Project risk, cybercrime and the way forwards – further thoughts APM Risk SIG presentation 8th November v0.1.

Slides:



Advertisements
Similar presentations
1 Cyber Risk – What can you do…? Chris Clark Managing Director, Prosperity 24.7.
Advertisements

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Entrepreneural Strategy, generating and exploiting new Entrants
Making CSR Happen ICC, Birmingham 11 December 2006.
Crisis & Risk Management Introduction. Crisis happens more than we imagine. They are not always easy to see unless they affect our own lives.
Risk Management……… Not just part of good management it’s all of it!! Presented on 11 February 2008 Presented by Mike Robertson Managing Director.
10.1 Identify Stakeholders
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Chapter 2 Strategic Training
BL6006 RESIT Assessment 2 Details Submission date: 3pm 30 July 2015 Assessment weighting: 30% of the overall mark Marks for this assessment will be awarded.
The quest for future success in the international hotel industry An expedition in Africa Do you want to dance with me? By Jan Jansen.
How to better protect the business - Introduction based on findings of SUPPORT Delft, May 9, 2012 Henk van Unnik Senior advisor, Securitas Maritime & Logistics.
Sapient Insurance Partners. Overview & Services We have almost four decades of combined experience in the property & casualty insurance and reinsurance.
Employee Training and Development,4th Edition
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
Talent Pipeline Conference 2011 A global perspective Delivering the workforce of the future Making the most of your people 30 th March 2011.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Hartley, Project Management: Integrating Strategy, Operations and Change, 3e Tilde Publishing Chapter 10 Risk Management Proactively managing the positive.
Reaching New Heights... Developing the Strategy Chapter VI Integrating Marketing in the Leisure Industry.
Ecosystem Services: Perspectives on the Bottom Line for Business and Industry Marcus Lee, Millennium Ecosystem Assessment FIDIC 2005, 6 September, Beijing.
INTELLIGENCE SERVICES. The Stratfor Advantage As the world’s leading private intelligence company, Stratfor is able to analyze and deliver timely, accurate.
Chapter 6 Learning and Development in Organisations: Intervention or Informality?
Your users are a priority: implementing customer knowledge management in your library to enhance innovation Adeline du Toit University of Pretoria
Managing Uncertainty, Creating Opportunity Enterprise Risk Management J. Brown, CEO.
Dolly Dhamodiwala CEO, Business Beacon Management Consultants
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Amity School of Business Marketing Management Module – I Geetika Jain
Unit 4: Impact of the Use of IT on Business Systems
Cybersecurity as a Business Differentiator
Cyber in Financial Services
Government Internal Audit Career
BAE systems Research results October 2016
An Overview on Risk Management
Approaches to Defining Risk
Data Minimization Framework
Strategic Training.
HRM 498 assist Learn/hrm498assist.com
COMP3357 Managing Cyber Risk
Entrepreneurial Strategy: Generating and Exploiting
COMPGZ09 Project Management Definitions Lecture 1 Graham Collins, UCL
MAKING SENSE OF STRATEGY B301-B tutorial week 3
Managing Reputational Risk
Ulrich’s model of HR.
Organizational Design and Strategy in a Changing Global Environment
Chris Easton, Head of Strategy,
Business Essentials, 7th Edition Ebert/Griffin
Understand that corporate-level strategies include decisions regarding diversification, international expansion, and vertical integration Describe the.
Cybersecurity Awareness
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
Project Management SWOT and Stakeholders.
Fix it or Forget it? Dealing with Troubled Projects
Black Rock- A sense of Purpose
Risk and Decision Making
Marketing Planning Lecture 2.
Strategy in a Changing Global Environment
Talent 9-Block Assessment
Entrepreneurial Strategy: Generating and Exploiting
International Management Chapter 1: Assessing the Environment: Political, Economic, Legal and Technological Lesson1: The Global Business Environment, the.
IS Risk Management Framework Overview
Assessing and Managing Risk
Part III: Strategy in Action
Strategic threat assessment
Managing IT Risk in a digital Transformation AGE
DSC Contract Management Committee Meeting
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
Chapter 3.4 Public Relations Communication
STRATEGIC SYNDICATE 4 ALLIANCES. TWC STRATEGIC ALLIANCE WHAT IS STRATEGIC ALLIANCE 2 Strategic alliances are agreements between two or more independent.
SWOT and PESTEL Analysis By MyAssignmenthelp.com MyAssignmenthelp.com.
Presentation transcript:

Project risk, cybercrime and the way forwards – further thoughts APM Risk SIG presentation 8th November v0.1

Contents Have projects clearly understood their objectives and risks? How can we take steps to address cybercrime in risk management? Are there any opportunities? Are there any wider concerns?

