pract ctical cybersecu curity ri risk a and c control ma
play

Pract ctical Cybersecu curity Ri Risk a and C Control Ma - PowerPoint PPT Presentation

Aug 24, 2022 •10 likes •140 views

Pract ctical Cybersecu curity Ri Risk a and C Control Ma Maturi urity A y Asse ssessme ssments Brian Fricke, CISSP, CISM Chief Information Security Officer None of the data presented in this presentation represents the actual security

  1. Pract ctical Cybersecu curity Ri Risk a and C Control Ma Maturi urity A y Asse ssessme ssments Brian Fricke, CISSP, CISM Chief Information Security Officer None of the data presented in this presentation represents the actual security posture of the presenter’s organization.

  2. Like all Financial Institutions; we are required to perform appropriate Cyber Risk Assessments, Control Testing, and Status Reports to the Board. BUT HOW?! None of the data presented in this presentation represents the actual security posture of the presenter’s organization.

  3. Two Key Ingredients A Risk Assessment: the determination of quantitative and qualitative estimates of the impact of an event, related to a well-defined situation, and a recognized threat. A Control Maturity Assessment: the process designed to provide reasonable assurance of the achievement of control objectives (control effectiveness). None of the data presented in this presentation represents the actual security posture of the presenter’s organization.

  4. Risk Assessment Impact + Likelihood Inherent Risk Inherent Risk + Control Effectiveness Residual Risk None of the data presented in this presentation represents the actual security posture of the presenter’s organization.

  5. Select a Control Framework Other Control Frameworks None of the data presented in this presentation represents the actual security posture of the presenter’s organization.

  6. Control Maturity Dashboard Security https://www.linkedin.com/pulse/cybersecurity-risk-control-maturity-assessment-fricke-cissp-cism/ None of the data presented in this presentation represents the actual security posture of the presenter’s organization.

  7. Risk Dashboard None of the data presented in this presentation represents the actual security posture of the presenter’s organization.

  8. Risk Assessment Impact + Likelihood = Inherent Risk https://www.linkedin.com/pulse/cybersecurity-risk-control-maturity-assessment-fricke-cissp-cism/ None of the data presented in this presentation represents the actual security posture of the presenter’s organization.

  9. Control Assessment Each sub-control receives a scored Control Rating. The total Inherent Risk + Control Effectiveness = scoring equals the overall Control Effectiveness (Assurance Residual Risk Rating). https://www.linkedin.com/pulse/cybersecurity-risk-control-maturity-assessment-fricke-cissp-cism/ None of the data presented in this presentation represents the actual security posture of the presenter’s organization.

  10. Critical Security Control #1: Inventory of Authorized and Unauthorized Devices None of the data presented in this presentation represents the actual security posture of the presenter’s organization.

  11. Critical Security Control #1: Inventory of Authorized and Unauthorized Devices None of the data presented in this presentation represents the actual security posture of the presenter’s organization.

  12. Bottom Line Message: Your Organization’s overall level of Inherent Risk has been rated at High. The Company has implemented 130 of the 149 Critical Security Controls (87%). This is a 66% improvement from 2016. Of the 130 Controls implemented, 80% have a Maturity rating of equal to or greater than Generally Effective. This brings the Overall Cybersecurity Residual Risk to Moderate; which is within the Board's defined Risk Appetite. None of the data presented in this presentation represents the actual security posture of the presenter’s organization.

  13. • Establish a method of conducting Risk Assessments • Establish a method of conducting Control Maturity Assessments • (Link the two) • Empower control owners to make an impact to the organization • Report it to Management, Committees, Auditors, Regulators, and the Board • Never stop measuring, assessing, and improving. “You can’t manage what you can’t measure.” -Peter Drucker https://www.linkedin.com/in/brianrfricke The information presented will be made available. THANK YOU! https://www.linkedin.com/pulse/cybersecurity-risk-control-maturity-assessment-fricke-cissp-cism/ None of the data presented in this presentation represents the actual security posture of the presenter’s organization.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

QS QSYM YM : A : A P Pract ctical Con Concol olic Ex Executi tion on En Engine Tailor

