MIS 5206 Protection of Information Assets - Unit #4 - Risk Evaluation. MIS 5206 Protecting Information Assets
|
|
- Arabella Marshall
- 5 years ago
- Views:
Transcription
1 MIS 5206 Protection of Information Assets - Unit #4 - Risk Evaluation
2 Agenda Where Role of InfoSec categorization fits Risk evaluation Who is responsible Risk management techniques Test taking tip Quiz
3 Information categorization and risk evaluation is the first step in information systems security A holistic and comprehensive risk management process Provides a framework for managing risk throughout the information system development lifecycle
4 Where information categorization and risk evaluation fits in information systems security NIST Risk Management Framework NIST Cybersecurity Framework
5 Information Categorization is part of Risk Evaluation Why is data categorization important? It focuses attention on the identification and valuation of information assets IT is the basis for access control policy and processes
6 Risk Evaluation Risk evaluation is the process of identifying risk scenarios and describing their potential business impact
7 Risk Evaluation - Key Components Collect Data Analyze Risk Maintain Risk Profile Identify relevant data to enable effective IT-related risk identification, analysis and reporting Develop useful information to support risk decisions that take into account the business impact of risk factors Maintain and up-to-date and complete inventory of known risks and attributes as understood in the context of IT controls and business processes
8 Risk Evaluation - Collect Data (RE-1) Goal: Ensure IT-related risks are identified, analyzed and presented in business terms Metrics: # of loss events with key characteristics not captured or measured Degree to which collected data support Visibility and understanding of the threat landscape Analyzing scenarios and reporting trends Visibility and understanding of the control state
9 RE-1: Collect Data Key Activities RE1.1 Establish and maintain a model for data collection RE1.2 Collect data on the operating environment RE1.3 Collect data on risk events RE1.4 Identify risk factors
10 Risk Evaluation - Collect Data (RE1) Existence of a documented risk data collection model # of data sources # of data items with identified risk factors Completeness of Risk event data Affected assets Impact data Threats Controls Measures of the effectiveness of controls Historical data on risk factors
11 Risk Evaluation - Collect Data: Governance Roles Board of directors Chief Executive Officer (CEO) Chief Financial Officer (CFO) Chief Risk Officer (CRO) Enterprise Risk Committee Business Management Business Process Owner Risk Control Functions Human Resources Compliance and Audit
12 Risk Evaluation - Collect Data: Governance Roles
13 Risk Evaluation - Key Components Collect Data Analyze Risk Maintain Risk Profile Identify relevant data to enable effective IT-related risk identification, analysis and reporting Develop useful information to support risk decisions that take into account the business impact of risk factors Maintain and up-to-date and complete inventory of known risks and attributes as understood in the context of IT controls and business processes
14
15
16 Categorizing Information and Information Systems
17 A systematic qualitative approach to information security categorization
18
19
20
21
22
23
24 How to categorize and prioritize an enterprise s data for protection?
25 FIPS 199: Risk event impact ratings
26 Question: How to approach prioritizing an enterprise s data for protection?
27 Remember procedure described in FIPS Pub 199 Standard for Security Categorization of Information Systems Low: Limited adverse effect Medium: Serious adverse effect High: Severe or catastrophic adverse effect Example with multiple information types: 27
28 1. Setup the information security categorization of Health Catalyst s product line data
29 Determine the overall information security categorization of the different datasets Remember the application of FIPS 199 to derive overall categorization: Synonyms: impact rating, security categorization,
30 Find a way to transform the ordinal FIPS 199 impact ratings to ratio data to conduct a quantitative risk analysis 30
31 Analyzing risk to prioritize protection Ordinal to ratio look-up table found in NIST SP Information Security Handbook: A Guide for Managers, page 99 Transforming ordinal risk rankings to interval risk measures
32 Analyzing risk example
33 How do you assess the value of information to an organization?
34 Quantitative Risk Assessment Expected losses can be weighed against the costs of countermeasures and provides a basis for trading infosec costs and benefits. One simple assessment technique calculates the annual loss expectancy (ALE) as a product of the cost of a single event (single loss expectancy, SLE) and the annualized rate of occurrence (ARO) Annual Loss Expectancy = Single Loss Expectancy Annualized Rate of Occurrence NOTE: The calculation assumes total loss of an asset. If an asset retains part of its useful value, the SLE should be adjusted by an appropriate amount.
35 Problem How would you determine the Annual Loss Expectance (ALE) for the theft of the Dean s laptop from the Case Study Snowfall and a stolen laptop?