Have projects clearly understood their objectives and risks? THE PROJECT Do we really know what information is critical and valuable for our projects and organisations?

Further questions to ask Do we have assets on the project which provide intangible value? Intellectual Property Unique ways of working that distinguish from competitors Key information about contacts and suppliers Do we have a holistic understanding of cybercrime risks? Do other departments outside IT have cybercrime risks? Are cybercrime risks considered by senior management? Are “social” risks considered? Awareness and culture Social engineering Insider threat Brand and reputational damage

Further challenges No historical data to make risk impacts more predictable Nature and extent of threat is constantly changing and evolving Could always be a “black swan” threat unless all activity becomes completely off line Threat can be both inside and outside the project environment

How can we take steps to address cybercrime in risk management? Four typical risk mitigation strategies are: Tolerate Not cost effective to address cybercrime Not enough of a percieved threat Treat Enhanced security in IT hardware/software Increased awareness and auditing over online activities Transfer Buy insurance “Make it someone else’s problem” Terminate Go completely offline……..

Are we being risk efficient in our responses? Q: What is the immediate reaction to cybercrime? A: Throw money at the problem and hope that it goes away! BUT this is often very inefficient from a risk perspective. A basic definition of “risk efficiency” is the minimum risk decision choice for a given level of expected performance Does the project have the right resources and the right skills in place? Is the project addressing the right areas for tackling cybercrime? Are the risk mitigation activities delivering value for money? Are cybercrime risks set in the right perspective and in context with other project risks?

Do we recognise the different and specific environments? There is no standardised one fits all way to address the risk of cybercrime. Each project and organisation may face unique risks. For some cybercrime types, it may be dependent on the current market conditions the project is subjected to. Corporate culture may have an effect e.g. disgruntled employees, redundancy threats etc Are global projects with multiple stakeholders more of a risk?

Changes in the risk attitudes with cybercrime?

Perceptions of cyber risk matter if estimates are so subjective High levels of perceived control Low levels of perceived control Individualized viewsCollectivized views FATALISTS HEIRARCHISTS INDIVIDUALISTS EGALITARIANS Cybercrime is bound to happen – there’s nothing we can do about it Cybercrime is completely unpredictable both in how and when it will happen Nobody seems to know what’s going on with cybercrime Regarding cybercrime: “what will be, will be”. Cybercrime risks must be measured accurately as soon as possible A committee is needed to take charge of cybercrime risks Rules and standards are needed to assess cybercrime risks Cybercrime risks must only be assessed by the experts I won’t let cybercrime risks prevent me from trading online The “possibility” of cybercrime should not become the “probability” of cybercrime I can take the impacts of cybercrime on the chin It’s not about assessing cybercrime risks at all. It’s about whether we trust “the experts” Cybercrime risk information is only given to us by hand picked sources with a common agenda Cybercrime risks are a direct result of bureaucratic fiddling and interference Cybercrime information is deliberately withheld from us by the Government

How do we assign roles and responsibilities to tackle cybercrime? Keyword Search November 8, 1997 Send to a Frien d or Frien ds Who owns the risks? Project manager Risk manager Project Board Senior Management Security department IT department HR department Support teams Government Suppliers Citizens Other third parties

How about opportunity management? Are there any opportunities inherent with cybercrime? UK projects more proactive in addressing cybercrime UK skills are more adapted to combating cybercrime Job creation Enhanced reputation of UK projects overseas Increasing demand – virtuous circle

One final point With cybercriminal techniques and expertise growing, future threats to the UK economy may also look like this…….. Cyber warfareCybercrimeCyber terrorism Overt state sponsored attack on UK infrastructure Motive is to obtain military superiority Covert criminal and state sponsored attacks on UK infrastructure Motive is to obtain financial gain with minimal risk of getting caught Covert political or socio- economic group attack on UK infrastructure Motive is to cause maximum damage indiscriminately in one attack Cybercriminal skills and expertise can very easily be transferred to cyber warfare and cyber terrorism. The only difference is the motive.

From the “Cyber Inquirer website, which commissioned this cartoon image based on the Cost of Cybercrime report

Any questions?