Presentation is loading. Please wait.

Presentation is loading. Please wait.

Welcome CCERP 2016 rcreid@uwf.edu.

Published byReynard Richards Modified over 7 years ago

Similar presentations

Presentation on theme: "Welcome CCERP 2016 rcreid@uwf.edu."— Presentation transcript:

1 Welcome CCERP 2016

2 Randy Reid, PhD, CISA, CISSP Security+, Network+, A+
Combining the Extended Risk Analysis Model and the Attack Response Model to Introduce Risk Analysis Randy Reid, PhD, CISA, CISSP Security+, Network+, A+ Department of Management and Management Information Systems University of West Florida Pensacola, Fla

3 Questions ? Not only encouraged but appreciated!

4 4 responses to an attack Avoidance: Apply safeguards
Mitigation: Reduce the impact Transference: Transfer the risk Acceptance: Inform management of all of the possible impacts and accept the risk Adler, T. R., Leonard, J. G. and Nordgren, R. K. (1999) Improving Risk Management: Moving from Risk Elimination to Risk Avoidance, Information and Software Technology, 41, Peltier, T. R. (2004). Risk analysis and risk management. The EDP Audit, Control, and Security Newsletter, 32. Zur Muehlen, M., and Ting-Yi Ho, D. (2005). Risk management in the BPM lifecycle. International Conference on Business Process Management. Springer Berlin Heidelberg. Whitman, M. E. and Mattord H. J. (2014). Management of Information Security, 4th Edition, Course Technologies.

5 Risk Methodologies Application Grid
Low Impact High Impact Occurrence Seldom Accept the Risk (acceptance) Transfer the Risk (insurance) Often Apply Safeguards (avoidance) Reduce the Impact (mitigation)

6 Extended Risk Analysis Model
Threats Vulnerabilities Risk Controls Insurance No Residual Risk Acceptable Finished Yes Reid, R. C. and Floyd, S. (2001). Extending the risk analysis model to include market insurance. Computers and Security, 20(4),

7 Hurricane, Floods, Earthquake
Origins and Sources of Threats Source Natural Human Origin External Hurricane, Floods, Earthquake Hackers Internal Broken water pipe Sabotage

8 Area under the control of Management
Extended Risk Analysis Model Threats Vulnerabilities Risk Area under the control of Management Controls Insurance No Residual Risk Acceptable Finished Yes Reid, R. C. and Floyd, S. (2001). Extending the risk analysis model to include market insurance. Computers and Security, 20(4),

9 Extended Risk Analysis Model
Avoidance: Apply safeguards Mitigation: Reduce the impact Transference: Transfer the risk Acceptance: Inform management of all of the possible impacts and accept the risk Threats Vulnerabilities avoidance Risk Controls Insurance mitigation transference No Residual Risk Acceptable Finished Yes acceptance

10 Structure of Cyber Insurance
First-party insurance, which covers damage and costs directly incurred by the organization. Third-party insurance, the second group, covers the costs that are paid to other groups or individuals outside of the organization, including impacts on the customers and legal costs

11 Cyber Insurance Coverage Price per $1 Million by Industry Sector

12 Future of Cyber Insurance
Currently 55 companies currently write cyber insurance policies 2 billion dollars per year in premiums European Union (EU), about 150 million in premiums has just passed additional privacy laws which will probably increase demand Asian markets are similar to EU so there is great potential there

13 Thank you for your time and attention
Any further questions or comments please contact me

Download ppt "Welcome CCERP 2016 rcreid@uwf.edu."

Similar presentations

Security+ All-In-One Edition Chapter 17 – Risk Management

Security+ All-In-One Edition Chapter 17 – Risk Management
Economic assessment and sustainable development Mark Hayden * External costs of energy and their internalisation in Europe: Dialogue with industry, NGO,

Economic assessment and sustainable development Mark Hayden * External costs of energy and their internalisation in Europe: Dialogue with industry, NGO,
1 Cyber Insurance and IT Security Investment: Impact of Interdependent Risk Hulisi Ogut, UT-Dallas Srinivasan Raghunathan, UT-Dallas Nirup Menon, UT-Dallas.

1 Cyber Insurance and IT Security Investment: Impact of Interdependent Risk Hulisi Ogut, UT-Dallas Srinivasan Raghunathan, UT-Dallas Nirup Menon, UT-Dallas.
Risk Management and Types of Risks By Tony Collins Edited by Memory Reed Georgia CTAE Resource Network 2010.

Risk Management and Types of Risks By Tony Collins Edited by Memory Reed Georgia CTAE Resource Network 2010.
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
Overview of VMIA IHEA Forum Monia Choudhary Mark Cleeve August 2013.

Overview of VMIA IHEA Forum Monia Choudhary Mark Cleeve August 2013.
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.

CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
Introducing Computer and Network Security

Introducing Computer and Network Security
Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.

Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.
1 Estimating the Cost and Benefits of Software Assurance Investments Thomas P. Frazier November 9, 2006.

1 Estimating the Cost and Benefits of Software Assurance Investments Thomas P. Frazier November 9, 2006.
Chapter Extension 22 Managing Computer Security Risk © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 22 Managing Computer Security Risk © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
ENVIRONMENTAL LIABILITY IN GREECE THE LEGAL FRAMEWORK & THE ROLE OF FINANCIAL GUARANTEES/ INSURANCE PRODUCTS TO COVER OPERATORS’ RESPONSIBILITIES UNDER.

ENVIRONMENTAL LIABILITY IN GREECE THE LEGAL FRAMEWORK & THE ROLE OF FINANCIAL GUARANTEES/ INSURANCE PRODUCTS TO COVER OPERATORS’ RESPONSIBILITIES UNDER.
Conference – 7-8 August, 2013 Presented by David Melnick | pg 1 Employee Privacy and Organizational Security: August 8th, 2013 Addressing.

Conference – 7-8 August, 2013 Presented by David Melnick | pg 1 Employee Privacy and Organizational Security: August 8th, 2013 Addressing.
0 IMPACT OF EUROZONE RECESSION FOR THE CREDIT INSURANCE INDUSTRY Selin ÇALIŞKAN Deputy Manager JOINT PAM/UNECE/UNCTAD CONFERENCE Geneva, 30-31 May 2013.

0 IMPACT OF EUROZONE RECESSION FOR THE CREDIT INSURANCE INDUSTRY Selin ÇALIŞKAN Deputy Manager JOINT PAM/UNECE/UNCTAD CONFERENCE Geneva, May 2013.
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
EQAA 11th Session Jamil Kalat-Malho Jong Ho Lee

EQAA 11th Session Jamil Kalat-Malho Jong Ho Lee
Master Policy and Unit Owner Policy June 11, 2015 Insurance.

Master Policy and Unit Owner Policy June 11, 2015 Insurance.

Similar presentations

Ads by Google