metrics that matter security risk analytics
play

Metrics That Matter Security Risk Analytics Katy Loughney , Director - PowerPoint PPT Presentation

Apr 21, 2023 •139 likes •376 views

| Smart Metrics, Intelligent Decisions Metrics That Matter Security Risk Analytics Katy Loughney , Director of Risk Analytics, West - Brinqa March 14 th , 2014 What Matters to CIOs?

  1. | Smart Metrics, Intelligent Decisions Metrics That Matter – Security Risk Analytics Katy Loughney , Director of Risk Analytics, West - Brinqa March 14 th , 2014

  2. What Matters to CIOs? http://online.wsj.com/news/articles/SB10001424052702304680904579364641778947268?mod=ITP_journalreport_0 | Smart Metrics, Intelligent Decisions Confidential

  3. IT Professionals Do Not Communicate Security Risk September, 2013 - Tripwire, Inc., released results from an extensive study focused on the state of risk-based security management with the Ponemon Institute. Key findings from the survey include:  64% said they don’t communicate security risk with senior executives or only communicate when a serious security risk is revealed  47% said that collaboration between security risk management and business is poor, nonexistent, or adversarial  51% rated their communication of relevant security risks to executives as “not effective.”  When asked why communicating relevant security risks to executives was not effective: – 68% of the respondents said communications are too siloed. – 61% said communication occurs at too low a level. – 61% aid the information is too technical to be understood by non- technical management. – 59% said negative facts are filtered before being disclosed to senior executives and the CEO http://www.prweb.com/releases/2013/9/prweb11095496.htm | Smart Metrics, Intelligent Decisions Confidential

  4. Analytics is the process of Signal Detection | Smart Metrics, Intelligent Decisions Confidential

  5. The Signal and The Noise Data are neither signal nor noise - data are merely facts. When facts are useful they serve as signals. When they aren’t useful, data clutter the environment with distracting noise. For data to be useful, they must:  Address something that matters  Promote understanding  Provide an opportunity for action to achieve or maintain a desired state Without these qualities, data is noise. | Smart Metrics, Intelligent Decisions Confidential

  6. Why Do We Need Security Risk Analytics? A common request from the leadership is to report on metrics from various areas that point out which businesses, processes, or systems are most at risk and require immediate attention.  Risk reporting based on business context  Compliance is no longer the driver  Risk prioritization rather than risk elimination  Big data and automation | Smart Metrics, Intelligent Decisions Confidential

  7. Operational Metrics are NOT Risk Metrics | Smart Metrics, Intelligent Decisions Confidential

  8. Key Challenges | Smart Metrics, Intelligent Decisions Confidential

  9. Key Challenges In Implementing Risk Analytics  Varied and disparate risk inventories » Uncorrelated and redundant data included in reporting » Prohibits establishing a common inherent risk inventory » No historical data for trending and forecasting  Manual and inconsistent data aggregation and correlation » Ambiguous and incomplete risk interpretation » Resource and time intensive  Subjective and non-standard risk measurement » Resources spent addressing non-prioritized issues » Miscommunication and misunderstanding of risk across enterprise  Operational teams lack understanding of business outcomes » Limits business unit’s ability to understand and accept risk » Inability to measure improvements and predict threats » Reactive vs. proactive decision making | Smart Metrics, Intelligent Decisions Confidential

  10. Technology Risk Analytics Use Case | Smart Metrics, Intelligent Decisions Confidential

  11. | Smart Metrics, Intelligent Decisions Confidential

  12. Context Based Security Risk Metrics | Smart Metrics, Intelligent Decisions Confidential

  13. | Smart Metrics, Intelligent Decisions Confidential

  14. | Smart Metrics, Intelligent Decisions Confidential

  15. | Smart Metrics, Intelligent Decisions Confidential

  16. Customer Case Study | Smart Metrics, Intelligent Decisions Confidential

  17. World’s Largest Deposit Bank - Challenges Technology Risk Management (TRM) group was utilizing multiple tools and processes to support TRM deliverables. The previous state was not intuitive for non-TRM users, produces redundant efforts, and expends resources on lower criticality projects/applications/infrastructure. Specific examples included: 1. Inability to provide businesses with repeatable risk metrics 2. Inability to provide actionable remediation plans with accountable and responsible parties 3. Inaccurate IT inventories make it difficult to understand the environment 4. Lack of standardized triggers/gates/hooks for someone to be pointed to TRM 5. Lack of centralized decision making process to determine what gets assessed and what gets deferred 6. 21 TRM assessments/services result in overlapping and non-applicable control testing 7. Assessments not looking at all available data | Smart Metrics, Intelligent Decisions Confidential

