SlideShare a Scribd company logo

BDQCRM Service Offering Phase I Scoring

Download as DOCX, PDF
Mitchell Grooms
Mitchell Grooms
1 of 5
Black DiamondQuantitativeCyber Risk Management Group Black Diamond Quantitative Cyber Risk Management Group 1 Black Diamond Quantitative CyberRisk Management (BDQCRM) Service Offering– Phase I Scoring The Foundersof BDQRM, Dr. RobertMark, Michael AngeloandMitchell Groomsare experienced Risk ManagementProfessionalswithglobal expertise indesigning,constructing,implementingand operationalizing,comprehensive, solutionsforCybersecurityRiskManagementprograms(including Regulatoryapproval). BDQRM offersacomprehensive,resilient,preventative,Quantitative CybersecurityRiskManagement program forfinancial intermediariesandcorporations.The proof of conceptcan be demonstratedby operationalizingPhase IScoring of the three part framework,whichincludesaSecurity review and analysis;consistingof 1) a Technical andProcessreview of the infrastructure,2) Scoring,and3) Assessments,inordertostresstestthe Securityinfrastructure forprotection, preparedness,generate a migrationplantoenhance the Securityinfrastructure,developaResidualRiskManagementplanto manage the risk, identifythe price andobtaindesiredinsurance byoperationalizinganERMframework that transparentlydemonstratesthe managementof the Cybersecurityrisk,deliversummary assessments tothe Boardand SeniorManagementasappropriate andto linktoPhase IIand Phase IIIif so proscribed. BDQCRM DiscussionPoints Executive Summary: Organizations face a host of Regulatory challenges (Federal Financial Institutions Examination Council, Securities and Exchange Commission Office of Compliance Examinations and Inspections, Federal Trade Commission, Financial ConductAuthority, Prudential Regulatory Authority, Bank of England CBEST, Singapore Monetary Authority, others) which also contain embedded standards,e.g., ISO 27001, PCI DSScompliance. In addition, the business environment and corporate infrastructure challenges of managing earnings in the digital economy includes the management of the significant Cybersecurity Risk. Cybersecurity is a significant risk with extraordinary exponential aspects (Operational Risk that morphs into Credit Risk and escalates harm) that is a major risk in managing earnings and assuring corporate survival in the digital economy. To manage earnings in today’s environment it is essential to assess the Security infrastructure and processes of your company and build an Enterprise Risk Management (ERM) Framework that incorporates Cybersecurity Risk Management into the company’s overall earnings management,governance and ERM program. The first step in operationalizing a successful Quantitative Cybersecurity Risk Management Program is Scoring. BRQCRM ServiceOffering Phase I Scoring
Black DiamondQuantitativeCyber Risk Management Group Black Diamond Quantitative Cyber Risk Management Group 2 a) Security Review and Analysis  Technical Analysis  Process Analysis b) Cybersecurity Risk Management Scoring  Quantitative Cybersecurity Risk Management Scoring o Scoring is based on multilayered granular assessment  Migration Strategy Recommendations o Protect and prepare o Coordinate, inform, as requested the primary Regulator c) Cybersecurity Risk Residual Risk Mitigation Strategy  Assessment of Cyber Risks and Determination of How to Manage Cyber Risks  Introduction of Cyber Risk Transfer Pricing & Transparency d) Cybersecurity Risk Residual Risk Study for the purposes of pricing and acquiring Cyber Risk Insurance  Pricing, evaluation, for structuring Cyber Insurance  Make trade-offs between self-insurance and buying Cyber Insurance e) Executive presentation to Senior Management and the Board of the Cyber Risk Assessment and Scoring Assessment of Phase I Results o Protect and assess current level of Preparedness for Cybersecurity o Shift from Reactive Event driven Cybersecurity Risk Management to Preventative Cybersecurity Risk Management  Phase II Cybersecurity Risk Management Database Recommendation o Develop Cybersecurity Proactive Risk Management Business Intelligence  Phase III Quantitative Cybersecurity Risk Management Program Recommendation o Operationalize Quantitative Cybersecurity Risk Management Program o Harmonize Security, Information Security, Cybersecurity with Office of the CRO* (See Note) o Implement Cybersecurity Risk Management Capital Management Program o Establish the transparency of the Quantitative Cybersecurity Risk Management Program internally for the Board, Executive Management, CRO & CSO, externally, for the primary Regulator(s)
