Presentation is loading. Please wait.

Presentation is loading. Please wait.

Project risk, cybercrime and the way forwards – further thoughts APM Risk SIG presentation 8th November v0.1.

Published byClifford Johnston Modified over 7 years ago

Similar presentations

Presentation on theme: "Project risk, cybercrime and the way forwards – further thoughts APM Risk SIG presentation 8th November v0.1."— Presentation transcript:

1 Project risk, cybercrime and the way forwards – further thoughts APM Risk SIG presentation 8th November v0.1

2 Contents Have projects clearly understood their objectives and risks? How can we take steps to address cybercrime in risk management? Are there any opportunities? Are there any wider concerns?

3 Have projects clearly understood their objectives and risks? THE PROJECT Do we really know what information is critical and valuable for our projects and organisations?

4 Further questions to ask Do we have assets on the project which provide intangible value? Intellectual Property Unique ways of working that distinguish from competitors Key information about contacts and suppliers Do we have a holistic understanding of cybercrime risks? Do other departments outside IT have cybercrime risks? Are cybercrime risks considered by senior management? Are “social” risks considered? Awareness and culture Social engineering Insider threat Brand and reputational damage

5 Further challenges No historical data to make risk impacts more predictable Nature and extent of threat is constantly changing and evolving Could always be a “black swan” threat unless all activity becomes completely off line Threat can be both inside and outside the project environment

6 How can we take steps to address cybercrime in risk management? Four typical risk mitigation strategies are: Tolerate Not cost effective to address cybercrime Not enough of a percieved threat Treat Enhanced security in IT hardware/software Increased awareness and auditing over online activities Transfer Buy insurance “Make it someone else’s problem” Terminate Go completely offline……..

7 Are we being risk efficient in our responses? Q: What is the immediate reaction to cybercrime? A: Throw money at the problem and hope that it goes away! BUT this is often very inefficient from a risk perspective. A basic definition of “risk efficiency” is the minimum risk decision choice for a given level of expected performance Does the project have the right resources and the right skills in place? Is the project addressing the right areas for tackling cybercrime? Are the risk mitigation activities delivering value for money? Are cybercrime risks set in the right perspective and in context with other project risks?

8 Do we recognise the different and specific environments? There is no standardised one fits all way to address the risk of cybercrime. Each project and organisation may face unique risks. For some cybercrime types, it may be dependent on the current market conditions the project is subjected to. Corporate culture may have an effect e.g. disgruntled employees, redundancy threats etc Are global projects with multiple stakeholders more of a risk?

9 Changes in the risk attitudes with cybercrime?

10 Perceptions of cyber risk matter if estimates are so subjective High levels of perceived control Low levels of perceived control Individualized viewsCollectivized views FATALISTS HEIRARCHISTS INDIVIDUALISTS EGALITARIANS Cybercrime is bound to happen – there’s nothing we can do about it Cybercrime is completely unpredictable both in how and when it will happen Nobody seems to know what’s going on with cybercrime Regarding cybercrime: “what will be, will be”. Cybercrime risks must be measured accurately as soon as possible A committee is needed to take charge of cybercrime risks Rules and standards are needed to assess cybercrime risks Cybercrime risks must only be assessed by the experts I won’t let cybercrime risks prevent me from trading online The “possibility” of cybercrime should not become the “probability” of cybercrime I can take the impacts of cybercrime on the chin It’s not about assessing cybercrime risks at all. It’s about whether we trust “the experts” Cybercrime risk information is only given to us by hand picked sources with a common agenda Cybercrime risks are a direct result of bureaucratic fiddling and interference Cybercrime information is deliberately withheld from us by the Government

11 How do we assign roles and responsibilities to tackle cybercrime? Keyword Search November 8, 1997 Send to a Frien d or Frien ds Who owns the risks? Project manager Risk manager Project Board Senior Management Security department IT department HR department Support teams Government Suppliers Citizens Other third parties

