security crisis management
play

Security Crisis Management Emmanuel FUCHS Slides available soon at - PowerPoint PPT Presentation

Apr 03, 2024 •170 likes •1.21k views

Security Crisis Management Emmanuel FUCHS Slides available soon at www.Elfuchs.Fr Crisis Management Crisis Definition Crisis Management Overview Crisis Management Process Risk Analysis Risk Analysis Case (quantitative )

  1. Risks evaluation IMPACT LOW MEDIUM HIGH P HIGH R O B A R04 MEDIUM R01 B R05 I L I R03 LOW R02 T R06 Y

  2. Crisis Management • Crisis Definition • Crisis Management Overview • Crisis Management Process • Risk Analysis – Risk Analysis Case (quantitative ) – Risk Aversion – Risk Analysis in Project Management (qualitative) • Risks Analysis Modeling • Crisis Management System – Common situation awareness – Even Driven Architecture

  3. Risk elements • Event: what could happen? • Probability: how likely is it to happen? • Impact: how bad will it be if it happens? • Mitigation: how to reduce the probability and by how much? • Contingency: how to reduce the impact and by how much? • Reduction = mitigation x contingency • Exposure = risk – reduction

  4. Types of risk analysis • Quantitative risk analysis – The probability of an event occurring – The likely loss should it occur. • Probability x likely loss • Qualitative risk analysis – Focuses on the impact – Risk model

  5. Qualitative risk analysis model • Threats • Vulnerabilities • Controls

  6. Qualitative risk analysis model • Threats – Things that can go wrong or that can 'attack' the system. • Examples might include fire or fraud. – Threats are ever present for every system.

  7. Threats • Human – From individuals or organizations, illness, death, etc. • Operational – From disruption to supplies and operations, loss of access to essential assets, failures in distribution, etc. • Reputation – From loss of business partner or employee confidence, or damage to reputation in the market. • Procedural – From failures of accountability, internal systems and controls, organization, fraud, etc. • Project – Risks of cost over-runs, jobs taking too long, of insufficient product or service quality, etc. • Financial – From business failure, stock market, interest rates, unemployment, etc. • Technical – From advances in technology, technical failure, etc. • Natural – Threats from weather, natural disaster, accident, disease, etc. • Political – From changes in tax regimes, public opinion, government policy, foreign influence, etc.

  8. Natural threats • Flooding, • Fire, • Seismic activity, • High winds, • Snow and ice storms, • Volcanic eruption, • Tornado, hurricane, • Epidemic, • Tidal wave, typhoon.

  9. Modeling And Simulation Hurricanes

  10. Technical threats • Power failure/fluctuation, • Heating, • Ventilation or air conditioning failure, malfunction or failure of CPU, • Failure of system software, • Failure of application software, • Telecommunications failure, • Gas leaks, • Communications failure, • Nuclear fallout.

  11. Human threats • Robbery, • Sabotage, • Explosion, • Bomb threats, • War, • Embezzlement, • Biological contamination, • Extortion, • Radiation contamination, • Burglary, • Hazardous waste, • Vandalism, • Vehicle crash, • Terrorism, • Airport proximity, • Civil disorder, • Work stoppage (strike) • Chemical spill, • Computer crime.

  12. Qualitative risk analysis model • Vulnerabilities – Make a system more prone to attack by a threat or make an attack more likely to have some success or impact. • For example, for fire a vulnerability would be the presence of inflammable materials (e.G. Paper). • Software Complexity

  13. Qualitative risk analysis model • Controls – Countermeasures for vulnerabilities. – There are four types of controls: • Deterrent (dissuasive) controls – Reduce the likelihood of a deliberate attack • Preventative controls – Protect vulnerabilities and make an attack unsuccessful or reduce its impact • Corrective controls – Reduce the effect of an attack • Detective controls – Discover attacks and trigger preventative or corrective controls.

  14. Qualitative risk analysis model THREAT Fire Software Error VULNERABILITY Presence of Flammable Complexity materials CONTROLS Sprinklers Extinguishers Design and development, standards, Change control.

