Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
o The Problem / Complexity
o ISO 31000 / 27001 / 20000
o NIST SP 800-30 rev.1
o Risk Management
o Risk Modelling
o The Sys...
Risk
Migrate, so it’s difficult to identify them
Grow fast suddenly
‘Hide’ due to limited physical oversight
As systems ha...
Risk Management – Principles and
Guidelines
Any type of risk, any type of industry
Guide for conducting Risk Assessments
U...
Establishing Context
Risk Assessment
Risk identification
Risk analysis
Risk evaluation
Communication&Consultation
Monitori...
Likelihood X Impact
5 categories used by Microsoft in the past. It
provides a mnemonic for risk rating security
threats.
B...
A user identifies an event as a
possible threat and opens a
ticket to the system.
He marks the record (priority field) as
...
• Evolving systems require good risk management
• All members should collaborate during this process
• Ideally, IT tools s...
We are trying our best!
1 str. Artis, Athens, GR
www.osys.gr
info@osys.gr
30 210 97 62 600
www.facebook.com/osys.gr
@omicr...
Yiannis Issaris - Omicron Systems
3rd CryCybIW
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Integrated Risk Management
Upcoming SlideShare
Loading in …5
×

Integrated Risk Management

481 views

Published on

A tool for efficiency and compliance, presented in 3rd CryCyIW Conference, Greece 2016.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Integrated Risk Management

  1. 1. o The Problem / Complexity o ISO 31000 / 27001 / 20000 o NIST SP 800-30 rev.1 o Risk Management o Risk Modelling o The System / Login / Menu o Risk Assessment o Subsystems / Connection o Automation & Modelling o User Management o Internal Communication o Documentation & Support o Mitigation Strategy o Filters & Colours o Report Engine o Document Management o Risk Doc Templates o Risk Monitoring o Workflows o Audit Management o Reviews & Knowledge Mngt o Risk Scenario o Summary & Conclusion
  2. 2. Risk Migrate, so it’s difficult to identify them Grow fast suddenly ‘Hide’ due to limited physical oversight As systems have become more complex, integrated and connected to third parties, risks are growing exponentially and the security and control budget quickly reaches its limitations.
  3. 3. Risk Management – Principles and Guidelines Any type of risk, any type of industry Guide for conducting Risk Assessments USA Federal Information Systems & Organizations Security techniques – ISMS – Requirements IT Service Management - Requirements ITIL - COBIT
  4. 4. Establishing Context Risk Assessment Risk identification Risk analysis Risk evaluation Communication&Consultation Monitoring&Review Risk Treatment
  5. 5. Likelihood X Impact 5 categories used by Microsoft in the past. It provides a mnemonic for risk rating security threats. Base, Temporal and Environmental Metrics. Open Web Application Security Project 4 risk categories x 4 factors/impacts
  6. 6. A user identifies an event as a possible threat and opens a ticket to the system. He marks the record (priority field) as “Urgent” and an automated workflow sends a notification email to the team. In 5 minutes an engineer has received the notification. He examines the situation and creates a risk record to the system. Multiple incidents are recorded during the day from different users and for different things. Every manager sets the priorities for the next period, assigning activities to the members of his/her team. As he/she implements risk assessments, or approve mitigations, he always watches to key metrics and dashboard diagrams. Periodically and just before the external audits, he reviews all risks that have to be reviewed, he runs the report engine and conducts the risk assessment and treatment report. 2 times per year, top management reviews all the statistics and kpi’s. Especially, they want to know the most important things that happened and if the Targets are met.
  7. 7. • Evolving systems require good risk management • All members should collaborate during this process • Ideally, IT tools should be used for efficiency and compliance
  8. 8. We are trying our best! 1 str. Artis, Athens, GR www.osys.gr info@osys.gr 30 210 97 62 600 www.facebook.com/osys.gr @omicronsystems
  9. 9. Yiannis Issaris - Omicron Systems 3rd CryCybIW

×