24

The Strengths & Limitations of Risk Management Standards TOG Baltimore, July 20, 2015 Ben Tomhave

The Strengths & Limitations of Risk Management Standards

Download PPTX Report

Upload
ben-tomhave
View
145
Download
0

Tags:

Embed Size (px)

Citation preview

Page 1: The Strengths & Limitations of Risk Management Standards

The Strengths & Limitations of Risk Management Standards

TOG Baltimore, July 20, 2015Ben Tomhave

Page 2: The Strengths & Limitations of Risk Management Standards

Let’s be frank…

Frank Gehry responds to critics during a press conference in Oviedo, SpainPhoto via: Faro de Vigohttps://news.artnet.com/in-brief/frank-gehry-gives-spanish-critics-the-finger-143262

Page 3: The Strengths & Limitations of Risk Management Standards

Standards, while useful, are no panacea.

Page 4: The Strengths & Limitations of Risk Management Standards

The strength of standards is that they provide a reasonable,

common starting point.

Page 5: The Strengths & Limitations of Risk Management Standards

Key Limitations

By virtue of being generalized to a relatively broad audience…

1. Standards, and their associated frameworks, require customization and are rarely directly implementable.

2. As a result, while standards do provide the starting point for an effort, they still require expending resources to achieve a desirable result.

Page 6: The Strengths & Limitations of Risk Management Standards

What are we talking about?

• Standards related to cybersecurity and risk management. Not protocols.

• Typically large, general-purpose works.• Examples:– ISACA’s COBIT 5– ISO 31000 and 27000 series– NIST SP/FIPS/etc.– Standards from orgs like TOG (e.g, Open FAIR)

Page 7: The Strengths & Limitations of Risk Management Standards

LET’S DRILL-DOWN…

Page 8: The Strengths & Limitations of Risk Management Standards

ISACA’s COBIT 5

Page 9: The Strengths & Limitations of Risk Management Standards

COBIT 5 Details…

• The primary standard is hundreds of pages long, and overall is a collection of several documents.

• “COBIT 5 for Risk” alone is 244 pages.• This is incredibly unwieldy!

Page 10: The Strengths & Limitations of Risk Management Standards

COBIT 5 Risk Response Workflow

Page 11: The Strengths & Limitations of Risk Management Standards

ISO 31000

Page 12: The Strengths & Limitations of Risk Management Standards

ISO 27005

Page 13: The Strengths & Limitations of Risk Management Standards

NIST RMF

Page 14: The Strengths & Limitations of Risk Management Standards

NIST SP800-39“Managing Information Security Risk”

Page 15: The Strengths & Limitations of Risk Management Standards

NIST SP800-39“Managing Information Security Risk”

Page 16: The Strengths & Limitations of Risk Management Standards

NIST SP800-30“Guide for Conducting Risk Assessments”

Page 17: The Strengths & Limitations of Risk Management Standards

NIST SP800-30“Guide for Conducting Risk Assessments”

Page 18: The Strengths & Limitations of Risk Management Standards

NIST SP800-30 (3 of 3)“Guide for Conducting Risk Assessments”

Page 19: The Strengths & Limitations of Risk Management Standards

Lessons from NIST?

• There’s a LOT to the standards.• There’s a lot of misunderstanding, too.• You still need to do “stuff”…• In fact, if under FISMA, you have a LOT to do.• In private industry, take time to understand.

Page 20: The Strengths & Limitations of Risk Management Standards

TOG’s OpenFAIR

Page 21: The Strengths & Limitations of Risk Management Standards

Closing thoughts

• Standards are useful, but no panacea.• Standards can reduce some planning efforts,

but still require work.• Semper Gumby!

Page 22: The Strengths & Limitations of Risk Management Standards

Bonus Point!

Right-Sizing: Just how much do you need??

Is…

Data Value + System Value + Resilience/Defensibility

…generally adequate?

Page 23: The Strengths & Limitations of Risk Management Standards

Q & A?

Page 24: The Strengths & Limitations of Risk Management Standards

THANK YOU!

