metrics that matter security risk analytics
play

Metrics That Matter Security Risk Analytics Katy Loughney , Director - PowerPoint PPT Presentation

Apr 21, 2023 •139 likes •376 views

| Smart Metrics, Intelligent Decisions Metrics That Matter Security Risk Analytics Katy Loughney , Director of Risk Analytics, West - Brinqa March 14 th , 2014 What Matters to CIOs?

  1. | Smart Metrics, Intelligent Decisions Metrics That Matter – Security Risk Analytics Katy Loughney , Director of Risk Analytics, West - Brinqa March 14 th , 2014

  2. What Matters to CIOs? http://online.wsj.com/news/articles/SB10001424052702304680904579364641778947268?mod=ITP_journalreport_0 | Smart Metrics, Intelligent Decisions Confidential

  3. IT Professionals Do Not Communicate Security Risk September, 2013 - Tripwire, Inc., released results from an extensive study focused on the state of risk-based security management with the Ponemon Institute. Key findings from the survey include:  64% said they don’t communicate security risk with senior executives or only communicate when a serious security risk is revealed  47% said that collaboration between security risk management and business is poor, nonexistent, or adversarial  51% rated their communication of relevant security risks to executives as “not effective.”  When asked why communicating relevant security risks to executives was not effective: – 68% of the respondents said communications are too siloed. – 61% said communication occurs at too low a level. – 61% aid the information is too technical to be understood by non- technical management. – 59% said negative facts are filtered before being disclosed to senior executives and the CEO http://www.prweb.com/releases/2013/9/prweb11095496.htm | Smart Metrics, Intelligent Decisions Confidential

  4. Analytics is the process of Signal Detection | Smart Metrics, Intelligent Decisions Confidential

  5. The Signal and The Noise Data are neither signal nor noise - data are merely facts. When facts are useful they serve as signals. When they aren’t useful, data clutter the environment with distracting noise. For data to be useful, they must:  Address something that matters  Promote understanding  Provide an opportunity for action to achieve or maintain a desired state Without these qualities, data is noise. | Smart Metrics, Intelligent Decisions Confidential

  6. Why Do We Need Security Risk Analytics? A common request from the leadership is to report on metrics from various areas that point out which businesses, processes, or systems are most at risk and require immediate attention.  Risk reporting based on business context  Compliance is no longer the driver  Risk prioritization rather than risk elimination  Big data and automation | Smart Metrics, Intelligent Decisions Confidential

  7. Operational Metrics are NOT Risk Metrics | Smart Metrics, Intelligent Decisions Confidential

  8. Key Challenges | Smart Metrics, Intelligent Decisions Confidential

  9. Key Challenges In Implementing Risk Analytics  Varied and disparate risk inventories » Uncorrelated and redundant data included in reporting » Prohibits establishing a common inherent risk inventory » No historical data for trending and forecasting  Manual and inconsistent data aggregation and correlation » Ambiguous and incomplete risk interpretation » Resource and time intensive  Subjective and non-standard risk measurement » Resources spent addressing non-prioritized issues » Miscommunication and misunderstanding of risk across enterprise  Operational teams lack understanding of business outcomes » Limits business unit’s ability to understand and accept risk » Inability to measure improvements and predict threats » Reactive vs. proactive decision making | Smart Metrics, Intelligent Decisions Confidential

  10. Technology Risk Analytics Use Case | Smart Metrics, Intelligent Decisions Confidential

  11. | Smart Metrics, Intelligent Decisions Confidential

  12. Context Based Security Risk Metrics | Smart Metrics, Intelligent Decisions Confidential

  13. | Smart Metrics, Intelligent Decisions Confidential

  14. | Smart Metrics, Intelligent Decisions Confidential

  15. | Smart Metrics, Intelligent Decisions Confidential

  16. Customer Case Study | Smart Metrics, Intelligent Decisions Confidential

  17. World’s Largest Deposit Bank - Challenges Technology Risk Management (TRM) group was utilizing multiple tools and processes to support TRM deliverables. The previous state was not intuitive for non-TRM users, produces redundant efforts, and expends resources on lower criticality projects/applications/infrastructure. Specific examples included: 1. Inability to provide businesses with repeatable risk metrics 2. Inability to provide actionable remediation plans with accountable and responsible parties 3. Inaccurate IT inventories make it difficult to understand the environment 4. Lack of standardized triggers/gates/hooks for someone to be pointed to TRM 5. Lack of centralized decision making process to determine what gets assessed and what gets deferred 6. 21 TRM assessments/services result in overlapping and non-applicable control testing 7. Assessments not looking at all available data | Smart Metrics, Intelligent Decisions Confidential

