Presentation is loading. Please wait.

Presentation is loading. Please wait.

Webb Watch Corporation © 2010 Managing Risk UMANT Presentation Presenters: Calvin Webb III Michael Di Paolo April 23, 2010.

Similar presentations


Presentation on theme: "Webb Watch Corporation © 2010 Managing Risk UMANT Presentation Presenters: Calvin Webb III Michael Di Paolo April 23, 2010."— Presentation transcript:

1 Webb Watch Corporation © 2010 Managing Risk UMANT Presentation Presenters: Calvin Webb III Michael Di Paolo April 23, 2010

2 Webb Watch Corporation © 2010 Todays Agenda Risk (10-15 minutes) –What is it? –Why is it important? –Common Terminology Information Technology Risk (20-25 minutes) Questions (10 minutes) 2

3 Webb Watch Corporation © 2010 Risk – What is it/how to address it? Definition Scenarios – What is the risk and plan to address the risk? –Skydiving –Driving –Living in a house 3

4 Webb Watch Corporation © 2010 Risk Common Terminology Enterprise Risk Management (ERM) –Enterprise risk management is a process, effected by an entitys board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. 1 1 Committee of Sponsoring Organizations, Enterprise Risk Management – Integrated Framework, www.coso.org, 2004.www.coso.org 4

5 Webb Watch Corporation © 2010 COSO ERM Framework Committee of Sponsoring Organizations of the Treadway Commission, Enterprise Risk Management – Integrated Framework, (Jersey City, New Jersey: AICPA, 2004), 3-7. 5

6 Webb Watch Corporation © 2010 Risk – Why is it important? Liberty losing millions in sales to other areas - Dayton News 4.19.10 Victoria: downturn in economy good news for public library 4.17.10 San Benito: city supervisor charged with theft saying he used city money to pay for repairs to his 1986 silver Camaro 4.15.10 Kerrville: voters weigh possibility of spouses on council 4.15.10 South Carolina: city manager search tainted by illegal meetings 4.15.10 Austin: Cap Metro approves resolution to pay $51-million in debt to city out of projected sales taxes by 2019 More Delays: New Ash Cloud Heads Towards UK 4.19.10 6

7 Webb Watch Corporation © 2010 Webb Watch Corporation Business Risk Navigation Model Brand Institutional Knowledge Complexity Environmental Responsibility (Green) Reputation Brand Institutional Knowledge Complexity Environmental Responsibility (Green) Reputation Business Interruption/ Disaster Recovery Customer / Government Interface Legal & Regulatory Compliance Concentration Intergovernmental Maximization Fraud / Criminal Event Asset Management Human Resources Health & Safety Marketing & Sales Internal Controls Construction Management Public Relations Service Consolidation Supply Chain Risk Mitigation Efficiency & Effectiveness Process Execution Policies & Procedures Contract Management Taxation IT Governance / Strategy FINANCIAL Accounting Information Commodity Pricing Credit Availability Liquidity External Reporting Investor Confidence PEOPLE Workforce Management Performance Management Management Competency Training & Development Operational Knowledge & Documentation Benefit Management Pension Management Organizational Change Readiness Citizen / Customer Satisfaction Facility, Equipment Security Outsourcing & Partnering Product Development & Service Innovation Capacity & Capability Management Strategy Design, Information & Execution Competitor Customer Wants Economy Laws & Regulations Global Financial Markets Political Catastrophic Loss Terrorism / Violent Acts Technological Innovation EXTERNAL SUPPORT LEADERSHIP Budget & Resource Allocation Business Model / Sustainability Ethics / Integrity Governing Body & Executive Operating & Organizational Culture Organization Design Transparency Strategy Succession Planning Tone at the Top Communication OPERATIONS Technology Infrastructure Integrity Security Relevance Availability Access INTANGIBLE EXECUTION OngoingEvent INFORMATION 7

8 Webb Watch Corporation © 2010 Brand Institutional Knowledge Complexity Environmental Responsibility (Green) Reputation Brand Institutional Knowledge Complexity Environmental Responsibility (Green) Reputation Competitor Customer Wants Economy Laws & Regulations Global Financial Markets Political Catastrophic Loss Terrorism / Violent Acts Technological Innovation EXTERNAL INTANGIBLE Ongoing Event EXTERNAL SUPPORT INTANGIBLE EXECUTION Webb Watch Corporation Business Risk Navigation Model 8

9 Webb Watch Corporation © 2010 EXTERNAL SUPPORT INTANGIBLE EXECUTION Webb Watch Corporation Business Risk Navigation Model FINANCIAL Accounting Information Commodity Pricing Credit Availability Liquidity External Reporting Investor Confidence PEOPLE Workforce Management Performance Management Management Competency Training & Development Operational Knowledge & Documentation Benefit Management Pension Management LEADERSHIP Budget & Resource Allocation Business Model / Sustainability Ethics / Integrity Governing Body & Executive Operating & Organizational Culture Organization Design Transparency Strategy Succession Planning Tone at the Top Communication Technology Infrastructure Integrity Security Relevance Availability Access EXECUTION INFORMATION 9