Black DiamondQuantitativeCyber Risk Management Group Black Diamond Quantitative Cyber Risk Management Group 3 How the Cybersecurity Program Phase I – Scoring, works: 1) Scoring 2) Assessments Statement of Work 1) Scoring Using the BDQRM Scoring System we are going to perform a Security analysis of the infrastructure, the analysis will be done on a Technical and Process analysis basis, which will includes:  Cybersecurity Controls  External Dependency Management Cybersecurity Controls Connectivity includes: ISP’s, Unsecured External Connections (FTP, Telnet, rlogin), Wireless Network Access Points, Personal Devices Allowed to Connect to Corporate Network, PCI DSS compliance, the total number of Third parties, including number of organizations and number of individuals from vendors and subcontractors, with access to internal systems (e.g., virtual private network, modem intranet, direct connection,Wholesale customers with dedicated connections, internally hosted and developed or modified vendor applications supporting critical activities, internally hosted, vendor developed applications supporting critical activities, internally hosted vendor developed applications supporting critical activities, User developed technologies and user computing that support critical activities, User developed technologies and user computing that support critical activities support critical operations at End-of-Life (EOL) or a majority of critical operations dependent on systems that have reached EOL or will reach EOL within the next 2 years or an unknown number of systems that have reached EOL, a majority of operations dependent on OSS that support critical operations, Network devices (e.g., servers, routers, and firewalls; include physical and virtual, Third-party service providers storing and/or processing information that supports critical activities (Do not have access to internal systems, but the institution relies on their services, Cloud computing services, Cloud providers; Cloud provider locations used include international us of public Cloud. Patch Management External Dependency Management Delivery Channels includes: Online presence thatserves as a delivery channel for Wholesale
Black DiamondQuantitativeCyber Risk Management Group Black Diamond Quantitative Cyber Risk Management Group 4 Customers including a focus on account originations and managing large value assets, Mobile Asset Management application assessing full functionality, including originating new transactions (e.g., ACH,wire), ATM services managed internally; ATM services provided to other financial institutions; ATM’s at domestic branches and retail locations; cash reload services managed internally, debit or credit cards directly; issue cards on behalf of other financial institutions, prepaid cards internally, through a third party, on behalf of other financial institutions, direct acceptance of emerging payments technologies; moderate transaction volume and/or foreign payments, Person-to-Person payments (P2P), sponsor third-party payment processor; originate ACH debits and credits, wholesale payments (e.g., CHIPS), wire transfers, Merchantremote deposit capture (RDC), Global remittances, Treasury services, Trust services, a Correspondent Bank, a Merchant acquirer (sponsor Merchants or card processor activity into the payment system) and card payment processor, host IT services or provide IT services for other organizations (either through joint systems or administrative support) Ongoing Monitoring includes: Efforts to develop new auditable processes for ongoing monitoring of Cybersecurity risks posed by third parties, incident response process includes detailed actions and rules based triggers for law enforcement. 2) Assessments Security Review and Assessment, includes Technical and Process analysis that initiates the comprehensive BDQCRM Program and establishes the level of preparedness and the most efficient, capable, path to protect your business. Upon completion of the Security analysis and Scoring we will provide specific assessments for internal and external use; Risk Mitigation Assessment for internal usage; enhancing Security infrastructure, determine Residual Risk Mitigation strategies, based on the results of the Scoring, immediately take actions by using the results to eliminate the Operational Risks identified with Operational Risk mitigation strategies that remove the Operational Risk, the Scoring identifies the Risk and how to reduce the Risk thereby creating an immediate Security migration strategy for Hermes Investment Management, applications for business development, new products. Residual Risk Mitigation Assessment used to develop pricing for insurance. Board, Senior Management Presentation including recommendations for Phase II & Phase III of the Quantitative Cybersecurity Risk Management Program,non-Executive Board Member Cybersecurity Risk Management training, recommendations on how to set the target state of Cybersecurity preparedness that best aligns with the board of directors’ (board) stated (or approved) risk appetite., review, approve, and support plans to address risk management and
Black DiamondQuantitativeCyber Risk Management Group Black Diamond Quantitative Cyber Risk Management Group 5 control weaknesses, analyze andpresent results for executive oversight, including key stakeholders and the board, or an appropriate board committee, recommendations on how to oversee the performance of ongoing monitoring to remain nimble and agile in addressing evolving areas of Cybersecurity Risk, recommend changes to maintain or increase the desired Cybersecurity preparedness. o Note: What differentiates us from other solutions is we provide a 3 phase approach, others provide a strategy which does not harmonize Security, Information Security, and Cybersecurity with Office of the CRO.

