Applying the risk process in the real world using COBIT
|
|
- Marshall Bond
- 6 years ago
- Views:
Transcription
1 Applying the risk process in the real world using COBIT Christian Dinesen NNIT A/S
2 #Who Am I Last 4 NNIT 2 years as Security Auditor 2 years as Security Advisor/Architect Hacker since 1994 CISA, CISM
3 Hacker Cyber Criminal? A hacker is someone who thinks outside the box. It's someone who discards conventional wisdom, and does something else instead. It's someone who looks at the edge and wonders what's beyond. It's someone who sees a set of rules and wonders what happens if you don't follow them. A hacker is someone who experiments with the limitations of systems for intellectual curiosity Bruce Schneier, Secrets and Lies 2000
4 Shout Out Inspiration and context
5 Disclaimer The views and opinions expressed in this presentation are those of the authors and do not necessarily represent official policy or positions at the authors workplace.
6 QUOTE Turning IT Risk into Business Risk Mapping Business Risk to Business goals
7 Risk perception & definitions Assessing Risk w/examples Governance vs. Management Risk Process & Scenarios w/examples Respond to Risk Risk Capacity & Profile w/examples
8 Risk perception Why are we so bad at assessing risk? Risks that are Abstract Slowly progressing Kind of unlikely Like Cancer Car accidents Hacker attacks Are perceived way to small!! Actual Risk Perceived Risk
9 Risk Definitions Risk the possibility of a situation or event with uncertain frequency and magnitude of loss (or gain) occurring that is associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise Threat Vulnerability Risk Appetite Risk Tolerance Risk Optimization Risk Hierarchy
10 Categories in Assessing Risk Inherent Risk Residual Risk Control Risk Detection Risk The risk associated with an event when no controls are in place The risk that is associated with an event after controls have been applied Results from the internal control systems failure to prevent, detect or correct an incident in a timely manner Prescribed controls, substantive testing or monitoring will fail to detect an error that could be material
11 Defacements of.dk websites
12 Governance vs. Management Ensure that IT-related enterprise risk does not exceed risk appetite and risk tolerance, the impact of IT risk to enterprise value is identified and managed, and the potential for compliance failures is minimized o o o Evaluate risk management Direct risk management Monitor risk management Integrate the management of IT-related enterprise risk with overall ERM, and balance the costs and benefits of managing IT-related enterprise risk o o o o o o o Collect data Analyze risk Maintain a risk profile Articulate risk Define a risk management action portfolio Respond to risk
13 Risk Management Process Identify Risk Assess Risk Respond to Risk Control & Monitor
14 Risk Scenarios Top-down and Bottom-up Both approaches are complementary and should be used simultaneously. Risk scenarios must be relevant and linked to real business risk. Specific risk items for each enterprise and critical business requirements need to be considered in the enterprise risk scenarios. COBIT 5 for Risk provides a comprehensive set of generic risk scenarios. These should be used as a reference to reduce the chance of overlooking major/common risk scenarios.
15 COBIT 5 Risk Scenario Structure
16 Risk Scenarios Identify Risk Scenarios Threat Types Malicious Accidental Error / Failure Nature External requirement Actors Internal External Event Disclosure Interruption Modification Theft Inappropriate use
17 Attack on the mobile platform and data
18 Phising s
19 Assess Scenarios
20 Timeline on WannaCry 2013 AUG 2016 JAN 2016 FEB 2017 FEB 2017 MAY NSA Tools Stolen Shadow Brokers Emerges Shadow Brokers announces auction of NSA tools Microsoft cancels Patch Tuesday for the first time Microsoft releases SMC updates for supported OS s WannaCry outbreak begins First WannaCry samples seen in VirusTotal
21 Linking Enterprise and IT Risk
22 Goals Cascade Overview
23 Respond to Risk Accept Avoid Mitigate Share/Transfer
24 Accept the Risk?
25 Types of Controls
26 Risk Capacity Risk Appetite The broad-based amount of risk in different aspects that an enterprise is willing to accept in pursuit of its mission Risk Tolerance The acceptable level of variation that management is willing to allow for any particular risk as it pursues objectives Risk Capacity The cumulative loss an enterprise can tolerate without risking its continued existence. As such, it differs from risk appetite, which is more on how much risk is desirable.