  18. Without Risk Analytics | Smart Metrics, Intelligent Decisions Confidential

  19. Solution 1. Leverage up to date IT inventories and collaborate with IT to improve quality 2. Create a standardized process for everyone to engage TRM 3. Create a centralized decision making process to determine what gets assessed and what gets deferred 4. Streamline 21 assessments/services to avoid overlapping and out of scope questions 5. Leverage IT monitoring tools to validate risk assessment answers and enable near-time visibility of IT controls 6. Use a centralized technology risk assessment repository to reduce complexity, improve operational efficiency, and focus remediation expenditures 7. Load historical risk assessment data into the centralized risk assessment repository | Smart Metrics, Intelligent Decisions Confidential

  20. With Risk Analytics | Smart Metrics, Intelligent Decisions Confidential

  21. Benefits 1. Standardized, streamlined, and centralized TRM processes to improve consistency 2. Facilitated TRM collaboration between different groups for better decision making. 3. Incorporated data from existing IT Controls (e.g. patch management, DLP, etc.) 4. Achieved sustainable constant monitoring of current technology risks for the enterprise, not just one time assessments (e.g., 24- hour risk reporting cycle similar to Market and Ops Risk) 5. Provided granular self service view/pivot of technology risk information for a department, business unit, and entire enterprise 6. Historical and predictive technology risk simulations using customer’s data in context | Smart Metrics, Intelligent Decisions Confidential

  22. About Brinqa Brinqa provides an operational risk analytics platform for aggregation, correlation, analysis and reporting of risk data in heterogeneous environments. The solution delivers insightful analysis and intelligent reporting for informed decisions and improved operational effectiveness. | Smart Metrics, Intelligent Decisions Confidential

  23. Contact Information: Katy Loughney – Director of Risk Analytics, West kloughney@brinqa.com | Smart Metrics, Intelligent Decisions Confidential

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Metrics That Matter Establishing a measurement framework and analytics implementation that

Metrics That Matter Establishing a measurement framework and analytics implementation that

Metrics That Matter Establishing a measurement framework and analytics implementation that improves your marketing performance The Marketing Problem https://www.mckinsey.com/business-functions/marketing-and-sales/our-insights/views-from-the-

809 views • 56 slides
Google Analytics: Reporting & Metrics That Matter Presenter: Moby Siddique Moby Siddique

Google Analytics: Reporting & Metrics That Matter Presenter: Moby Siddique Moby Siddique

Google Analytics: Reporting & Metrics That Matter Presenter: Moby Siddique Moby Siddique Co-founder / Head of Strategy Podcast host of InboundBuzz Guest Lecturer @ UWS / USYD Tonights Agenda 1. Introduction 2. Basic terms you need to

1.22k views • 62 slides
Let me share a story about sharing Emails = Lag Metrics Analytics UI is daunting Constant flux

Let me share a story about sharing Emails = Lag Metrics Analytics UI is daunting Constant flux

DASHBOARDS Analytics for the People Andrew Mallis CEO & co-founder mallis@kalamuna.com Let me share a story about sharing Emails = Lag Metrics Analytics UI is daunting Constant flux Analytics meets Powerpoint Analytics Dashboard vs

508 views • 38 slides
Metrics & Scoring Committee 16 June 2017 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee 16 June 2017 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee 16 June 2017 HEALTH POLICY & ANALYTICS Office of Health Analytics Consent Agenda Review todays agenda Approve May minutes Written updates (HPQMC on next slide) 2 Health Plan Quality Metrics

778 views • 50 slides
Profitability Metrics, Payback Period Emily Riederer Instructor DataCamp Financial Analytics

Profitability Metrics, Payback Period Emily Riederer Instructor DataCamp Financial Analytics

