This document discusses an introduction to scenario based risk analysis. It defines scenario based risk analysis as a technique to make risks more tangible and allow for proper analysis and assessment. The basic elements of a risk scenario are identified as the threat, asset, loss event/effect, controls, and frequency/magnitude. Benefits of the approach include helping overcome resistance to discussing low probability risks and revealing challenges not identified in standard risk assessments. The summary concludes by advertising an upcoming webinar on how to build risk analysis scenarios.

1. © 2017 HealthGuard
All rights reserved
Introduction to
Scenario Based Risk Analysis
Part 1: Foundational Concepts

2. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Housekeeping
● Using Zoom / Meeting Interaction
● Webinar Recording

3. © 2017 HealthGuard
All rights reserved
Housekeeping – Zoom Meeting viewer interaction

4. © 2017 HealthGuard
All rights reserved
Housekeeping – Zoom Meeting viewer interaction

5. © 2017 HealthGuard
All rights reserved
Housekeeping – Zoom Meeting viewer interaction

6. © 2017 HealthGuard
All rights reserved
Our Speakers
John Zuziak, Director of Information
Security, Catholic Health Initiatives
Apolonio “Apps” Garcia,
Founder/President, HealthGuard

7. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
What is scenario based risk analysis?
Basic scenario elements
Benefits of scenario based analysis

8. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Audience Poll

9. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
What is scenario
based risk analysis?

10. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Risk scenario analysis is a technique to make IT risk
more concrete and tangible and to allow for proper risk
analysis and assessment. It is a core approach to bring
realism, insight, organisational engagement, improved
analysis and structure to the complex matter of IT risk.” -
ISACA

11. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Scenario analysis is a process of analyzing possible
future events by considering alternative possible
outcomes (sometimes called "alternative worlds"). Thus,
scenario analysis, which is one of the main forms of
projection, does not try to show one exact picture of the
future. Instead, it presents several alternative future
developments. - Wikipedia

12. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Basic Elements of a
Risk Scenario

13. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Threat

14. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Threats

15. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Threat Asset

16. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Assets

17. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Threat Asset Loss Event /
Effect

18. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Loss Event / Effect
Confidentiality
Integrity Availability
Financial Loss (Open FAIR)
● Productivity
● Response
● Replacement
● Fines & Judgement
● Competitive Advantage
● Reputation
Patient Safety (AHRQ Harm Scale)
● No Harm
● Mild Harm
● Moderate Harm
● Severe Harm
● Death
Privacy
● Information Exposure
● Data Theft

19. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Threat Asset
Acts On

20. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
ControlsThreat Asset

21. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Loss Event
ControlsThreat Asset

22. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Threat Controls Primary
Loss Event
Threat Event
Frequency
Primary Loss
Event
Frequency &
Magnitude
Vulnerability
Secondary
Loss Event
Frequency &
Magnitude
Secondary
Loss Event

23. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Benefits of Scenario
Based Risk Analysis

24. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Why do Scenario Based Risk Analysis?
“Scenarios are a powerful tool in a risk manager’s
armory—they help professionals ask the right questions
and prepare for the unexpected. Scenario analysis has
become a ‘new’ and best practice in enterprise risk
management (ERM). - ISACA

25. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Why do Scenario Based Risk Analysis?
“Risk scenario analysis is a structured process that leads to better understanding
of the ways multiple factors may combine to create both vulnerabilities and
opportunities. It is often applied to expand perceptions prior to formulating specific
business plans by focusing on factors that often get dismissed or shortchanged.”
“Risk scenario analysis helps overcome organizational resistance in discussions of
low-probability events or events that have not occurred in the recent past. Such
risks often receive low rankings in standard risk assessments, but they can be
revealed to be very challenging when introduced within risk scenarios.” - PwC

26. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Scenario based risk analysis is an analysis
methodology to prioritize and quantify risk and to
take action.
Scenario Risk Analysis summary in 3 words
1. Context
2. Context
3. Context

27. © 2017 HealthGuard
All rights reserved
© 2017 HealthGuard
All rights reserved
Introduction to Scenario Based
Risk Analysis -
Part 2: How to Build a Scenario
Wednesday, May 24th @ 1pm
Register on Eventbrite