27 Risk Capacity Left diagram A relatively sustainable situation Risk appetite is lower than risk capacity Actual risk exceeds risk appetite in a number of situations, but always remains below the risk capacity Right diagram An unsustainable situation Risk appetite is defined at a level beyond risk capacity; this means that management is prepared to accept risk well over its capacity to absorb loss As a result, actual risk routinely exceeds risk capacity even when staying almost always below the risk appetite level. This usually represents an unsustainable situations
28 Maintain Risk Profile Maintain the inventory of known risks and their attributes (including expected frequency, potential impact and responses) as well as resources, capabilities and current control activities Register Resulting from risk analysis, consists of a list of risk scenarios and their associated estimates for impact and frequency Action Plan Includes action items, status, responsible, deadline, etc Loss Events Loss data related to events occurring over the last reporting period(s) Risk Factors Both contextual risk factors and capabilityrelated risk factors Independent Assessment Findings Result of independent assessments (e.g., audit findings, self assessments)
29 Risk profile towards IoTs
30 QUOTE Turning IT Risk into Business Risk Mapping Business Risk to Business goals
31 Christian Dinesen
Enhanced Cyber Risk Management Standards. Advance Notice of Proposed Rulemaking
Draft 11/29/16 Enhanced Cyber Risk Management Standards Advance Notice of Proposed Rulemaking The left column in the table below sets forth the general concepts that the federal banking agencies are considering
More informationBest Practices in ENTERPRISE RISK MANAGEMENT. [ Managing Risks Holistically ]
Best Practices in ENTERPRISE RISK MANAGEMENT [ Managing Risks Holistically ] INTRODUCTIONS MODERATOR: Bob Lipps, JD, CPA PANELISTS: Ron Wilcox Abel Pomar Karen Gordon, Esq. THE EVOLUTION OF RISK Traditional
More informationIAASB CAG REFERENCE PAPER IAASB CAG Agenda (December 2005) Agenda Item I.2 Accounting Estimates October 2005 IAASB Agenda Item 2-B
PROPOSED INTERNATIONAL STANDARD ON AUDITING 540 (REVISED) (Clean) AUDITING ACCOUNTING ESTIMATES AND RELATED DISCLOSURES (OTHER THAN THOSE INVOLVING FAIR VALUE MEASUREMENTS AND DISCLOSURES) (Effective for
More informationENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals
Purpose This Enterprise Risk Management Policy (the ERM policy) provides the framework for managing risks across ( RGHC or the Company ). It contains the policies to guide employees, management and the
More informationClient Risk Solutions Going beyond insurance. Risk solutions for Real Estate. Start
Client Risk Solutions Going beyond insurance Risk solutions for Real Estate Start Partnering to Reduce Risk Real estate owners, operators, managers and developers act vigorously to maintain profitability
More informationMEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework
MEMORANDUM To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 Re: ERM Policy and Framework Executive Summary Attached are the draft Enterprise Risk Management
More informationUnderstanding Enterprise Risk Management: An Overview
Understanding Enterprise Risk Management: An Overview 05/2016 What is Risk? An uncertain event It exists in the future Has a cause and effect Impacts objectives Its effect may be positive and/or negative
More informationBreak the Risk Paradigms - Overhauling Your Risk Program
SESSION ID: GRC-T11 Break the Risk Paradigms - Overhauling Your Risk Program Evan Wheeler MUFG Union Bank Director, Information Risk Management Your boss asks you to identify the top risks for your organization
More informationก ก Tools and Techniques for Enterprise Risk Management (ERM)
ก ก Tools and Techniques for Enterprise Risk Management (ERM) COSO ERM ISO ERM 31 2554 10:45 12:15.. 301, 302, 307 ก ก COSO Internal Control ERM Integrated Framework Application Technique ISO 31000 Guide
More informationAt the Heart of Cyber Risk Mitigation
At the Heart of Cyber Risk Mitigation De-risking Cyber Threats with Insurance Vikram Singh Abstract Management of risks is an integral part of the insurance industry. Companies have succeeded in identifying
More informationRisk Management Policy
Risk Management Policy May 2018 Contents 1.0 Purpose... 3 2.0 Scope... 3 3.0 Risk appetite... 3 4.0 Risk management process... 4 5.0 Measuring success... 7 6.0 Review of policy... 7 Appendix A Definitions
More informationProcedures for Management of Risk
Procedures for Management of Policy Sponsor: Name of Parent Policy: Policy Contact: Procedure Contact: Vice President Finance and Administration Enterprise Management Policy Vice President Finance and
More informationDelivering Clarity to Credit Unions Through Expertise and Experience