Recommended

BDQCRM Cyber Risk Management Intelligence Top 12 Final 080216
BDQCRM Cyber Risk Management Intelligence Top 12 Final 080216BDQCRM Cyber Risk Management Intelligence Top 12 Final 080216
BDQCRM Cyber Risk Management Intelligence Top 12 Final 080216Mitchell Grooms
 
w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018Open Security Summit
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approachtschraider
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Accounting_Whitepapers
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementNikhil Soni
 
Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01S Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Information Technology Vendor Risk Management
Information Technology Vendor Risk ManagementInformation Technology Vendor Risk Management
Information Technology Vendor Risk ManagementDeepak Bansal, CPA CISSP
 

Recommended

BDQCRM Cyber Risk Management Intelligence Top 12 Final 080216
BDQCRM Cyber Risk Management Intelligence Top 12 Final 080216BDQCRM Cyber Risk Management Intelligence Top 12 Final 080216
BDQCRM Cyber Risk Management Intelligence Top 12 Final 080216Mitchell Grooms
 
w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018Open Security Summit
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approachtschraider
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Accounting_Whitepapers
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementNikhil Soni
 
Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01S Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Information Technology Vendor Risk Management
Information Technology Vendor Risk ManagementInformation Technology Vendor Risk Management
Information Technology Vendor Risk ManagementDeepak Bansal, CPA CISSP
 
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...Outpost24
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk AssessmentSmart Assessment
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Riskamiable_indian
 
Top 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programTop 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programPriyanka Aash
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsVisionet Systems, Inc.
 
NIST 800 30 revision Sep 2012
NIST 800 30 revision Sep 2012NIST 800 30 revision Sep 2012
NIST 800 30 revision Sep 2012S Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management ProgramDennis Chaupis
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 
Risk Management and Remediation
Risk Management and RemediationRisk Management and Remediation
Risk Management and RemediationCarahsoft
 
Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - CopyRabah Odeh ITIL 5.0-OCP-CISA-PMP-OCP..etc
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingTony Martin-Vegue
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk AssessmentsJoAnna Cheshire
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAGeorge Delikouras
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentDavid Sweigert
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
Hands on IT risk assessment
Hands on IT risk assessmentHands on IT risk assessment
Hands on IT risk assessmentGeorge Delikouras
 
Challenges of Vulnerability Management
Challenges of Vulnerability Management Challenges of Vulnerability Management
Challenges of Vulnerability ManagementRahul Neel Mani
 
Social Enterprise Learning Toolkit (Risk Management Module)
Social Enterprise Learning Toolkit (Risk Management Module)Social Enterprise Learning Toolkit (Risk Management Module)
Social Enterprise Learning Toolkit (Risk Management Module)Enterprising Non-Profits
 
DataShepherd Security
DataShepherd SecurityDataShepherd Security
DataShepherd SecurityJason Newell
 
