slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Enterprise Security Risk Management Security and the ISO31000 Standard ? PowerPoint Presentation
Download Presentation
Enterprise Security Risk Management Security and the ISO31000 Standard ?

Loading in 2 Seconds...

play fullscreen
1 / 21

Enterprise Security Risk Management Security and the ISO31000 Standard ? - PowerPoint PPT Presentation


  • 123 Views
  • Uploaded on

Enterprise Security Risk Management Security and the ISO31000 Standard ?. Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May 2012 G31000 the Global Risk Management Platform. Once upon a time…. 4360 ( 1995). F ear U ncertainty D oubt. 31000. ISO31000.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Enterprise Security Risk Management Security and the ISO31000 Standard ?


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    slide1

    Enterprise Security Risk Management Security and the ISO31000 Standard?

    Julian Talbot

    Jakeman Business Solutions Pty Ltd

    ISO 31000 Conference 21-22 May 2012

    G31000 the Global Risk Management Platform

    once upon a time
    Once upon a time…

    4360

    (1995)

    F ear

    U ncertainty

    D oubt

    31000

    iso31000
    ISO31000

    Communication

    and

    Consultation

    Establish the Context

    Monitoring

    and

    Review

    • Principles
    • Framework
    • Process

    Risk Assessment

    Risk Identification

    Risk Analysis

    Risk Evaluation

    Risk Treatment

    why iso31000 works for security1
    Why ISO31000 works for Security?
    • ‘Apples for apples’comparison:
      • taxonomy (eg: likelihood and consequence)
      • risk assessments by different assessors
      • Longitudinally
      • between divisions or other organisations
      • against environmental, safety, financial risks
    • Better decisions and allocation of resources
    • Permission to add value
    • Ability to integrate methodologies
    slide6

    Communication

    and

    Consultation

    Establish the Context

    Monitoring

    and

    Review

    Risk Assessment

    Risk Identification

    Risk Analysis

    Risk Evaluation

    Risk Treatment

    enterprises
    Julian Talbot (ASIS 2009)Enterprises…
    • $30 billion budget
    • 120,000 people
    • 8,000 facilities
    • 41 Risk Criteria
    • 15 Divisions
    australian trade commission austrade
    Australian Trade Commission (Austrade)
    • Assists Australian businesses to export
    • 1,400 staff in 60 countries
    • 120 offices including 22 Consular posts
    • $400 million annual budget
    understanding the risks
    Understanding the risks
    • Official sources including
      • Department of Foreign Affairs & Trade (DFAT)
      • National Threat Assessment Centre (NTAC)
    • Open source and commercial providers
    • Internal capability
      • Austrade posts and officers
      • Austrade Security Team
    • Security Risk Assessments
    • Incident reporting
    terrorism
    Terrorism

    Source: Nationmaster.com

    assault
    Assault

    Source: Nationmaster.com

    fraud
    Fraud

    Source: Nationmaster.com

    enterprise security risk assessment esra
    Enterprise Security Risk Assessment (ESRA)
    • Defensible, systematic and robust basis for decision making and planning
    • Provide senior management with an assessment of current and emerging risks
    • Inform the development and application of ongoing budgets and security measures
    enterprise security risk assessment esra1
    Enterprise Security Risk Assessment (ESRA)
    • Whole of organisation/enterprise
    • Inform budget and systems planning
    • Known & emerging threats to the ‘business’
      • Not location, activity or function specific
    • ‘Enterprise Security Standards’
      • Based on location, activities and functions
    results
    Results…
    • Austrade:
      • 5 year $60 million security plan
      • Robust, well documented analysis
      • Business case - AUD$18.4 billion exports with Austrade assistance (vs $12M p.a. on security)
    • Defence
      • 5 year $300 million security plan
      • Included - $120 million existing treatments
    • Finance
      • 3 year $2 million security plan
      • Proportional - to the agency
    last points
    Last points…
    • All SR Managers
    • Something free?
    • Business card?
    • Been robbed?
    • Been a robber?
    • Illegal drugs?
    • Been to Africa?
    • Papua New Guinea?
    • Motorcycle license?
    last points1
    Last points…
    • All SR Managers
    • Be prepared
    • Time critical
    • Emotional decisions
    • Red teaming
    • 15% of the economy
    • It’s personal!
    • Big risk taker!
    • HUGE risk taker!
    slide21

    Thank you

    Contact me at:

    julian.talbot@jakeman.com.au

    Download this presentation from:

    www.jakeman.com.au