  18. Without Risk Analytics | Smart Metrics, Intelligent Decisions Confidential

  19. Solution 1. Leverage up to date IT inventories and collaborate with IT to improve quality 2. Create a standardized process for everyone to engage TRM 3. Create a centralized decision making process to determine what gets assessed and what gets deferred 4. Streamline 21 assessments/services to avoid overlapping and out of scope questions 5. Leverage IT monitoring tools to validate risk assessment answers and enable near-time visibility of IT controls 6. Use a centralized technology risk assessment repository to reduce complexity, improve operational efficiency, and focus remediation expenditures 7. Load historical risk assessment data into the centralized risk assessment repository | Smart Metrics, Intelligent Decisions Confidential

  20. With Risk Analytics | Smart Metrics, Intelligent Decisions Confidential

  21. Benefits 1. Standardized, streamlined, and centralized TRM processes to improve consistency 2. Facilitated TRM collaboration between different groups for better decision making. 3. Incorporated data from existing IT Controls (e.g. patch management, DLP, etc.) 4. Achieved sustainable constant monitoring of current technology risks for the enterprise, not just one time assessments (e.g., 24- hour risk reporting cycle similar to Market and Ops Risk) 5. Provided granular self service view/pivot of technology risk information for a department, business unit, and entire enterprise 6. Historical and predictive technology risk simulations using customer’s data in context | Smart Metrics, Intelligent Decisions Confidential

  22. About Brinqa Brinqa provides an operational risk analytics platform for aggregation, correlation, analysis and reporting of risk data in heterogeneous environments. The solution delivers insightful analysis and intelligent reporting for informed decisions and improved operational effectiveness. | Smart Metrics, Intelligent Decisions Confidential

  23. Contact Information: Katy Loughney – Director of Risk Analytics, West kloughney@brinqa.com | Smart Metrics, Intelligent Decisions Confidential

Recommend

Metrics That Matter Establishing a measurement framework and analytics implementation that

Metrics That Matter Establishing a measurement framework and analytics implementation that

Metrics That Matter Establishing a measurement framework and analytics implementation that improves your marketing performance The Marketing Problem https://www.mckinsey.com/business-functions/marketing-and-sales/our-insights/views-from-the-

809 views • 56 slides
Google Analytics: Reporting & Metrics That Matter Presenter: Moby Siddique Moby Siddique

Google Analytics: Reporting & Metrics That Matter Presenter: Moby Siddique Moby Siddique

Google Analytics: Reporting & Metrics That Matter Presenter: Moby Siddique Moby Siddique Co-founder / Head of Strategy Podcast host of InboundBuzz Guest Lecturer @ UWS / USYD Tonights Agenda 1. Introduction 2. Basic terms you need to

1.22k views • 62 slides
Let me share a story about sharing Emails = Lag Metrics Analytics UI is daunting Constant flux

Let me share a story about sharing Emails = Lag Metrics Analytics UI is daunting Constant flux

DASHBOARDS Analytics for the People Andrew Mallis CEO & co-founder mallis@kalamuna.com Let me share a story about sharing Emails = Lag Metrics Analytics UI is daunting Constant flux Analytics meets Powerpoint Analytics Dashboard vs

508 views • 38 slides
Metrics & Scoring Committee 16 June 2017 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee 16 June 2017 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee 16 June 2017 HEALTH POLICY & ANALYTICS Office of Health Analytics Consent Agenda Review todays agenda Approve May minutes Written updates (HPQMC on next slide) 2 Health Plan Quality Metrics

778 views • 50 slides
Profitability Metrics, Payback Period Emily Riederer Instructor DataCamp Financial Analytics

Profitability Metrics, Payback Period Emily Riederer Instructor DataCamp Financial Analytics