Ben Tomhave @falconsview [email protected]

Topics for Today Final Report Presentation Project overview Model strengths and limitations

Topics for Today Final Report Presentation Project overview Model strengths and limitations

Documents

STRENGTHS AND LIMITATIONS OF QUANTITATIVE RESEARCH APPLIED … · · 2016-07-18STRENGTHS AND LIMITATIONS OF QUANTITATIVE RESEARCH APPLIED IN ... limitations of quantitative research

STRENGTHS AND LIMITATIONS OF QUANTITATIVE RESEARCH APPLIED … · · 2016-07-18STRENGTHS AND LIMITATIONS OF QUANTITATIVE RESEARCH APPLIED IN ... limitations of quantitative research

Documents

Strengths, Limitations, and Controversies of DNA Evidence

Strengths, Limitations, and Controversies of DNA Evidence

Documents

Pattern scaling: Its strengths and limitations, and an ...opensky.ucar.edu › islandora › object › articles:13269... · Pattern scaling: Its strengths and limitations, and an

Pattern scaling: Its strengths and limitations, and an ...opensky.ucar.edu › islandora › object › articles:13269... · Pattern scaling: Its strengths and limitations, and an

Documents

Permits, Effluent Limitations and Standards

Permits, Effluent Limitations and Standards

Documents

Opportunities and Limitations - Cornell University · Opportunities and Limitations. Bruce Lauber. Objectives ... Capacity – strengths and limitations

Opportunities and Limitations - Cornell University · Opportunities and Limitations. Bruce Lauber. Objectives ... Capacity – strengths and limitations

Documents

National Occupational Standards for Deck Operations · PDF fileequipment capabilities (e.g. capacities, strengths, weaknesses and limitations) ... DATE May 2007 Deck Operations . REV

National Occupational Standards for Deck Operations · PDF fileequipment capabilities (e.g. capacities, strengths, weaknesses and limitations) ... DATE May 2007 Deck Operations . REV

Documents

Centralized Waste Treatment Effluent Limitations Guidelines and Pretreatment Standards ... · 2012-09-26 · information on effluent limitations guidelines and pretreatment standards

Centralized Waste Treatment Effluent Limitations Guidelines and Pretreatment Standards ... · 2012-09-26 · information on effluent limitations guidelines and pretreatment standards

Documents

The Strengths and Limitations of Jeffersonian Democracy

The Strengths and Limitations of Jeffersonian Democracy

Documents

DNP Project Paper/Journal Article RubricStrengths and limitations of project adequately discussed. Strengths and limitations of project poorly discussed. Strengths and limitations

DNP Project Paper/Journal Article RubricStrengths and limitations of project adequately discussed. Strengths and limitations of project poorly discussed. Strengths and limitations

Documents

The O*NET content model: strengths and limitations O*NET content model: strengths and limitations 159 programs, and voluntary industry skills standards, as well as the traditional

The O*NET content model: strengths and limitations O*NET content model: strengths and limitations 159 programs, and voluntary industry skills standards, as well as the traditional

Documents

Lo isiana’s Val e AddedLouisiana’s Value Added Assessment ... · Value Added Assessment: Uses and limitations Strengths Limitations •Can be used to identify strengths and weaknesses

Lo isiana’s Val e AddedLouisiana’s Value Added Assessment ... · Value Added Assessment: Uses and limitations Strengths Limitations •Can be used to identify strengths and weaknesses

Documents

STRENGTHS & LIMITATIONS OF ALL EIGHT EVIDENCE TYPES

STRENGTHS & LIMITATIONS OF ALL EIGHT EVIDENCE TYPES

Documents

MEASURING PERFORMANCE: Strengths and Limitations of ...United States General Accounting Office ... March 1997 MEASURING PERFORMANCE Strengths and Limitations of Research Indicators

MEASURING PERFORMANCE: Strengths and Limitations of ...United States General Accounting Office ... March 1997 MEASURING PERFORMANCE Strengths and Limitations of Research Indicators

Documents

Strengths and Limitations of High-Resolution …cardis.iaik.tugraz.at/proceedings/cardis_2012/CARDIS2012...Strengths and Limitations of High-Resolution Electromagnetic Field Measurements

