DeepINTEL 2018 Talk: Risk Management in Complex Scenarios – Oscar Serrano

Sanna/ November 8, 2018/ Conference, DeepIntel, Security

ICT risk management is a well-stabilized practice and as such is supported by international security standards and guidelines. But, despite advances in the legal and policy areas and the maturation of standardized frameworks for efficient risk management, it has still not become a controlled, systematic process in the cyber security domain of most organizations. One of the problems preventing organizations from having an enterprise approach to cyber security risk management is that these efforts have not been supported by commensurate investment to produce robust, technical implementations of suitable risk management methodologies and supporting systems. Although some tools do exist, such as PILAR, CRAMM, Ebios, Mehari, or Octave, they all implement different risk management methodologies and all of them are implemented to satisfy the need of specific users. None of them is a truly enterprise

Read More

Talk: IT Security Compliance Management can be done right

René Pfeiffer/ September 20, 2011/ Conference

Your IT infrastructure needs more than hardware or software. If your IT landscape is big enough you already know that. The question how to tackle compliance management remains. What kind of internal and external controls from regulations and other sources are there? What is IT-Risk and IT-Compliance management? Why and for whom does it matter? How can we handle it and how does compliance aggregation fit into the picture? First of all, you need to know whats in your environment, what assets your organisation consists of. How do you want to protect something if you don’t know it exists? Also make sure you know where it is. Charting the access paths to data is not a trivial task. Then you need to know the risk appetite of your company. How much risk are you

Read More