This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Governance, Risk Management & Compliance (GRC)
Security Operations, Analytics & Reporting (SOAR)
The real and present threat of a cyber breach demands real-time risk management Simon Marvell Partner Acuity Risk Management www.acuityrm.com Governance, Risk Management & Compliance / Security Operations, Analytics & Reporting
Agenda
1. The need for real-time, threat-based
cyber security risk management
2. Threat and control modelling
3. Measuring cyber security risk
4. Outputs and benefits from cyber security
risk management
The real and present threat
Data, information and knowledge
Plenty of data Vulnerability scanning reports
Penetration test reports
SIEM
Security analytics
Audit reports
Compliance assessments
Threat intelligence
Incidents and near-misses
Indicators of compromise
Risk assessments
But how much information and knowledge? Often operating independently
Often technology, rather than business focussed
Visibility of cyber security status
Business leaders want answers:
What are our current measured levels of cyber security
risk across the Enterprise from the multiple threats that
we face?
Are these cyber security risks tolerable?
If not, what is our justified and prioritized plan for
managing these risks down to tolerable levels?
Who is responsible and by when?
These are Risk Management questions
Cyber security risk management
Risk management is the ongoing process of identifying,
assessing, and responding to risk
To manage risk, organizations should understand the
likelihood that an event will occur and the resulting
impact
With this information, organizations can determine the
acceptable level of risk for delivery of services and can
express this as their risk tolerance
National Institute of Standards and Technology (NIST) Framework for
Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 2014
Threat – driven risk management
It is increasingly accepted that cyber security risk
management should be threat – driven:
“Contemporary cyber security risk management practices are
largely driven by compliance requirements, which force
organizations to focus on security controls and vulnerabilities”.
“The unbalanced focus on controls and vulnerabilities prevents
organizations from combating the most critical element in risk
management: the threats”.
“When this threat-driven approach is implemented along with
tailored compliance processes, organizations can produce
information systems that are both compliant and more secure”.
A Threat – Driven Approach to Cyber Security, Michael Muckin, Scott C. Fitch,