Manual de-practicas-de-laboratorio-biologia-ii
Manual de-practicas-de-laboratorio-biologia-iiManual de-practicas-de-laboratorio-biologia-ii
Manual de-practicas-de-laboratorio-biologia-iiivanieto19
 
Big Design Conference 2016 - Designing for Deadwalkers
Big Design Conference 2016 - Designing for DeadwalkersBig Design Conference 2016 - Designing for Deadwalkers
Big Design Conference 2016 - Designing for DeadwalkersSteven Ray
 

More Related Content

What's hot

Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...Outpost24
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Riskamiable_indian
 
Top 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programTop 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programPriyanka Aash
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsVisionet Systems, Inc.
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management ProgramDennis Chaupis
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 
Risk Management and Remediation
Risk Management and RemediationRisk Management and Remediation
Risk Management and RemediationCarahsoft
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingTony Martin-Vegue
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAGeorge Delikouras
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentDavid Sweigert
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
Challenges of Vulnerability Management
Challenges of Vulnerability Management Challenges of Vulnerability Management
Challenges of Vulnerability ManagementRahul Neel Mani
 
Social Enterprise Learning Toolkit (Risk Management Module)
Social Enterprise Learning Toolkit (Risk Management Module)Social Enterprise Learning Toolkit (Risk Management Module)
Social Enterprise Learning Toolkit (Risk Management Module)Enterprising Non-Profits
 
DataShepherd Security
DataShepherd SecurityDataShepherd Security
DataShepherd SecurityJason Newell
 

What's hot (20)

Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Risk
 
Top 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programTop 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk program
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
 
NIST 800 30 revision Sep 2012
NIST 800 30 revision Sep 2012NIST 800 30 revision Sep 2012
NIST 800 30 revision Sep 2012
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management Program
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk Assessment
 
Risk Management and Remediation
Risk Management and RemediationRisk Management and Remediation
Risk Management and Remediation
 
Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - Copy
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk Assessments
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIA
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
 
Hands on IT risk assessment
Hands on IT risk assessmentHands on IT risk assessment
Hands on IT risk assessment
 
Challenges of Vulnerability Management
Challenges of Vulnerability Management Challenges of Vulnerability Management
Challenges of Vulnerability Management
 
Social Enterprise Learning Toolkit (Risk Management Module)
Social Enterprise Learning Toolkit (Risk Management Module)Social Enterprise Learning Toolkit (Risk Management Module)
Social Enterprise Learning Toolkit (Risk Management Module)
 
DataShepherd Security
DataShepherd SecurityDataShepherd Security
DataShepherd Security
 

Viewers also liked

Manual de-practicas-de-laboratorio-biologia-ii
Manual de-practicas-de-laboratorio-biologia-iiManual de-practicas-de-laboratorio-biologia-ii
Manual de-practicas-de-laboratorio-biologia-iiivanieto19
 
Big Design Conference 2016 - Designing for Deadwalkers
Big Design Conference 2016 - Designing for DeadwalkersBig Design Conference 2016 - Designing for Deadwalkers
Big Design Conference 2016 - Designing for DeadwalkersSteven Ray
 
A POWERPOINT PRESENTATION ON RATIONAL NUMBERS
A POWERPOINT PRESENTATION ON RATIONAL NUMBERSA POWERPOINT PRESENTATION ON RATIONAL NUMBERS
A POWERPOINT PRESENTATION ON RATIONAL NUMBERSjinisheejad
 
745 esmalte sintet_branco_colorgin
745 esmalte sintet_branco_colorgin745 esmalte sintet_branco_colorgin
745 esmalte sintet_branco_colorginmaraizeseguranca
 
Regulatory Cybersecurity Assessment
Regulatory Cybersecurity AssessmentRegulatory Cybersecurity Assessment
Regulatory Cybersecurity AssessmentMitchell Grooms
 
5 ways to stop slip fall accidents
5 ways to stop slip fall accidents5 ways to stop slip fall accidents
5 ways to stop slip fall accidentsMarten Pitts
 