  15. Qualitative risk analysis model Threat creates Attack eploits Vulnerabilty Results in Impact

  16. Qualitative risk analysis model Threat Deterrent control creates Reduces likelihood of Attack discovers Detective eploits Control Triggers Triggers protects Vulnerabilty Results in Corrective Preventative Control control Reduces Impact Decreases

  17. Risk management process Establish Context Opportunities & Losses Identify Risks Analyze Risks Likelihood & Severity Evaluate Risks Ranked & Prioritized Treat Risks

  18. Crisis Management • Crisis Definition • Crisis Management Overview • Crisis Management Process • Risk Analysis – Risk Analysis Case (quantitative ) – Risk Aversion – Risk Analysis in Project Management (qualitative) • Risks Analysis Modeling • Crisis Management System – Common situation awareness – Even Driven Architecture

  19. Crisis management system

  20. Incident management system • Provide the pertinent, accurate information you need to make critical decisions. • Deploy personnel, equipment, communication, facilities and procedures effectively and efficiently. • Give access to information to plan, direct, coordinate and control resources. • Foster collaboration and coordination with other command control systems. • Deliver secure, dependable systems on time and within budget.

  21. Incident management system

  22. Emergency response organization Strategic Big Picture Operational Tactical First Responder

  23. Emergency system architecture Higher level Response (Strategic level) Planning tools Risk Assessment emergency centers (Operative Level) Low response Cell (Tactical Level) Simulation Framework M&S System First Responders Units Resource Mgt Management (logistic, …) Environment Critical Assets (Urban area, weather)

  25. Crisis management schedule Preparation Crisis Management Non real time Real Time Off line On line incident response phase The incident

  26. Crisis management system functions • Command and control – To provide the functions necessary to put multiple response and recovery plans into action • Communication and intelligence – To effectively receive and transmit information • Coordination and documentation – To organize all of the steps taken to respond to an event and create a record of those actions to protect employees, infrastructure and shareholder value • Automated checklists – To ensure that response and recovery is complete for major functions • Alert notifications – To sort and distribute messages so managers/commanders can track and log multiple and varied notifications • Media management – To inform the media about the progress the company is making toward normal operations

  27. Emergency system architecture

  28. Emergency system architecture

  29. Crisis Management • Crisis Definition • Crisis Management Overview • Crisis Management Process • Risk Analysis – Risk Analysis Case (quantitative ) – Risk Aversion – Risk Analysis in Project Management (qualitative) • Risks Analysis Modeling • Crisis Management System – Common situation awareness – Even Driven Architecture

  30. Distributed crisis management system • All participants have to share information, make decisions and deploy resources without being physically present in the same place. • Using web-enabled software allows participants to work from their normal workstation, from home or from the field. • Emergency plans and reports are available from any location. • All information can be maintained in a central database that is available to participants from anywhere in the world.

  31. Geographical information system geo-referenced information: information that is associated with a physical location

  32. Common situation awareness • Annotations and markups • Data sharing and synchronization • Chat • Data acquisition • Geospatial collaboration • Asset tracking: blue force tracking, location-based services • Decentralized data editing • Fusion of geospatial data • Neutral and trusted workspace • Sensor integration • Reporting • Web-based services

  33. Web services based distributed emergency system architecture Emergency Transform Work Flow Services Use Orchestration Services Expose Components Middleware

  34. Crisis Management • Crisis Definition • Crisis Management Overview • Crisis Management Process • Risk Analysis – Risk Analysis Case (quantitative ) – Risk Aversion – Risk Analysis in Project Management (qualitative) • Risks Analysis Modeling • Crisis Management System – Common situation awareness – Even Driven Architecture

  35. Events Driven Architecture • Ontology • Complex Event Processing • Bayesian Networks

  36. Protege

  37. Complex Event Processing (CEP) • It is an event processing concept that deals with the task of processing multiple events with the goal of identifying the meaningful events within the event cloud.

  38. CEP classical example • A church bells ringing, • The appearance of a man in a tuxedo with a woman in a flowing white gown, • Rice flying through the air. • A complex event is what one infers from the simple events: – a wedding is happening.

  39. Complex Event Inference ? ? ? ?

  40. Threat Process Inference ? ? ? ?

  41. CEP techniques • Complex patterns events, • Multiple events correlation, • Multiple events hierarchies, • Relationships between events: – timing – causality, – membership, – event-driven processes.

