1. Rev2 IT Information Security Risk Management February 26, 2010
2. Today’s Discussion Agenda Rev2 Introduction RiskView Framework Examples Next Steps Goals Introduce RiskViewTM a decision support system which helps identify and focus on business- material risks Understand your risk-management focus areas & processes 2
3. Rev2 Risk Management InfoSec Risk Supply Chain Risk Service Delivery Risk RiskView replaces ad-hoc processes with a Fact-based, Scalable, Repeatable Framework Identify under controlled risk via business views Focus on the most material drivers “What-if” controls testing
21. Visualization—To facilitate analysis and understandingRequirements Effective risk management requires specialized structures, tools and systems that most companies lack 5
22.
23.
24.
25.
26.
27.
28. Recognize differences in asset value Strategic Data supports a fact-based, scalable, repeatable process 6
29.
30. What is RiskViewTM? A software Risk Data Warehouse platform that collects vulnerability data Business-specific modules with customizable views and analytics Advanced Visualization to create a packaged decision support system Highly-extensible platform, for fact-based, scalable, repeatable Risk Management Decisions 8
43. Filters = Focus Not every vulnerability is equal in terms of materiality Once aggregate material risk is identified and unacceptable levels detected, need to identify and profile drivers Date Range (trending) What-if (testing) Materiality (finding the “Critical Few”) 14