Mining Someone Else's Magic World: Dwarf Fortress Story Generation
Manage Your Risk, Not Somebody Else's
-
Upload
ben-tomhave -
Category
Economy & Finance
-
view
199 -
download
1
description
Transcript of Manage Your Risk, Not Somebody Else's
Manage Your Risk,Not Somebody Else’s
Ben Tomhave, MS, CISSP@falconsview
Society of Information Risk Analysts
SciTech Information Security Committee
Image: http://www.flickr.com/photos/gsfc/5940408282/sizes/l/in/photostream/
The Problem Space…
All these regulations and standards…– PCI: Arbitrary & Capricious?– HIPAA: Confusing & Misunderstood?– NERC CIPs
Limited resources
Being reactive – how’s that working out?
Image: http://www.flickr.com/photos/supersonicphotos/3999192675/sizes/l/in/photostream/
Define Your Profile
How does your business operate?
What is most important to survival?
3 key attributes:1. Business processes
2. Assets
3. Prioritization (via risk analysis)
Image: http://www.flickr.com/photos/juhansonin/4734829999/sizes/l/in/photostream/
Get Organized
Collaborate across the business
Formalize methods and policies
Identify strategic tools– Improve communication– Optimize quality– Improve overall performance
Image: http://commons.wikimedia.org/wiki/File:Lion_tamer_(LOC_pga.03749).jpg
Practical Application #1
1. “Right Size” your obligations (outsource!)
2. Optimize the proactive to reduce the reactive
3. Reduce complexity (KISS principle)
Taming the Compliance Beast
Image: http://www.flickr.com/photos/jdhancock/3562071888/sizes/l/in/photostream/
Practical Application #2
Appropriate LOE and resources?– Set a defensible definition of “good enough”
Insource vs. Outsource– When to own it?– When to transfer it out?– What about insurance / self-insurance?
If you can’t win, then change the rules.– Resilience, anti-fragile, survivability, rugged, etc.– The goal is not to stop all bad things from happening!
Scaling Risk Management Practices
Image: http://www.flickr.com/photos/27745117@N00/3845403469/sizes/l/in/photostream/
Practical Application #3DevOps, RM, and the 3 Ways
Images: http://itrevolution.com/
1. Context
2. Assessment3. Treatment
4. Monitor & Review
Communication
The Three Ways
The First Way: Systems Thinking
The Second Way: Amplifying Feedback Loops
The Third Way: Culture of Continual Experimentation & Learning
Holistic, No Silos, Understand Value Streams
Communication, Rapid Response, Embed Knowledge
Innovate, Fail Fast / Learn Fast, “Freedom & Responsibility”
Image: http://itrevolution.com/the-three-ways-principles-underpinning-devops/
Image: http://www.flickr.com/photos/dexxus/5820866907/sizes/l/in/photostream/
To Recap…
Understand the problem space
Define your risk profile
Get organized
Practical application1. Tame the compliance beast
2. Scale risk management practices
3. The DevOps revolution
Thank You!
Ben Tomhave, MS, [email protected]