SlideShare a Scribd company logo

Risk Based Approach In cyber Security In Nepal

ICT Frame Magazine Pvt. Ltd.
ICT Frame Magazine Pvt. Ltd.

International ICT Conference 2018 Sustainable Development Goals for Smart society Kathmandu, Nepal June 17-18, 2018 Source: https://ictframe.com/wp-content/uploads/Risk-Based-Approach-in-Cyber-Security-In-Nepal.pdf

Internet
1 of 33
Download to read offline
Risk-Based Approach in Cyber Security! ! ! ! International ICT Conference 2018! Sustainable Development Goals for Smart society! Kathmandu, Nepal! June 17-18, 2018 Pramod Parajuli IT Consultant and Risk Specialist Datum Systems Pvt. Ltd. pramod@datum.com.np
AGENDA 1 §  Summary of a quick survey on cyber security §  Why compliance and frameworks are not sufficient? §  Risk-Based Approach §  Types of risks §  Scientific risk analysis §  C2M2
A quick survey on cyber security in Nepali organizations (Survey summary of Nepal, 2018 compared with Deloitte. Survey Summary, 2014) 2
3 Source: Cyber Security in Nepali Organizations - Survey, npCert, 2018
4 Source: Central Asian Information Security Survey Results, Deloittee, 2015
5 Source: Cyber Security in Nepali Organizations - Survey, npCert, 2018
6 Source: Central Asian Information Security Survey Results, Deloittee, 2015
7 Source: Cyber Security in Nepali Organizations - Survey, npCert, 2018
8 Source: Central Asian Information Security Survey Results, Deloittee, 2015
9 Source: Cyber Security in Nepali Organizations - Survey, npCert, 2018
10 Source: Central Asian Information Security Survey Results, Deloittee, 2015
11 Source: Cyber Security in Nepali Organizations - Survey, npCert, 2018
CYBER SECURITY AND BUSINESS PROCESS 12 Business Process Standardization Business Process Parameterization Monitoring and Control Cyber Security Parameterization
And yet, attacks are happening! 13
New threats, sophisticated tools, dynamic workflows, complexity of systems, complexity of services and containers, human elements, cost- based approach! 14
EVOLUTION Early adoption Awareness, education, testing and implementation Framework- based approach Follow set of guidelines from leading organizations Compliance -based approach Complying to legal requirements Risk-based approach Prioritizing according to risk levels, incorporating residual risks 15
RISKS 16 §  Information not available to right person/entity in right time. §  Service not available to right person/entity in right time. §  Difficulty in meeting business-level QoS assurance. §  Non-compliance.
IMPACT OF RISKS National risk Sectoral risk Institutional/business risk Individual risk 17
TYPES OF RISKS §  Inherent risks - can be expected to occur, their impact can be estimated and assigned to particular event. §  Residual risks – are amount of risk left after inherent risks has been reduced by applying risk measures and controls. residual risk = inherent risk − impact of risk controls 18
RISK-BASED APPROACH (RBA) §  Scientific risk analysis of –  people, –  products, –  processes, and –  systems. §  For higher level risks, take enhanced measures to manage and mitigate those risks. §  For lower level risks, simplified measures may be permitted. §  However, lower level of risks can not be exempted! 19
ORAGNIZATIONS NEED TO MANAGE RISKS RELATED TO People Products Processes Systems 20
PEOPLE §  Customers §  Customer associates §  Customer’s customers §  Vendors, contractors, sub-contractors §  Employees! 21
22
PRODUCTS §  The instruments that carry value and that allow exchange of value (bills, cards, crypto currency…). §  Value exchange services (transfers, withdrawals, deposits, loan, crypto-currency exchange, FOREX, …). §  Value distribution channels (Internet banking, SMS, electronic pay systems, …). 23
EXAMPLE - Services delivery §  What is at the stake if service is not delivered? §  What will happen if wrong service is delivered? §  What will happen if Quality of Service is compromised? §  Who will be affected? §  How will it affect overall business objectives? 24
PROCESSES §  Objectives §  Quality standards to achieve §  Business workflow: flow of events §  Reporting workflow §  Roles and responsibilities §  Record keeping standard §  Exceptions and escalation 25
EXAMPLE - Procurement §  Does the procurement policy compromise quality of product or service that we’re procuring/providing? §  Is the vendor able to comply with our security requirements? 26
RISK ANALYSIS TOOLS Medium High Very high Low Medium High Very low Low Medium frequency impact 27
SCIENTIFIC RISK MEASURE                 Risk = max(s)+ sensitivity max(s), x( ) x∈s,x≠max(s) ∑ ⎛ ⎝ ⎜⎜ ⎞ ⎠ ⎟⎟ s∈C ∑                      C = {risk category0, risk category1,......} sensitivity(y, x) = y× x 100 ⎛ ⎝ ⎜ ⎞ ⎠ ⎟% 28
RISK DISTRIBUTION 29
CYBERSECURITY CAPABILITY MATURITY MODEL (C2M2) 30 Blocking & Tracking •  Lack of executive support •  Unfunded •  Understaffed •  Lack of metrics for reporting •  Set up for failure Compliance Driven •  Control-based security approach •  Align to mandatory regulations: EU/PII data protection, FFIEC, HIPAA, ISO 2700x, PCI, NCUA Risk-Based Approach •  Multi-layered security and risk-based approach •  Frequent behavior analysis and technology review •  Linking events across multiple disciplines/ verticals
CONCLUDING REMARKS §  Risk-based approach is being used by Banking and Finance Institutions in Nepal for auditing and compliance. §  Risk-based approach in cyber security empowers businesses to conduct their businesses with confidence towards smart society. 31
Thank you. 32

