Enterprise risk management

Slides:



Advertisements
Similar presentations
Credit Rating. Meaning Credit Rating is the opinion of the rating agency on the relative ability and willingness of the issuer of a debt instrument to.
Advertisements

Tenace FRAMEWORK and NIST Cybersecurity Framework Block IDENTIFY.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
David A. Brown Chief Information Security Officer State of Ohio
National Infrastructure Protection Plan
 The Indispensable Component of Cyber Security: The Dynamics of an Effective Cyber Cooperation Prof. Nazife Baykal Director of METU Informatics Institute.
1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
The NIST Framework for Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
Association of Defense Communities June 23, 2015
The NIGF CONFERENCE © 2013 ADDRESSING THE VULNERABILITY OF CRITICAL ICT INFRASTRUCTURE by Ernest Ndukwe, OFR Chairman Openmedia Communications Ltd 18 th.
Homeland Security UNCLASSIFIED Executive Order Presidential Policy Directive (PPD) - 21 Implementing the Presidential Executive Order (EO) on cybersecurity.
Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.
Maritime Cyber Vulnerabilities in the Energy Sector Center for Joint Operations of the Sea ODU Maritime Institute Students Crow, Fresco, Lee.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.
Governor’s Office of Homeland Security & Emergency Preparedness LOUISIANA BANKERS ASSOCIATION 2010 Louisiana Emergency Preparedness Coalition Meetings.
Cyber Attacks Threaten: privacy reliability safety resiliency 2.
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.
Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc
EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.
Cybersecurity Presentation Insert Name CSIA 412. Agenda 0 Purpose of Legislation 0 Influence of Legislation 0 Legislation vs. Other Regulatory Demands.
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
Thomas A. Baden Jr. | Commissioner and State Chief Information Officer
NATIONAL e-STRATEGY Presentation to the Portfolio Committee on Telecommunications & Postal Services DG: ROBERT NKUNA AUGUST 2017 Building a better life.
Cyber Security – An Existential Threat? (IIC, Singapore)
Information Security Program
Information Security – Current Challenges
Iowa Communications Alliance
The Cybersecurity Framework
The Community, Voluntary and Charitable Sector
Comprehensive Security and Compliance at an Affordable Price.
Enterprise risk management
WHAT is Project Matrix? An effort designed to:
HIRA This is the lesson objective.
Training and Outreach Materials
U.S. COAST GUARD CYBERSECURITY POLICY and CYBERSECURITY PLANNING
United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cybersecurity and the Marine Transportation System.
Cybersecurity Policies & Procedures ICA
Critical Infrastructure Protection Policy Priorities
NIST Cybersecurity Framework
ATD session 2: compliancy versus mission assurance
Standards for success in city IT and construction projects
EMC 330 Innovative Education- -snaptutorial.com
BCC 403 Education for Service-- tutorialrank.com
CIS 502 Inspiring Innovation-- snaptutorial.com
CMGT 441 Inspiring Innovation-- snaptutorial.com
IT Security Services Unapproved information leakage is a risk to associations. Steppa Cyber Security Services enable associations to apply data safety.
CIPC Relationships & Roles
Martin Rohner (Alternative Bank Switzerland) David Korslund (GABV)
2 OVERVIEW Cybersecurity initiative launched in July 2015 to create a trusted environment to address Cybersecurity -- Focus on the security needs of operators.
Cybersecurity ATD technical
Risk Mitigation & Incident Response Week 12
HIRA This is the lesson objective.
National Information Assurance (NIA) Policy
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
USACE infrastructure team update
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
An Executive Summary: The Issue the Profile Addresses, Its Development as a Solution, Its Benefits, and Support The Issue: Domestic and international regulatory.
Deborah Housen-Couriel, ADV.
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
BRD The Development Bank of Rwanda Plc (BRD) is Rwanda’s only national Development Finance Institution Public limited company incorporated in 1967 and.
Jeremy Grant Coordinator Better Identity Coalition
CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com
CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com
October is National Cybersecurity Awareness Month
Presentation transcript:

Enterprise risk management INFO 312 AUTUMN 2015 UNIVERSITY OF WASHINGTON INFORMATION SCHOOL WEEK #5B OCTOBER 28, 2015

Quick Reminders Please actually read the speaker’s bio and the website of the program they are responsible for, and base your questions on that material. I do not consider “What is largest threat you face?” (or variants of that question) to be a real question since I will already have asked it . Going forward, if your question is too generic, I’ll only give you .5 point for it. Your group presentations: I have not given any group a perfect score, but I have not given low grades either. If you are looking for a perfect grade, you will have to provide analysis of your event or unusual recommendations that I’ve not yet seen in the presentations (see #4 on Assignment). I know that 20 minutes is not a long time, so you might consider which are the most salient points you wish to make, and where/when in your presentation they are made so that you each get a chance.

NIST CYBERSECURITY FRAMEWORK Technology, the Great Enabler Convenience v. Security

History Most elements of the new framework in place a year after the president issued his executive order in 2013 that called for the development of a voluntary risk-based Cybersecurity Framework: “to maintain a cyber environment that encourages efficiency, innovation and economic prosperity while promoting safety, security, business confidentiality, privacy and civil liberties.” Voluntary means “no new regulations on business” at least from White House “NIST” is National Institute of Standards and Technology

Framework core structure

Function and Category Identifiers

Sample category with references

Risk-based approach

Privacy & civil liberties & infrastructure Though a methodology requested by the president, not much to be found on how to incorporate individual privacy and civil liberties. 16 critical infrastructure sectors in the US, in which both the public and private sector operate (though 90% owned by the private sector, regulation is present in each of the sectors, often from regulatory agencies) Each sector contains both physical assets that need to be protected as well as virtual assets that have increasingly come under attack from hackers and from nation state players, no matter what the size of the organization or its cyber sophistication level. Of the 16 sectors, my focus is usually on banking and finance, energy, technology, communications, emergency services and public health. Your final paper could look at a company or agency in any critical infrastructure sector, or at the sector in general in terms of its risk mgmt.

Questions? asearle@uw.edu abbast@uw.edu

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.