Risk Management Approach Draft

The document outlines Sumeru Information Security Consultants' risk management approach. It involves 5 phases: [1] understanding organizational risk culture and appetite, [2] identifying risks through assessment of assets and services, [3] analyzing risks through evaluation of likelihood and impact, [4] treating risks by reducing, transferring, terminating or tolerating them, and [5] continuously communicating, monitoring and reviewing the risk management process. The approach aims to help clients establish a comprehensive risk management program.

Uploaded by

salman

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

60 views9 pages

Risk Management Approach Draft

Uploaded by

salman

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 9

Risk Management

Approach
Sumeru Information Security Consultants
INNOVATION | COMMITMENT | EXCELLENCE
Understanding the Scope

1 Begin with a Risk Culture awareness

2 Form an understanding on the current Risk Appetite

3 Discuss existing Risk tolerance with the Stakeholders

Form an understanding of the business, strategy, operations & technical context in par

4 with people, processes and technology

Risk Management Process
Overall Approach
Risk Assessment

Risk
Identification
Risk analysis
• Risk Register
Risk Evaluation • Risk Treatment
Based on CIA status
criticality value
Based on Risk Treatment
probability or
likelihood of the Risk
threat to occur
Communication
Based on the
impact of the Monitor &
consequences Review
Treat, Terminate,
Tolerate & Transfer
• An iterative
process
• Risk Owners
Risk Identification Approach

Process Services • Utilize the context

• Utilize the context
information information gathered
• Identify the from the organization
confidentiality • Assess the risk based
requirement on public/private
• Identify the integrity access
requirement • Assess the risk to
• Identify the availability confirm the
requirement completeness of info
• Classify the risk based • Uptime/Downtime of
on low, medium or the service at all times
high • Identify the risks
• Calculate the risk relevant to the service
criticality value • Derive the risk
criticality value
Risk Analysis Approach
Likelihood

Threat • Likelihood of the Vulnerability • Vulnerabilities are

threat occurring weaknesses
• natural threats associated with an
• unintentional threats organization’s
(an employee assets/services
mistakenly accessing • Understanding
the wrong your vulnerabilities is
information) the first step to
• intentional threats managing your risk
(spyware, malware, • E.g. what kind of
adware) network security
Risk Evaluation Approach

Impact • the measure of Consequence

• a consequence
business impact that value based on the
could be caused to the
level of impact from
organization if the
identified risks were to highly catastrophic,
materialize moderate or minor
affect

Risk value = Risk criticality value * likelihood * consequence

Risk Treatment Approach

Transfer Terminate (Avoid) Tolerate

Treat
• Insuring: Insure • Discontinuing the • If the level of risk
service will not affect meets the risk
• Risk Reduction the associated
the business acceptance criteria,
• Risk Deduction Asset / Service • Identified risk is too there is no need for
• Control • Outsourcing: complicated to be implementing
Enhancement qualified third mitigated additional controls
• Control party service • Cost of Risk and the risk can be
Implementation provider treatment exceed accepted.
the benefits
Risk Communication | Monitor & Review

Risk
Identification Risk Register

Risk Risk Risk

Risk Treatment Plan Risk Prioritization Review
Communication Risk Analysis Communication Communication

Risk Treatment Status

Risk Evaluation

Phase 1 Phase 2 Phase 3 Phase 4 Phase 5

Risk Corrective Risk Review with

Current State Risk Preparation of Risk Meeting with Risk
Culture Treatment Plan Actions for risk Acceptance Management on
Register Assessment Report Owners
Discussion mitigation criteria Risk register
Thank You!