36 Annual Loss Expectancy Calculation example Note that assumptions of 5% probability and credit monitoring service for 1,000 individuals greatly influence the results
37 Risk management decision Decision: Mitigate expected loss of a dean s laptop through purchase of security countermeasures Avoid Accept Transfer Mitigate
38 Analyze Risk
39 But who really knows the value and impact a breach implies for the business?
40
41 Maintain Risk Profile
42 Where are the people who really know the value of the information and impact a breach implies for the business?
43 Maintain Risk Profile
44 Review:Risk Management Techniques Once threats and risks are identified, each risk can be managed by: 1. Avoidance 2. Acceptance 3. Transfer 4. Mitigation ( Controls )
45 Team Project Preparation Presentations Presentations
46 Team Project Context You and your team have volunteered to participate in a free community information security clinic ( ITACS Clinic ) and provide support to a under-served small local business In a prior meeting your team was introduced to a number of small businesses and community support organizations At that meeting you did a great job introducing your company and the service you are offering through the clinic One organization that attended the meeting has taken you up on your offer, and signed up to meet with you and receive intensive help from your team
47 Team Project Assignment Prepare and deliver a presentation to the owners/ leaders of the business that: 1. Educates them about the process you will use to help them secure their computers and data 2. Instructs them about the homework they need to do: i.e. the information you need them to prepare and bring with them to your next meeting 3. Motivates them to do their homework based on an understanding of why the information you are asking for is important to them in planning their business information security i.e. explain how you will use it
48 Team Project Rubric Use of: Educate Instruct Motivate
49 Examples of tools you learned and may consider using in your presentation
50 Test Taking Tip - Eliminate any probably wrong answers first - Focus on the highest likelihood answers for test taking efficiency Here s why: Some of the answers use unfamiliar terms and stand out as unlikely and can therefore be discarded immediately Some answers are clearly wrong and you can recognize them based on your familiarity with the subject The correct answer may require a careful reading of the wording of the question and eliminating the unlikely answers early in the evaluation process helps you focus on key concepts for making the choice 50
51 Example: Test Taking Tip The promotion manager of Northeast Electronics has been made the owner of the department s printers and other resources. The manager can now designate who in the department can use the the large format printer. What term is used to describe this type of access control? A. Mandatory B. Role-Based C. Discretionary D. Distributed Answer: C 51
52 Example: Test Taking Tip The promotion manager of Northeast Electronics has been made the owner of the department s printers and other resources. The manager can now designate who in the department can use the the large format printer. What term is used to describe this type of access control? A. Mandatory B. Role-Based C. Discretionary D. Distributed Answer: C Nothing seems mandatory about this scenario 52
53 Example: Test Taking Tip The promotion manager of Northeast Electronics has been made the owner of the department s printers and other resources. The manager can now designate who in the department can use the the large format printer. What term is used to describe this type of access control? A. Mandatory B. Role-Based C. Discretionary D. Distributed Answer: C Maybe. 53
54 Example: Test Taking Tip The promotion manager of Northeast Electronics has been made the owner of the department s printers and other resources. The manager can now designate who in the department can use the the large format printer. What term is used to describe this type of access control? A. Mandatory B. Role-Based C. Discretionary D. Distributed Answer: C Nothing about roles other than manager in the question 54
55 Example: Test Taking Tip The promotion manager of Northeast Electronics has been made the owner of the department s printers and other resources. The manager can now designate who in the department can use the the large format printer. What term is used to describe this type of access control? A. Mandatory B. Role-Based C. Discretionary D. Distributed Answer: C Distributed is not relevant to the information in the question 55
56 Example: Test Taking Tip The promotion manager of Northeast Electronics has been made the owner of the department s printers and other resources. The manager can now designate who in the department can use the the large format printer. What term is used to describe this type of access control? A. Mandatory B. Role-Based C. Discretionary D. Distributed Answer: C 56
57 Quiz 57
58 Quiz Bonus question A year ago when Sam carried out a risk analysis, he determined that the company was at too much of a risk when it came to potentially loosing trade secrets. The countermeasures his team implemented reduced this risk, and Sam determined that the annualized loss expectancy of the risk of a trade secret being stolen once in a hundred-year period is now $400. What is the associated single loss expectancy value in this scenario?