QS QSYM YM : A : A P Pract ctical Con Concol olic Ex Executi tion on En Engine Tailor

QS QSYM YM : A : A P Pract ctical Con Concol olic Ex Executi tion on En Engine Tailor ored for or Hyb Hybrid id F Fuzzin ing Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang , and Taesoo Kim Georgia Institute of Technology &

912 views • 51 slides
Le Lecture 15 15 Access Control 1 Recall: Secu curity Service ces Confidentiality: to

Le Lecture 15 15 Access Control 1 Recall: Secu curity Service ces Confidentiality: to

Le Lecture 15 15 Access Control 1 Recall: Secu curity Service ces Confidentiality: to assure information privacy and secrecy Authentication: to assert who created or sent data Integrity: to show that data has not been altered

656 views • 32 slides
Breaking aking O Out t the C Cybersecu ersecurity ity Workf kforce F orce Frame mewor

Breaking aking O Out t the C Cybersecu ersecurity ity Workf kforce F orce Frame mewor

Breaking aking O Out t the C Cybersecu ersecurity ity Workf kforce F orce Frame mewor ork Ray Trygst gstad ad Industry Professor of Information Technology & Management; Associate Director, IIT Center for Cyber Security &

645 views • 29 slides
Practic Pra ctical al Experi perience ence to He o Help lp You our r Bu Busi siness

Practic Pra ctical al Experi perience ence to He o Help lp You our r Bu Busi siness

Reopening opening the e Wor orkplac kplace: e: Resour source ces, s, Be Best st Pra Practices, ctices, and Practic Pra ctical al Experi perience ence to He o Help lp You our r Bu Busi siness ness Th Thriv rive May 20,

389 views • 24 slides
Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk

Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk

FREE Lifelong Learning Event for Fasset Members Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk assessment control matrix management process Governance Risk appetite Agenda for and risk Risk

1.28k views • 105 slides
Storytelli Storytelling ng in in Infosec Infosec (Draft aft of) a Pr Practical ctical Guide

Storytelli Storytelling ng in in Infosec Infosec (Draft aft of) a Pr Practical ctical Guide

Dr. med. Christina Czeschik www.serapion.de Storytelli Storytelling ng in in Infosec Infosec (Draft aft of) a Pr Practical ctical Guide ide BalCCon 2k17 Sept 16, 2017, Novi Sad How to Make Users Behave Safely? Explain things to them?

566 views • 52 slides
COURSE ELEMENTS NGA ARIA I ROTO NGA TIKANGA NGA TIKANGA THEORY PRA PRACTICA CTICAL

COURSE ELEMENTS NGA ARIA I ROTO NGA TIKANGA NGA TIKANGA THEORY PRA PRACTICA CTICAL

COURSE ELEMENTS NGA ARIA I ROTO NGA TIKANGA NGA TIKANGA THEORY PRA PRACTICA CTICAL DEVELOPMENT OF TRADITIONAL PERFORMANCE AND DANCE TECHNIQUES RESEARCH SKILLS SELF-CONFIDENCE COLLATION OF WHAIKORERO/VOCAL

287 views • 6 slides
The application of risk assessment in food safety control in Risk Risk Assessment Management

The application of risk assessment in food safety control in Risk Risk Assessment Management

Risk Analysis Framework The application of risk assessment in food safety control in Risk Risk Assessment Management mainland China Science based Policy based Junshi Chen, M.D. Risk Communication I nstitute of Nutrition

442 views • 6 slides
Case S Studie dies a and P Practica ctical Inte terpreta tatio tions ns o of ISO

Case S Studie dies a and P Practica ctical Inte terpreta tatio tions ns o of ISO

QTS Confidential Case S Studie dies a and P Practica ctical Inte terpreta tatio tions ns o of ISO SO11607 07 Todd Engelken Gerry Gunderson, CPP March 11-13, 2013 Louisville, KY QTS is a Medical Device Outsourcing company

1.21k views • 61 slides
Act Active S Shoot ooter Be Best P Pract ctice ces With Special G Wit h Special Gues