第一屆駐校藝術家 阮義忠教授
第一屆駐校藝術家 阮義忠教授第一屆駐校藝術家 阮義忠教授
第一屆駐校藝術家 阮義忠教授Ashley Hsieh
 
About Jun Garing Salesman's Centre
About Jun Garing Salesman's CentreAbout Jun Garing Salesman's Centre
About Jun Garing Salesman's CentreMacky Apacible
 

Viewers also liked (19)

Manual de-practicas-de-laboratorio-biologia-ii
Manual de-practicas-de-laboratorio-biologia-iiManual de-practicas-de-laboratorio-biologia-ii
Manual de-practicas-de-laboratorio-biologia-ii
 
Big Design Conference 2016 - Designing for Deadwalkers
Big Design Conference 2016 - Designing for DeadwalkersBig Design Conference 2016 - Designing for Deadwalkers
Big Design Conference 2016 - Designing for Deadwalkers
 
procesos productivos
procesos productivos procesos productivos
procesos productivos
 
v.a.s.e workshops
v.a.s.e workshopsv.a.s.e workshops
v.a.s.e workshops
 
Resume[1]
Resume[1]Resume[1]
Resume[1]
 
Yamakagashi
YamakagashiYamakagashi
Yamakagashi
 
Biologia
BiologiaBiologia
Biologia
 
A POWERPOINT PRESENTATION ON RATIONAL NUMBERS
A POWERPOINT PRESENTATION ON RATIONAL NUMBERSA POWERPOINT PRESENTATION ON RATIONAL NUMBERS
A POWERPOINT PRESENTATION ON RATIONAL NUMBERS
 
Flash drive
Flash driveFlash drive
Flash drive
 
Cvword201603
Cvword201603Cvword201603
Cvword201603
 
745 esmalte sintet_branco_colorgin
745 esmalte sintet_branco_colorgin745 esmalte sintet_branco_colorgin
745 esmalte sintet_branco_colorgin
 
Regulatory Cybersecurity Assessment
Regulatory Cybersecurity AssessmentRegulatory Cybersecurity Assessment
Regulatory Cybersecurity Assessment
 
Resume[1]
Resume[1]Resume[1]
Resume[1]
 
Biologia
BiologiaBiologia
Biologia
 
5 ways to stop slip fall accidents
5 ways to stop slip fall accidents5 ways to stop slip fall accidents
5 ways to stop slip fall accidents
 
What is my house like
What is my house likeWhat is my house like
What is my house like
 
第一屆駐校藝術家 阮義忠教授
第一屆駐校藝術家 阮義忠教授第一屆駐校藝術家 阮義忠教授
第一屆駐校藝術家 阮義忠教授
 
About Jun Garing Salesman's Centre
About Jun Garing Salesman's CentreAbout Jun Garing Salesman's Centre
About Jun Garing Salesman's Centre
 
Adesivo pvc tigre
Adesivo pvc tigreAdesivo pvc tigre
Adesivo pvc tigre
 

Similar to BDQCRM Service Offering Phase I Scoring

Comodo SOC service provider
Comodo SOC service providerComodo SOC service provider
Comodo SOC service providerpaulharry03
 
Sample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSathishKumar960827
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteSurfWatch Labs
 
Cyber+incident+response+ +generic+ransomware+playbook+v2.3
Cyber+incident+response+ +generic+ransomware+playbook+v2.3Cyber+incident+response+ +generic+ransomware+playbook+v2.3
Cyber+incident+response+ +generic+ransomware+playbook+v2.3UnioGeek
 
How Banks Can Develop an Effective Framework for IT and Cyber Risk Assessment
How Banks Can Develop an Effective Framework for IT and Cyber Risk AssessmentHow Banks Can Develop an Effective Framework for IT and Cyber Risk Assessment
How Banks Can Develop an Effective Framework for IT and Cyber Risk Assessment360factors
 
