Embed Size (px)
Citation preview
RISK AND VULNERABILITY MANAGEMENTthe organization can visualize these enterprise risks and their potential repercussions across the architecture by combining individual risk ratings into an organizational risk exposure level. If the level is unacceptable, the organization may begin developing detailed mitigation plans to limit their overall risk exposure.
Plan Priorities and Take ActionExostrategies’s processes allow organizations to establish priorities and timelines based on affordability—the availability of sufficient financial resources—balanced against acceptable levels of risk. This linkage provides the foundation for enterprise risk acceptance centered on risk criticality, priority, and overall affordability. If the risk mitigation requirements are not affordable, then there are three actions an organization can take: 1) reduce architectural objectives by eliminating capabilities or services with unmitigable vulnerabilities, 2) delay architectural evolution by shifting the mitigation schedule, or 3) accept a higher level of enterprise risk. Taking one or more of these actions allows the organization to select a plan that will sustain the desired level of operations.
IdentifyRisks
IdentifyCritical
Requirements
PlanMitigation& Funding
Analyze &Evaluate
Risks
IdentifyCriticalCapabilities
IdentifyVulnerabilities
IdentifyThreats
ENTERPRISERISKS
ENTERPRISEARCHITECTURE
SCHEDULEAND COSTS
ENTERPRISERISKS
“There are risks and costs to a program of action. But they are far less than the long-range risks and costs of comfortable inaction.”
– John F. Kennedy1
An integrated, agile enterprise risk management process enables an organization to view the potential impacts of risks on strategic programs, processes, activities, stakeholders, and products. Unremitting detailed analysis of emerging risks and vulnerabilities, their relation to critical capabilities and services, and their evaluation against the holistic enterprise—to include external influences—is critical to maintaining consistent operations. Exostrategies’s Integrated Decision Support Services (IDS2), powered by Architex™, provide a structured way to integrate recommended risk mitigation strategies with an enterprise project portfolio.
Identify Vulnerabilities, Capabilities, and ThreatsTo incorporate risk management into the enterprise, organizations must first identify the requirements essential to operations. Once key capabilities and services are established, the next step is to assess the vulnerabilities exposed for each critical area. The possibility of a threat to these vulnerabilities becomes a risk to the organization and its operations; thus, traceability is established between the risks and the enterprise.
Analyze Risk ExposureAfter a risk’s root cause is determined, it is evaluated against predetermined criteria to estimate the probability of the root cause occurring. Establishing the impact if the risk is realized is the second piece to quantifying these assessments as a risk rating. Using Exostrategies’s proven processes and software,
www.exostrategies.com
1365 W. Garden of the Gods Rd. Suite 220Colorado Springs, CO 80907
© 2018 Exostrategies, Inc.
(1) Lodi (Calif.) News-Sentinel. 1961. “Times Call For Liberal Action, Says Kennedy.” May 13, 1961. https://news.google.com/ newspapers?id=QOgzAAAAIBAJ&sjid= g4HAAAAIBAJ&dq=americans+for+democratic+action&pg=7056,2944411&hl=en.
and decision support tools. Our proven processes • Manage the roadmap and all elements of the enterprise’s architecture, including cybersecurity; • Integrate project portfolio and investment costs and schedules; and • Assess enterprise risks and associated mitigation costs.
HEADQUARTERSCOLORADO
SPRINGS, CO
OMAHA, NE
LOS ANGELES, CA
O’FALLON, IL
NCR OFFICEALEXANDRIA, VA
MIAMI, FL
TAMPA, FL
FORT MEADE, MD
FAIRFAX, VA
STUTTGART, GERMANY
SEOUL,REPUBLIC OF KOREA
WHO WE ARE
Our services: • Integrated Decision Support Services • Enterprise Architecture Management • Project Portfolio Management • Enterprise Risk and Vulnerability Management
Exostrategies is a professional services company that provides affordable enterprise architecture services to the space and intelligence communities, where budgets are constrained and threats evolve at an increasingly rapid pace.
Exostrategies employees’ years of experience, technical expertise, and management skills deliver innovative solutions to help customers achieve their objectives affordably and at measured risk. The emphasis is on affordable enterprise transformation in anticipation of evolving threats to critical infrastructure and operations.
Exostrategies’s Integrated Decision Support Services (IDS2), powered by Architex™, enable a rapid reaction to changes that affect customers. IDS2 provides agile, confidant decision making through innovative processes, investment modeling, simulation,
www.exostrategies.com