Act Active S Shoot ooter Be Best P Pract ctice ces With Special G Wit h Special Gues

Act Active S Shoot ooter Be Best P Pract ctice ces With Special G Wit h Special Gues uest St Star ar: Y : YouT uTube ube Ron LaPedis Bay Area Emergency Managers Conference 2018 Act Active S Shoot ooter Be Best P Pract ctice

351 views • 31 slides
T RANSI T I ON 2 PRACT I CE Na po le o n B. Hig g ins, Jr., MD CE O a nd Pre side nt, Ba y

T RANSI T I ON 2 PRACT I CE Na po le o n B. Hig g ins, Jr., MD CE O a nd Pre side nt, Ba y

T RANSI T I ON 2 PRACT I CE Na po le o n B. Hig g ins, Jr., MD CE O a nd Pre side nt, Ba y Po inte Be ha vio ra l He a lth Se rvic e , I nc . Pre side nt, Ca uc us o f Bla c k Psyc hia trists, APA PHYSI CI AN, K NOW T HYSE L F

400 views • 14 slides
RE DUCI NG JUDI CI AL ST RE SS WI T H RE F L E CT I VE PRACT I CE Ho n. Eliza b

RE DUCI NG JUDI CI AL ST RE SS WI T H RE F L E CT I VE PRACT I CE Ho n. Eliza b

RE DUCI NG JUDI CI AL ST RE SS WI T H RE F L E CT I VE PRACT I CE Ho n. Eliza b e th C rnko vic h Je nnie C o le -Mo ssm a n LIMHP I ntro duc tio ns I n the I nte re st o f . Stre ss a nd judg ing L o ne line ss

254 views • 21 slides
West w ard H Ho A Apart m ent s Phoenix, A AZ Healt hy H Hom es Best Pract ct ice ces

West w ard H Ho A Apart m ent s Phoenix, A AZ Healt hy H Hom es Best Pract ct ice ces

West w ard H Ho A Apart m ent s Phoenix, A AZ Healt hy H Hom es Best Pract ct ice ces I nt egrat ing Healt h Care Wit h Housing Cat hedral Developm ent Group Ari rizona St at e Univers rsit y Aug Augus ust 2016 Introductions

323 views • 16 slides
CHANGI CHANGING SO NG SOCI CIAL AL Harrington Meyer SECU SE CURITY I Y IN THE N THE

CHANGI CHANGING SO NG SOCI CIAL AL Harrington Meyer SECU SE CURITY I Y IN THE N THE

Madonna CHANGI CHANGING SO NG SOCI CIAL AL Harrington Meyer SECU SE CURITY I Y IN THE N THE U US: S: Professor, Sociology R RISING INSECUR ISING INSECURIT ITY? Y? Syracuse University PO POVERTY-BASE -BASED SSI D SSI

331 views • 15 slides
DE F INING BE ST PRACT ICE F OR ADVE RSE E VE NT RE PORT ING WIT H INDUST RY-

DE F INING BE ST PRACT ICE F OR ADVE RSE E VE NT RE PORT ING WIT H INDUST RY-

1 1 TH A N N U A L M EETI N G O F I S M P P DE F INING BE ST PRACT ICE F OR ADVE RSE E VE NT RE PORT ING WIT H INDUST RY- SPONSORE D CL INICAL T RIAL MANUSCRIPT S April 28, 2015 Hya tt Re g e nc y Crysta l City

414 views • 17 slides
CLK CLKSCRE SCREW the Perils of Secu curity-Ob Oblivious Expo Ex posing ng the Energy y

CLK CLKSCRE SCREW the Perils of Secu curity-Ob Oblivious Expo Ex posing ng the Energy y

CLK CLKSCRE SCREW the Perils of Secu curity-Ob Oblivious Expo Ex posing ng the Energy y Management Adrian Tang, Simha Sethumadhavan and Salvatore Stolfo USENIX Security 2017 Presented by Alokparna Bandyopadhyay Fall 2018, Wayne State

568 views • 28 slides
CISM SPORT COMMITTEE FOOTBALL (Men & Women) CISM Sport Committee Football Men & Women