Safe Security – Insurtech Innovation Award 2023
Safe Security – Insurtech Innovation Award 2023Safe Security – Insurtech Innovation Award 2023
Safe Security – Insurtech Innovation Award 2023The Digital Insurer
 
Cybersecurity Analytics: Identifying and Mitigating Threats
Cybersecurity Analytics: Identifying and Mitigating ThreatsCybersecurity Analytics: Identifying and Mitigating Threats
Cybersecurity Analytics: Identifying and Mitigating Threatspriyanka rajput
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Manuel Guillen
 
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital AssetsDefensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assetscyberprosocial
 
please see below.docx
please see below.docxplease see below.docx
please see below.docxwrite31
 
please see below.docx
please see below.docxplease see below.docx
please see below.docx4934bk
 
please see below.docx
please see below.docxplease see below.docx
please see below.docxbkbk37
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services OfferedRachel Anne Carter
 
The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company Abdulrahman Alamri
 
Form Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docx
Form Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docxForm Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docx
Form Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docxalisondakintxt
 

Similar to BDQCRM Service Offering Phase I Scoring (20)

Risks in cc
Risks in ccRisks in cc
Risks in cc
 
Comodo SOC service provider
Comodo SOC service providerComodo SOC service provider
Comodo SOC service provider
 
Sample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdf
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 
Cyber+incident+response+ +generic+ransomware+playbook+v2.3
Cyber+incident+response+ +generic+ransomware+playbook+v2.3Cyber+incident+response+ +generic+ransomware+playbook+v2.3
Cyber+incident+response+ +generic+ransomware+playbook+v2.3
 
How Banks Can Develop an Effective Framework for IT and Cyber Risk Assessment
How Banks Can Develop an Effective Framework for IT and Cyber Risk AssessmentHow Banks Can Develop an Effective Framework for IT and Cyber Risk Assessment
How Banks Can Develop an Effective Framework for IT and Cyber Risk Assessment
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course Preview
 
Safe Security – Insurtech Innovation Award 2023
Safe Security – Insurtech Innovation Award 2023Safe Security – Insurtech Innovation Award 2023
Safe Security – Insurtech Innovation Award 2023
 
Cybersecurity Analytics: Identifying and Mitigating Threats
Cybersecurity Analytics: Identifying and Mitigating ThreatsCybersecurity Analytics: Identifying and Mitigating Threats
Cybersecurity Analytics: Identifying and Mitigating Threats
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020
 
CDCATInsurance 2016
CDCATInsurance 2016CDCATInsurance 2016
CDCATInsurance 2016
 
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital AssetsDefensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
 
please see below.docx
please see below.docxplease see below.docx
please see below.docx
 
please see below.docx
please see below.docxplease see below.docx
please see below.docx
 
please see below.docx
please see below.docxplease see below.docx
please see below.docx
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
 
SOC for Cybersecurity Overview
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity Overview
 
The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company
 
Form Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docx
Form Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docxForm Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docx
Form Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docx
 

