ZEN & THE ART OF DIGITAL RISK MANAGEMENT: THE PATH TO ENLIGHTENMENT

ACCORDING TO…

Cyber crime is the fastest growing crime on the planet

WHY?

1. Hard to detect2. Hard to prevent3. “That’s where the money is”

WHY?

The average bank robbery yields around…

$1,800

WHILE…

The average cyber crime yields around…

$750,000

CHAT UP LINE # 23

As of December 2014, there were over 6 million web pages offering some sort of

free down-loadable hacking softwareWired January 2015

CHAT UP LINE # 34

Over 500 million hacking attempts are made on businesses every month.

Wired January 2015

PROBLEM 1

=

PROBLEM 2

HACKER’S DICTIONARY

Zen: To figure out something by meditation or by a sudden flash of enlightenment. Originally applied to bugs, but more recently to solving hacking problems. "How'd you figure out the answer to the problem?" "Oh, I zenned it."

MEDITATION

What am I trying to protect?

Why am I trying to protect it?

What happens if I fail to protect it?

CONTEMPLATION

What do I expect? What does the business (board) expect? What do my clients expect? What are other companies doing? What are best practices? What do I have to do by law?

DIVINE THOUGHTS

Where is the data I need to protect?

What are the threats to this data?

What is the probability associated with these threats?

COMPASS

FORMULA

Risk = Threat x Probability x Impact

5 STEPS TO ENLIGHTMENT

1. Locate & document your information assets2. Identify threats to these assets3. Quantify probability of the threats occurring 4. Calculate impact of the incidents on your business5. Implement cost-effective controls

INFORMATION ASSETS

Tangible• Strategy data• Financial data• Client data• Personnel data• Intellectual property• IT equipment

Intangible• Reputation• Goodwill

THREATS

Natural

Accidental

Intentional

PROBABILITY

Probability Definition Scale

Negligible Unlikely to occur 0

Very Low 2-3 times every 5 years 1

Low < = once per year 2

Medium < = once every 6 months 3

High < = once per month 4

Extreme > = once per month 5

IMPACT

Harm Definition Scale

Insignificant No impact 0

Minor Little effort to recover 1

Significant Tangible harm. Resources required to repair

2

Damaging Significant harm. Significant resources to recover.

3

Serious Extended outage. Loss of business revenue.

4

Grave Permanent shutdown 5

FORMULA

Impact

Like

lihoo

d

1. Least Concern

2. Minimal Concern

3. Moderate Concern

4. Most Concern

Impact

Like

lihoo

d

1. Least Concern

2. Minimal Concern

3. Moderate Concern

4. Most Concern

OPTIONS

Accept

Avoid

Reduce

Transfer

UNDERSTAND BAD KARMA

Lost time = ? Repair = ? Financial loss = ? Reputation loss = ? Legal costs = ?

DOCTRINE OF EVIL

1. If Dr. Evil can run his programs on your network, it’s not your network anymore.

2. If Dr. Evil can upload programs to your website, it’s not your website anymore. 

3. If Dr. Evil can access data on your network, it’s not your data any more.

4. If Dr. Evil can make changes to the applications or devices on your network, its not your network or devices any more.

5. If Dr. Evil uses your network to launch an attack on another network, its your problem.

UNDERSTAND EVIL…

6. If Dr. Evil can use your network to access your partners network, its your problem.

7. If Dr. Evil can access your stored data, it’s not your data anymore.8. More often than not, Dr. Evil works for you.9. Dr. Evil knows where you hide your spare keys. 10. Mini-me is always faster and smarter.

YOUR MANTRAS

Identify

Minimize

Manage

Enlightenment

You are here

If you meet the Buddha on the road…

kill him.

ENLIGHTENMENT

Computer Security = Oxymoron

QUESTION

Are you enlightened?

ANSWER:

We’ll see.

A DIFFERENT PERSPECTIVE FROM:

www.riskfactory.com0800 978 8139

www.riskfactory.com0800 978 8139