59 Agenda Where Role of InfoSec categorization fits Risk evaluation Who is responsible Risk management techniques Test taking tip Quiz
Risk Management FUN! Humor Me
Risk Management FUN! Humor Me Leveraging Project Risk Management to Solidify Your RIM Business Continuity P R E S E N T E D B Y : M A R Y L. C L I N T O N, M B A, P M P W E D N E S D A Y, J U N E 2 1,
More informationIT Security Plan Governance and Risk Management Processes Address Cybersecurity Risks ID.GV-4
IT Security Plan Governance and Risk Management Processes Audience: NDCBF Staff Implementation Date: January 2018 Last Reviewed/Updated: January 2018 Contact: IT@ndcbf.org Overview... 2 Applicable Controls
More informationSections of the ORSA Report
Lessons Learned From Orsa Reviews Impact on Risk Focused Examination NAIC Insurance Summit INS Companies Joe Fritsch, Director INS Companies Don Carbone, Exam Manager INS Companies Sections of the ORSA
More informationBest Practices in ENTERPRISE RISK MANAGEMENT. [ Managing Risks Holistically ]
Best Practices in ENTERPRISE RISK MANAGEMENT [ Managing Risks Holistically ] INTRODUCTIONS MODERATOR: Bob Lipps, JD, CPA PANELISTS: Ron Wilcox Abel Pomar Karen Gordon, Esq. THE EVOLUTION OF RISK Traditional
More informationSecurity Risk Management
Security Risk Management Related Chapters Chapter 53: Risk Management Also Chapter 32 Security Metrics: An Introduction and Literature Review Chapter 62 Assessments and Audits 2 Definition of Risk According
More informationRisk Management. CITS5501 Software Testing and Quality Assurance
Risk Management CITS5501 Software Testing and Quality Assurance (Source: Pressman, R. Software Engineering: A Practitioner s Approach. McGraw-Hill, 2005) 2017, Semester 1 Definition of Risk A risk is a
More informationRunning Head: Information Security Risk Assessment Methods, Frameworks and Guidelines
Running Head: Information Security Risk Assessment Methods, Frameworks and Guidelines Information Security Risk Assessment Methods, Frameworks and Guidelines Michael Haythorn East Carolina University Abstract
More informationDefense trees for economic evaluation of security investments Stefano Bistarelli Fabio Fioravanti Pamela Peretti
Defense trees for economic evaluation of security investments Stefano Bistarelli Fabio Fioravanti Pamela Peretti Dipartimento di Scienze Università degli Studi G. d Annunzio Pescara, Italy How to protect
More informationLCS International, Inc. PMP Review. Chapter 6 Risk Planning. Presented by David J. Lanners, MBA, PMP
PMP Review Chapter 6 Risk Planning Presented by David J. Lanners, MBA, PMP These slides are intended to be used only in settings where each viewer has an original copy of the Sybex PMP Study Guide book.
More informationRisk Management. Webinar - July 2017
Risk Management Webinar - July 2017 Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small Adapted and Facilitated by: Professor Enslin J. van Rooyen Risk Management - June 2017 2 Defining Risk
More informationRisk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small
Risk Management Seminar June 2017 Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small Defining Risk Risk reflects the chance that the actual event may be different than the planned / expected
More informationInformation Security Risk Management
Information Security Risk Management Based on ISO/IEC 17799 Houman Sadeghi Kaji Spread Spectrum Communication System PhD., Cisco Certified Network Professional Security Specialist BS7799 LA info@houmankaji.net
More informationPillar 3 Disclosure and Policy. Stenham Asset Management (UK) Plc. ( The Firm )
Pillar 3 Disclosure and Policy Stenham Asset Management (UK) Plc. ( The Firm ) May 2017 The following information is provided pursuant to the Pillar 3 disclosure rules as laid out by the Financial Conduct
More informationNorthwest Regional Data Center
Northwest Regional Data Center Located in Tallahassee, Florida, NWRDC was founded in 1972 as one of four regional data centers serving State University System of Florida. We have been providing services
More informationNagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0
Nagement Revenue Scotland Risk Management Framework Revised [ ]February 2016 Table of Contents Nagement... 0 1. Introduction... 2 1.2 Overview of risk management... 2 2. Policy Statement... 3 3. Risk Management
More informationProcedure for Address Business Risk and Opportunities
1. SUMMARY 1.1. The purpose of this procedure is to manage the business risks and opportunities that arise from the context of BLK/Elite and the requirements of interested parties. 1.2. This procedure