BDQCRM Service Offering Phase I Scoring

  • 1. Black DiamondQuantitativeCyber Risk Management Group Black Diamond Quantitative Cyber Risk Management Group 1 Black Diamond Quantitative CyberRisk Management (BDQCRM) Service Offering– Phase I Scoring The Foundersof BDQRM, Dr. RobertMark, Michael AngeloandMitchell Groomsare experienced Risk ManagementProfessionalswithglobal expertise indesigning,constructing,implementingand operationalizing,comprehensive, solutionsforCybersecurityRiskManagementprograms(including Regulatoryapproval). BDQRM offersacomprehensive,resilient,preventative,Quantitative CybersecurityRiskManagement program forfinancial intermediariesandcorporations.The proof of conceptcan be demonstratedby operationalizingPhase IScoring of the three part framework,whichincludesaSecurity review and analysis;consistingof 1) a Technical andProcessreview of the infrastructure,2) Scoring,and3) Assessments,inordertostresstestthe Securityinfrastructure forprotection, preparedness,generate a migrationplantoenhance the Securityinfrastructure,developaResidualRiskManagementplanto manage the risk, identifythe price andobtaindesiredinsurance byoperationalizinganERMframework that transparentlydemonstratesthe managementof the Cybersecurityrisk,deliversummary assessments tothe Boardand SeniorManagementasappropriate andto linktoPhase IIand Phase IIIif so proscribed. BDQCRM DiscussionPoints Executive Summary: Organizations face a host of Regulatory challenges (Federal Financial Institutions Examination Council, Securities and Exchange Commission Office of Compliance Examinations and Inspections, Federal Trade Commission, Financial ConductAuthority, Prudential Regulatory Authority, Bank of England CBEST, Singapore Monetary Authority, others) which also contain embedded standards,e.g., ISO 27001, PCI DSScompliance. In addition, the business environment and corporate infrastructure challenges of managing earnings in the digital economy includes the management of the significant Cybersecurity Risk. Cybersecurity is a significant risk with extraordinary exponential aspects (Operational Risk that morphs into Credit Risk and escalates harm) that is a major risk in managing earnings and assuring corporate survival in the digital economy. To manage earnings in today’s environment it is essential to assess the Security infrastructure and processes of your company and build an Enterprise Risk Management (ERM) Framework that incorporates Cybersecurity Risk Management into the company’s overall earnings management,governance and ERM program. The first step in operationalizing a successful Quantitative Cybersecurity Risk Management Program is Scoring. BRQCRM ServiceOffering Phase I Scoring
  • 2. Black DiamondQuantitativeCyber Risk Management Group Black Diamond Quantitative Cyber Risk Management Group 2 a) Security Review and Analysis  Technical Analysis  Process Analysis b) Cybersecurity Risk Management Scoring  Quantitative Cybersecurity Risk Management Scoring o Scoring is based on multilayered granular assessment  Migration Strategy Recommendations o Protect and prepare o Coordinate, inform, as requested the primary Regulator c) Cybersecurity Risk Residual Risk Mitigation Strategy  Assessment of Cyber Risks and Determination of How to Manage Cyber Risks  Introduction of Cyber Risk Transfer Pricing & Transparency d) Cybersecurity Risk Residual Risk Study for the purposes of pricing and acquiring Cyber Risk Insurance  Pricing, evaluation, for structuring Cyber Insurance  Make trade-offs between self-insurance and buying Cyber Insurance e) Executive presentation to Senior Management and the Board of the Cyber Risk Assessment and Scoring Assessment of Phase I Results o Protect and assess current level of Preparedness for Cybersecurity o Shift from Reactive Event driven Cybersecurity Risk Management to Preventative Cybersecurity Risk Management  Phase II Cybersecurity Risk Management Database Recommendation o Develop Cybersecurity Proactive Risk Management Business Intelligence  Phase III Quantitative Cybersecurity Risk Management Program Recommendation o Operationalize Quantitative Cybersecurity Risk Management Program o Harmonize Security, Information Security, Cybersecurity with Office of the CRO* (See Note) o Implement Cybersecurity Risk Management Capital Management Program o Establish the transparency of the Quantitative Cybersecurity Risk Management Program internally for the Board, Executive Management, CRO & CSO, externally, for the primary Regulator(s)