Jeff Owen, The Rochdale Group September 2012 Delivering Clarity to Credit Unions Through Expertise and Experience Enterprise Risk Management Lending Execution and Risk Management Merger Strategy and Realization
More information7/25/2013. Presented by: Erike Young, MPPA, CSP, ARM. Chapter 2. Root Cause Analysis
Presented by: Erike Young, MPPA, CSP, ARM 1 Chapter 2 Root Cause Analysis 1 Introduction to Root Cause Analysis Root Cause The event or circumstance that directly leads to an occurrence Root Cause Analysis
More informationRisk Management Policy
Risk Management Policy Contents Executive summary... 3 Aim & introduction... 3 Definitions... 3 Consequence... 3 Event... 3 Likelihood... 3 Risk... 4 Risk Appetite... 4 Risk Management... 4 Risk Management
More informationBusiness Auditing - Enterprise Risk Management. October, 2018
Business Auditing - Enterprise Risk Management October, 2018 Contents The present document is aimed to: 1 Give an overview of the Risk Management framework 2 Illustrate an ERM model Page 2 What is a risk?
More informationApplying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004
Applying COSO s Enterprise Risk Management Integrated Framework September 29, 2004 Today s organizations are concerned about: Risk Management Governance Control Assurance (and Consulting) ERM Defined:
More informationThe working roundtable was conducted through two interdisciplinary panel sessions:
As advancements in technology enhance productivity, develop new businesses and enhance economic growth, malicious actors continue to advance as well, seeking to exploit technology for any number of criminal
More informationRisk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic
Document uncontrolled when printed Policy No. 14 Risk Management DOCUMENT CONTROL Version: Date approved by Board: On behalf of Board: Jack Wegman 17 March 2015 26 March 2015 Denis Moroney President Next
More informationEnergize Your Enterprise Risk Management
Energize Your Enterprise Risk Management Presented By Mark Caiazzo, CISA, CISM, CRISC Tammy Michaud, CPA May 15, 2017 Reviewed: Agenda Enterprise Risk Management Defined Benefits of ERM Key Components
More informationOMB Update Enterprise Risk Management. April, 2018
OMB Update Enterprise Risk Management April, 2018 1 Current Risk Environment Facing Federal Government The Federal government is facing greater change than at any other point in time Current budget realities
More informationApplying COSO s Enterprise Risk Management Integrated Framework
Applying COSO s Enterprise Risk Management Integrated Framework COSO COSO stands for the Committee Of Sponsoring Organizations of the Treadway Commission. The sponsoring organizations are: Institute of
More informationM_o_R (2011) Foundation EN exam prep questions
M_o_R (2011) Foundation EN exam prep questions 1. It is a responsibility of Senior Team: a) Ensures that appropriate governance and internal controls are in place b) Monitors and acts on escalated risks
More informationBERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework
BERGRIVIER MUNICIPALITY Risk Management Risk Appetite Framework APRIL 2018 1 Document review and approval Revision history Version Author Date reviewed 1 2 3 4 5 This document has been reviewed by Version
More informationCyber Risks A Reinsurer s Perspective on Exposure & Claims. EMEA Claims Conference 2018, Rüschlikon, 6th 7th March, Anthony Cordonnier
Cyber Risks A Reinsurer s Perspective on Exposure & Claims EMEA Claims Conference 2018, Rüschlikon, 6th 7th March, Anthony Cordonnier Cyber: a claims sprint through the last year (and a bit ) Source: wikipedia.org
More informationCyber Risk Quantification: Translating technical risks into business terms
Cyber Risk Quantification: Translating technical risks into business terms Jesper Sachmann RSA Denmark 13-06-2018 1 CYBER RISK QUANTIFICATION: TRANSLATING TECHNICAL RISKS INTO BUSINESS TERMS Jesper Sachmann
More informationFIRMA Nashville Tennessee April 21, 2015
FIRMA Nashville Tennessee April 21, 2015 Brian J. Pinkerton T. Kevin Whalen Enterprise risk management (ERM) is the process of planning, organizing, leading, and controlling the activities of an organization
More informationENTERPRISE RISK MANAGEMENT Framework
STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES ENTERPRISE RISK MANAGEMENT Framework January 2018 Ce document est également disponible en français. Notice This document is intended as a reference tool
More informationLargest Risk for Public Pension Plans (Other Than Funding) Cybersecurity
Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity 2017 Public Safety Employees Pension & Benefits Conference Ronald A. King (517) 318-3015 rking@ I am convinced that there are only
More informationENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.
