Download presentation
Presentation is loading. Please wait.
1
Information Assets, Security and Cyber Threats
Risk Management Governance For Information Assets, Security and Cyber Threats ______ June 22-23, 2016 Jim Blair, President Integrated Risk Management Solutions, LLC___________________________
2
Risk Management is NOT! Only Insurance – approx. 40% of claims paid
Hope – “It won’t happen to us” Third party studies – “filed” on a back shelf Controls or Compliance – rear-looking check lists Hiring a team of “really smart” people Time limited – “it’ll go away” Burdensome (when proactively managed) 7-10% of Revenue Consumed by RM Costs Integrated Risk Management Solutions, LLC___________________________
3
The Business Approach Integrated Risk Management Solution
Risk Finance & Insurance Claims Mgt. & Cost Control Health & Safety Captive Insurance Absence Management Claims Managemen t & Cost Control Fraud Prevention Business Resiliency Planning Ethics & Conduct CASH FLOW GROWTH Audit & Sox Secur ity Security Revenue Assurance Revenue Assurance Scenario Planning Compliance Emergency Response Privacy Enterprise Risk Assessment Information Management Internet & Information Systems Security Change Management Copyright protected – Property of Integrated Risk Management Solutions, LLC
4
Managing Risk = Cash Flow
Risk Management IS! A strategy to strengthen the business A primary cash-flow driver Strategic examination of material risks Integrated action for mitigation Scenarios and alternative solutions Preparedness for uncertainty and crisis Managing Risk = Cash Flow Integrated Risk Management Solutions, LLC___________________________
5
Information Risks-Cyber Threats
Information Assets Cyber Threats Intellectual Property Theft/Loss of Physical Equipment Patents, Trade Secrets, Copyrights Internal Breach – Employees & Vendors Drawings, Architectures, Networks 70% of Breaches – Internal Merger & Acquisition Plans Data Theft, Manipulation, Contamination Financial & Strategic Plans Fraud – 6% of GDP Board Records External Attacks – Network, Firewalls, Encrypted Data, Information In Transit & at Rest Banking and Financial Records Personal Identification Information (PII) Personal Credit Information (PCI) Attacks on The Cloud, Data Warehouses Employment Records All Portable Devices – Smart Phones, Tablets, Hard Drives, Flash & Thumb Drives, Video Players HIPPA and HITECH FERPA – Student Records Vendor-Customer Lists w/ Billing Info. FAX Machines and Scanners Stored in ALL MEDIA FORMS Manufacturing Digital Controls – SCADA Integrated Risk Management Solutions, LLC___________________________
6
Risk Transfer Priorities
Recover “first” costs of Response & Recovery: 1. Breach Detection 8. Notify Parties (millions) 2. Forensic Analysis 9. Credit Monitoring 3. Repair Identity Repair 4. Identification of Parties PCI/Credit Card Providers 5. Legal Protection/Costs Regulatory Fines 6. Communications Plan Litigation 7. Notify Regulators (48) Reputation Recovery Ponemon Est. Cost $201/Account Breached Average Business Loss - $5.85 million Business Interruption Cost Recovery – Imperative Reputational Damage a Major Issue Lloyds of London Est. Global Cost ~ $400 billion Integrated Risk Management Solutions, LLC___________________________
7
Top 5 Risk Management Priorities
Integrated Risk Management Solutions Clients Reputation – Client and Investor Impact Cyber-breach – Data compromise – Operating Systems Behavior – Internal and 3rd party providers Business Disruption – Internal & supply chain Cash Flow – Revenue diversity & cost management Integrated Risk Management Solutions, LLC___________________________
8
Regulatory Risks Growing
FDA Regulations OSHA - EPA Foreign Corrupt Practices Act & UK Anti-Bribery Data Privacy – President’s Directive 2/13 48 State Regulations on Information Breach Disclosure PCI Compliance FTC Red Flags Rule - Protects CPI & EPI USA Patriot Act – TSA Regulations Office of Foreign Asset Control (OFAC) Risk Mgt. Likely to Become a Requirement Integrated Risk Management Solutions, LLC___________________________
9
The Integrated Approach to Risk Management
Proactive Management of Organizational Risks Majority of Risks are Operational – Minimal Insurance Form a Risk Management Executive Council Top leaders - Operations – Finance – Marketing - Human Talent – Legal Establishes a Rhythmic Focus on “Material” Risks 90/90 Plan - meets for 90 minutes every 90 days Reports to CEO - Advisory Board / Board Administers Risk Costs 7-10% of Revenue Integrated Risk Management Solutions, LLC___________________________
10
The Integrated Approach to Risk Management
Process Governance of Risk & Preparedness Prioritize Risk Initiatives – measure deliverables Report Performance Results – Resolve disputes Initiate Operations Assurance Processes Scenario Planning – Emergency Response Anticipate Emerging Risks Amplifies Organizational Intelligence Integrated Risk Management Solutions, LLC___________________________
11
Questions – Discussion - Strategy
The Process Questions – Discussion - Strategy Integrated Risk Management Solutions, LLC___________________________
12
Cash Flow is Improved – ROI ~ 4:1
The Outcome – Strength A Prevention/Awareness Approach Produces Results “All Eyes On” Risk Priorities are Funded Alignment of Work Efforts Across Business Units Stimulates Prevention-Centric Behavior Results are Measured and Reported Rhythmic Operations Assurance Anticipates “Emerging” Risks Cash Flow is Improved – ROI ~ 4:1 Integrated Risk Management Solutions, LLC___________________________
13
Questions – Discussion - Strategy
Integrated Risk Management Solutions, LLC___________________________
Similar presentations