Recommended

Modern Security Risk
Modern Security RiskModern Security Risk
Modern Security RiskPhil Huggins FBCS CITP
 
Countering Cyber Threats
Countering Cyber ThreatsCountering Cyber Threats
Countering Cyber ThreatsPhil Huggins FBCS CITP
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResiliencePhil Huggins FBCS CITP
 
MP_OneSheet_VulnThreat
MP_OneSheet_VulnThreatMP_OneSheet_VulnThreat
MP_OneSheet_VulnThreatKatherine Johnston, CFE
 
Improving Security Metrics
Improving Security MetricsImproving Security Metrics
Improving Security MetricsDoug Copley
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDoug Copley
 
Echelon Thailand 2017 – Cybersecurity Resilience by Crowd Wisdom
Echelon Thailand 2017 – Cybersecurity Resilience by Crowd WisdomEchelon Thailand 2017 – Cybersecurity Resilience by Crowd Wisdom
Echelon Thailand 2017 – Cybersecurity Resilience by Crowd Wisdome27
 
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk ResilienceHow to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk ResiliencePriyanka Aash
 

Recommended

Modern Security Risk
Modern Security RiskModern Security Risk
Modern Security RiskPhil Huggins FBCS CITP
 
Countering Cyber Threats
Countering Cyber ThreatsCountering Cyber Threats
Countering Cyber ThreatsPhil Huggins FBCS CITP
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResiliencePhil Huggins FBCS CITP
 
MP_OneSheet_VulnThreat
MP_OneSheet_VulnThreatMP_OneSheet_VulnThreat
MP_OneSheet_VulnThreatKatherine Johnston, CFE
 
Improving Security Metrics
Improving Security MetricsImproving Security Metrics
Improving Security MetricsDoug Copley
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDoug Copley
 
Echelon Thailand 2017 – Cybersecurity Resilience by Crowd Wisdom
Echelon Thailand 2017 – Cybersecurity Resilience by Crowd WisdomEchelon Thailand 2017 – Cybersecurity Resilience by Crowd Wisdom
Echelon Thailand 2017 – Cybersecurity Resilience by Crowd Wisdome27
 
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk ResilienceHow to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk ResiliencePriyanka Aash
 
Quantifying Cyber Risk
Quantifying Cyber Risk Quantifying Cyber Risk
Quantifying Cyber Risk Phil Huggins FBCS CITP
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksVenafi
 
Vendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and OftenVendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and OftenPriyanka Aash
 
Cyber-Risk-Management-Assessment (1)
Cyber-Risk-Management-Assessment (1)Cyber-Risk-Management-Assessment (1)
Cyber-Risk-Management-Assessment (1)OCTF Industry Engagement
 
Security Awareness: The Best Defence
Security Awareness: The Best DefenceSecurity Awareness: The Best Defence
Security Awareness: The Best DefenceShawn Brown
 
Epoch Universal Professional Services: Penetration Test
Epoch Universal Professional Services: Penetration TestEpoch Universal Professional Services: Penetration Test
Epoch Universal Professional Services: Penetration TestEpoch Universal, Inc.
 