1. Purpose: 1.1. Pedernales Electric Cooperative ( PEC ) is committed to delivering low-cost, reliable and safe energy solutions for the benefit of our members. In order to improve the likelihood of achieving
More informationGoodman Group. Risk Management Policy. Risk Management Policy
Goodman Group Contents 1. Overview... 3 1.1 Introduction... 3 1.2 Objectives of the... 3 1.3 Application... 3 1.4 Operative Provisions... 4 2. Risk Management... 5 2.1 Overview of Risk Management... 5
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY CROW WING COUNTY BRAINERD, MINNESOTA Adopted by County Board November 12, 2013 Amended October 24, 2017 Our Vision: Being Minnesota s favorite place. Our Mission: Serve
More informationRisk Assessment Process. Information Security
Risk Assessment Process Information Security February 2014 Crown copyright. This copyright work is licensed under the Creative Commons Attribution 3.0 New Zealand licence. In essence, you are free to copy,
More informationInternational Standard on Auditing (UK) 540 (Revised June 2016)
Standard Audit and Assurance Financial Reporting Council June 2016 International Standard on Auditing (UK) 540 (Revised June 2016) Auditing Accounting Estimates, Including Fair Value Accounting Estimates,
More informationEnterprise Risk Management Integrated Framework
ISACA S IT Audit, Information Security & Risk Insights Africa 2014, Alisa Hotel Enterprise Risk Management Integrated Framework Tony Bediako May 20, 2014 Today s organizations are concerned about: Risk
More informationSOLID GROUP INC. ENTERPRISE RISK MANAGEMENT POLICY
SOLID GROUP INC. ENTERPRISE RISK MANAGEMENT POLICY SECTION 1. PURPOSE This Policy establishes the standards, processes and accountability structure to identify, assess, prioritize and manage key risk exposures
More informationEnterprise Risk Management for Water Utilities. Justin Carlton, CMA, MBA Financial Analyst Tualatin Valley Water District
Enterprise Risk Management for Water Utilities Justin Carlton, CMA, MBA Financial Analyst Tualatin Valley Water District Enterprise Risk Management for Water Utilities Washington County, Oregon 2 Presentation
More informationWest Coast District Municipality. Risk Management Policy
West Coast District Municipality Risk Management Policy TABLE OF CONTENTS Page No. RISK MANAGEMENT POLICY 5 1. OVERVIEW 6 1.1. Policy Objective 6 1.2. Policy Statement 6 1.3. Risk Management Approach 6
More informationRisk Management Framework
Risk Management Framework Anglican Church, Diocese of Perth November 2015 Final ( Table of Contents Introduction... 1 Risk Management Policy... 2 Purpose... 2 Policy... 2 Definitions (from AS/NZS ISO 31000:2009)...
More informationRisk Management Strategy January NHS Education for Scotland RISK MANAGEMENT STRATEGY
NHS Education for Scotland RISK MANAGEMENT STRATEGY January 2016 1 Contents 1. NES STATEMENT ON RISK MANAGEMENT 2 RISK MANAGEMENT STRATEGY 3 RISK MANAGEMENT STRUCTURES 4 RISK MANAGEMENT PROCESSES 5 RISK
More informationUnderstanding cyber risk management vs uncertainty with confidence in 2017
Understanding cyber risk management vs uncertainty with confidence in 2017 "When I use a word,' Humpty Dumpty said in rather a scornful tone, 'it means just what I choose it to mean neither more nor less."
