
Symantec government technology summit abstract
Symantec government technology summit abstractSymantec government technology summit abstract
Symantec government technology summit abstractCarahsoft
 

More from Carahsoft (13)

Cyber V. Shark Facts
Cyber V. Shark FactsCyber V. Shark Facts
Cyber V. Shark Facts
 
Adobe Government Technology Livestream Agenda
Adobe Government Technology Livestream AgendaAdobe Government Technology Livestream Agenda
Adobe Government Technology Livestream Agenda
 
Citizen Engagement Speakers
Citizen Engagement SpeakersCitizen Engagement Speakers
Citizen Engagement Speakers
 
inTTENSITY Federal Social Media Summit
inTTENSITY Federal Social Media SummitinTTENSITY Federal Social Media Summit
inTTENSITY Federal Social Media Summit
 
Opening Keynote and Welcome
Opening Keynote and WelcomeOpening Keynote and Welcome
Opening Keynote and Welcome
 
Symantec Government Technology Summit
Symantec Government Technology SummitSymantec Government Technology Summit
Symantec Government Technology Summit
 
Electronic Data Discovery
Electronic Data DiscoveryElectronic Data Discovery
Electronic Data Discovery
 
Endpoint Evolution
Endpoint EvolutionEndpoint Evolution
Endpoint Evolution
 
Symantec Solutions Working Together
Symantec Solutions Working TogetherSymantec Solutions Working Together
Symantec Solutions Working Together
 
Data Center Virtualization
Data Center VirtualizationData Center Virtualization
Data Center Virtualization
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for Government
 
Mobile Management
Mobile ManagementMobile Management
Mobile Management
 
Symantec government technology summit abstract
Symantec government technology summit abstractSymantec government technology summit abstract
Symantec government technology summit abstract
 

Recently uploaded

Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptP&CO
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...allensay1
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptxnandhinijagan9867
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noidadlhescort
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1kcpayne
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...lizamodels9
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Sheetaleventcompany
 

Recently uploaded (20)

Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 

Risk Management and Remediation

  • 1. Risk Management and Remediation Kurt Van Etten Stephen Brown Symantec Arellia Director, Product Management President Dan McManus Arellia Director of Sales Risk Management and Remediation 1
  • 2. Agenda 1 Need to Move to Risk Management 2 Deeper Dive on Risk Manager 3 Remediation Risk Management and Remediation 2
  • 3. Rapid Maturation of Information Security Risk Scoring & Cyberscope Management Reporting Continuous Monitoring • Focus on top priorities • Reporting to higher • Drive action to • Peer Comparison reduce risk • Collection of Data • Vulnerability • Configuration • Procedural Risk Management and Remediation 3
  • 4. Symantec Approach to IT Risk Management How do IT risks How do you convey How do you affect your IT risks to your drive measurable mission? peers? risk reduction? CCS RISK MANAGER TRANSLATE INFLUENCE ACT Risk Management and Remediation 4
  • 5. Introducing CCS Risk Manager CCS RISK MANAGER TRANSLATE INFLUENCE ACT » Define virtual » Convey IT risk in » Prioritize based on business assets business terms business impact » Connect related » Customized views » Align Security and IT assets for greater impact IT Operations » Create business » Justify new security » Track risk reduction view of IT risk investments over time Risk Management and Remediation 5
  • 6. Current View of IT Risk – Technology Centric Risk Management and Remediation 6
  • 7. Translating IT Risk Transaction Processing System Case Management Risk Management and Remediation 7
  • 8. Translating IT Risk Transaction Processing System Case Management Risk Management and Remediation 8
  • 9. Using Risk to Drive Accountability and Action Transaction Processing System Plan Current Projected Target Name Risk Objective Status Score Score Date Owner Plan A B Secure Configuration Completed Submitted 3.65 2.75 2.75 3/15/12 Bob Plan B C Patch Level Standard Completed Submitted 4.22 1.81 1.81 4/11/12 Joe Plan A Info Sec Standard Completed 2.23 2.23 1/10/12 Joe Plan D C Protect Web Servers Completed Submitted 3.51 2.10 2.10 2/28/12 Dave Risk Management and Remediation 9
  • 10. CCS Risk Manager Highlights  Define a business asset you want to manage  Visualize and understand IT risk for this business asset  Prioritize remediation based on IT risk, not technical severity  Monitor risk reduction over time Risk Management and Remediation 10
  • 11. Visualize and Understand IT Risk Enterprise Wide View of Business Risk Risk Overview for People’s Bank Risk & Compliance Sales Specialist Training - CCS Risk Manager 11
  • 12. Visualize and Understand IT Risk Balanced View of Business and Operational Metrics Drill down to technical details Risk & Compliance Sales Specialist Training - CCS Risk Manager 12
  • 13. Prioritize Remediation Based on Risk Risk Modeling Risk Management and Remediation 13
  • 14. Prioritize Remediation Based on Risk Remediation Plan by Risk Objective Review & finalize remediation plan Risk Management and Remediation 14
  • 15. Monitor Risk Reduction Over Time Manage Remediation Plans Track risk reduction for remediation plans Risk Management and Remediation 15
  • 16. Effective Risk Management Data Driven View of Risk • Cross-reference multiple data points for a true view of risk 1 • Combine 3rd party data for ‘composite’ risk score • Easily digest and distill data from thousands of devices Ability to Show Business Value • Map IT assets to business assets 2 • Present relevant information to business peers • Flexible reporting – avoid costly re-mapping efforts Move Beyond Risk Assessment to Risk Monitoring & Management • Track objectives and monitor risk over time 3 • Develop action plans to manage entire remediation process • Demonstrate risk reduction over time Risk Management and Remediation 16
  • 17. Effective Remediation • Remediation: The act or process of correcting a fault or deficiency • Automating Remediation can: – Fix 95% of Security Profile settings w/o manual intervention – Immediately address an environment’s post-audit vulnerability status – Provide significant ROI Risk Management and Remediation
  • 18. Why Haven’t We Automated Remediation? • Auditing and Remediation – Security (Auditing) vs. Operations (Change Management) • SCAP Validated • Means that we can ingest SCAP audit results!!! • Standards Enable Security • Common language between security and management • Security results become Management Tasks • Automatic remediation for 6 well known configuration types • Registry settings • Local password policies • Security audit • Service configuration • Account lockout • Account privileges • Actionable, Automated, & Auditable 18 Risk Management and Remediation
  • 19. Closed Loop Direct Remediation SCAP Audit Initiated • FDCC SCAP Audit Tool Remediation Tool • USGCB • STIG • CIS End Point 19 Risk Management and Remediation
  • 20. Closed Loop Direct Remediation Audit Complete • Results Available SCAP Audit Tool Remediation Tool via Reporting Security Results  Management Tasks Remediation Tasks Executed End Point • Approval Manual and/or Automated 20 Risk Management and Remediation
  • 21. Closed Loop Direct Remediation Remediation Complete • Results Available via SCAP Audit Tool Remediation Tool Reporting Remediation Complete • SCAP Audit Tool Notified SCAP Validation Audit End Point • FDCC, USGCB, etc. Risk Management and Remediation
  • 22. Closed Loop Direct Remediation Validation Audit Complete SCAP Audit Tool Remediation Tool • Results Available via Reporting End Point 22 Risk Management and Remediation
  • 23. Didn’t You Mention Something About ROI? Example: Windows 7 • Fix 95% of Security Profile settings w/o manual intervention •• Post “Typical” Install an environment’s post-audit vulnerability status Immediately address of Windows 7, run a USGCB audit • Windows 7 installation will be around 30% compliant • Provide a significant ROI to a customer (70% failure to comply) Manual Audit Costs Number of issues to address 100 Minutes per issue 5 Total Time (Hours) 8.33 Jr. Admin Salary $50,000 TOTAL COST $200.32 • Soft costs (unfactored): Lost productivity of Jr. Admin AND End User • Will need to perform remediation again after next audit! Risk Management and Remediation
  • 26. How Arellia Can Further Help Effective Risk Management D Removing End Users’ Administrator A Securing Local Admin Accounts & Rights Passwords Application Automating Whitelisting Remediation C B
  • 27. Privilege Management: Increasing Security AND End User Productivity Privilege Management: The ability to enable or secure applications through the addition or removal of user rights. 1 in 14 Programs downloaded in Windows are malicious 43% 2011 MS Bulletins address Privilege Exploitation 110 Million Estimated new Windows 7 users in 2012 Annual cost savings per managed endpoint: $653 “moderately managed” vs. “locked and well-managed” Risk Management and Remediation
  • 28. Windows 7 End User Accounts: High Security Posture AND End User Productivity “Ideal” end user model? “Privilege management and • Standard User with elevated application control tools help privileges for predetermined achievecustomer) functions (by total cost of ownership (TCO) Cannot be doneclose to third – reasonably without a that party tool of a locked and well-managed • Balances security needs user, while giving users some with end user productivity ability to control their – Security posture remains high systems.” – End user productivity remains high Gartner: “The Cost of Removing – Support costs at all levels Administrative Rights for the Wrong lowered Users” (April 2011) Risk Management and Remediation
  • 29. Local Administrative Rights: The Interrogative Process •Who has Admin Access?!?!? •What was the justification? •When were these waivers last reviewed? •Where in my organization are these local end user accounts with admin rights? •Why aren’t my GPOs enough? Risk Management and Remediation
  • 30. How Do I Fix This? • Local Admin Password: Randomization & Cycling • Discover local user accounts – Including accounts with admin rights • Group Membership Enforcement • Windows Service Account Management • Auditing of Administrator Account Usage • Local Security Inventory and Configuration • Compliance Reporting Risk Management and Remediation
  • 31. www.arellia.com Item Description How to purchase Sold exclusively via Symantec sales and partners Buying Options Available in Symantec buying programs Contacts 800.889.8091 (Option 1) or SalesStaff@arellia.com Data Sheets www.arellia.com/solutions Forums / Documentation portal.arellia.com/wiki Videos (YouTube Channel) www.youtube.com/user/ArelliaSoftwareVideo Webcasts / Events www.arellia.com/events Blog www.arellia.com/blog Twitter @ArelliaSoftware Partner Portal arellia.channelplace.net
  • 32. Thank you! Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Risk Management and Remediation 32

Editor's Notes

  1. Allows you to define what can be remediated automatically vs. what may require manual review (based upon organization policy)
  2. ARELLIARather than becoming another assessment focused tool, we created a tool to drive automated remediation using SCAP and the underlying open standardsESRS enables Operations to:Identify or import issues from an SCAP assessment productAutomate the remediation tasksPredefine remediation tasks that meet requirements for change management approvalEach security policy provides quick information on:Assessments completedCompliance trend over timeIndividual computer compliance scoresRemediation actions can be automatically generated after an assessment and can be approved from the Remediation Approvals tab.