DataCamp Financial Analytics in R FINANCIAL ANALYTICS IN R Profitability Metrics, Payback Period Emily Riederer Instructor DataCamp Financial Analytics in R Profitability Metrics & Decision Rules Key Concepts: Profitability Metrics :

685 views • 30 slides
ANALYTICS & DATA MASTERY A N D C E R T I F I C A T I O N C L A S S OUR GOAL: To make data

ANALYTICS & DATA MASTERY A N D C E R T I F I C A T I O N C L A S S OUR GOAL: To make data

ANALYTICS & DATA MASTERY A N D C E R T I F I C A T I O N C L A S S OUR GOAL: To make data approachable & useful! Well give you the tools & training to pick the metrics that matter, create accurate reports, and make data

845 views • 82 slides
How To Actually Use Google Analytics Jamie Kelly David Waiter Vanity vs Actionable Metrics

How To Actually Use Google Analytics Jamie Kelly David Waiter Vanity vs Actionable Metrics

How To Actually Use Google Analytics Jamie Kelly David Waiter Vanity vs Actionable Metrics Vanity Metrics: Give you confidence about how your site is doing, but ultimately wont help you to make decisions. o Ex. Web Traffic, Social

518 views • 22 slides
Security Metrics, Security Investment Models and Intro to R Tyler Moore CSE 7338 Computer

Security Metrics, Security Investment Models and Intro to R Tyler Moore CSE 7338 Computer

Notes Security Metrics, Security Investment Models and Intro to R Tyler Moore CSE 7338 Computer Science & Engineering Department, SMU, Dallas, TX Lecture 2 Notes Outline Managing security investment 1 Security metrics 2 R 3

605 views • 16 slides
Advancing Analytics: Putting Risk Analytics to Work For Your Business Sponsored By: Advancing

Advancing Analytics: Putting Risk Analytics to Work For Your Business Sponsored By: Advancing

Advancing Analytics: Putting Risk Analytics to Work For Your Business Sponsored By: Advancing Analytics: Putting Risk Analytics to Work For Your Business Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides

269 views • 22 slides
Metrics & Scoring Committee November 16, 2018 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee November 16, 2018 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee November 16, 2018 HEALTH POLICY & ANALYTICS Office of Health Analytics Todays Agenda Welcome Presentations on developmental measures From Food Insecurity to Addressing Other SDOH: Measure

1.03k views • 88 slides
Using Metrics to Manage the Human Capital Function Karen Crone, CHRO, Paycor, Inc. September

Using Metrics to Manage the Human Capital Function Karen Crone, CHRO, Paycor, Inc. September

Using Metrics to Manage the Human Capital Function Karen Crone, CHRO, Paycor, Inc. September 14, 2016 Defining Analytics Metrics / reporting provide information. Analytics give insight into people issues that impact businesses and help them

246 views • 11 slides
Metrics & Scoring Committee October 19, 2018 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee October 19, 2018 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee October 19, 2018 HEALTH POLICY & ANALYTICS Office of Health Analytics Todays Agenda Welcome State of public health in Oregon and opportunities for incentive measures to aid in improvement HPQMC

806 views • 51 slides
Metrics & Scoring Committee September 15, 2017 HEALTH POLICY & ANALYTICS Office of

Metrics & Scoring Committee September 15, 2017 HEALTH POLICY & ANALYTICS Office of

Metrics & Scoring Committee September 15, 2017 HEALTH POLICY & ANALYTICS Office of Health Analytics Consent agenda Review todays agenda Approve August minutes Written updates (HPQMC next slide) 2 Health Plan Quality

694 views • 31 slides
Metrics & Scoring Committee October 20, 2017 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee October 20, 2017 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee October 20, 2017 HEALTH POLICY & ANALYTICS Office of Health Analytics Consent agenda Review todays agenda Approve September minutes Written updates (HPQMC next slide) Please note this meeting

769 views • 66 slides
Measuring Software Security Defining Security Metrics Dr. Bill Young Department of Computer

Measuring Software Security Defining Security Metrics Dr. Bill Young Department of Computer

Measuring Software Security Defining Security Metrics Dr. Bill Young Department of Computer Science University of Texas at Austin Last updated: May 1, 2015 at 08:15 Dr. Bill Young: 1 Metrics Talk: OAG IV&V Why Is CyberSecurity Hard? Why

