COST BENEFITS OF IMPLEMENTING CREDIT CARD DATABASE TOKENIZATION USING FAIR CASE STUDY SHARED COURTESY OF RISKLENS CONFIDENTIAL - FAIR INSTITUTE 2016 1.

Slides:



Advertisements
Similar presentations
Research Needs of The Restaurant Industry Chapter 26 Research Methodologies.
Advertisements

Planning: Processes and Techniques
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.
University of Florida Incident Tracking and Reporting Kathy Bergsma
Operational Risk ACSDA Leadership Forum ACSDA Leadership Forum New York City, USA - October 8-10, 2007 Diana Downward, DTCC.
2006 TEA Conference Terry Berends, PE Assistant State Design Engineer Washington State Department of Transportation Risk Based Estimating Tools at WSDOT.
Update on Use of Hazus for FEMA Risk MAP Flood Risk Products Shane Parson – RAMPP PTS (URS)
SACM Terminology Nancy Cam-Winget, David Waltermire, March.
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
Risk Assessment Frameworks
B RITISH B ANKERS' A SSOCIATION Operational Risk & the Regulatory Environment Simon Hills Director - Prudential Capital team.
Focused Mitigation Strategies to Protect Food Against Intentional Adulteration 1 Regulatory Impact Analysis Summary.
Flood Risk Review Meeting: [Watershed Name] [LOCATION] [DATE]
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.
Models for Estimating Risk and Optimizing the Return on Security Investment.
CAIRA is a quantitative vulnerability assessment tool for examining the physical security of energy systems (electrical, natural gas, steam and water)
Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
2010 Virginia RIMS and PRIMA Conference October 5, 2010 Business Impact Analysis: The Road Map to Managing Risks.
Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.
Ch 10 - Risk Management Learning Objectives You should be able to: List and describe risk management processes, inputs, outputs, and tools List and describe.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
1 Economic Benefits of Integrated Risk Products Lawrence A. Berger Swiss Re New Markets CAS Financial Risk Management Seminar Denver, CO, April 12, 1999.
TransArmorSM A Secure Transaction ManagementSM Solution
Credit risk vs. Market risk Credit risk is the risk that a borrower or counterparty may fail to fulfill an obligation whereas market risk is the risk to.
Introduction to Information Security
INFORMATION SECURITY MANAGEMENT L ECTURE 8: R ISK M ANAGEMENT C ONTROLLING R ISK You got to be careful if you don’t know where you’re going, because you.
1 CONFIDENTIAL ©2015 AIR WORLDWIDE New Approaches for Managing Cyber Risk.
Managing Your Cyber/E&O Risk with Willis FINEX Robert Barberi, Vice President, Willis Cyber Practice.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Copyright © 2015 Scott Borg/U.S. Cyber Consequences Unit. All rights reserved. Making Economics a Cyber-Security Weapon Scott Borg Director (CEO) and Chief.
Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)
Security Snapshot Assessment Maximizing Return on Security Investment What assets do we have? What is running on those assets? What is our risk level?
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Risk Management Process Frame = context, strategies Assess = determine.
Information Security Governance and Risk Chapter 2 Part 2 Pages 69 to 100.
The Compliance and Technology Partner for Financial Institutions Case Studies in Incident Response Real World Do’s and Don’ts Presented By: Tom Hinkel,
BUSINESS CLARITY ™ PCI – The Pathway to Compliance.
CST 481/598 Many thanks to Jeni Li.  Risk matrix or cube  Cost effectiveness analysis  Annualized Loss Expectancy  Multi-Attribute Risk Assessment.
ENABLING A COST/ BENEFIT ANALYSIS OF IMPLEMENTING ENCRYPTION- AT-REST USING FAIR CASE STUDY SHARED COURTESY OF RISKLENS CONFIDENTIAL - FAIR INSTITUTE 2016.
USING FAIR, DOES TRAINING HELP REDUCE SPEAR PHISHING RISK? CASE STUDY SHARED COURTESY OF RISKLENS CONFIDENTIAL - FAIR INSTITUTE
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
INFORMATION SECURITY MANAGEMENT L ECTURE 8: R ISK M ANAGEMENT C ONTROLLING R ISK You got to be careful if you don’t know where you’re going, because you.
Risk Triage Rod Carney, CRISC 11/13/2014.
A Rating Agency Perspective Marc Daly Nik Khakee.
INFORMATION SECURITY MANAGEMENT L ECTURE 8: R ISK M ANAGEMENT C ONTROLLING R ISK You got to be careful if you don’t know where you’re going, because you.
Quantifying Cyber Security Risk in Dollars and Cents to Optimize Budgets CRM008 Speakers: Chris Cooper, VP, Operational Risk Officer; RGA Reinsurance Company.
The process of identifying and controlling the risks is called Risk Management.
Physical Security Governance Model
HOW MUCH RISK IS ASSOCIATED WITH IT HYGIENE USING FAIR?
Chapter Three Objectives
COST BENEFIT ANALYSIS OF IMPROVED PATCHING WINDOW USING FAIR
Cyber Protections: First Step, Risk Assessment
RISK MANAGEMENT An Overview: NIPC Model
I have many checklists: how do I get started with cyber security?
CYBER CRIME Matthew Purchase.
Security Threats Severity Analysis
Understanding Cyber Insurance NASCUS/CUNA Cybersecurity Symposium
Business Impact Analysis 101
Cybersecurity compliance for attorneys
cyber insurance Tom Wilson Chief Risk Officer, Allianz SE
Cyber Risk & Cyber Insurance - Overview
Cybersecurity ATD technical
Stevenson 5 Capacity Planning.
Effective Risk Management in Decision Making Process
Figuring out CyberSecurity Return On Investment
ONAP Risk Assessment – Preparation Material - Overview of the Process - Terminology - Assumptions
Anatomy of a Common Cyber Attack
Presentation transcript:

COST BENEFITS OF IMPLEMENTING CREDIT CARD DATABASE TOKENIZATION USING FAIR CASE STUDY SHARED COURTESY OF RISKLENS CONFIDENTIAL - FAIR INSTITUTE

ANALYSIS SCOPING CONFIDENTIAL - FAIR INSTITUTE Understand how much credit card number tokenization can reduce the risk associated with the card datastore RISK SCENARIO DESCRIPTION Credit card data in the Card Data Environment (CDE) ASSET(S) DESCRIPTION Confidentiality LOSS TYPE Organized cyber criminals motivated to monetize stolen card data through underground markets THREAT(S) DESCRIPTION

ANALYSIS SCOPING CONFIDENTIAL - FAIR INSTITUTE Assessing Risk Reduction By Comparison of Scenarios: Assessed how much risk a critical datastore has when storing full credit card numbers Assessed level of risk for applications using the primary datastore Assessed how much risk the datastore will have using a tokenized form* *Assumption: There is still a low probability that tokenized data can be compromised by: Theft of the data in transit (potential Point-of-Sale attack) Compromised tokenization data source and/or process Both were considered in the analysis.

ANALYSIS SCOPING CONFIDENTIAL - FAIR INSTITUTE Look at the risk reduction from two perspectives: 1.Reduction in total loss exposure (annualized risk) 2.Reduction in per scenario magnitude INTERPRET RESULTS:

ANALYSIS RESULTS CONFIDENTIAL - FAIR INSTITUTE ANNUALIZED REDUCTION IN LOSS EXPOSURE (RISK) RISK = Frequency x Magnitude of future loss. We express risk in terms of loss exposure.

ANALYSIS RESULTS CONFIDENTIAL - FAIR INSTITUTE Change in Average Loss Exposure Range for Each Component CURRENT FUTURE

ANALYSIS RESULTS CONFIDENTIAL - FAIR INSTITUTE Change in Average Loss Exposure By Scenario 7 CURRENT FUTURE

ANALYSIS RESULTS CONFIDENTIAL - FAIR INSTITUTE Change in Loss Exposure Category By Scenario CurrentFuture

ANALYSIS LEVERAGED THE FAIR MODEL CONFIDENTIAL - FAIR INSTITUTE Risk Contact Frequency Probability of Action Threat Capability Resistance Strength Loss Event Frequency Loss Magnitude Threat Event Frequency VulnerabilityPrimary LossSecondary Loss Loss Event Frequency Loss Magnitude

THE FAIR MODEL CONFIDENTIAL - FAIR INSTITUTE Risk Contact Frequency Probability of Action Threat Capability Resistance Strength Loss Event Frequency Loss Magnitude Threat Event Frequency VulnerabilityPrimary LossSecondary Loss Loss Event Frequency Loss Magnitude

ANALYSIS CONSIDERATIONS CONFIDENTIAL - FAIR INSTITUTE Frequency of attacks by each threat community Estimating the capability (skills & resources) of the scoped threat community How vulnerable a given system is by evaluating the following factors: Authentication Access Privileges Patching / Structural Integrity

THE FAIR MODEL CONFIDENTIAL - FAIR INSTITUTE Risk Contact Frequency Probability of Action Threat Capability Resistance Strength Loss Event Frequency Loss Magnitude Threat Event Frequency VulnerabilityPrimary LossSecondary Loss Loss Event Frequency Loss Magnitude

ANALYSIS INPUT CONFIDENTIAL - FAIR INSTITUTE Incident response Investigation PRIMARY LOSSES Notification / credit monitoring Regulatory notification Possible fines / judgments Customer service requests Potential litigation Loss of current/future customers (reputation) Card replacement SECONDARY LOSSES

DECISION SUPPORT / ROI CONFIDENTIAL - FAIR INSTITUTE Quantify and compare the current and future risk exposure Fully justify and fund stalled tokenization projects across all credit card databases THE ORGANIZATION WAS ABLE TO

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.