Resilience is the new cyber security
Resilience is the new cyber securityResilience is the new cyber security
Resilience is the new cyber securityPhil Huggins FBCS CITP
 
What are the Business Security Metrics?
What are the Business Security Metrics? What are the Business Security Metrics?
What are the Business Security Metrics? amiable_indian
 
Risk Intelligence: Threats are the New Risk
Risk Intelligence: Threats are the New RiskRisk Intelligence: Threats are the New Risk
Risk Intelligence: Threats are the New RiskResolver Inc.
 
2016 Scalar Security Study Roadshow
2016 Scalar Security Study Roadshow2016 Scalar Security Study Roadshow
2016 Scalar Security Study RoadshowScalar Decisions
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...Mighty Guides, Inc.
 
011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rs011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rsRichard Smiraldi
 
Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)PwC France
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience InsuranceAccenture Insurance
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
 
Global CISO Forum 2017: How To Measure Anything In Cybersecurity Risk
Global CISO Forum 2017: How To Measure Anything In Cybersecurity RiskGlobal CISO Forum 2017: How To Measure Anything In Cybersecurity Risk
Global CISO Forum 2017: How To Measure Anything In Cybersecurity RiskEC-Council
 
Reporte de Seguridad de Cisco 2016
Reporte de Seguridad de Cisco 2016Reporte de Seguridad de Cisco 2016
Reporte de Seguridad de Cisco 2016Oscar Romano
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksPhil Huggins FBCS CITP
 
Planning a move from Perspective to CORE
Planning a move from Perspective to COREPlanning a move from Perspective to CORE
Planning a move from Perspective to COREResolver Inc.
 
011918 incident analytics_service_fact_sheet_rs
011918 incident analytics_service_fact_sheet_rs011918 incident analytics_service_fact_sheet_rs
011918 incident analytics_service_fact_sheet_rsRichard Smiraldi
 
Cytegic presentation 02 12
Cytegic presentation 02 12Cytegic presentation 02 12
Cytegic presentation 02 12Cytegic
 
Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk AssessmentMichael Lines
 

More Related Content

What's hot

Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksVenafi
 
Vendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and OftenVendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and OftenPriyanka Aash
 
Security Awareness: The Best Defence
Security Awareness: The Best DefenceSecurity Awareness: The Best Defence
Security Awareness: The Best DefenceShawn Brown
 
Epoch Universal Professional Services: Penetration Test
Epoch Universal Professional Services: Penetration TestEpoch Universal Professional Services: Penetration Test
Epoch Universal Professional Services: Penetration TestEpoch Universal, Inc.
 
What are the Business Security Metrics?
What are the Business Security Metrics? What are the Business Security Metrics?
What are the Business Security Metrics? amiable_indian
 
Risk Intelligence: Threats are the New Risk
Risk Intelligence: Threats are the New RiskRisk Intelligence: Threats are the New Risk
Risk Intelligence: Threats are the New RiskResolver Inc.
 
2016 Scalar Security Study Roadshow
2016 Scalar Security Study Roadshow2016 Scalar Security Study Roadshow
2016 Scalar Security Study RoadshowScalar Decisions
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...Mighty Guides, Inc.
 
011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rs011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rsRichard Smiraldi
 
Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)PwC France
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience InsuranceAccenture Insurance
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
 
Global CISO Forum 2017: How To Measure Anything In Cybersecurity Risk
Global CISO Forum 2017: How To Measure Anything In Cybersecurity RiskGlobal CISO Forum 2017: How To Measure Anything In Cybersecurity Risk
Global CISO Forum 2017: How To Measure Anything In Cybersecurity RiskEC-Council
 
Reporte de Seguridad de Cisco 2016
Reporte de Seguridad de Cisco 2016Reporte de Seguridad de Cisco 2016
Reporte de Seguridad de Cisco 2016Oscar Romano
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksPhil Huggins FBCS CITP
 
Planning a move from Perspective to CORE
Planning a move from Perspective to COREPlanning a move from Perspective to CORE
Planning a move from Perspective to COREResolver Inc.
 