More informationRisk Management Plan for the <Project Name> Prepared by: Title: Address: Phone: Last revised:
for the Prepared by: Title: Address: Phone: E-mail: Last revised: Document Information Project Name: Prepared By: Title: Reviewed By: Document Version No: Document Version Date: Review Date:
More informationThe Components of a Sound Emerging Risk Management Framework
North American CRO Council The Components of a Sound Emerging Risk Management Framework December 6, 2012 2012 North American CRO Council Incorporated chairperson@crocouncil.org North American CRO Council
More informationNagement. Revenue Scotland. Risk Management Framework
Nagement Revenue Scotland Risk Management Framework Table of Contents 1. Introduction... 2 1.2 Overview of risk management... 2 2. Policy statement... 3 3. Risk management approach... 4 3.1 Risk management
More information2018 THE STATE OF RISK OVERSIGHT
2018 THE STATE OF RISK OVERSIGHT AN OVERVIEW OF ENTERPRISE RISK MANAGEMENT PRACTICES 9 TH EDITION MARCH 2018 Mark Beasley Bruce Branson Bonnie Hancock Deloitte Professor of ERM Director, ERM Initiative
More informationRisk Management & FMEAs. By Jay P. Patel, ASQ Fellow CEO & President QPS Institute
Risk Management & FMEAs By Jay P. Patel, ASQ Fellow CEO & President QPS Institute Learning Objectives Understand Risk management process elements Learn the principles involved in the Risk process Know
More informationAIA Group Limited. Terms of Reference for the Board Risk Committee
AIA Group Limited AIA Restricted and Proprietary Information Issued by : Board of AIA Group Limited Date : 26 February 2018 Version : 7.0 Definitions 1. For the purposes of these terms of reference (these
More informationPost-Class Quiz: Information Security and Risk Management Domain
1. Which choice below is the role of an Information System Security Officer (ISSO)? A. The ISSO establishes the overall goals of the organization s computer security program. B. The ISSO is responsible
More informationProject Risk Management
Project Risk Management Introduction Unit 1 Unit 2 Unit 3 PMP Exam Preparation Project Integration Management Project Scope Management Project Time Management Unit 4 Unit 5 Unit 6 Unit 7 Project Cost Management
More information12 GeV CEBAF Upgrade. Risk Management Plan
12 GeV CEBAF Upgrade Risk Management Plan May 29, 2007 12 GeV CEBAF Upgrade Risk Management Plan 1 Apr 05 ISSUE DATE PAGES AFFECTED DESCRIPTION Original CD-2 4/01/05 5/29/07 All All General update to maintain
More informationOverview of ERM Assessment Viewpoints (June 2016) Overview
ERM assessment main category Culture & Governance Control & Capital Adequacy Profile & Measurement Application to Business Management Overview of ERM Assessment Viewpoints (June 2016) Overview Examine
More informationJourney of a Compliance Officer in ERM Implementation. SCCE Regional Conference September 8, Introduction
Journey of a Compliance Officer in ERM Implementation SCCE Regional Conference September 8, 2017 1 Introduction Is there a formal ERM program within your institution? Is their alignment/coordination between
More informationENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.
1. Purpose: 1.1. Pedernales Electric Cooperative ( PEC ) is committed to delivering low-cost, reliable and safe energy solutions for the benefit of our members. In order to improve the likelihood of achieving
More informationAmerican Academy of Actuaries Webinar: The Practice of ERM in the Insurance Industry. Enterprise Risk Management Committee November 19, 2013
American Academy of Actuaries Webinar: The Practice of ERM in the Insurance Industry Enterprise Risk Management Committee November 19, 2013 All Rights Reserved. 1 Presenters Bruce Jones, MAAA, FCAS, CERA
More informationRisk Assessment Models for Healthcare Organizations
Risk Assessment Models for Healthcare Organizations Rebecca Herold. Rebecca All rights Herold. reserved. All rights reserved. Webinar Contributors Rebecca Herold CEO and Founder of The Privacy Professor
More informationRISK M A N A G E M E N T P L A N
CONTENTS LEARNING OUTCOMES... 2 INTRODUCTION... 3 RISK DEFINITION OVERVIEW... 3 RISK MANAGEMENT ROLES AND RESPONSIBILITIES... 3 RISK MANAGEMENT APPROACH... 4 RISK IDENTIFICATION... 4 RISK QUALIFICATION
More informationRisk Management: Assessing and Controlling Risk
Risk Management: Assessing and Controlling Risk Introduction Competitive Disadvantage To keep up with the competition, organizations must design and create a safe environment in which business processes
More informationWe will begin the web conference shortly. When you arrive, please type the phone number from which you are calling into the chat field.