More informationHow we manage risk. Risk philosophy. Risk policy. Risk framework
How we manage risk Risk management is integral to the daily operations of our businesses. As a multinational group with activities in over 130 countries, Naspers is exposed to a wide range of risks that
More informationTHERE S NO SUCH THING AS A CYBER- RISK
SESSION ID: GR-W02 THERE S NO SUH THING AS A YBER- RISK Evan Wheeler ISO, VP Risk Management Financial Engines Your boss asks you to identify the top information risks for your organization where do you
More informationBusiness Continuity Management and ERM
Business Continuity Management and ERM Partnership for Emergency Planning Kansas City Marshall Toburen GRC Strategist ERM, ORM, 3PM RSA A division of EMC 2 June 18, 2014 1 Agenda Intro State of ERM Today
More informationTONGA NATIONAL QUALIFICATIONS AND ACCREDITATION BOARD
TONGA NATIONAL QUALIFICATIONS AND ACCREDITATION BOARD RISK MANAGEMENT FRAMEWORK 2017 Overview Tonga National Qualifications and Accreditation Board (TNQAB) was established in 2004, after the Tonga National
More informationApproved by: Diocesan Council 17 December 2015
DIOCESAN COUNCIL POLICY 39 Risk Management Approved by: Diocesan Council 17 December 2015 1 PREAMBLE The Perth Diocesan Trustees under the authority of the Diocesan Trustees Statute 1952 have the responsibility
More informationSociety of Actuaries - ERM Forum, 10 May 2016 A regulatory perspective on consumer risk
Society of Actuaries - ERM Forum, 10 May 2016 A regulatory perspective on consumer risk Helena Mitchell Head of Consumer Protection: Supervision Division Contents What is conduct risk and consumer risk?
More informationSRI LANKA AUDITING STANDARD 540 AUDITING ACCOUNTING ESTIMATES, INCLUDING FAIR VALUE ACCOUNTING ESTIMATES, AND RELATED DISCLOSURES CONTENTS
SRI LANKA AUDITING STANDARD 540 AUDITING ACCOUNTING ESTIMATES, INCLUDING FAIR VALUE ACCOUNTING ESTIMATES, AND RELATED DISCLOSURES (Effective for audits of financial statements for periods beginning on
More informationKidsafe NSW Risk Management Plan. August 2014
Kidsafe NSW Risk Management Plan August 2014 Document Control Document Approval Name & Position Signature Date Document Version Control Version Status Date Prepared By Comments Document Reviewers Name
More informationThe Country Risk Manager as Chief Risk Officer for the Government. Swiss Re, 3 June 2014
The Country Risk Manager as Chief Risk Officer for the Government Swiss Re, 3 June 2014 Agenda Risk management fundamentals across private and public sectors Swiss Re's risk management process as an example
More informationCyber Incident Response When You Didn t Have a Plan
Cyber Incident Response When You Didn t Have a Plan April F. Doss Saul Ewing LLP How serious is the cybersecurity threat? Some sobering numbers from 2015: Over half a billion personal records were stolen
More informationProperty business interruption (technology) Policy wording
Please read the schedule to see if your loss of income, loss of gross profit, increased costs of working or additional increased costs of working are covered or if a first loss limit or flexible business
More informationClient Risk Solutions Going beyond insurance. Risk solutions for Financial Institutions. Start
Client Risk Solutions Going beyond insurance Risk solutions for Financial Institutions Start Partnering to Reduce Risk Financial Institutions compete vigorously to maintain profitability and deliver superior
More informationRisk Associated with Meetings
Risk Associated with Meetings Risks Associated with Meetings & Events: No Company is Exempt Meetings and events remain a necessary way for people and organizations to communicate information, build relationships,
More informationRisk Management at the Deutsche Bundesbank March 2011
Risk Management at the Deutsche Bundesbank March 2011 (C) Deutsche Bundesbank - Division Organisation 1 Agenda Definition of risk management [3] Factors of influence to review the RM set up [4] The Framework
More informationCyber Risk Enlightenment through information risk management
Cyber Risk Enlightenment through information risk management www.pwc.com.au Cyber Risk Enlightenment through information risk management Managing cyber risk in a way that makes sense to everyone in the
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management
INTERNATIONAL STANDARD ISO/IEC 27005 Second edition 2011-06-01 Information technology Security techniques Information security risk management Technologies de l'information Techniques de sécurité Gestion
More informationConsumer Risk Index. An annual survey of the risks Americans believe are most prevalent in their lives
Consumer Risk Index An annual survey of the risks Americans believe are most prevalent in their lives October 2015 Contents Executive summary 1 Key findings 2 Top risks 3 Demographic and regional highlights
More informationSolving Cyber Risk. Security Metrics and Insurance. Jason Christopher March 2017
Solving Cyber Risk Security Metrics and Insurance Jason Christopher March 2017 How We Try to Address Cyber Risk What is Cyber Risk? Definitions Who should be concerned? Key categories of cyber risk Cyber
More informationDEBUNKING MYTHS FOR CYBER INSURANCE
SESSION ID: GRC-F02 DEBUNKING MYTHS FOR CYBER INSURANCE Robert Jones Global Head of Financial Lines Specialty Claims AIG Garin Pace Cyber Product Leader AIG @Garin_Pace Introduction What Is Cyber Insurance?