  • 3. Black DiamondQuantitativeCyber Risk Management Group Black Diamond Quantitative Cyber Risk Management Group 3 How the Cybersecurity Program Phase I – Scoring, works: 1) Scoring 2) Assessments Statement of Work 1) Scoring Using the BDQRM Scoring System we are going to perform a Security analysis of the infrastructure, the analysis will be done on a Technical and Process analysis basis, which will includes:  Cybersecurity Controls  External Dependency Management Cybersecurity Controls Connectivity includes: ISP’s, Unsecured External Connections (FTP, Telnet, rlogin), Wireless Network Access Points, Personal Devices Allowed to Connect to Corporate Network, PCI DSS compliance, the total number of Third parties, including number of organizations and number of individuals from vendors and subcontractors, with access to internal systems (e.g., virtual private network, modem intranet, direct connection,Wholesale customers with dedicated connections, internally hosted and developed or modified vendor applications supporting critical activities, internally hosted, vendor developed applications supporting critical activities, internally hosted vendor developed applications supporting critical activities, User developed technologies and user computing that support critical activities, User developed technologies and user computing that support critical activities support critical operations at End-of-Life (EOL) or a majority of critical operations dependent on systems that have reached EOL or will reach EOL within the next 2 years or an unknown number of systems that have reached EOL, a majority of operations dependent on OSS that support critical operations, Network devices (e.g., servers, routers, and firewalls; include physical and virtual, Third-party service providers storing and/or processing information that supports critical activities (Do not have access to internal systems, but the institution relies on their services, Cloud computing services, Cloud providers; Cloud provider locations used include international us of public Cloud. Patch Management External Dependency Management Delivery Channels includes: Online presence thatserves as a delivery channel for Wholesale
  • 4. Black DiamondQuantitativeCyber Risk Management Group Black Diamond Quantitative Cyber Risk Management Group 4 Customers including a focus on account originations and managing large value assets, Mobile Asset Management application assessing full functionality, including originating new transactions (e.g., ACH,wire), ATM services managed internally; ATM services provided to other financial institutions; ATM’s at domestic branches and retail locations; cash reload services managed internally, debit or credit cards directly; issue cards on behalf of other financial institutions, prepaid cards internally, through a third party, on behalf of other financial institutions, direct acceptance of emerging payments technologies; moderate transaction volume and/or foreign payments, Person-to-Person payments (P2P), sponsor third-party payment processor; originate ACH debits and credits, wholesale payments (e.g., CHIPS), wire transfers, Merchantremote deposit capture (RDC), Global remittances, Treasury services, Trust services, a Correspondent Bank, a Merchant acquirer (sponsor Merchants or card processor activity into the payment system) and card payment processor, host IT services or provide IT services for other organizations (either through joint systems or administrative support) Ongoing Monitoring includes: Efforts to develop new auditable processes for ongoing monitoring of Cybersecurity risks posed by third parties, incident response process includes detailed actions and rules based triggers for law enforcement. 2) Assessments Security Review and Assessment, includes Technical and Process analysis that initiates the comprehensive BDQCRM Program and establishes the level of preparedness and the most efficient, capable, path to protect your business. Upon completion of the Security analysis and Scoring we will provide specific assessments for internal and external use; Risk Mitigation Assessment for internal usage; enhancing Security infrastructure, determine Residual Risk Mitigation strategies, based on the results of the Scoring, immediately take actions by using the results to eliminate the Operational Risks identified with Operational Risk mitigation strategies that remove the Operational Risk, the Scoring identifies the Risk and how to reduce the Risk thereby creating an immediate Security migration strategy for Hermes Investment Management, applications for business development, new products. Residual Risk Mitigation Assessment used to develop pricing for insurance. Board, Senior Management Presentation including recommendations for Phase II & Phase III of the Quantitative Cybersecurity Risk Management Program,non-Executive Board Member Cybersecurity Risk Management training, recommendations on how to set the target state of Cybersecurity preparedness that best aligns with the board of directors’ (board) stated (or approved) risk appetite., review, approve, and support plans to address risk management and
  • 5. Black DiamondQuantitativeCyber Risk Management Group Black Diamond Quantitative Cyber Risk Management Group 5 control weaknesses, analyze andpresent results for executive oversight, including key stakeholders and the board, or an appropriate board committee, recommendations on how to oversee the performance of ongoing monitoring to remain nimble and agile in addressing evolving areas of Cybersecurity Risk, recommend changes to maintain or increase the desired Cybersecurity preparedness. o Note: What differentiates us from other solutions is we provide a 3 phase approach, others provide a strategy which does not harmonize Security, Information Security, and Cybersecurity with Office of the CRO.