Welcome We will begin the web conference shortly. When you arrive, please type the phone number from which you are calling into the chat field. To login to the audio portion of the web conference, dial
More informationZurich Hazard Analysis (ZHA) Introducing ZHA
Introducing ZHA March 8, 2019 21st Annual Master Property Program Annual Loss Control Workshop Michael Fairfield, CSP Zurich North America - Risk Engineering Introducing ZHA Objectives After this introduction,
More informationRISK MANAGEMENT POLICY October 2015
RISK MANAGEMENT POLICY October 2015 1. INTRODUCTION 1.1 The primary objective of risk management is to ensure that the risks facing the business are appropriately managed. 1.2 Paringa Resources Limited
More informationUSF System Compliance & Ethics Program. Risk Assessment Process. Enterprise-Wide Risk Assessment
USF System Compliance & Ethics Program Risk Assessment Process Enterprise-Wide Risk Assessment Risk Assessment Process Risk Assessment: A disciplined, documented, and ongoing process of identifying and
More information13.1 Quantitative vs. Qualitative Analysis
436 The Security Risk Assessment Handbook risk assessment approach taken. For example, the document review methodology, physical security walk-throughs, or specific checklists are not typically described
More informationPANAMA MARITIME AUTHORITY
PANAMA MARITIME AUTHORITY MERCHANT MARINE CIRCULAR MMC-213 PanCanal Building Albrook, Panama City Republic of Panama Tel: (507) 501-5000 segumar@segumar.com To: Ship-owners/Operators, Company Security
More informationINSE 6230 Total Quality Project Management
INSE 6230 Total Quality Project Management Lecture 6 Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding to risk throughout the life of a project
More informationDRAFT 3/18/14 Financial Analysis Handbook 2014 Annual/2015 Quarterly
ORSA Summary Report The NAIC Risk Management and Own Risk and Solvency Assessment Model Act (Model #505) requires all insurers with direct written premium and unaffiliated assumed premium of $500 million
More informationIndicate whether the statement is true or false.
Indicate whether the statement is true or false. 1. Baselining is the comparison of past security activities and events against the organization s current performance. 2. To determine if the risk to an
More informationIntroduction to Risk for Project Controls
Introduction to Risk for Project Controls By Eukeni Urrechaga, PE Quick view at Project Controls Project Controls, like project management, is much an art as it is a science. The secret of good project
More informationFiduciary Risk Range of Practice - April 2012
Fiduciary Risk Range of Practice - April 2012 This RMA survey was intended to capture the current range of practice in fiduciary risk across a selection of member institutions. The survey was conducted
More informationPresented to: Eastern Idaho Chapter Project Management Institute. Presented by: Carl Lovell, PMP Contract and Technical Integration.
Project Risk Management Tutorial Presented to: Eastern Idaho Chapter Project Management Institute Presented by: Carl Lovell, PMP Contract and Technical Integration March 2009 Project Risk Definition An
More informationMODULE 5 PROJECT RISK MANAGEMENT, PROCUREMENT AND CONTRACTS
Advanced Project Management MODULE 5 PROJECT RISK MANAGEMENT, PROCUREMENT AND CONTRACTS 06 07 November 2018 Facilitator: Mr Mondli Mbambo Module Purpose Project Risk & Procurement Managment Knowledge Risk
More informationSCAF Workshop Integrated Cost and Schedule Risk Analysis. Tuesday 15th November 2016 The BAWA Centre, Filton, Bristol
The following presentation was given at: SCAF Workshop Integrated Cost and Schedule Risk Analysis Tuesday 15th November 2016 The BAWA Centre, Filton, Bristol Released for distribution by the Author www.scaf.org.uk/library
More informationCollege Procedure. 1. Introduction
College Procedure PROCEDURE TYPE: Administrative PROCEDURE TITLE: Risk Management Procedure PROCEDURE NO.: ADMIN-223.1 RESPONSIBILITY: Chief Administrative Officer and Chief Financial Officer APPROVED
More informationIntro Public-Private Partnership (P3) Finance Course
Intro Public-Private Partnership (P3) Finance Course Identifying P3 Projects and Knowing the Atmosphere Kylee Anastasi Director, Capital Projects and Infrastructure Advisory PricewaterhouseCoopers LLP
More informationCRISC. Isaca CRISC Certified in Risk and Information Systems Control Version: 1.0
Isaca CRISC Certified in Risk and Information Systems Control Version: 1.0 1 Topic 1, Volume A QUESTION: 1 Which of the following is the MOST important reason to maintain key risk indicators (KRIs)? A.
More informationAN INTRODUCTION TO RISK CONSIDERATION
AN INTRODUCTION TO RISK CONSIDERATION Introduction This cookbook aims at recalling basic concepts and providing simple tools and possibilities of applying the "considering of risks and opportunities" in
More informationQualitative versus Quantitative Analysis. two types of assessments Qualitative and Quantitative.
USING THE CRITICAL ASSET AND INFRASTRUCTURE RISK ANALYSIS (CAIRA) METHODOLOGY The All-Hazards Approach to Conducting Security Vulnerability Assessment and Risk Analysis By Doug Haines In order to accomplish
More informationRisk Management Policy
Risk Management Policy April 2017 1 Introduction 1.1 The primary objective of risk management is to ensure that the risks facing the business are appropriately managed. 1.2 Force is committed to ensuring
More informationObjectives. What is Risk? But a Plan is not Reality. Positive Risks? What do we mean by Uncertainty?