Business Risk Management Basics
No ratings yet
Business Risk Management Basics
77 pages
RiskMgtSecurity - Banglisan Cipriano Crisostomo Regalario PDF
No ratings yet
RiskMgtSecurity - Banglisan Cipriano Crisostomo Regalario PDF
5 pages
Lecture 3
No ratings yet
Lecture 3
29 pages
Comprehensive Risk Management Guide
No ratings yet
Comprehensive Risk Management Guide
166 pages
Security Risk Management Guide
0% (1)
Security Risk Management Guide
53 pages
CRM Tee
No ratings yet
CRM Tee
151 pages
Chapter 34 Risk Management
No ratings yet
Chapter 34 Risk Management
54 pages
Security Risk Management
No ratings yet
Security Risk Management
35 pages
Cybersecurity Risk Guide for Managers
No ratings yet
Cybersecurity Risk Guide for Managers
12 pages
02 - Risk Identification V 2.0
No ratings yet
02 - Risk Identification V 2.0
49 pages
Risk Management Guide 2012
No ratings yet
Risk Management Guide 2012
12 pages
Week 8 - Risk Management + Technology Audits
No ratings yet
Week 8 - Risk Management + Technology Audits
41 pages
Giu 2722 65 22161 2025-02-11T13 13 41
No ratings yet
Giu 2722 65 22161 2025-02-11T13 13 41
44 pages
Session 5 Cyber Security Risks and Vulnerabilities
No ratings yet
Session 5 Cyber Security Risks and Vulnerabilities
14 pages
CRISC Session2 Slides
No ratings yet
CRISC Session2 Slides
49 pages
Risk Management Overview: Page 1 of 5
No ratings yet
Risk Management Overview: Page 1 of 5
5 pages
Information Security Risk Management
No ratings yet
Information Security Risk Management
76 pages
Risk Management For E-Business
No ratings yet
Risk Management For E-Business
4 pages
Lecture 2 Risk Control
No ratings yet
Lecture 2 Risk Control
35 pages
Chap 8
No ratings yet
Chap 8
22 pages
Risk Assessment Info Security
No ratings yet
Risk Assessment Info Security
16 pages
Security Risk Management - Approaches and Methodology
100% (1)
Security Risk Management - Approaches and Methodology
13 pages
Giu 2722 62 15934 2024-02-18T10 26 12
No ratings yet
Giu 2722 62 15934 2024-02-18T10 26 12
46 pages
Risk Management
No ratings yet
Risk Management
12 pages
Professional MSC Cyber Security Principle
No ratings yet
Professional MSC Cyber Security Principle
10 pages
Esu Sec Week 6 Risk
No ratings yet
Esu Sec Week 6 Risk
51 pages
Risk CNTRL Strategies
No ratings yet
Risk CNTRL Strategies
9 pages
Bsais - Mit - Chapter 1 - Unit 6
No ratings yet
Bsais - Mit - Chapter 1 - Unit 6
8 pages
Information Risk Management Guide
No ratings yet
Information Risk Management Guide
43 pages
6 Steps To A What You Should Know About Politics
No ratings yet
6 Steps To A What You Should Know About Politics
11 pages
Notes From Isaca Crisc Review Corurse
No ratings yet
Notes From Isaca Crisc Review Corurse
18 pages
Module 4
No ratings yet
Module 4
31 pages
Risk Is A Function of The Likelihood of A Given Threat-Source's Exercising A Particular Potential Vulnerability, and The Resulting Impact of That Adverse Event On The Organization
No ratings yet
Risk Is A Function of The Likelihood of A Given Threat-Source's Exercising A Particular Potential Vulnerability, and The Resulting Impact of That Adverse Event On The Organization
4 pages
Chap 7 Security
No ratings yet
Chap 7 Security
69 pages
Lecture 2.
No ratings yet
Lecture 2.
10 pages
Cybersecurity Risk Management Summation
No ratings yet
Cybersecurity Risk Management Summation
3 pages
Risk Management
No ratings yet
Risk Management
6 pages
Lec 4
No ratings yet
Lec 4
30 pages
CISM Risk Management Guide
No ratings yet
CISM Risk Management Guide
123 pages
Unit 6
No ratings yet
Unit 6
30 pages
Chapter 5 - Risk Management
No ratings yet
Chapter 5 - Risk Management
66 pages
Is Note Final
No ratings yet
Is Note Final
24 pages
Security Plus Unit 8
No ratings yet
Security Plus Unit 8
59 pages