011918 incident analytics_service_fact_sheet_rs
011918 incident analytics_service_fact_sheet_rs011918 incident analytics_service_fact_sheet_rs
011918 incident analytics_service_fact_sheet_rsRichard Smiraldi
 

What's hot (20)

Quantifying Cyber Risk
Quantifying Cyber Risk Quantifying Cyber Risk
Quantifying Cyber Risk
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and Attacks
 
Vendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and OftenVendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and Often
 
Cyber-Risk-Management-Assessment (1)
Cyber-Risk-Management-Assessment (1)Cyber-Risk-Management-Assessment (1)
Cyber-Risk-Management-Assessment (1)
 
Security Awareness: The Best Defence
Security Awareness: The Best DefenceSecurity Awareness: The Best Defence
Security Awareness: The Best Defence
 
Epoch Universal Professional Services: Penetration Test
Epoch Universal Professional Services: Penetration TestEpoch Universal Professional Services: Penetration Test
Epoch Universal Professional Services: Penetration Test
 
Resilience is the new cyber security
Resilience is the new cyber securityResilience is the new cyber security
Resilience is the new cyber security
 
What are the Business Security Metrics?
What are the Business Security Metrics? What are the Business Security Metrics?
What are the Business Security Metrics?
 
Risk Intelligence: Threats are the New Risk
Risk Intelligence: Threats are the New RiskRisk Intelligence: Threats are the New Risk
Risk Intelligence: Threats are the New Risk
 
2016 Scalar Security Study Roadshow
2016 Scalar Security Study Roadshow2016 Scalar Security Study Roadshow
2016 Scalar Security Study Roadshow
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
 
011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rs011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rs
 
Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security Study
 
Global CISO Forum 2017: How To Measure Anything In Cybersecurity Risk
Global CISO Forum 2017: How To Measure Anything In Cybersecurity RiskGlobal CISO Forum 2017: How To Measure Anything In Cybersecurity Risk
Global CISO Forum 2017: How To Measure Anything In Cybersecurity Risk
 
Reporte de Seguridad de Cisco 2016
Reporte de Seguridad de Cisco 2016Reporte de Seguridad de Cisco 2016
Reporte de Seguridad de Cisco 2016
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber Shocks
 
Planning a move from Perspective to CORE
Planning a move from Perspective to COREPlanning a move from Perspective to CORE
Planning a move from Perspective to CORE
 
011918 incident analytics_service_fact_sheet_rs
011918 incident analytics_service_fact_sheet_rs011918 incident analytics_service_fact_sheet_rs
011918 incident analytics_service_fact_sheet_rs
 

Similar to Risk Based Approach In cyber Security In Nepal

Cytegic presentation 02 12
Cytegic presentation 02 12Cytegic presentation 02 12
Cytegic presentation 02 12Cytegic
 
Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk AssessmentMichael Lines
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Information security – risk identification is all
Information security – risk identification is allInformation security – risk identification is all
Information security – risk identification is allPECB
 
Risk Based Security Management
Risk Based Security ManagementRisk Based Security Management
Risk Based Security ManagementLuis Martins
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).pptAjjuSingh2
 
Cyber TPRM - the journey ahead
Cyber TPRM - the journey aheadCyber TPRM - the journey ahead
Cyber TPRM - the journey aheadKevin Duffey
 
project_risk_mgmt_final.ppt
project_risk_mgmt_final.pptproject_risk_mgmt_final.ppt
project_risk_mgmt_final.pptavisha23
 
project_risk_mgmt_final.ppt
project_risk_mgmt_final.pptproject_risk_mgmt_final.ppt
project_risk_mgmt_final.pptAyidAlmgati
 
PMI project_risk_management_final_2022.ppt
PMI project_risk_management_final_2022.pptPMI project_risk_management_final_2022.ppt
PMI project_risk_management_final_2022.pptDorraLamouchi1
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018Open Security Summit
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
Top 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programTop 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programPriyanka Aash
 