More informationSixth Annual Benchmark Study on Privacy & Security of Healthcare Data
Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: May 2016 Ponemon Institute Research Report
More informationAuditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures
HKSA 540 Issued July 2009; revised July 2010 Effective for audits of financial statements for periods beginning on or after 15 December 2009 Hong Kong Standard on Auditing 540 Auditing Accounting Estimates,
More informationRisk Management Policy and Procedures.
Risk Management Policy and Procedures. Rev Date Purpose of Issue/Description of Change Date 1. June 2006 Initial Issue 2. November 2009 Revised and updated 6 th November 2009 3. September 2010 Revised
More informationRISK MANAGEMENT FRAMEWORK
RISK MANAGEMENT FRAMEWORK 1. INTRODUCTION (Company) acknowledges that risk is inherent in its business. The Company faces a broad range of risks as a listed entertainment organisation. The Company s risk
More informationAn Introductory Presentation for ECU Staff
Risk Management at ECU An Introductory Presentation for ECU Staff Phillip Draber Manager, Risk and Assurance Outcomes By the end of this session you should: Be able to complete and document risk management
More informationSCCE 2012 COMPLIANCE & ETHICS INSTITUTE. Workshop Agenda
SCCE 2012 COMPLIANCE & ETHICS INSTITUTE October 14, 2012 l Las Vegas, NV Ethics & Compliance Risk Management 101: Program Essentials and Effective Practice Key Steps to Implementing and Championing an
More informationINTEGRATED RISK MANAGEMENT GUIDELINE
INTEGRATED RISK MANAGEMENT GUIDELINE Initial publication: April 2009 Updated: May 2015 TABLE OF CONTENTS Preamble... ii Scope... iii Coming into effect and updating... iv Introduction... v 1. Integrated
More informationHOW TO INSURE CYBER RISKS? Oulu Industry Summit
HOW TO INSURE CYBER RISKS? Oulu Industry Summit 2017 6.10.2017 Panu Peltomäki Liability and Financial Lines Practice Leader Marsh Oy Marsh A Leader in Quality, Scope, and Scale GLOBAL RISKS OF CONCERN
More informationAn Overview of Cyber Insurance at AIG
An Overview of Cyber Insurance at AIG Michael Lee, MBA Cyber Business Development Manager AIG 2018 Brittney Mishler, ARM Cyber Casualty Underwriting Specialist AIG Cyber Insurance It s a peril, not a product
More informationEnhancing Our Risk Appetite Framework. A Case Study
Enhancing Our Risk Appetite Framework A Case Study Desired Outcomes 1. An approach to developing a risk appetite framework and risk appetite statement. 2. Understanding how a risk appetite framework can
More informationAn Introduction to Risk
CHAPTER 1 An Introduction to Risk Risk and risk management are two terms that comprise a central component of organizations, yet they have no universal definition. In this chapter we discuss these terms,
More informationProperty business interruption Policy wording
Please read the schedule to see if your loss of income, loss of gross profit, increased costs of working or additional increased costs of working are covered or if a first loss limit or flexible business
More informationINTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R
INTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R Operational Risk Management Today Companies are struggling to obtain a holistic view of risk and
More informationCOMPARISON WITH 1997 NATIONAL SURVEY OF PUBLIC ATTITUDES TOWARD INSURANCE FRAUD 1
COMPARISON WITH 1997 NATIONAL SURVEY OF PUBLIC ATTITUDES TOWARD INSURANCE FRAUD 1 The 1997 of Attitudes Toward Insurance Fraud, allows for a comparison between Virginians' attitudes and those held nationally
More informationUniversity Risk Management Policy