DataCamp Financial Analytics in R FINANCIAL ANALYTICS IN R Profitability Metrics, Payback Period Emily Riederer Instructor DataCamp Financial Analytics in R Profitability Metrics & Decision Rules Key Concepts: Profitability Metrics :

685 views • 30 slides
ANALYTICS & DATA MASTERY A N D C E R T I F I C A T I O N C L A S S OUR GOAL: To make data

ANALYTICS & DATA MASTERY A N D C E R T I F I C A T I O N C L A S S OUR GOAL: To make data

ANALYTICS & DATA MASTERY A N D C E R T I F I C A T I O N C L A S S OUR GOAL: To make data approachable & useful! Well give you the tools & training to pick the metrics that matter, create accurate reports, and make data

845 views • 82 slides
How To Actually Use Google Analytics Jamie Kelly David Waiter Vanity vs Actionable Metrics

How To Actually Use Google Analytics Jamie Kelly David Waiter Vanity vs Actionable Metrics

How To Actually Use Google Analytics Jamie Kelly David Waiter Vanity vs Actionable Metrics Vanity Metrics: Give you confidence about how your site is doing, but ultimately wont help you to make decisions. o Ex. Web Traffic, Social

518 views • 22 slides
Security Metrics, Security Investment Models and Intro to R Tyler Moore CSE 7338 Computer

Security Metrics, Security Investment Models and Intro to R Tyler Moore CSE 7338 Computer

Notes Security Metrics, Security Investment Models and Intro to R Tyler Moore CSE 7338 Computer Science & Engineering Department, SMU, Dallas, TX Lecture 2 Notes Outline Managing security investment 1 Security metrics 2 R 3

605 views • 16 slides
Advancing Analytics: Putting Risk Analytics to Work For Your Business Sponsored By: Advancing

Advancing Analytics: Putting Risk Analytics to Work For Your Business Sponsored By: Advancing

Advancing Analytics: Putting Risk Analytics to Work For Your Business Sponsored By: Advancing Analytics: Putting Risk Analytics to Work For Your Business Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides

270 views • 22 slides
Metrics & Scoring Committee November 16, 2018 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee November 16, 2018 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee November 16, 2018 HEALTH POLICY & ANALYTICS Office of Health Analytics Todays Agenda Welcome Presentations on developmental measures From Food Insecurity to Addressing Other SDOH: Measure

1.03k views • 88 slides
Using Metrics to Manage the Human Capital Function Karen Crone, CHRO, Paycor, Inc. September

Using Metrics to Manage the Human Capital Function Karen Crone, CHRO, Paycor, Inc. September

Using Metrics to Manage the Human Capital Function Karen Crone, CHRO, Paycor, Inc. September 14, 2016 Defining Analytics Metrics / reporting provide information. Analytics give insight into people issues that impact businesses and help them

246 views • 11 slides
Metrics & Scoring Committee October 19, 2018 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee October 19, 2018 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee October 19, 2018 HEALTH POLICY & ANALYTICS Office of Health Analytics Todays Agenda Welcome State of public health in Oregon and opportunities for incentive measures to aid in improvement HPQMC

806 views • 51 slides
Metrics & Scoring Committee September 15, 2017 HEALTH POLICY & ANALYTICS Office of

Metrics & Scoring Committee September 15, 2017 HEALTH POLICY & ANALYTICS Office of

Metrics & Scoring Committee September 15, 2017 HEALTH POLICY & ANALYTICS Office of Health Analytics Consent agenda Review todays agenda Approve August minutes Written updates (HPQMC next slide) 2 Health Plan Quality

694 views • 31 slides
Metrics & Scoring Committee October 20, 2017 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee October 20, 2017 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee October 20, 2017 HEALTH POLICY & ANALYTICS Office of Health Analytics Consent agenda Review todays agenda Approve September minutes Written updates (HPQMC next slide) Please note this meeting

769 views • 66 slides
Measuring Software Security Defining Security Metrics Dr. Bill Young Department of Computer

Measuring Software Security Defining Security Metrics Dr. Bill Young Department of Computer

Measuring Software Security Defining Security Metrics Dr. Bill Young Department of Computer Science University of Texas at Austin Last updated: May 1, 2015 at 08:15 Dr. Bill Young: 1 Metrics Talk: OAG IV&V Why Is CyberSecurity Hard? Why