VAPT
No ratings yet
VAPT
23 pages
Risk Management Process
No ratings yet
Risk Management Process
40 pages
Report Cyberrrrr
No ratings yet
Report Cyberrrrr
37 pages
Risk Management
No ratings yet
Risk Management
11 pages
Unit I - Updated
No ratings yet
Unit I - Updated
114 pages
Unit 7 - Risk Management
No ratings yet
Unit 7 - Risk Management
37 pages
Cybersecurity Risk Guide for SMBs
No ratings yet
Cybersecurity Risk Guide for SMBs
13 pages
Lecture 4 - Risk Assessment
No ratings yet
Lecture 4 - Risk Assessment
37 pages
Unit-3 It Security
No ratings yet
Unit-3 It Security
21 pages
CRISCb AllSlides
No ratings yet
CRISCb AllSlides
51 pages
Risk Management Approach For ISO27001
No ratings yet
Risk Management Approach For ISO27001
3 pages
Esss-Unit 3
No ratings yet
Esss-Unit 3
30 pages
Example Cyber Security Risk Management Framework Template RMF
100% (1)
Example Cyber Security Risk Management Framework Template RMF
19 pages
Cyber Security Risk Assessment Checklist
No ratings yet
Cyber Security Risk Assessment Checklist
11 pages
Etabs Project Report
No ratings yet
Etabs Project Report
40 pages
Mario Nyt
No ratings yet
Mario Nyt
7 pages
DLL Week 7
No ratings yet
DLL Week 7
3 pages
Retail Banking in India (FULL)
No ratings yet
Retail Banking in India (FULL)
53 pages
Jamb Economics Syllabus
No ratings yet
Jamb Economics Syllabus
18 pages
Flow Through A Venturi Meter
No ratings yet
Flow Through A Venturi Meter
13 pages
Supply Chain Expert's Career Journey
No ratings yet
Supply Chain Expert's Career Journey
1 page
Recent Aspects of Oil and Gas Internal Pipeline Corrosion Control
No ratings yet
Recent Aspects of Oil and Gas Internal Pipeline Corrosion Control
25 pages
Al-Maqrizi: Social & Scientific Life
No ratings yet
Al-Maqrizi: Social & Scientific Life
16 pages
Lecture26 Ee474 High Speed Io Overview
No ratings yet
Lecture26 Ee474 High Speed Io Overview
40 pages
Paket A
No ratings yet
Paket A
12 pages
Elmachi1 - Lecture18 - (Parallel Operation of Generators)
0% (1)
Elmachi1 - Lecture18 - (Parallel Operation of Generators)
16 pages
Agribusiness Supply Chain Guide
No ratings yet
Agribusiness Supply Chain Guide
65 pages
Tile Hatch Creator2
No ratings yet
Tile Hatch Creator2
3 pages
Dan Appleman's Developing ActiveX Components With Visual Basic 5.0
No ratings yet
Dan Appleman's Developing ActiveX Components With Visual Basic 5.0
10 pages
Kobra 2 Max How To Set Up Kobra 2 Max Printer Parameters and Import
No ratings yet
Kobra 2 Max How To Set Up Kobra 2 Max Printer Parameters and Import
6 pages
Book of Extinction
100% (11)
Book of Extinction
255 pages
12 Tissue Salts in Homeopathy Good
No ratings yet
12 Tissue Salts in Homeopathy Good
3 pages
FS Final AEI 31 December 2023
No ratings yet
FS Final AEI 31 December 2023
185 pages
Fix32 Scada-3
100% (1)
Fix32 Scada-3
50 pages
Graduate Student Positions: Job Location Information
No ratings yet
Graduate Student Positions: Job Location Information
1 page
Grade 1
No ratings yet
Grade 1
2 pages
DeltaV Power and Grounding
No ratings yet
DeltaV Power and Grounding
192 pages
S6909 Medical Certificate at MP December 2020 Non Sec Fill 0
No ratings yet
S6909 Medical Certificate at MP December 2020 Non Sec Fill 0
4 pages
Bio N Fertilization On Corn PDF
100% (2)
Bio N Fertilization On Corn PDF
5 pages
Eng 10-3
No ratings yet
Eng 10-3
3 pages
Software Engineering
No ratings yet
Software Engineering
10 pages
UniMAP BPA Sarjana Muda Sidang Akademik 2023-2024
No ratings yet
UniMAP BPA Sarjana Muda Sidang Akademik 2023-2024
523 pages
The Finite Volume Method For The 2D Euler Equations
No ratings yet
The Finite Volume Method For The 2D Euler Equations
6 pages
Dilla University,, Department of Psychiatry
No ratings yet
Dilla University,, Department of Psychiatry
39 pages