854 views • 21 slides
Metrics that Matter Identifying KPIs & tracking progress toward extraordinary AP THE BUXE

Metrics that Matter Identifying KPIs & tracking progress toward extraordinary AP THE BUXE

LIVE WEBINAR Metrics that Matter Identifying KPIs & tracking progress toward extraordinary AP THE BUXE Company You cant MANAGE what you dont MEASURE THE BUXE Company Why do we need metrics? Monitor progress Identify areas for

846 views • 32 slides
I MPROVED D ECISION M AKING F OR M AINTENANCE U SING D ATA Arnab Majumdar, Khalid Nur, William

I MPROVED D ECISION M AKING F OR M AINTENANCE U SING D ATA Arnab Majumdar, Khalid Nur, William

I MPROVED D ECISION M AKING F OR M AINTENANCE U SING D ATA Arnab Majumdar, Khalid Nur, William Marsh Nicole Kudla Electronic Engineering and Centre for Transport Studies Computer Science Outline Project aims and outline Principles of

200 views • 9 slides
Fur in Motion v1.0 Dutch Furcon 5 30/06/2018 Floere T. Pillowcase, Devourer of Automobiles

Fur in Motion v1.0 Dutch Furcon 5 30/06/2018 Floere T. Pillowcase, Devourer of Automobiles

Fur in Motion v1.0 Dutch Furcon 5 30/06/2018 Floere T. Pillowcase, Devourer of Automobiles (fmoere@robocow.be) Disclaimer This presentation is intended for educational purposes only and does not replace independent professional

608 views • 59 slides
Joining Sub-Platform Mark Holden The Manufacturing Technology Centre Ltd 16/11/17 Partners The

Joining Sub-Platform Mark Holden The Manufacturing Technology Centre Ltd 16/11/17 Partners The

Joining Sub-Platform Mark Holden The Manufacturing Technology Centre Ltd 16/11/17 Partners The RADICLE project has received funding from the European Union's Horizon 2020 Programme for research, technological development and demonstration under

463 views • 20 slides
Accurate and Transparent Path Prediction Using Process Mining Gal BERNARD Periklis ANDRITSOS

Accurate and Transparent Path Prediction Using Process Mining Gal BERNARD Periklis ANDRITSOS

8-11 September 2019, Bled, Slovenia Accurate and Transparent Path Prediction Using Process Mining Gal BERNARD Periklis ANDRITSOS University of Lausanne, University of Toronto, Faculty of Business and Faculty of Information, Economics

648 views • 28 slides
Discovering the source of smart: Intelligent decisions, intelligent infrastructure ...... How we

Discovering the source of smart: Intelligent decisions, intelligent infrastructure ...... How we

Discovering the source of smart: Intelligent decisions, intelligent infrastructure ...... How we need to integrate different ways of creating and managing information to support better decision making through the convergence of geospatial,

871 views • 36 slides
Proposal under China-Europe Water Platform Cooperation Wang Hongxiang Email whxzju@163.com

Proposal under China-Europe Water Platform Cooperation Wang Hongxiang Email whxzju@163.com

North China University of Water Resources and Electric Power Proposal under China-Europe Water Platform Cooperation Wang Hongxiang Email whxzju@163.com Budapest, Hungary April 24,2019 North China University of Water Resources and

303 views • 28 slides
Artificial intelligence and judicial systems: The so-called predictive justice 20 April 2018 1

Artificial intelligence and judicial systems: The so-called predictive justice 20 April 2018 1

Artificial intelligence and judicial systems: The so-called predictive justice 20 April 2018 1 Context The use of so-called artificielle intelligence received renewed interest over the past years.. Stakes Important changes in all fields

631 views • 35 slides
COLLABORATION SERVICE PLATFORM Table of Content 1. International Market Entry Problems and

COLLABORATION SERVICE PLATFORM Table of Content 1. International Market Entry Problems and

Technology and Collaborat ion S cale Y our Business Like Never Bef ore The VEnterface intelligent platform aiming at providing Australian innovative entrepreneurs with digital entry to the S ingaporean market through technology and

630 views • 14 slides

More recommend