  42. Bayesian Networks Bayes theorem models a learning process Event B is independent of events A and C, Event B is independent of events A, C. Event C depends on event A. Event B influences both A and C. Event A depends on event B. Event B is independent of events A and C. Event C depends on events A and B. Event C depends on events A and B. A B A B A B C C C P(A,B,C) = P(C/A)P(A) P(A,B,C) = P(C/A,B)P(A)P(B) P(A,B,C) = P(C/A,B)P(A/B)P(B)

  43. BN classical example • What is the probability that it is raining, given the grass is wet? Raining Wet grass

  44. BN classical example • Suppose that there are two events which could cause grass to be wet either: – the sprinkler is on – or it's raining.

  45. BN, Nodes, CPT CPT : Conditional Probability Table

  46. Bayesian Networks • A Bayesian network is a graph in which nodes represent random variables, and the links the influences between variables. The graph is acyclique. • Links represent causal relationship between variables which are either determinists, or probability.

  47. Bayesian Inference • P(Bad Battery | Has Gas, Won’t Start) Battery Gas Start

  48. Not Only Probability C A ~a~b ~ab ab ~a~b ~a b B

  49. Bayesian subjectivity • Bayesians networks allow to merge in a theoretical frame: – probability stemming from a statistical experience feedback, – and subjective probability . • Thus In the absence of experience feedback data, it is possible to used values of subjective probability, estimated by experts.

  50. Norsys NETICA

  51. A simple example belief network for diagnosing why a car won't start, based on spark plugs, headlights, main fuse, etc. Car Case

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Jonathan and Erik Bernstein Bernstein Crisis Management, Inc Crisis Management Best Practices

Jonathan and Erik Bernstein Bernstein Crisis Management, Inc Crisis Management Best Practices

BEST PRACTICES IN CRISIS MANAGEMENT Jonathan and Erik Bernstein Bernstein Crisis Management, Inc Crisis Management Best Practices Crisis Prevention Organizations must plan for crises or they are, de facto, planning to have a crisis.

417 views • 18 slides
CRISIS MANAGEMENT 2 3 1 3/6/2018 4 An Airline in Crisis AA is shattered by the terrorist

CRISIS MANAGEMENT 2 3 1 3/6/2018 4 An Airline in Crisis AA is shattered by the terrorist

3/6/2018 Twelve Years of Turbulence: The Role of Lawyers During Times of Crisis Gary Kennedy Former Senior Vice President and General Counsel American Airlines CRISIS MANAGEMENT 2 3 1 3/6/2018 4 An Airline in Crisis AA is shattered

228 views • 10 slides
Crisis Management Rachel Anderson Madeline Kilburn Jieun Lee Alexa Lewis Erica Nash-Wood

Crisis Management Rachel Anderson Madeline Kilburn Jieun Lee Alexa Lewis Erica Nash-Wood

Crisis Management Rachel Anderson Madeline Kilburn Jieun Lee Alexa Lewis Erica Nash-Wood WHAT IS A CRISIS ? Personnel Crisis Systemic Crisis Contextual Crisis Why companies need crisis management plans 1. To plan strategic procedures

417 views • 24 slides
System-of-Systems Security for Crisis Management Kashif Kifayat, Abdullahi Arabo, Oliver Drew,

System-of-Systems Security for Crisis Management Kashif Kifayat, Abdullahi Arabo, Oliver Drew,

System-of-Systems Security for Crisis Management Kashif Kifayat, Abdullahi Arabo, Oliver Drew, Adrian Waller, Rachel Craddock, Glyn Jones David Llewellyn-Jones, Madjid Merabti, Qi Shi Liverpool John Moores University Thales Research and

343 views • 15 slides
Media Management and Crisis Communication in Security Incidence Response Marie-Dominique

Media Management and Crisis Communication in Security Incidence Response Marie-Dominique

Media Management and Crisis Communication in Security Incidence Response Marie-Dominique Bonardi Sorbonne University - Paris +33 6 83 63 01 78 marie-dominique.bonardi@wanadoo.fr Agenda Part 1 Understand the media Part 2 Media management:

425 views • 41 slides
F24 F24 Notification and Crisis Notification and Crisis Management Management January 9, 2013

F24 F24 Notification and Crisis Notification and Crisis Management Management January 9, 2013

F24 F24 Notification and Crisis Notification and Crisis Management Management January 9, 2013 January 9, 2013 About F24 About F24 F24 Group F24 Group Founded: April 2000 Headquarters: Munich, Germany Clients: 500+

351 views • 15 slides
SAFETY & SECURITY UPDATE Dr. Shane Conklin Director of Student & Staff Services Crisis

SAFETY & SECURITY UPDATE Dr. Shane Conklin Director of Student & Staff Services Crisis

SAFETY & SECURITY UPDATE Dr. Shane Conklin Director of Student & Staff Services Crisis Management Four Phases Prevent Respond Taking sustained actions Putting your to minimize or eliminate preparedness plans into risk. action.

197 views • 7 slides
C2-SENSE Blazing the Semantic Trail from Sensors to Users Dr. Bojan Boi OGC TCM Calgary.

C2-SENSE Blazing the Semantic Trail from Sensors to Users Dr. Bojan Boi OGC TCM Calgary.

C2-SENSE Blazing the Semantic Trail from Sensors to Users Dr. Bojan Boi OGC TCM Calgary. 2014-09-15 Dr. Bojan Boi | Scientist, Safety & Security, Information Management Team: Crisis and Disaster Management Crisis management

460 views • 17 slides
Crisis Management | Chaired by Christofer Fredriksson Preparing for the worst: how to create a

Crisis Management | Chaired by Christofer Fredriksson Preparing for the worst: how to create a

Crisis Management | Chaired by Christofer Fredriksson Preparing for the worst: how to create a crisis management strategy for international students from scratch: steps and priorities - discuss and bring up arguments from the perspective of your

181 views • 7 slides
TO SEE OR BECOME AWARE OF SOMETHING THAT HAS NOT YET HAPPENED TRAINING THE CRISIS IN CRISIS

TO SEE OR BECOME AWARE OF SOMETHING THAT HAS NOT YET HAPPENED TRAINING THE CRISIS IN CRISIS

TO SEE OR BECOME AWARE OF SOMETHING THAT HAS NOT YET HAPPENED TRAINING THE CRISIS IN CRISIS MANAGEMENT Klas Lindstrm Managing Director 4C Strategies Understand what you need to do to achieve your desired end state Understand Build your

521 views • 30 slides
Crisis Management Plans W HAT TO DAYS TIMES REQ UIRE Ty l e r H e n s o n | Er i c Z u h l

Crisis Management Plans W HAT TO DAYS TIMES REQ UIRE Ty l e r H e n s o n | Er i c Z u h l

Crisis Management Plans W HAT TO DAYS TIMES REQ UIRE Ty l e r H e n s o n | Er i c Z u h l k e TO DAYS TO PICS JE Dunn and Crisis 10 Y ears ago Upgrade 1.0 T he Incidents Upgrade 2.0 CRISIS MANAGEMENT PLANS | W H A T T O D

148 views • 11 slides
Global Settlement Foundation Monetary security in a time of global crisis La scurit

Global Settlement Foundation Monetary security in a time of global crisis La scurit

Global Settlement Foundation Monetary security in a time of global crisis La scurit montaire dans un moment de crise mondiale Whrungs-Sicherheit in einer Zeit der globalen Krise Monetaire zekerheid in een tijd van mondiale crisis Global

688 views • 49 slides
Two Views 1 It's been proven now that the crisis is not a Greek crisis. The crisis is a

Two Views 1 It's been proven now that the crisis is not a Greek crisis. The crisis is a

Two Views 1 It's been proven now that the crisis is not a Greek crisis. The crisis is a European crisis. So now is the time that we as Europeans need to act decisively and effectively." Greek Prime Minister George Papandreou

155 views • 13 slides
From crisis management to recovery the Cecilia Skingsley Riksbank's role in First Deputy

From crisis management to recovery the Cecilia Skingsley Riksbank's role in First Deputy

From crisis management to recovery the Cecilia Skingsley Riksbank's role in First Deputy Governor the next phase of the crisis DI Konferens (3 September 2020) Heavy fall in Swedish GDP growth Note: Annual percentage change. Forecast