Objectives RISK MANAGEMENT What is risk? Why should risk be managed? How do we identify risk? How do we manage risk? What is Risk? Definition: An uncertain event or condition that, if it occurs, has a
More informationEffective Risk Management, Measurement, Monitoring & Control
Effective Management, Measurement, Monitoring & Control Project Management Focus Presented by: Karen Yvonne Lucas, PMP kylucas@gmail.com 202 352 4397 Effective Management, Measurement, Monitoring & Control
More informationUnderstanding Enterprise Risk Management: An Overview
Understanding Enterprise Risk Management: An Overview 05/2016 What is Risk? An uncertain event It exists in the future Has a cause and effect Impacts objectives Its effect may be positive and/or negative
More informationComparison of Risk Analysis Methods: Mehari, Magerit, NIST and Microsoft s Security Management Guide
Comparison of Risk Analysis Methods: Mehari, Magerit, NIST800-30 and Microsoft s Security Management Guide Amril Syalim Graduate School of Information Science and Electrical Engineering Kyushu University,
More informationSouth Lanarkshire College Risk Management Policy and Procedures
1. Purpose This policy and its procedures detail and communicate the College s approach to risk management. 2. Policy Statement South Lanarkshire College will effectively manage risk, taking all reasonable
More information6/10/2014. Chapter 9 Operating Budgets. Quiz #3 Review Break Even Homework Chapters 9 & (10 maybe) Last Homework Assignment
Quiz #3 Review Break Even Homework Chapters 9 & (10 maybe) Last Homework Assignment Chapter 9 Operating Budgets Upon completion of this unit, each student will be able to: Understand how operational budgets
More informationRISK MANAGEMENT PROFESSIONAL. 1 Powered by POeT Solvers Limited
RISK MANAGEMENT PROFESSIONAL 1 www.pmtutor.org Powered by POeT Solvers Limited This presentation is copyright 2009 by POeT Solvers Limited. All rights reserved. This presentation is protected by the Nigerian
More informationSCCE 2012 COMPLIANCE & ETHICS INSTITUTE. Workshop Agenda
SCCE 2012 COMPLIANCE & ETHICS INSTITUTE October 14, 2012 l Las Vegas, NV Ethics & Compliance Risk Management 101: Program Essentials and Effective Practice Key Steps to Implementing and Championing an
More informationRisk Management at Central Bank of Nepal
Risk Management at Central Bank of Nepal A. Introduction to Supervisory Risk Management Framework in Banks Nepal Rastra Bank(NRB) Act, 2058, section 35 (a) requires the NRB management is to design and
More informationPolicy Number: 040 Risk Management August 2018
Policy Number: 040 Risk Management August 2018 Policy Details 1. Owner Manager, Business Services 2. Compliance is required by Staff, contractors and volunteers 3. Approved by The Commissioner 4. Date
More informationProcedures for Management of Risk
Procedures for Management of Policy Sponsor: Name of Parent Policy: Policy Contact: Procedure Contact: Vice President Finance and Administration Enterprise Management Policy Vice President Finance and
More informationRISK ANALYSIS GUIDE FOR PRIVATE INITIATIVE PROJECTS
N A T I O N A L C O N C E S S I O N C O U N C I L RISK ANALYSIS GUIDE FOR PRIVATE INITIATIVE PROJECTS PREPARED BY: ENGINEER ÁLVARO BORBON M. PRIVATE INITIATIVE PROGRAM DECEMBER 2008 INDEX Guide Purpose...