854 views • 21 slides
Metrics that Matter Identifying KPIs & tracking progress toward extraordinary AP THE BUXE

Metrics that Matter Identifying KPIs & tracking progress toward extraordinary AP THE BUXE

LIVE WEBINAR Metrics that Matter Identifying KPIs & tracking progress toward extraordinary AP THE BUXE Company You cant MANAGE what you dont MEASURE THE BUXE Company Why do we need metrics? Monitor progress Identify areas for

846 views • 32 slides
Metrics & Scoring Committee July 20, 2018 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee July 20, 2018 HEALTH POLICY & ANALYTICS Office of Health

Metrics & Scoring Committee July 20, 2018 HEALTH POLICY & ANALYTICS Office of Health Analytics Todays Agenda Welcome Extended CCO 2.0 update 2018 incentive measure program changes 2019 measure set selection (June

1.89k views • 188 slides
Best Practices in Credit Portfolio Risk Management for Buy-side Managers Moody's Analytics Risk

Best Practices in Credit Portfolio Risk Management for Buy-side Managers Moody's Analytics Risk

Best Practices in Credit Portfolio Risk Management for Buy-side Managers Moody's Analytics Risk Practitioner Conference October 17 th , 2012 David Latour Caisse de dpt et placement du Qubec Senior Adviser, Quantitative Risk Analysis

716 views • 30 slides
January 22, 2020 2/6/2020 Forecast5 Analytics, Inc. 1 Fiscal Metrics At $13,546 per

January 22, 2020 2/6/2020 Forecast5 Analytics, Inc. 1 Fiscal Metrics At $13,546 per

January 22, 2020 2/6/2020 Forecast5 Analytics, Inc. 1 Fiscal Metrics At $13,546 per student, District 200's operating expense per student is BELOW the state average of $13,764 * FY19 Fund Balance: 34.2%, within range of the Boards

192 views • 17 slides
Security Data Science Joshua Neil Security Analytics Leader Advanced Security Center EY

Security Data Science Joshua Neil Security Analytics Leader Advanced Security Center EY

Security Data Science Joshua Neil Security Analytics Leader Advanced Security Center EY Powered by Agenda A Background, LANL and the EY/LANL Alliance Traditional Security and Operational Security Data B Science Advanced Analytics:

558 views • 24 slides
Investigating the scope of textual metrics for learner level discrimination and learner analytics

Investigating the scope of textual metrics for learner level discrimination and learner analytics

Learner Corpus Research 2019 - 12-14 September Investigating the scope of textual metrics for learner level discrimination and learner analytics Nicolas Ballier Thomas Gaillat Problem statement Learning a language For individuals >

645 views • 26 slides
Risk-based Security BARRY KOUNS CEO AT RISK BASED SECURITY Session Overview Warm-up Quiz

Risk-based Security BARRY KOUNS CEO AT RISK BASED SECURITY Session Overview Warm-up Quiz

Risk Assessment the Heart of Risk-based Security BARRY KOUNS CEO AT RISK BASED SECURITY Session Overview Warm-up Quiz Introduction to our security challenge What is Risk-based Security? The language of risk some

787 views • 53 slides
Using Metrics to Accelerate Value Stream Flow Making more money, faster Helen Beal Chief

Using Metrics to Accelerate Value Stream Flow Making more money, faster Helen Beal Chief

Using Metrics to Accelerate Value Stream Flow Making more money, faster Helen Beal Chief Ambassador DevOps Institute @BealHelen helen@devopsinstitute.com 1 Agenda o Why metrics matter Helen Beal o What metrics matter Chief Ambassador o

415 views • 23 slides
Maximizing the Value of Data Analytics for Operational Risk Intelligence Don't just do data

Maximizing the Value of Data Analytics for Operational Risk Intelligence Don't just do data

Maximizing the Value of Data Analytics for Operational Risk Intelligence Don't just do data analytics. Transform data analysis activities into ORM programs. Presented by: Sergiu Cernautan, CPA, CISA; Director of GRC Strategy, ACL Services, Ltd.

740 views • 36 slides

More recommend