Strengths and Limitations of High-Resolution …cardis.iaik.tugraz.at/proceedings/cardis_2012/CARDIS2012...Strengths and Limitations of High-Resolution Electromagnetic Field Measurements

Documents

Strengths and Limitations of NGS for Forensic DNA Analysis · Strengths and Limitations of NGS for Forensic DNA Analysis Douglas R. Storts, PhD Head of Research . 2 Promega Corporation

Strengths and Limitations of NGS for Forensic DNA Analysis · Strengths and Limitations of NGS for Forensic DNA Analysis Douglas R. Storts, PhD Head of Research . 2 Promega Corporation

Documents

Squash Smear Cytology, CNS Lesions – Strengths and Limitations

Squash Smear Cytology, CNS Lesions – Strengths and Limitations

Documents

Strengths and Limitations of Research Indicators GAO/RCED-97-91

Strengths and Limitations of Research Indicators GAO/RCED-97-91

Documents

The English Arbitration Act 1996: Strengths and Limitations. Nick Marsh

The English Arbitration Act 1996: Strengths and Limitations. Nick Marsh

Law

Monocular Vision: Occupational Limitations and Current Standards

Monocular Vision: Occupational Limitations and Current Standards

Documents

Corporate Partnerships and Community Development in the Nigerian Oil Industry: Strengths and Limitations

Corporate Partnerships and Community Development in the Nigerian Oil Industry: Strengths and Limitations

Documents

Lesson 3 Mediums of Sculpture...Mediums of Sculpture rock wood Strengths Limitations Strengths Limitations metal clay Strengths Limitations Strengths Limitations . 13 Lesson 3 Plastic

Lesson 3 Mediums of Sculpture...Mediums of Sculpture rock wood Strengths Limitations Strengths Limitations metal clay Strengths Limitations Strengths Limitations . 13 Lesson 3 Plastic

Documents

Addressing The Limitations Of Open Standards

Addressing The Limitations Of Open Standards

Documents

Strengths and Limitations of Forensic Sciece: What DNA

Strengths and Limitations of Forensic Sciece: What DNA

Documents

Strengths and Limitations of the Wavelet Spectrum Method ... · Strengths and Limitations of the Wavelet Spectrum Method in the Analysis of Internet Traffic Stilian Stoev, Murad Taqqu,

Strengths and Limitations of the Wavelet Spectrum Method ... · Strengths and Limitations of the Wavelet Spectrum Method in the Analysis of Internet Traffic Stilian Stoev, Murad Taqqu,

Documents

Strengths and Limitations of NGS for Forensic DNA Analysis€¦ · Strengths and Limitations of NGS for Forensic DNA Analysis Douglas R. Storts, PhD Head of ... Data Analysis General

Strengths and Limitations of NGS for Forensic DNA Analysis€¦ · Strengths and Limitations of NGS for Forensic DNA Analysis Douglas R. Storts, PhD Head of ... Data Analysis General

Documents

Assessing the strengths and limitations of Business Model ...942100/FULLTEXT01.pdf · Assessing the strengths and limitations of Business Model Frameworks for Product Service Systems

Assessing the strengths and limitations of Business Model ...942100/FULLTEXT01.pdf · Assessing the strengths and limitations of Business Model Frameworks for Product Service Systems

Documents

Peer review: strengths, limitations and · Peer review: strengths, limitations and ... • The evaluation of the scholarly products of research, such as, ... that the peer review

Peer review: strengths, limitations and · Peer review: strengths, limitations and ... • The evaluation of the scholarly products of research, such as, ... that the peer review

Documents

The Queen City and Sparta GAMs Strengths & Limitations for Groundwater Management

The Queen City and Sparta GAMs Strengths & Limitations for Groundwater Management

Documents

Strengths and limitations of Early Warning Scores: …eprints.whiterose.ac.uk/121108/3/DowneyC_IJNS...1 Strengths and limitations of Early Warning Scores: a systematic review and narrative

Strengths and limitations of Early Warning Scores: …eprints.whiterose.ac.uk/121108/3/DowneyC_IJNS...1 Strengths and limitations of Early Warning Scores: a systematic review and narrative

Documents