Presentation on theme: "ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May."— Presentation transcript:
ENTERPRISE SECURITY RISK MANAGEMENT SECURITY AND THE ISO31000 STANDARD? Julian Talbot Jakeman Business Solutions Pty Ltd ISO 31000 Conference 21-22 May 2012 G31000 the Global Risk Management Platform
Once upon a time… Pre-4360 AS/NZS 4360 31000 Integrated RM 4360 (1995) F ear U ncertainty D oubt 31000
ISO31000 Principles Framework Process Communication and Consultation Communication and Consultation Monitoring and Review Monitoring and Review Risk Assessment Establish the Context Risk Identification Risk Analysis Risk Evaluation Risk Treatment
‘Apples for apples ’ comparison: – taxonomy (eg: likelihood and consequence) – risk assessments by different assessors – Longitudinally – between divisions or other organisations – against environmental, safety, financial risks Better decisions and allocation of resources Permission to add value Ability to integrate methodologies
Australian Trade Commission (Austrade) Assists Australian businesses to export 1,400 staff in 60 countries 120 offices including 22 Consular posts $400 million annual budget
Understanding the risks Official sources including – Department of Foreign Affairs & Trade (DFAT) – National Threat Assessment Centre (NTAC) Open source and commercial providers Internal capability – Austrade posts and officers – Austrade Security Team Security Risk Assessments Incident reporting
Enterprise Security Risk Assessment (ESRA) Defensible, systematic and robust basis for decision making and planning Provide senior management with an assessment of current and emerging risks Inform the development and application of ongoing budgets and security measures
Enterprise Security Risk Assessment (ESRA) Whole of organisation/enterprise Inform budget and systems planning Known & emerging threats to the ‘business’ – Not location, activity or function specific ‘Enterprise Security Standards’ – Based on location, activities and functions
Results… Austrade: – 5 year $60 million security plan – Robust, well documented analysis – Business case - AUD$18.4 billion exports with Austrade assistance (vs $12M p.a. on security) Defence – 5 year $300 million security plan – Included - $120 million existing treatments Finance – 3 year $2 million security plan – Proportional - to the agency
Last points… 1.All SR Managers 2.Something free? 3.Business card? 4.Been robbed? 5.Been a robber? 6.Illegal drugs? 7.Been to Africa? 8.Papua New Guinea? 9.Motorcycle license?
Last points… 1.All SR Managers 2.Be prepared 3.Time critical 4.Emotional decisions 5.Red teaming 6.15% of the economy 7.It’s personal! 8.Big risk taker! 9.HUGE risk taker!
THANK YOU Contact me at: firstname.lastname@example.org Download this presentation from: www.jakeman.com.au