ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman...
-
Upload
devyn-brakefield -
Category
Documents
-
view
220 -
download
0
Transcript of ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman...
![Page 1: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/1.jpg)
ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD?
Julian TalbotJakeman Business Solutions Pty Ltd
ISO 31000 Conference 21-22 May 2012
G31000 the Global Risk Management Platform
![Page 2: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/2.jpg)
Once upon a time…
Pre-4360
AS/NZS 4360
31000
Integrated RM
4360(1995)
F earU ncertaintyD oubt
31000
![Page 3: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/3.jpg)
ISO31000
• Principles• Framework• Process
Communication and
Consultation
Monitoring and
Review
Risk Assessment
Establish the Context
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
![Page 4: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/4.jpg)
Why ISO31000 works for Security?
![Page 5: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/5.jpg)
Why ISO31000 works for Security?
• ‘Apples for apples’comparison:– taxonomy (eg: likelihood and consequence)– risk assessments by different assessors– Longitudinally– between divisions or other organisations– against environmental, safety, financial risks
• Better decisions and allocation of resources• Permission to add value• Ability to integrate methodologies
![Page 6: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/6.jpg)
Communication and
Consultation
Monitoring and
Review
Risk Assessment
Establish the Context
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
![Page 7: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/7.jpg)
![Page 8: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/8.jpg)
Enterprises…
• $30 billion budget• 120,000 people• 8,000 facilities• 41 Risk Criteria• 15 Divisions
www.riskebooks.comJulian Talbot (ASIS 2009) 8
![Page 9: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/9.jpg)
Australian Trade Commission (Austrade)
• Assists Australian businesses to export• 1,400 staff in 60 countries• 120 offices including 22 Consular posts• $400 million annual budget
![Page 10: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/10.jpg)
Understanding the risks
• Official sources including– Department of Foreign Affairs & Trade (DFAT)– National Threat Assessment Centre (NTAC)
• Open source and commercial providers• Internal capability
– Austrade posts and officers– Austrade Security Team
• Security Risk Assessments• Incident reporting
![Page 11: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/11.jpg)
Terrorism
Source: Nationmaster.com
![Page 12: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/12.jpg)
Assault
Source: Nationmaster.com
![Page 13: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/13.jpg)
Fraud
Source: Nationmaster.com
![Page 14: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/14.jpg)
![Page 15: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/15.jpg)
Enterprise Security Risk Assessment (ESRA)
• Defensible, systematic and robust basis for decision making and planning
• Provide senior management with an assessment of current and emerging risks
• Inform the development and application of ongoing budgets and security measures
![Page 16: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/16.jpg)
Enterprise Security Risk Assessment (ESRA)
• Whole of organisation/enterprise• Inform budget and systems planning• Known & emerging threats to the ‘business’
– Not location, activity or function specific
• ‘Enterprise Security Standards’– Based on location, activities and functions
![Page 17: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/17.jpg)
Enterprise Security Standards
1 2 3 4 5
VC S M M M M-Crypt
IMG S M M M-Crypt
PMV S M M M-Crypt
Esp. S M M-Crypt M-Crypt M-Crypt
VC S1 S2 2343-R1 2343-R2 2343-R2IMG S 2343-R1 2343-R2 2343-R2PMV S 2343-R1 2343-R2 2343-R2Esp. S S M 2343-G0
VC M M M10 M11 M12
IMG M M M10 M11 M11
PMV M M M10 M11 M11
Esp. M M M10 M11 M12
10 Pick-resistant hardened
11 Pick-resistant hardened, controlled profile
12 Pick-resistant hardened, restricted profile, organisation-endorsed
THREAT LEVELS
Intruder Alarm System
Window Treatments
Locks
![Page 18: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/18.jpg)
Results…
• Austrade:– 5 year $60 million security plan– Robust, well documented analysis– Business case - AUD$18.4 billion exports with
Austrade assistance (vs $12M p.a. on security)• Defence– 5 year $300 million security plan– Included - $120 million existing treatments
• Finance– 3 year $2 million security plan– Proportional - to the agency
![Page 19: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/19.jpg)
Last points…
1. All SR Managers2. Something free?3. Business card?4. Been robbed? 5. Been a robber? 6. Illegal drugs?7. Been to Africa?8. Papua New Guinea?9. Motorcycle license?
![Page 20: ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649c815503460f94938e8a/html5/thumbnails/20.jpg)
Last points…
1. All SR Managers2. Be prepared3. Time critical4. Emotional decisions5. Red teaming6. 15% of the economy7. It’s personal!8. Big risk taker!9. HUGE risk taker!