Preamble University Risk Management Policy Approving Authority: Board of Governors Original Approval Date: June 7, 2007 Date of Most Recent Review/Revision: October 20, 2017 Responsible Officer: Vice-President
More informationThe Risk Assessment Executives Are Begging For. Presentation Overview. Terminology
The Risk Assessment Executives Are Begging For Brian Zawada Rob Giffin Avalution Consulting LLC Presentation Overview Level-setting Regarding Terminology Likelihood Versus Severity Common Approaches to
More informationGuidelines for Financial Assurance Planning
For Global Fund Grants Guidelines for Financial Assurance Planning June 2016 Geneva, Switzerland The financial assurance plan provides improvements to the way the Global Fund obtains financial assurance
More informationINTEGRATING RISK MANAGEMENT AND BUSINESS CONTINUITY
INTEGRATING RISK MANAGEMENT AND BUSINESS CONTINUITY June 2012 Sami Ahmed Assistant Vice President - MRC Paolo De Rosa Senior Vice President - MRC Introduction Purpose Raise your knowledge and awareness
More informationCAPITAL MANAGEMENT GUIDELINE
CAPITAL MANAGEMENT GUIDELINE May 2015 Capital Management Guideline 1 Preambule TABLE OF CONTENTS Preamble... 3 Scope... 4 Coming into effect and updating... 5 Introduction... 6 1. Capital management...
More informationCyber COPE. Transforming Cyber Underwriting by Russ Cohen
Cyber COPE Transforming Cyber Underwriting by Russ Cohen Business Descriptor How tall is your office building? How close is the nearest fire hydrant? Does the building have an alarm system? Insurance companies
More informationMaster Class: Construction Health and Safety: ISO 31000, Risk and Hazard Management - Standards
Master Class: Construction Health and Safety: ISO 31000, Risk and Hazard Management - Standards A framework for the integration of risk management into the project and construction industry, following
More informationThe Guide to Budgeting for Insider Threat Management
The Guide to Budgeting for Insider Threat Management The Guide to Budgeting for Insider Threat Management This guide is intended to help show you how to approach including Insider Threat Management within
More informationRight Sizing Your Reserves: A Better Way
Right Sizing Your Reserves: A Better Way ROB OLCOT T, R EGIONAL DIREC TOR, DIMEO SCHNEIDER & A S SOC CHRISTIAN SPENCER, PA RTNER, TAT E & TRYON ROB DICKINSON, CONTROLLER, N CARB A Brief History of Association
More informationRISK MANAGEMENT POLICY AND STRATEGY
1 RISK MANAGEMENT POLICY AND STRATEGY Version No: Reason for Update Date of Update Updated By 1 Review Timeframe September 2014 2 Review June 2017 Governance Manager Governance Manager 3 4 5 6 7 8 Introduction
More information4.1 Risk Assessment and Treatment Assessing Security Risks
Information Security Standard 4.1 Risk Assessment and Treatment Assessing Security Risks Version: 1.0 Status Revised: 03/01/2013 Contact: Chief Information Security Officer PURPOSE To identify, quantify,
More informationMarine Terrorism. A re-evaluation of the risks. Tim Allmark Engineering Manager ABS Consulting Europe & Middle East
Marine Terrorism A re-evaluation of the risks by Tim Allmark Engineering Manager ABS Consulting Europe & Middle East RUNNING ORDER Introduction ISPS Code Overview Understanding the Context Application
More informationRISK MANAGEMENT FRAMEWORK
Risk Management Framework RISK MANAGEMENT FRAMEWORK Purpose This Risk Management Framework introduces St. Michael s College s approach to risk management. It includes a definition of risk, a summary of
More informationPRESENTATION TO CLASS 2 CREDIT UNIONS, BY DIRECTORS GLOBAL & BY BPS RESOLVER
