Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
Ramiro Cid | @ramirocid
Cyber Security Resilience
&
Risk Aggregation
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
2
Index
1. Defining previous concepts Slide 3
2. Cyber Security Res...
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
3
1. Defining previous concepts
Before start talking about the rela...
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
4
2. Cyber Security Resilience
Now we understand what Cyber Securit...
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
5
3. Risk Aggregation
According to the Basel Committee’s BCBS 239, ...
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
6
3. Risk Aggregation
There are different methodologies stated to a...
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
7
4. The relationship between both concepts
Both concepts have a ne...
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
 “Risk Aggregation” | Aggregation Wiki - Wikia
URL: http://aggrega...
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
 Principles for effective risk data aggregation and risk reporting...
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
Questions?
Many thanks !
Ramiro Cid
CISM, CGEIT, ISO 27001 LA, ISO ...
Upcoming SlideShare
Loading in …5
×

Cyber Security Resilience & Risk Aggregation

795 views

Published on

This presentation talks about the relation between Cyber Security Resilience & risk aggregation. Both concepts have a near relationship because Risk aggregation refers to efforts done by firms to develop quantitative risk measures that incorporate multiple types or sources of risk.
Cyber Security Resilience is the capacity to have different Cyber controls which can provide the organization an adequate resilience according the organization risk appetite by doing risk management of the aggregation of multiple types or sources of risk.

Published in: Technology
  • Be the first to comment

Cyber Security Resilience & Risk Aggregation

  1. 1. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid Ramiro Cid | @ramirocid Cyber Security Resilience & Risk Aggregation
  2. 2. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 2 Index 1. Defining previous concepts Slide 3 2. Cyber Security Resilience Slide 4 3. Risk Aggregation Slide 5 4. The relationship between both concepts Slide 7 5. Sources used to expand knowledge Slide 8
  3. 3. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 3 1. Defining previous concepts Before start talking about the relationship between Cyber Security Resilience and Risk Aggregation, it is necessary to do a short definition of some previous concepts:  Cyber Security: also known as “IT security” or “Computer security” is information security applied to computing devices such as servers, computers and mobile devices (as smartphones, tablets), etc., as well as computer networks such as private and public networks, including the whole Internet. The 3 principles of Information, confidentiality, integrity and disponibility are protected by Cybersecurity.  Resilience: This concept coming from the physical characteristics of materials (is a physical concept), where resilience is the ability of a material to absorb energy when it is deformed elastically, and release that energy upon unloading. Proof resilience is defined as the maximum energy that can be absorbed within the elastic limit, without creating a permanent distortion.  Organizational Resilience: As an analogy, organizational resilience, is the ability of an organization to anticipate, prepare for, and respond and adapt to incremental change and sudden disruptions in order to survive and prosper.
  4. 4. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 4 2. Cyber Security Resilience Now we understand what Cyber Security, Resilience means, we are ready to understand the meaning of ‘Cyber Security Resilience’ The same concept used on ‘Organizational Resilience’ can also be used for Cyber Security, where an organization is protected with different ‘Cyber controls’ (part of IT Security controls) to get an adequate ‘Cyber Security Resilience’ according the organization risk appetite. Adding more controls and developing them we can improve our Cyber Security Resilience. In the other hand, to have a big number of Cyber controls will not guarantee to have an adequate Cyber Security Resilience if we have a low maturity IT Security Governance. Having a good IT Security Governance can give good options to reach a good IT Security management which is the most important topic to get a good Cyber Security Resilience (as a consequence of it).
  5. 5. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 5 3. Risk Aggregation According to the Basel Committee’s BCBS 239, Risk Aggregation is defined as the process of defining, gathering and processing risk data. There are three primary reasons for aggregating risk data: • Satisfy all the risk regulatory reporting requirements • Enable measurement of portfolio performance against risk tolerances • Enable the analysis of a firm’s risk data whether its sorting it, merging it, slicing it or dicing it Risk aggregation refers to efforts by firms to develop quantitative risk measures that incorporate multiple types or sources of risk. The most common approach is to estimate the amount of economic capital that a firm believes is necessary to absorb potential losses associated with each of the included risks. So when they are talking about risk aggregation, they are taking into consideration of different risk measures in a company and making a single risk term for that company.
  6. 6. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 6 3. Risk Aggregation There are different methodologies stated to aggregate risk. One of these approaches is given by Christian Cech, who argued about copula-based top-down approaches in financial risk aggregation. The definition of top-down approach from this paper: "Top down approaches do not try to identify common single risk factors that influence different types of risk, but rather start from aggregated data, e.g. the profits or losses of different lines of business, such as the returns of credit portfolio or the market portfolio“. Risk aggregation is used mainly in banks and financial organizations.
  7. 7. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 7 4. The relationship between both concepts Both concepts have a near relationship because Risk aggregation refers to efforts done by firms to develop quantitative risk measures that incorporate multiple types or sources of risk. Cyber Security Resilience is the capacity to have different Cyber controls which can provide the organization an adequate resilience according the organization risk appetite by doing risk management of the aggregation of multiple types or sources of risk. One interesting topic is Internet of Things (IoT) which is increasing in our personal and professional life. The more assets are “shared” (including Critical Infrastructures and Smart Cities IT assets) the more risk we are assuming in our organization. All these risk is added using Risk Aggregation, so more effort we will need to do to improve our security to get an adequate Cyber Security Resilience level. We can do a resume of the actual/future status like this: Critical Infrastructure + Internet of Things = Risk Aggregation, so Cyber Security Resilience References: = Increment = Produce = Reduction
  8. 8. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  “Risk Aggregation” | Aggregation Wiki - Wikia URL: http://aggregation.wikia.com/wiki/Risk_Aggregation  “Cyber Security” | Wikipedia URL: https://en.wikipedia.org/wiki/Computer_security  Improving Risk Aggregation and Reporting Poses Major Challenges to Banks | Forbes URL: http://www.forbes.com/sites/steveculp/2013/05/08/improving-risk-aggregation-and-reporting-poses-major-challenges-to- banks/#8dd5cd1ea1b4  “Risk aggregation and reporting more than just a data issue” | Accenture URL: https://www.accenture.com/us-en/insight-risk-aggregation-reporting-data-issue  BCBS 239 – Principles for effective risk data aggregation and reporting | Risk.net URL: http://www.risk.net/risk-magazine/advertisement/2388628/bcbs-239-principles-for-effective-risk-data-aggregation-and-reporting 5. Sources used to expand knowledge
  9. 9. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  Principles for effective risk data aggregation and risk reporting | Basel Committee URL: http://www.bis.org/press/p130109.htm  2016 Risk Data Aggregation Deadline Approaching | KPMG URL: https://www.kpmg.com/US/en/IssuesAndInsights/ArticlesPublications/regulatory- announcements/Documents/2016%20Risk%20Data%20Aggregation%20Deadline%20Approaching_July%202015.pdf  Catastrophe risk aggregation | The Actuarial Profession URL: https://www.actuaries.org.uk/documents/catastrophe-risk-aggregation-slides 5. Sources used to expand knowledge
  10. 10. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid Questions? Many thanks ! Ramiro Cid CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL ramiro@ramirocid.com @ramirocid http://www.linkedin.com/in/ramirocid http://ramirocid.com http://es.slideshare.net/ramirocid http://www.youtube.com/user/cidramiro

×