Welcome CCERP 2016 rcreid@uwf.edu.

Slides:



Advertisements
Similar presentations
Security+ All-In-One Edition Chapter 17 – Risk Management
Advertisements

Economic assessment and sustainable development Mark Hayden * External costs of energy and their internalisation in Europe: Dialogue with industry, NGO,
1 Cyber Insurance and IT Security Investment: Impact of Interdependent Risk Hulisi Ogut, UT-Dallas Srinivasan Raghunathan, UT-Dallas Nirup Menon, UT-Dallas.
Risk Management and Types of Risks By Tony Collins Edited by Memory Reed Georgia CTAE Resource Network 2010.
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
Overview of VMIA IHEA Forum Monia Choudhary Mark Cleeve August 2013.
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
Introducing Computer and Network Security
Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.
1 Estimating the Cost and Benefits of Software Assurance Investments Thomas P. Frazier November 9, 2006.
Chapter Extension 22 Managing Computer Security Risk © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
ENVIRONMENTAL LIABILITY IN GREECE THE LEGAL FRAMEWORK & THE ROLE OF FINANCIAL GUARANTEES/ INSURANCE PRODUCTS TO COVER OPERATORS’ RESPONSIBILITIES UNDER.
Conference – 7-8 August, 2013 Presented by David Melnick | pg 1 Employee Privacy and Organizational Security: August 8th, 2013 Addressing.
0 IMPACT OF EUROZONE RECESSION FOR THE CREDIT INSURANCE INDUSTRY Selin ÇALIŞKAN Deputy Manager JOINT PAM/UNECE/UNCTAD CONFERENCE Geneva, May 2013.
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
EQAA 11th Session Jamil Kalat-Malho Jong Ho Lee
Master Policy and Unit Owner Policy June 11, 2015 Insurance.
Lesson 13. Give examples of the three main types of business risk – economic, human, an natural Describe the elements of an effective risk prevention.
Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.
Chapter 34 risk management Section 34.1 Business Risk Management
RISK MANAGEMENT. RISK IS INEVITABLE  From your research of local businesses, what Risk was unavoidable and why?  Speculative Vs. Pure Risk  Speculative=
SEC’s Cybersecurity Risk Alert Part 2 of 3 How-To: Assessing Cybersecurity Risk Thomas J. DeMayo, CISSP, CIPP, CEH, CPT, MCSE Director, IT Audit and Consulting.
Systems and Software Consortium | 2214 Rock Hill Road, Herndon, VA Phone: (703) | FAX: (703) Best.
Abcd Managing and measuring operational risk in an insurance company John Rowland Tillinghast General Insurance Spring Seminar May 2003 Scarman House.
Session 161 Comparative Emergency Management Session 16 Slide Deck.
Risk Management for Business
Organizational Risk and the Costs and Benefits of Biometrics Presentation to the European Union Biometrics Group May 14, 2004 Virginia Franke Kleist, Ph.D.
Risk Assessment: Key to a successful risk management program Sixteenth National HIPAA Summit Timothy H Rearick, MBA, PMP August 22, 2008.
McGraw-Hill/Irwin © 2002 The McGraw-Hill Companies, Inc. All rights reserved. C H A P T E R Haag Cummings McCubbrey Third Edition 8 Protecting Information.
Budapest, Challenges and opportunities for the insurance sector on example of Polish market Piotr Wójcik Liability.
Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.
Introduction to Information Security
Software Development Risk Assessment for Clouds National Technical University of Ukraine “Kiev Polytechnic Institute” Heat and energy design faculty Department.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Internal Audit Considerations for Cybersecurity Risks Posed by Vendors October th, 2015 Chicago IIA Chapter’s 2 nd Annual IIA Chicago IT Hacking.
New A.M. Best Cyber Questionnaire
Risk Management for Small & Medium Sized Enterprises
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Information Security Governance and Risk Chapter 2 Part 2 Pages 69 to 100.
„Wage instead of Pocket Money“- Standardization and Accredidation of Basic Vocational Training as necessary step towards Work- Inclusion in Employment.
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 3 OTHER DAMAGING THREATS.
CYSM Risk Assessment Methodology Co-funded by the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)
Cyber Insurance Overview July 30, 2016 Wesley Griffiths, FCAS International Association of Black Actuaries.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Cyber Liability Insurance for an unsecure world
Law Firm Data Security: What In-house Counsel Need to Know
New A.M. Best Cyber Questionnaire
Risk Management.
Managing a Cyber Event Steven P. Gibson President
Risk management Giovanni Seppia wwTLD meeting
Responding to Intrusions
Security on the Move & In the Clouds
COMP3357 Managing Cyber Risk
Interdependent Risk Networks and Role of Cyber Insurance
Chapter 34 risk management Section 34.1 Business Risk Management
Improving Natural Catastrophe Resiliency: Insurance vs. Intervention
Cyber Insurance Overview
I have many checklists: how do I get started with cyber security?
Cyber Issues Facing Medical Practice Managers
FAIR 2018 – Cyber Risks & Markets
Cybersecurity compliance for attorneys
Secretary for Information Security
Must cost less than possible Impact
Cyber Risk & Cyber Insurance - Overview
Forensic and Investigative Accounting
Chapter 34 Risk Management
Presentation transcript:

Welcome CCERP 2016 rcreid@uwf.edu

Randy Reid, PhD, CISA, CISSP Security+, Network+, A+ Combining the Extended Risk Analysis Model and the Attack Response Model to Introduce Risk Analysis Randy Reid, PhD, CISA, CISSP Security+, Network+, A+ Department of Management and Management Information Systems University of West Florida Pensacola, Fla

Questions ? Not only encouraged but appreciated!

4 responses to an attack Avoidance: Apply safeguards Mitigation: Reduce the impact Transference: Transfer the risk Acceptance: Inform management of all of the possible impacts and accept the risk Adler, T. R., Leonard, J. G. and Nordgren, R. K. (1999) Improving Risk Management: Moving from Risk Elimination to Risk Avoidance, Information and Software Technology, 41, 29-34. Peltier, T. R. (2004). Risk analysis and risk management. The EDP Audit, Control, and Security Newsletter, 32. Zur Muehlen, M., and Ting-Yi Ho, D. (2005). Risk management in the BPM lifecycle. International Conference on Business Process Management. Springer Berlin Heidelberg. Whitman, M. E. and Mattord H. J. (2014). Management of Information Security, 4th Edition, Course Technologies.

Risk Methodologies Application Grid Low Impact High Impact Occurrence Seldom Accept the Risk (acceptance) Transfer the Risk (insurance) Often Apply Safeguards (avoidance) Reduce the Impact (mitigation)

Extended Risk Analysis Model Threats Vulnerabilities Risk Controls Insurance No Residual Risk Acceptable Finished Yes Reid, R. C. and Floyd, S. (2001). Extending the risk analysis model to include market insurance. Computers and Security, 20(4), 331-339.

Hurricane, Floods, Earthquake Origins and Sources of Threats   Source Natural Human Origin External Hurricane, Floods, Earthquake Hackers Internal Broken water pipe Sabotage

Area under the control of Management Extended Risk Analysis Model Threats Vulnerabilities Risk Area under the control of Management Controls Insurance No Residual Risk Acceptable Finished Yes Reid, R. C. and Floyd, S. (2001). Extending the risk analysis model to include market insurance. Computers and Security, 20(4), 331-339.

Extended Risk Analysis Model Avoidance: Apply safeguards Mitigation: Reduce the impact Transference: Transfer the risk Acceptance: Inform management of all of the possible impacts and accept the risk Threats Vulnerabilities avoidance Risk Controls Insurance mitigation transference No Residual Risk Acceptable Finished Yes acceptance

Structure of Cyber Insurance First-party insurance, which covers damage and costs directly incurred by the organization. Third-party insurance, the second group, covers the costs that are paid to other groups or individuals outside of the organization, including impacts on the customers and legal costs

Cyber Insurance Coverage Price per $1 Million by Industry Sector

Future of Cyber Insurance Currently 55 companies currently write cyber insurance policies 2 billion dollars per year in premiums European Union (EU), about 150 million in premiums has just passed additional privacy laws which will probably increase demand Asian markets are similar to EU so there is great potential there

Thank you for your time and attention Any further questions or comments please contact me rcreid@uwf.edu

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.