Overview of Haystax Technology
Overview of Haystax TechnologyOverview of Haystax Technology
Overview of Haystax TechnologyHaystax Technology
 
Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?John D. Johnson
 
Achieve Excellence through Customer Experience
Achieve Excellence through Customer ExperienceAchieve Excellence through Customer Experience
Achieve Excellence through Customer ExperienceNaveen Agarwal
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAPPECB
 

Similar to Risk Based Approach In cyber Security In Nepal (20)

Cytegic presentation 02 12
Cytegic presentation 02 12Cytegic presentation 02 12
Cytegic presentation 02 12
 
Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk Assessment
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Information security – risk identification is all
Information security – risk identification is allInformation security – risk identification is all
Information security – risk identification is all
 
Risk Based Security Management
Risk Based Security ManagementRisk Based Security Management
Risk Based Security Management
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).ppt
 
Cyber TPRM - the journey ahead
Cyber TPRM - the journey aheadCyber TPRM - the journey ahead
Cyber TPRM - the journey ahead
 
project_risk_mgmt_final.ppt
project_risk_mgmt_final.pptproject_risk_mgmt_final.ppt
project_risk_mgmt_final.ppt
 
project_risk_mgmt_final.ppt
project_risk_mgmt_final.pptproject_risk_mgmt_final.ppt
project_risk_mgmt_final.ppt
 
PMI project_risk_management_final_2022.ppt
PMI project_risk_management_final_2022.pptPMI project_risk_management_final_2022.ppt
PMI project_risk_management_final_2022.ppt
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial Institutions
 
Top 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programTop 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk program
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessment
 
Overview of Haystax Technology
Overview of Haystax TechnologyOverview of Haystax Technology
Overview of Haystax Technology
 
Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?
 
Achieve Excellence through Customer Experience
Achieve Excellence through Customer ExperienceAchieve Excellence through Customer Experience
Achieve Excellence through Customer Experience
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
 

More from ICT Frame Magazine Pvt. Ltd.

Analysis of card management and associated operational risk in banks of Nepal
Analysis of card management and associated operational risk in banks of NepalAnalysis of card management and associated operational risk in banks of Nepal
Analysis of card management and associated operational risk in banks of NepalICT Frame Magazine Pvt. Ltd.
 
Cyber Security Challenges in Developing Countries with Reference to Legislat...
Cyber Security Challenges in Developing Countries with Reference to Legislat... Cyber Security Challenges in Developing Countries with Reference to Legislat...
Cyber Security Challenges in Developing Countries with Reference to Legislat...ICT Frame Magazine Pvt. Ltd.
 
Nepal Rastra Bank Information Technology Guidelines
Nepal Rastra Bank Information Technology GuidelinesNepal Rastra Bank Information Technology Guidelines
Nepal Rastra Bank Information Technology GuidelinesICT Frame Magazine Pvt. Ltd.
 
Cyber Security Practices and Future Plan: Real Scenario in ISPs In Nepal
Cyber Security Practices and Future Plan: Real Scenario in ISPs In NepalCyber Security Practices and Future Plan: Real Scenario in ISPs In Nepal
Cyber Security Practices and Future Plan: Real Scenario in ISPs In NepalICT Frame Magazine Pvt. Ltd.
 
Cyber Crime In Nepal: Threats And Minimize The Cyber Security Issues
Cyber Crime In Nepal: Threats And Minimize The Cyber Security IssuesCyber Crime In Nepal: Threats And Minimize The Cyber Security Issues
Cyber Crime In Nepal: Threats And Minimize The Cyber Security IssuesICT Frame Magazine Pvt. Ltd.
 
Workshop Proposal APRIGF 2020 (Advocate Baburam Aryal)
Workshop Proposal APRIGF 2020 (Advocate Baburam Aryal)Workshop Proposal APRIGF 2020 (Advocate Baburam Aryal)
Workshop Proposal APRIGF 2020 (Advocate Baburam Aryal)ICT Frame Magazine Pvt. Ltd.
 

