Risk Registers The Good The Bad, Making Real Change Wayne Routly - - PowerPoint PPT Presentation

risk registers
SMART_READER_LITE
LIVE PREVIEW

Risk Registers The Good The Bad, Making Real Change Wayne Routly - - PowerPoint PPT Presentation

Risk Registers The Good The Bad, Making Real Change Wayne Routly SA3T1 TL, SA6T4 TL, Security Coordinator Head of Information & Infrastructure Security. GEANT Association ISM-SIG Workshop, London UK 13 th May 2015 Networks Services


slide-1
SLIDE 1

Networks ∙ Services ∙ People www.geant.org

Wayne Routly ISM-SIG Workshop, London UK

The Good The Bad, Making Real Change

Risk Registers

13th May 2015 SA3T1 TL, SA6T4 TL, Security Coordinator

Head of Information & Infrastructure Security. GEANT Association

slide-2
SLIDE 2

Networks ∙ Services ∙ People www.geant.org

A risk register is a risk management tool commonly used in risk management and compliance . It acts as a central repository for all risks identified by the organisation and, for each risk, includes information such as source, nature, treatment option, existing counter-measures, recommended counter-measures …...

2

What is a ….

slide-3
SLIDE 3

Networks ∙ Services ∙ People www.geant.org

  • Understand the nature of the risks the
  • rganization faces.
  • Become aware of the extent of those risks.
  • Recognize its ability to control and reduce

risk.

  • Report the risk status at any point in time.
  • Have in place risk event "early warning"

factors and upward reporting thresholds.

3

Benefits of Risk Registers

slide-4
SLIDE 4

Networks ∙ Services ∙ People www.geant.org

Threat x Vulnerability x Cost = Risk (Risk Score (Exposure) = Probability x Impact)

  • Threat

Threat is the frequency of potentially adverse events.

  • Vulnerability

Vulnerability is the likelihood of success of a particular threat category against a particular organization.

  • Cost

Cost is the total cost of the impact of a particular threat experienced by a vulnerable target.

4

Calculating Risk

slide-5
SLIDE 5

Networks ∙ Services ∙ People www.geant.org

5

slide-6
SLIDE 6

Networks ∙ Services ∙ People www.geant.org

6

Example Risk Register (Example)

slide-7
SLIDE 7

Networks ∙ Services ∙ People www.geant.org

7

Example Risk Register (Cont)

slide-8
SLIDE 8

Networks ∙ Services ∙ People www.geant.org

  • Project leaders, managers and everyone responsible for oversight of a

project must perform a risk assessment before commencing with any new project. If a user is impacted by any change or the implementation of a new project affects users or departments, then a risk assessment must be performed.

  • When performing a risk assessment, all stakeholders must either

participate or contribute to the initial threat assessment and the resultant risk assessment. Stakeholders comprise of departments affected

  • r involved in the project.
  • A corporate Risk Register is in place where all risk affecting the network

and services of the GÉANT project and GEANT Ltd are assessed. If new risk

  • r associated threats have been identified (e.g. by a Nessus vulnerability

scan) a new entry has to be added to the Risk Register.

8

Trigger & Responsibilities

slide-9
SLIDE 9

Networks ∙ Services ∙ People www.geant.org

9

Why have A Register?

slide-10
SLIDE 10

Networks ∙ Services ∙ People www.geant.org

Thank you

Networks ∙ Services ∙ People www.geant.org

10

Any Questions?