Acuity Partner, Simon Marvell, and CSC Computer Sciences' Director Security Risk Management and Chief Security Officer, Alan Jenkins, presented 'Making a difference! How both CSOs & CISOs are positioning security on the corporate agenda'.
Best practice in risk management tells us that we need to understand our risk appetite and measure risk in relation to this. But how do we measure our appetite for information security risk?Acuity has created a presentation describing requirements, concepts and approaches to setting risk appetite, with some practical examples. download presentation
It had been generally accepted that the financial crisis was caused, in part, by an over-reliance on statistical computer models. Banks calculate their Value at Risk (VaR) every day using sophisticated computer modelling techniques based largely on historical data to determine, for example, that there is a less that 1% chance of losing $50 million in the next 10 days under normal market conditions. We are now experiencing the consequences of abnormal market conditions.
The Department for Education uses STREAM to support its ISO 27001 compliance programme and reporting against the Information Assurance Maturity Model (IAMM).
From March 2011, the single-user edition of STREAM Integrated Risk Manager is available as a free download together with documentation and training.
This paper describes a blueprint for Enterprise Information Security Assurance Systems (ISO 27001) but the principles are applicable to any management system solution, including Quality Management Systems (ISO 9000 series), Environmental Management Systems (ISO 14000 series), Occupational Health & Safety Systems (ISO 18000 series) and Business Continuity Management Systems (BS 25999 series).
Acuity Partner, Simon Marvell, presented 'Giving Executives the information that they really need'. Download presentation
This paper argues that the risk management industry is currently failing business managers because it is not giving them the information that they need to manage risk effectively. The vast majority of avoidable business disasters or failures occur because those executives with the power to take action to avoid or mitigate the risks aren’t aware of the true risks.