More information0470_022817_03_chap01.fm Page 11 Wednesday, September 8, :29 PM. Part I The basics of project risk management
0470_022817_03_chap01.fm Page 11 Wednesday, September 8, 2004 3:29 PM Part I The basics of project risk management 0470_022817_03_chap01.fm Page 12 Wednesday, September 8, 2004 3:29 PM 0470_022817_03_chap01.fm
More informationThe Proactive Quality Guide to. Embracing Risk
The Proactive Quality Guide to Embracing Risk Today s Business Uncertainties Are Driving Risk Beyond the Control of Every Business. Best Practice in Risk Management Can Mitigate these Threats The Proactive
More informationFraud Risk Management
Fraud Risk Management Fraud Risk Assessment Part 2 2017 Association of Certified Fraud Examiners, Inc. Fraud Risk Assessment Frameworks Frameworks are helpful for performing, evaluating, and reporting
More informationThe Evolution of Risk Management and The Risk Management Process
The Evolution of Risk Management and The Risk Management Process The Evolution of Analytical Risk-Management Tools 1938 Bond Duration 1952 Markowitz mean-variance framework 1963 Sharpe s capital asset
More information2.2 For Board Members to approve the five high risks the Trust is facing:
HEREFORD HOSPITALS NHS TRUST PUBLIC BOARD MEETING 28 TH JANUARY 2011 COMPANY SECRETARY S REPORT NICOLA.LICENCE@HHTR.NHS.UK BOARD ASSURANCE FRAMEWORK 1.0 INTRODUCTION 1.1 The attached Board Assurance Framework
More informationProject Management for the Professional Professional Part 3 - Risk Analysis. Michael Bevis, JD CPPO, CPSM, PMP
Project Management for the Professional Professional Part 3 - Risk Analysis Michael Bevis, JD CPPO, CPSM, PMP What is a Risk? A risk is an uncertain event or condition that, if it occurs, has a positive
More informationQuantitative Risk Modelling, Calibration and Continuous Improvement CK UMACHI RISK MANAGEMENT ENGINEER - TIMP PACIFIC GAS & ELECTRIC
Quantitative Risk Modelling, Calibration and Continuous Improvement CK UMACHI RISK MANAGEMENT ENGINEER - TIMP PACIFIC GAS & ELECTRIC Agenda Relative vs Quantitative Risk Models PG&E s Risk Model History
More informationBERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework
BERGRIVIER MUNICIPALITY Risk Management Risk Appetite Framework APRIL 2018 1 Document review and approval Revision history Version Author Date reviewed 1 2 3 4 5 This document has been reviewed by Version
More informationStrategic Security Management: Risk Assessments in the Environment of Care. Karim H. Vellani, CPP, CSC
Strategic Security Management: Risk Assessments in the Environment of Care Karim H. Vellani, CPP, CSC Securing the environment of care is a challenging and continual effort for most healthcare security
More informationAMA Implementation: Where We Are and Outstanding Questions
Federal Reserve Bank of Boston Implementing AMA for Operational Risk May 20, 2005 AMA Implementation: Where We Are and Outstanding Questions David Wildermuth, Managing Director Goldman, Sachs & Co Agenda
More informationPresenting and Understanding Risk Management
The best source of information and training on Aboriginal finance and management The Aboriginal Finance and Management Capacity Development Series Presenting and Understanding Risk Management A Practical
More informationORSA requirements: Model risk management for insurance companies
ORSA requirements: Model risk management for insurance companies Insurance companies are being required to implement a model risk management (MRM) program. The National Association of Insurance Commissioners
More informationEnhanced Cyber Risk Management Standards. Advance Notice of Proposed Rulemaking
Draft 11/29/16 Enhanced Cyber Risk Management Standards Advance Notice of Proposed Rulemaking The left column in the table below sets forth the general concepts that the federal banking agencies are considering
More informationThe Guide to Budgeting for Insider Threat Management
The Guide to Budgeting for Insider Threat Management The Guide to Budgeting for Insider Threat Management This guide is intended to help show you how to approach including Insider Threat Management within
More informationWhat Is Enterprise Risk Management?
What Is Enterprise Risk Management? April 24, 2006 Marty Przygoda AVP, Enterprise Risk Management 2002 Allstate Insurance Company Before we start talking about ERM, it might be helpful to know who we are...
More informationEnterprise Risk Management
Enterprise Risk Management Southeastern Actuaries Conference Rebecca Scotchie June 2011 ERM is 2 1 Agenda What is ERM? Why is risk management important? ERM maturity model/evolution of ERM ERM Framework
More informationRisk Management Policy and Framework
Risk Management Policy and Framework Risk Management Policy Statement ALS recognises that the effective management of risks is a fundamental component of good corporate governance and is vital for the
More informationTONGA NATIONAL QUALIFICATIONS AND ACCREDITATION BOARD
TONGA NATIONAL QUALIFICATIONS AND ACCREDITATION BOARD RISK MANAGEMENT FRAMEWORK 2017 Overview Tonga National Qualifications and Accreditation Board (TNQAB) was established in 2004, after the Tonga National
More informationManaging Project Risks. Dr. Eldon R. Larsen, Marshall University Mr. Ryland W. Musick, West Virginia Division of Highways