CISM SPORT COMMITTEE FOOTBALL (Men & Women) CISM Sport Committee Football Men & Women

CISM SPORT COMMITTEE FOOTBALL (Men & Women) CISM Sport Committee Football Men & Women MILITARY WORLD CHAMPIONSHIPS FOOTBALL (M/W) MILITARY WORLD FOOTBALL CUP (M) As a general rule, every active member nation in CISM may participate in

461 views • 9 slides
CISM SPORT COMMITTEE CISM Sport Committee BOARD MEMBERS DEVELOPMENT COMPETITION CISM Sport

CISM SPORT COMMITTEE CISM Sport Committee BOARD MEMBERS DEVELOPMENT COMPETITION CISM Sport

CISM SPORT COMMITTEE CISM Sport Committee BOARD MEMBERS DEVELOPMENT COMPETITION CISM Sport Committee BOXING CISM SPORT COMMITTEE 1. BOARD MEMBERS: PRESIDENT CSC YOUSEF ALI AL-KAZIM PCSC PCSC PCSC PCSC MEMBER MEMBER MEMBER MEMBER

303 views • 8 slides
International Military Sports Council The Founding of CISM 18 February 1948 in Nice, France The

International Military Sports Council The Founding of CISM 18 February 1948 in Nice, France The

International Military Sports Council The Founding of CISM 18 February 1948 in Nice, France The founding Nations Belgium Denmark France Luxembourg The Netherlands CISM International Military Sports Council Primary objective To establish

462 views • 35 slides
Orthographic Educational Game for Portuguese Language Countries Paula Chaves, Luan Paschoal,

Orthographic Educational Game for Portuguese Language Countries Paula Chaves, Luan Paschoal,

Orthographic Educational Game for Portuguese Language Countries Paula Chaves, Luan Paschoal, Tauan Velasco, Tiago Bento, Julliany Brando, Carlos Schocair, Joo Quadros, Talita Oliveira, Eduardo Ogasawara CEFET/RJ Federal Center for

472 views • 26 slides
CIP-101: Making the Transi5on CIP-003-6 R2 Low Impact

CIP-101: Making the Transi5on CIP-003-6 R2 Low Impact

CIP-101: Making the Transi5on CIP-003-6 R2 Low Impact Assets (LIA) September 24, 2014 Henderson, NV Joseph B. Baugh, PhD, PMP, CISA,

483 views • 30 slides
1977 1994 2004 Wr. Neustadt Perg Mautern 1 MINISTRY OF DEFENCE AUSTRIA 44 th WMPC 2020 2

1977 1994 2004 Wr. Neustadt Perg Mautern 1 MINISTRY OF DEFENCE AUSTRIA 44 th WMPC 2020 2

MINISTRY OF DEFENCE AUSTRIA 1977 1994 2004 Wr. Neustadt Perg Mautern 1 MINISTRY OF DEFENCE AUSTRIA 44 th WMPC 2020 2 Video: The time has come again WM - Fallschirmspringen2020 3 MINISTRY OF DEFENCE AUSTRIA Agenda th World 44

212 views • 18 slides
ALAMEDA COUNTY FIRE DEPARTMENT SERVING : City of Dublin Alameda County City of Emeryville City

ALAMEDA COUNTY FIRE DEPARTMENT SERVING : City of Dublin Alameda County City of Emeryville City

ALAMEDA COUNTY FIRE DEPARTMENT SERVING : City of Dublin Alameda County City of Emeryville City of Newark Budget Work Session City of San Leandro City of Union City Lawrence Berkeley FY 2018-19 National Laboratory Lawrence Livermore

544 views • 23 slides
INVESTMENT BOARD April 14, 2015 AGENDA > Call to Order > Enterprise Risk Managing

INVESTMENT BOARD April 14, 2015 AGENDA > Call to Order > Enterprise Risk Managing

IT SERVICE INVESTMENT BOARD April 14, 2015 AGENDA > Call to Order > Enterprise Risk Managing Information Security Risk Geographic Resiliency Program Update > Wrap Up of the Year Portfolio Prioritization Technology

773 views • 28 slides

More recommend