1 YOU CAN T MANAGE WHAT YOU CAN T MEASURE Increasingly, boards and senior executives are looking to develop metrics or indicators to help to better monitor potential future shifts in risk conditions or
More informationCyber a risk on the rise. Digitalization Conference Beirut, 4 May 2017 Fabian Willi, Cyber Risk Reinsurance Specialist
Cyber a risk on the rise Digitalization Conference Beirut, 4 May 2017 Fabian Willi, Cyber Risk Reinsurance Specialist Cyber data breaches reaching a new level 1 000 000 000 Source: http://money.cnn.com/2016/09/22/technology/yahoo-data-breach/
More informationInsurance Contracts for 831(b) Enterprise Risk Captives Policies and Pooling Agreements
Insurance Contracts for 831(b) Enterprise Risk Captives Policies and Pooling Agreements Jeffrey K. Simpson John R. Capasso Brian Johnson Gordon, Fournaris & Mammarella, P.A. Captive Planning Associates,
More informationRisk Management: Assessing and Controlling Risk
Risk Management: Assessing and Controlling Risk Introduction Competitive Disadvantage To keep up with the competition, organizations must design and create a safe environment in which business processes
More informationFederal Banking Agencies Request Comment on Enhanced Cybersecurity Standards
Federal Banking Agencies Request Comment on Enhanced Cybersecurity Standards October 20, 2016 Financial Institutions, Cybersecurity On October 19, 2016, the Board of Governors of the Federal Reserve System
More informationWhite Paper: Incident Management. By Michael Miora, CISSP President & CEO ContingenZ Corporation
White Paper: Incident Management By Michael Miora, CISSP President & CEO ContingenZ Corporation mmiora@contingenz.com April 20, 2002 Table of Contents Introduction to Incident Management... 2 Incident
More informationThe Internet of Everything: Building Cyber Resilience in a Connected World
The Internet of Everything: Building Cyber Resilience in a Connected World The Internet of Things (IoT) is everywhere, ushering in a technological revolution at lightning speed. According to an Oliver
More informationLongevity Risk - Tolerances and Appetites. CIA Pension Seminar November 5, 2012
Longevity Risk - Tolerances and Appetites CIA Pension Seminar November 5, 2012 1 Longevity Risk in perspective Each Plan is different - CAAT facts Bigger context: how does longevity risk fit? Our review
More informationFederal Banking Agencies Issue Advanced Notice of Proposed Rulemaking on Enhanced Cybersecurity Standards
October 21, 2016 Federal Banking Agencies Issue Advanced Notice of Proposed Rulemaking on Enhanced Cybersecurity Standards Enhanced Standards Would Require Certain Large Financial Institutions to Implement
More informationDisclosure Prudential Disclosure Report. 12/31/2017 Derayah Financial
Derayah - Pillar III Disclosure -2017 Prudential Disclosure Report 12/31/2017 Derayah Financial Table of Contents 1. OVERVIEW... 2 2. CAPITAL STRUCTURE... 2 2.1. Disclosure on Capital Base... 3 3. CAPITAL
More informationHIPAA SECURITY RISK ANALYSIS
HIPAA SECURITY RISK ANALYSIS WEDI National Conference May 18, 2004 Presented by: Lesley Berkeyheiser, The Clayton Group Andrew H. Melczer, Ph.D., ISMS Presentation Overview Key Security Points Review Risk
More informationHow Much Should You Invest in Patents?
How Much Should You Invest in Patents? Kelce S. Wilson PhD EE, MBA, Registered Patent Attorney kwilson@softwareipattorney.com All views expressed herein are those of the author and do not represent the
More informationMEASURING & PRICING THE COST DRIVERS OF A CYBER SECURITY RISK EVENT
MEASURING & PRICING THE COST DRIVERS OF A CYBER SECURITY RISK EVENT IOWA ACTUARIES CLUB 2/25/16 EDUCATION DAY PRESENTED BY KEITH BURKHARDT, V.P. KRAUS-ANDERSON INSURANCE Overview I. Why are cyber security
More information