Download presentation
Presentation is loading. Please wait.
Published byNoah Ross Modified over 8 years ago
1
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. CyberRAVE January 24, 2006 Strategic Approach to Developing Corporate Data Insurance Coverage By Joseph A. Sprute, President CyberRAVE™ LLC
2
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Business Intent Programmatically Couple Enterprise Risk Management with Computer Assisted Audit Technology. Provide Network Data Compliance and Insurability for “Certified” environments. Underwrite and sponsor new lines of insurance products for corporate customers. Foster a business culture that mitigates network data threats and vulnerabilities.
3
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Business Case Companies need additional risk coverage for network data systems. “Certified” products & services establish a framework for optimized business performance. Companies will benefit using compliant systems that have key insurable components. The baseline for defining risk associated with Network Data is raw data.
4
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Operational Goals I. Actuarial Components II. Risk Metrics III. Application Environment IV. Module Integration V. Systems Integration VI. Certification Programs
5
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. I. Actuarial Components Risk Classification Unknown Risk Threats & Vulnerabilities Assessment Risk Controls Price Variables Price Drivers
6
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Risk Classification Assets Threats Vulnerabilities Strategic Priorities Strategic Goals Manifest Risks
7
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Unknown Risk Bayesian Analysis –Expresses uncertainty about unknown parameters probabilistically A logical, quantitative framework that supports the iterative process of integrating and accumulating information and knowledge in order to further a scientific, technologic or policy interest Supports inverse probability (Posterior Distribution) Handles prior probabilities Supports complex statistical problems with relative ease Knowledge structure works with multi-discipline practitioners Casts statistical problems in the framework of decision making Entails formulating subjective prior probabilities to express pre-existing information Has careful modeling of the data structure Checking and allowing for uncertainty in model assumptions Formulating a set of possible decisions and a utility function to express how the value of each alternative decision is affected by the unknown model parameters Components can be omitted (e.g. no prior information, decision-theoretic framework etc)
8
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Threats & Vulnerabilities Assessment Universal Known Unknown Past Present Future
9
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Risk Controls Threat & Vulnerability Assessment Risk Minimization Environmental Monitoring Measurements & Modeling Active Mitigation True Remediation
10
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Price Variables Risk, Cost, Benefit Variable Risk Table Translations Data Analytics Insurance Underwriting Criteria Asset Coverage
11
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Price Drivers Advantages over competition Customer perception of value Product fit compared to nearest competition Expected term of competitive advantage Expected Product lifecycle Estimated total potential market (defined without price controls) Percentage of market share sought ROI expectations Branding resources (advertising etc) Impact on new sales and lifecycle of existing products
12
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. II. Risk Metrics Asset Profile Asset Valuation Variable Risk Factors Risk Calculations Decision Support Risk Minimization
13
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Asset Profile Type Class Value Threats Vulnerabilities Uses
14
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Asset Valuation Origination & Handling Prior Conditions (History) Storage & Management Accounting Controls Applicable Uses Risk of Abuses
15
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Variable Risk Factors Threats, Vulnerabilities & Incidents 1.Network Data Level Assessment, Access, Authorization, Authentication, Accounting, Auditing 2.Physical Level People, Data, Systems, Network, Processes, Facilities 3.Logical Level Social, Economic, Political, Legal, Technical, Administrative 4.Semantic Level Ontology, Syntax, Context, Constructors, Properties, Operators 5.Reporting Level Who, What, Where, When, Why, How 6.Actuarial Level Universal, Known, Unknown, Past, Present, Future
16
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Risk Calculations Data Value Risk Categorization Bayesian Analysis (Unknown Variables) Damage Cost Risk Conversion Risk Management
17
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Decision Support Risk Premium Matrix Real-Time Compliance Monitor Risk Modeling Tools Business Rules Framework Service Control Panel User Interface
18
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Risk Minimization Physical Security Logical Security Standards & Best Practices Business Process Management Reporting Auditing
19
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. III. Application Environment Systems & Platforms Actuarial Reporting Regulation Compliance Account Management Customer Use
20
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Systems & Platforms Common off the Shelf Process Management Risk Management Measurement & Analytics Reporting, Forensics & Auditing Computational Grid
21
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Actuarial Reporting Assessment Access Authentication Authorization Accounting Auding
22
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Account Management Data Profile Metadata Storage & Management Environmental Controls Risk Factors Certification Auditing
23
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Customer Use Business Performance & Optimization Standards, Best Practices, & Compliance Asset Protection Risk Management Data Management
24
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. IV. Module Integration Beneficial Uses Change Management Application Environment Administrative Support Training Sales
25
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Beneficial Uses Risk Coverage –Best Practice –Compliance –Disaster Recovery –Asset Reimbursement Business Process Efficiency –Accounting –Monitoring –Reporting –Optimizing
26
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Change Management Communication Process Alignment Roles & Rules (Policy Development) Systems Integration Monitoring & Testing Reconfiguration
27
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Application Environment Module Description Application Overview Platforms Programming Languages Application Programming Interface Standards & Best Practices
28
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Administrative Support Legal & Regulatory R&D Business Systems Facilities & Hosting Personnel Roles & Rules
29
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Training Marketing Communications Sales Prospects Customers Partners Employees
30
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Sales New & Existing Accounts –Accounting Services –Actuary Services –Business Services –Consulting Services –Insurance Services
31
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. V. Systems Integration Business & Technology Sales & Marketing Legal & Administrative
32
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Business & Technology Objectives Declaration Resource Consolidation Risk Tolerance Calibration Compliance Tools Documentation Systems Certification
33
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Regulation Compliance National & International –BFSI –Healthcare –Telecom –Utilities
34
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Sales & Marketing Professional Services (Regulated Industries) –Financial Services –Health Services –Telecommunications –Transportation –Utilities –Etc
35
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Legal & Administrative Jurisdiction Policy Coverage Certification Monitoring & Reporting Auditing
36
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. VI. Certification Programs Coverages –Employees & Processes –Data & Information –Legal & Jurisdiction
37
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Coverages Transaction Disaster Employee Legal Privacy Regulatory
38
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Assess Asset Profile User Environment Actuarial Components Risk Metrics Compliance Standards Goals & Expectations
39
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Account Asset Inventory Liability Assessment Controls Reporting & Transparency Certification
40
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Harden Data Networks (Public/Private) Communication Methods & Systems Information Management Systems User Environments Users & Groups Compliance
41
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Manage “Hardened” Elements Change Expectations ROI TCO
42
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Audit People Processes Technology
43
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Notes
44
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Risk Conversion Data Context Storage & Handling Asset Valuation Threats & Vulnerabilities Mitigation Risk Management Insurability
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.