Managing Project Risks Dr. Eldon R. Larsen, Marshall University Mr. Ryland W. Musick, West Virginia Division of Highways Abstract Nearly all projects have risks, both known and unknown. Appropriately managing
More informationProject Selection Risk
Project Selection Risk As explained above, the types of risk addressed by project planning and project execution are primarily cost risks, schedule risks, and risks related to achieving the deliverables
More informationAn Update On Association Policies, Health Checks & Guidelines To A Safer Hockey Association. Lauren Woods Member Engagement & Operations
An Update On Association Policies, Health Checks & Guidelines To A Safer Hockey Association Lauren Woods Member Engagement & Operations Association Health Checks Issues arising from the health check: 3/27
More informationDocumentation Control. Hazard Identification, Risk Assessment and Management Procedure. (This document is linked GG/CM/007- Risk Management Policy)
Documentation Control Reference: Date approved: 24 November 2016 Approving Body: (This document is linked GG/CM/007- Risk Management Policy) Trust Board (Medical Director) Implementation Date: 24 November
More informationIngenious Capital Management Limited: Pillar III Disclosure
CONTENTS 1. Introduction 2. Risk Management 3. Capital Resources 4. Internal Capital Adequacy Assessment Process (ICAAP) 5. Remuneration Policy Disclosure 1. INTRODUCTION 1.1 Scope of Application Ingenious
More informationRisk Assessment for Drug Products with Device Components
Risk Assessment for Drug Products with Device Components Khaudeja Bano, M.D. Senior Medical Director, Medical Device Safety Head, Pharmacovigilance and Patient Safety AbbVie Inc. Process consisting of:
More informationRISK MANAGEMENT. Budgeting, d) Timing, e) Risk Categories,(RBS) f) 4. EEF. Definitions of risk probability and impact, g) 5. OPA
RISK MANAGEMENT 11.1 Plan Risk Management: The process of DEFINING HOW to conduct risk management activities for a project. In Plan Risk Management, the remaining FIVE risk management processes are PLANNED
More informationRolling Up Operational Risk
Rolling Up Operational Risk SHARI BREITEN Director, Operational Risk September 17, 2015 Historical Perspective Goals & Objectives Industry Challenges Solutions HISTORICAL PERSPECTIVE: Regulatory Environment
More informationRisk Management Strategy Draft Copy
Risk Management Strategy 2017 Draft Copy FOREWORD Welcome to the Council s Strategic & Operational Risk Management Strategy, refreshed in May 2017. The aim of the Strategy is to improve strategic and operational
More informationQualitative Tree Risk Assessment
Qualitative Tree Risk Assessment By E. Thomas Smiley, Nelda Matheny, and Sharon Lilly Editor s Note: The following article is the second in an extensive series of CEU items on tree risk assessment. Future
More informationENTERPRISE RISK MANAGEMENT IN HEALTH CARE. April 27, 2017
ENTERPRISE RISK MANAGEMENT IN HEALTH CARE April 27, 2017 Presenters Adam Marshall Director, Risk Advisory Services Jessika Garis Manager, Risk Advisory Services RSM US LLP Adam.Marshall@rsmus.com +1 410
More informationMaking the Jump to Risk Management. Jeff Blackmon, FBCI, CISSP, CBCP, ITIL Strategic Continuity Solutions, LLC.
Making the Jump to Risk Management Jeff Blackmon, FBCI, CISSP, CBCP, ITIL Strategic Continuity Solutions, LLC. Jeff Blackmon, FBCI, CISSP, CBCP, ITIL Started BC/DR planning work in the mid 1980 s Financial
More informationRisk Analysis and Management. May 2011 ISO 14971
Risk Analysis and Management Qsite May 2011 ISO 14971 1 Agenda Definitions Risk Management Development Phases Process Hazards Evaluation Residual Risk 2 Why Do We Need Risk Analysis 1. Quantify the risk
More informationSenior Director, Fire Life Safety & Risk Management
Page 1 of 3 Enterprise Risk Management Policy Item 4 November 15, 2018 Building Investment, Finance and Audit Committee Report: To: From: BIFAC:2018-66 Building Investment, Finance and Audit Committee
More informationWhite Paper. Not Just Knowledge, Know How! Artificial Intelligence for Finance!
` Not Just Knowledge, Know How! White Paper Artificial Intelligence for Finance! An exploration of the use of Artificial Intelligence (AI) in the management of Budgeting, Planning and Forecasting (BP&F)
More informationINTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R
INTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R Operational Risk Management Today Companies are struggling to obtain a holistic view of risk and
More informationRisk is about something bad happening AND / OR something good not happening. Lost potential and / or lost opportunity.
ENTERPRISE RISK MANAGEMENT (ERM) POLICY AND PROCEDURE AS APPROVED BY THE BOARD OF DIRECTORS OF RASHTRIYA ISPAT NIGAM LTD AT ITS 245 TH MEETING HELD ON 9.3.2010 1.0 PREAMBLE: Many a times Organizations
More informationAhsan Jamal. Case Study IDENTIFYING AND MANAGING KEY RISKS IN CONSTRUCTION PROJECTS
Ahsan Jamal Case Study IDENTIFYING AND MANAGING KEY RISKS IN CONSTRUCTION PROJECTS Introduction For the last couple of years, we have seen enormous growth in the construction industry of Pakistan due to
More information