10 Webb Watch Corporation © 2010 EXTERNAL SUPPORT INTANGIBLE EXECUTION Webb Watch Corporation Business Risk Navigation Model EXECUTION Business Interruption/ Disaster Recovery Customer / Government Interface Legal & Regulatory Compliance Concentration Intergovernmental Maximization Fraud / Criminal Event Asset Management Human Resources Health & Safety Marketing & Sales Internal Controls Construction Management Public Relations Service Consolidation Supply Chain Risk Mitigation Efficiency & Effectiveness Process Execution Policies & Procedures Contract Management Taxation IT Governance / Strategy OPERATIONS 10

11 Webb Watch Corporation © 2010 EXTERNAL SUPPORT INTANGIBLE EXECUTION SUPPORT Organizational Change Readiness Citizen / Customer Satisfaction Facility, Equipment Security Outsourcing & Partnering Product Development & Service Innovation Capacity & Capability Management Strategy Design, Information & Execution Webb Watch Corporation Business Risk Navigation Model 11

12 Webb Watch Corporation © 2010 12 Risks with Technology Risks are inherent in normal, everyday local government work practices. You try mightily to eliminate financial and other risk through all sorts of controls, review cycles, and approval processes. Many of these rely on technology systems. In the end, people dont always to what is expected, emergencies void normal controls, people quit leaving gaps in process knowledge, technology systems fail, unforeseen events occur, and so forth. In todays world, all local government work practices rely on technology. And, technology is far from foolproof!

13 Webb Watch Corporation © 2010 13 Information Security Only 20% of security breaches are attacks from outside! About 80% of all reported security breaches occur from within the corporate network and are made by employees. Have you ever even thought about or tried to manage technology risks in any meaningful way? Is technology security the domain of the IT Director in your organization? If so, that leaves a lot to be desired in the way of risk management. If employees cause most breaches, how can an IT Director manage security effectively?

14 Webb Watch Corporation © 2010 Controlling Risk from the Outside The IT Director can manage most, but not all, security to prevent successful attacks from the outside. Multiple layers of security (think of it just like multiple layers of clothing keep you warm in the winter). The best security systems are useless if not managed well. 14 Border FirewallsStrong passwords DMZPatch management Intrusion Detection SystemsWeb or Application firewalls Intrusion Prevention SystemsData encryption Anti-virusSpam scanning

15 Webb Watch Corporation © 2010 Breaking In Ive led teams that have broken into a fairly large bank. Banks have rigorous federal security requirements. First, Id try a frontal assault on your network defenses. Use of tools to scan and infiltrate your network from the Internet. If a frontal assault on your security defenses doesnt yield results, I would shift to a flanking strategy – attack you from an angle you didnt expect it. Failing that, Id move on to social engineering; it almost never fails, because I enlist your employees to help me! 15

16 Webb Watch Corporation © 2010 Damage from Security Breaches What could I do to your financial systems, or any systems for that matter, if I got inside your internal network? Financials, Procurement, HR/Payroll. Other systems (Police, Code, Court, etc.) Theft of Personally Identifiable Information (PII) – Identify theft is rampant affecting over 5 million people. Cause you loss of data, corrupted data, inability to use your systems or know if data was or was not correct. Reputation, loss of credibility, front page in the newspapers and on the nightly news. 16 In March 2007, hackers stole 45.7 Million credit and debit cards of TJ Maxx customers!

17 Webb Watch Corporation © 2010 Problems Managing Risk from the Inside Financial controls Financial systems security User provisioning/de-provisioning (access controls) Employee education, employee education, employee education (Phishing attacks, data leakage). Management education (why do I care?) IT education (they dont know it all!) Technology security systems Good security practices Regular testing of various aspects of your security. 17

18 Webb Watch Corporation © 2010 Why Should Anybody Care? We become ever more fragile organizations as we deploy more and more technology to operate our governments. We seem to think that security is something that IT can do alone; they cant. We de-emphasize the risks inherent in our operations leaving ourselves open to disruption, financial loss, reputational loss, extra scrutiny, extra cost, and dismissal. Because it is simply good business to care about the information for which you are responsible. Because everyone, citizens and vendors, expect us to take prudent precautions with our information.

19 Webb Watch Corporation © 2010 Questions?


Download ppt "Webb Watch Corporation © 2010 Managing Risk UMANT Presentation Presenters: Calvin Webb III Michael Di Paolo April 23, 2010."

Similar presentations


Ads by Google