More from ICT Frame Magazine Pvt. Ltd. (14)

InfoDevelopers TechTalk Series
InfoDevelopers TechTalk SeriesInfoDevelopers TechTalk Series
InfoDevelopers TechTalk Series
 
Web application security measures
Web application security measuresWeb application security measures
Web application security measures
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
Analysis of card management and associated operational risk in banks of Nepal
Analysis of card management and associated operational risk in banks of NepalAnalysis of card management and associated operational risk in banks of Nepal
Analysis of card management and associated operational risk in banks of Nepal
 
Possibilities of e-learning in Nepal
Possibilities of e-learning in NepalPossibilities of e-learning in Nepal
Possibilities of e-learning in Nepal
 
Cyber Security Challenges in Developing Countries with Reference to Legislat...
Cyber Security Challenges in Developing Countries with Reference to Legislat... Cyber Security Challenges in Developing Countries with Reference to Legislat...
Cyber Security Challenges in Developing Countries with Reference to Legislat...
 
Nepal internet governance forum 2018 report
Nepal internet governance forum 2018 reportNepal internet governance forum 2018 report
Nepal internet governance forum 2018 report
 
Nepal Rastra Bank Information Technology Guidelines
Nepal Rastra Bank Information Technology GuidelinesNepal Rastra Bank Information Technology Guidelines
Nepal Rastra Bank Information Technology Guidelines
 
IT Directives For Insurance Company, 2076
IT Directives For Insurance Company, 2076IT Directives For Insurance Company, 2076
IT Directives For Insurance Company, 2076
 
IGF 2020 NRIs Virtual Meeting II
IGF 2020 NRIs Virtual Meeting IIIGF 2020 NRIs Virtual Meeting II
IGF 2020 NRIs Virtual Meeting II
 
Cyber Security Practices and Future Plan: Real Scenario in ISPs In Nepal
Cyber Security Practices and Future Plan: Real Scenario in ISPs In NepalCyber Security Practices and Future Plan: Real Scenario in ISPs In Nepal
Cyber Security Practices and Future Plan: Real Scenario in ISPs In Nepal
 
Cyber Crime In Nepal: Threats And Minimize The Cyber Security Issues
Cyber Crime In Nepal: Threats And Minimize The Cyber Security IssuesCyber Crime In Nepal: Threats And Minimize The Cyber Security Issues
Cyber Crime In Nepal: Threats And Minimize The Cyber Security Issues
 
Workshop Proposal APRIGF 2020 (Advocate Baburam Aryal)
Workshop Proposal APRIGF 2020 (Advocate Baburam Aryal)Workshop Proposal APRIGF 2020 (Advocate Baburam Aryal)
Workshop Proposal APRIGF 2020 (Advocate Baburam Aryal)
 
ICT MAGAZINE NEPAL (ICTFRAME.COM)
ICT MAGAZINE NEPAL (ICTFRAME.COM)ICT MAGAZINE NEPAL (ICTFRAME.COM)
ICT MAGAZINE NEPAL (ICTFRAME.COM)
 

Recently uploaded

Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 

Recently uploaded (20)

Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 

Risk Based Approach In cyber Security In Nepal

  • 1. Risk-Based Approach in Cyber Security! ! ! ! International ICT Conference 2018! Sustainable Development Goals for Smart society! Kathmandu, Nepal! June 17-18, 2018 Pramod Parajuli IT Consultant and Risk Specialist Datum Systems Pvt. Ltd. pramod@datum.com.np
  • 2. AGENDA 1 §  Summary of a quick survey on cyber security §  Why compliance and frameworks are not sufficient? §  Risk-Based Approach §  Types of risks §  Scientific risk analysis §  C2M2
  • 3. A quick survey on cyber security in Nepali organizations (Survey summary of Nepal, 2018 compared with Deloitte. Survey Summary, 2014) 2
  • 4. 3 Source: Cyber Security in Nepali Organizations - Survey, npCert, 2018
  • 5. 4 Source: Central Asian Information Security Survey Results, Deloittee, 2015
  • 6. 5 Source: Cyber Security in Nepali Organizations - Survey, npCert, 2018
  • 7. 6 Source: Central Asian Information Security Survey Results, Deloittee, 2015
  • 8. 7 Source: Cyber Security in Nepali Organizations - Survey, npCert, 2018
  • 9. 8 Source: Central Asian Information Security Survey Results, Deloittee, 2015
  • 10. 9 Source: Cyber Security in Nepali Organizations - Survey, npCert, 2018
  • 11. 10 Source: Central Asian Information Security Survey Results, Deloittee, 2015
  • 12. 11 Source: Cyber Security in Nepali Organizations - Survey, npCert, 2018
  • 13. CYBER SECURITY AND BUSINESS PROCESS 12 Business Process Standardization Business Process Parameterization Monitoring and Control Cyber Security Parameterization
  • 14. And yet, attacks are happening! 13
  • 15. New threats, sophisticated tools, dynamic workflows, complexity of systems, complexity of services and containers, human elements, cost- based approach! 14
  • 16. EVOLUTION Early adoption Awareness, education, testing and implementation Framework- based approach Follow set of guidelines from leading organizations Compliance -based approach Complying to legal requirements Risk-based approach Prioritizing according to risk levels, incorporating residual risks 15
  • 17. RISKS 16 §  Information not available to right person/entity in right time. §  Service not available to right person/entity in right time. §  Difficulty in meeting business-level QoS assurance. §  Non-compliance.
  • 18. IMPACT OF RISKS National risk Sectoral risk Institutional/business risk Individual risk 17
  • 19. TYPES OF RISKS §  Inherent risks - can be expected to occur, their impact can be estimated and assigned to particular event. §  Residual risks – are amount of risk left after inherent risks has been reduced by applying risk measures and controls. residual risk = inherent risk − impact of risk controls 18
  • 20. RISK-BASED APPROACH (RBA) §  Scientific risk analysis of –  people, –  products, –  processes, and –  systems. §  For higher level risks, take enhanced measures to manage and mitigate those risks. §  For lower level risks, simplified measures may be permitted. §  However, lower level of risks can not be exempted! 19
  • 21. ORAGNIZATIONS NEED TO MANAGE RISKS RELATED TO People Products Processes Systems 20
  • 22. PEOPLE §  Customers §  Customer associates §  Customer’s customers §  Vendors, contractors, sub-contractors §  Employees! 21
  • 23. 22
  • 24. PRODUCTS §  The instruments that carry value and that allow exchange of value (bills, cards, crypto currency…). §  Value exchange services (transfers, withdrawals, deposits, loan, crypto-currency exchange, FOREX, …). §  Value distribution channels (Internet banking, SMS, electronic pay systems, …). 23
  • 25. EXAMPLE - Services delivery §  What is at the stake if service is not delivered? §  What will happen if wrong service is delivered? §  What will happen if Quality of Service is compromised? §  Who will be affected? §  How will it affect overall business objectives? 24
  • 26. PROCESSES §  Objectives §  Quality standards to achieve §  Business workflow: flow of events §  Reporting workflow §  Roles and responsibilities §  Record keeping standard §  Exceptions and escalation 25
  • 27. EXAMPLE - Procurement §  Does the procurement policy compromise quality of product or service that we’re procuring/providing? §  Is the vendor able to comply with our security requirements? 26
  • 28. RISK ANALYSIS TOOLS Medium High Very high Low Medium High Very low Low Medium frequency impact 27
  • 29. SCIENTIFIC RISK MEASURE                 Risk = max(s)+ sensitivity max(s), x( ) x∈s,x≠max(s) ∑ ⎛ ⎝ ⎜⎜ ⎞ ⎠ ⎟⎟ s∈C ∑                      C = {risk category0, risk category1,......} sensitivity(y, x) = y× x 100 ⎛ ⎝ ⎜ ⎞ ⎠ ⎟% 28
  • 31. CYBERSECURITY CAPABILITY MATURITY MODEL (C2M2) 30 Blocking & Tracking •  Lack of executive support •  Unfunded •  Understaffed •  Lack of metrics for reporting •  Set up for failure Compliance Driven •  Control-based security approach •  Align to mandatory regulations: EU/PII data protection, FFIEC, HIPAA, ISO 2700x, PCI, NCUA Risk-Based Approach •  Multi-layered security and risk-based approach •  Frequent behavior analysis and technology review •  Linking events across multiple disciplines/ verticals
  • 32. CONCLUDING REMARKS §  Risk-based approach is being used by Banking and Finance Institutions in Nepal for auditing and compliance. §  Risk-based approach in cyber security empowers businesses to conduct their businesses with confidence towards smart society. 31