12 How about opportunity management? Are there any opportunities inherent with cybercrime? UK projects more proactive in addressing cybercrime UK skills are more adapted to combating cybercrime Job creation Enhanced reputation of UK projects overseas Increasing demand – virtuous circle

13 One final point With cybercriminal techniques and expertise growing, future threats to the UK economy may also look like this…….. Cyber warfareCybercrimeCyber terrorism Overt state sponsored attack on UK infrastructure Motive is to obtain military superiority Covert criminal and state sponsored attacks on UK infrastructure Motive is to obtain financial gain with minimal risk of getting caught Covert political or socio- economic group attack on UK infrastructure Motive is to cause maximum damage indiscriminately in one attack Cybercriminal skills and expertise can very easily be transferred to cyber warfare and cyber terrorism. The only difference is the motive.

14 From the “Cyber Inquirer website, which commissioned this cartoon image based on the Cost of Cybercrime report

15 Any questions?

Download ppt "Project risk, cybercrime and the way forwards – further thoughts APM Risk SIG presentation 8th November v0.1."

Similar presentations

1 Cyber Risk – What can you do…? Chris Clark Managing Director, Prosperity 24.7.

1 Cyber Risk – What can you do…? Chris Clark Managing Director, Prosperity 24.7.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Entrepreneural Strategy, generating and exploiting new Entrants

Entrepreneural Strategy, generating and exploiting new Entrants
Making CSR Happen ICC, Birmingham 11 December 2006.

Making CSR Happen ICC, Birmingham 11 December 2006.
Crisis & Risk Management Introduction. Crisis happens more than we imagine. They are not always easy to see unless they affect our own lives.

Crisis & Risk Management Introduction. Crisis happens more than we imagine. They are not always easy to see unless they affect our own lives.
Risk Management……… Not just part of good management it’s all of it!! Presented on 11 February 2008 Presented by Mike Robertson Managing Director.

Risk Management……… Not just part of good management it’s all of it!! Presented on 11 February 2008 Presented by Mike Robertson Managing Director.
10.1 Identify Stakeholders

10.1 Identify Stakeholders
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Chapter 2 Strategic Training

Chapter 2 Strategic Training
BL6006 RESIT Assessment 2 Details Submission date: 3pm 30 July 2015 Assessment weighting: 30% of the overall mark Marks for this assessment will be awarded.

BL6006 RESIT Assessment 2 Details Submission date: 3pm 30 July 2015 Assessment weighting: 30% of the overall mark Marks for this assessment will be awarded.
The quest for future success in the international hotel industry An expedition in Africa Do you want to dance with me? By Jan Jansen.

The quest for future success in the international hotel industry An expedition in Africa Do you want to dance with me? By Jan Jansen.
How to better protect the business - Introduction based on findings of SUPPORT Delft, May 9, 2012 Henk van Unnik Senior advisor, Securitas Maritime & Logistics.

How to better protect the business - Introduction based on findings of SUPPORT Delft, May 9, 2012 Henk van Unnik Senior advisor, Securitas Maritime & Logistics.
Sapient Insurance Partners. Overview & Services We have almost four decades of combined experience in the property & casualty insurance and reinsurance.

Sapient Insurance Partners. Overview & Services We have almost four decades of combined experience in the property & casualty insurance and reinsurance.
Employee Training and Development,4th Edition

Employee Training and Development,4th Edition
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.

Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
Talent Pipeline Conference 2011 A global perspective Delivering the workforce of the future Making the most of your people 30 th March 2011.

Talent Pipeline Conference 2011 A global perspective Delivering the workforce of the future Making the most of your people 30 th March 2011.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Hartley, Project Management: Integrating Strategy, Operations and Change, 3e Tilde Publishing Chapter 10 Risk Management Proactively managing the positive.

Hartley, Project Management: Integrating Strategy, Operations and Change, 3e Tilde Publishing Chapter 10 Risk Management Proactively managing the positive.

Similar presentations

Ads by Google