502 views • 10 slides
Risk Management Warren Hutcheon CEO GET CLIENTS CRISIS READY: UNDERSTANDING RISK, ISSUES &

Risk Management Warren Hutcheon CEO GET CLIENTS CRISIS READY: UNDERSTANDING RISK, ISSUES &

Ansvar Broker Education Series: Avoiding a Crisis through Risk Management Warren Hutcheon CEO GET CLIENTS CRISIS READY: UNDERSTANDING RISK, ISSUES & CRISIS MANAGEMENT Ansvar Insurance Broker Education Forum In Confidence Allan Briggs

657 views • 26 slides
Natural Disasters and Crisis Management W W W . C H I C A G O L A N D R I S K F O R U M . O R G

Natural Disasters and Crisis Management W W W . C H I C A G O L A N D R I S K F O R U M . O R G

Before and After the Storm Natural Disasters and Crisis Management W W W . C H I C A G O L A N D R I S K F O R U M . O R G Introduction Theresa Severson , VP Insurance & Risk, Retail Properties of America Inc. Mitchell Dane Henry ,

683 views • 21 slides
ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted

ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted

ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted environment Possibly with multiple tenants Setting OS: users / processes Browser: webpages / browser extensions Cloud: virtual machines (VMs)

272 views • 25 slides
Modelling childrens experiences of online skills, opportunities and risks: a European

Modelling childrens experiences of online skills, opportunities and risks: a European

Modelling childrens experiences of online skills, opportunities and risks: a European perspective Sonia Livingstone s.livingstone@lse.ac.uk Department of Media and Communications www.sonialivingstone.net London School of Economics and

408 views • 30 slides
Unit: Multicriteria decision analysis Learning goals I. General classification of strategies in

Unit: Multicriteria decision analysis Learning goals I. General classification of strategies in

Unit: Multicriteria decision analysis Learning goals I. General classification of strategies in Multi-objective Optimization based on the time of decision maker interaction. II. Ways to structure the decision making process III. What are

810 views • 43 slides
Second Language Acquisition and Corrective Feedback Corrective Feedback Eva Kartchava TESL

Second Language Acquisition and Corrective Feedback Corrective Feedback Eva Kartchava TESL

Second Language Acquisition and Corrective Feedback Corrective Feedback Eva Kartchava TESL Ottawa Spring PD Event Albert Street Education Centre Form-Focused Instruction pedagogical events that occur within meaning- based approaches

774 views • 31 slides
Hashing Garbled Circuits for Free Xiong Fan, Chaya Ganesh and Vladimir Kolesnikov Motivation

Hashing Garbled Circuits for Free Xiong Fan, Chaya Ganesh and Vladimir Kolesnikov Motivation

Hashing Garbled Circuits for Free Xiong Fan, Chaya Ganesh and Vladimir Kolesnikov Motivation Garbled circuits (GC) main technique for secure computation Motivation Garbled circuits (GC) main technique for secure computation Primitive in

2k views • 188 slides
strtrs r sst

strtrs r sst

strtrs r sst r rst

1.45k views • 121 slides
Proofs of Replicated Storage Without Timing Assumptions Ivan Damgrd, Chaya Ganesh, Claudio

Proofs of Replicated Storage Without Timing Assumptions Ivan Damgrd, Chaya Ganesh, Claudio

Proofs of Replicated Storage Without Timing Assumptions Ivan Damgrd, Chaya Ganesh, Claudio Orlandi @claudiorlandi Blockchain Research Applications Smart Contracts Transaction Layer Consensus Layer This talk Network Layer Motivation

439 views • 22 slides
The PARSEME Shared Task on Automatic Identification of Verbal Multiword Expressions (1.1) C.

The PARSEME Shared Task on Automatic Identification of Verbal Multiword Expressions (1.1) C.

Context Annotation methodology Corpora Shared task Wrapping up The PARSEME Shared Task on Automatic Identification of Verbal Multiword Expressions (1.1) C. Ramisch 1 , S. Ricardo 1 , A. Savary 2 , V. Vincze 3 , V. Barbu 4 , A. Bhatia 5 , M.

1.02k views • 25 slides

More recommend