Presentation is loading. Please wait.

Presentation is loading. Please wait.

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. CyberRAVE January 24, 2006 Strategic Approach to Developing Corporate Data Insurance.

Published byNoah Ross Modified over 8 years ago

Similar presentations

Presentation on theme: "Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. CyberRAVE January 24, 2006 Strategic Approach to Developing Corporate Data Insurance."— Presentation transcript:

1 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. CyberRAVE January 24, 2006 Strategic Approach to Developing Corporate Data Insurance Coverage By Joseph A. Sprute, President CyberRAVE™ LLC

2 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Business Intent Programmatically Couple Enterprise Risk Management with Computer Assisted Audit Technology. Provide Network Data Compliance and Insurability for “Certified” environments. Underwrite and sponsor new lines of insurance products for corporate customers. Foster a business culture that mitigates network data threats and vulnerabilities.

3 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Business Case Companies need additional risk coverage for network data systems. “Certified” products & services establish a framework for optimized business performance. Companies will benefit using compliant systems that have key insurable components. The baseline for defining risk associated with Network Data is raw data.

4 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Operational Goals I. Actuarial Components II. Risk Metrics III. Application Environment IV. Module Integration V. Systems Integration VI. Certification Programs

5 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. I. Actuarial Components Risk Classification Unknown Risk Threats & Vulnerabilities Assessment Risk Controls Price Variables Price Drivers

6 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Risk Classification Assets Threats Vulnerabilities Strategic Priorities Strategic Goals Manifest Risks

7 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Unknown Risk Bayesian Analysis –Expresses uncertainty about unknown parameters probabilistically A logical, quantitative framework that supports the iterative process of integrating and accumulating information and knowledge in order to further a scientific, technologic or policy interest Supports inverse probability (Posterior Distribution) Handles prior probabilities Supports complex statistical problems with relative ease Knowledge structure works with multi-discipline practitioners Casts statistical problems in the framework of decision making Entails formulating subjective prior probabilities to express pre-existing information Has careful modeling of the data structure Checking and allowing for uncertainty in model assumptions Formulating a set of possible decisions and a utility function to express how the value of each alternative decision is affected by the unknown model parameters Components can be omitted (e.g. no prior information, decision-theoretic framework etc)

8 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Threats & Vulnerabilities Assessment Universal Known Unknown Past Present Future

9 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Risk Controls Threat & Vulnerability Assessment Risk Minimization Environmental Monitoring Measurements & Modeling Active Mitigation True Remediation

10 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Price Variables Risk, Cost, Benefit Variable Risk Table Translations Data Analytics Insurance Underwriting Criteria Asset Coverage

11 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Price Drivers Advantages over competition Customer perception of value Product fit compared to nearest competition Expected term of competitive advantage Expected Product lifecycle Estimated total potential market (defined without price controls) Percentage of market share sought ROI expectations Branding resources (advertising etc) Impact on new sales and lifecycle of existing products

12 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. II. Risk Metrics Asset Profile Asset Valuation Variable Risk Factors Risk Calculations Decision Support Risk Minimization

13 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Asset Profile Type Class Value Threats Vulnerabilities Uses

14 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Asset Valuation Origination & Handling Prior Conditions (History) Storage & Management Accounting Controls Applicable Uses Risk of Abuses

15 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Variable Risk Factors Threats, Vulnerabilities & Incidents 1.Network Data Level Assessment, Access, Authorization, Authentication, Accounting, Auditing 2.Physical Level People, Data, Systems, Network, Processes, Facilities 3.Logical Level Social, Economic, Political, Legal, Technical, Administrative 4.Semantic Level Ontology, Syntax, Context, Constructors, Properties, Operators 5.Reporting Level Who, What, Where, When, Why, How 6.Actuarial Level Universal, Known, Unknown, Past, Present, Future

16 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Risk Calculations Data Value Risk Categorization Bayesian Analysis (Unknown Variables) Damage Cost Risk Conversion Risk Management

17 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Decision Support Risk Premium Matrix Real-Time Compliance Monitor Risk Modeling Tools Business Rules Framework Service Control Panel User Interface

18 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Risk Minimization Physical Security Logical Security Standards & Best Practices Business Process Management Reporting Auditing

19 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. III. Application Environment Systems & Platforms Actuarial Reporting Regulation Compliance Account Management Customer Use

20 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Systems & Platforms Common off the Shelf Process Management Risk Management Measurement & Analytics Reporting, Forensics & Auditing Computational Grid

21 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Actuarial Reporting Assessment Access Authentication Authorization Accounting Auding

22 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Account Management Data Profile Metadata Storage & Management Environmental Controls Risk Factors Certification Auditing

23 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Customer Use Business Performance & Optimization Standards, Best Practices, & Compliance Asset Protection Risk Management Data Management

24 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. IV. Module Integration Beneficial Uses Change Management Application Environment Administrative Support Training Sales

25 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Beneficial Uses Risk Coverage –Best Practice –Compliance –Disaster Recovery –Asset Reimbursement Business Process Efficiency –Accounting –Monitoring –Reporting –Optimizing

26 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Change Management Communication Process Alignment Roles & Rules (Policy Development) Systems Integration Monitoring & Testing Reconfiguration

27 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Application Environment Module Description Application Overview Platforms Programming Languages Application Programming Interface Standards & Best Practices

28 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Administrative Support Legal & Regulatory R&D Business Systems Facilities & Hosting Personnel Roles & Rules

29 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Training Marketing Communications Sales Prospects Customers Partners Employees

30 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Sales New & Existing Accounts –Accounting Services –Actuary Services –Business Services –Consulting Services –Insurance Services

31 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. V. Systems Integration Business & Technology Sales & Marketing Legal & Administrative

32 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Business & Technology Objectives Declaration Resource Consolidation Risk Tolerance Calibration Compliance Tools Documentation Systems Certification

33 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Regulation Compliance National & International –BFSI –Healthcare –Telecom –Utilities

34 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Sales & Marketing Professional Services (Regulated Industries) –Financial Services –Health Services –Telecommunications –Transportation –Utilities –Etc

35 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Legal & Administrative Jurisdiction Policy Coverage Certification Monitoring & Reporting Auditing

36 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. VI. Certification Programs Coverages –Employees & Processes –Data & Information –Legal & Jurisdiction

37 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Coverages Transaction Disaster Employee Legal Privacy Regulatory

38 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Assess Asset Profile User Environment Actuarial Components Risk Metrics Compliance Standards Goals & Expectations

39 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Account Asset Inventory Liability Assessment Controls Reporting & Transparency Certification

40 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Harden Data Networks (Public/Private) Communication Methods & Systems Information Management Systems User Environments Users & Groups Compliance

41 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Manage “Hardened” Elements Change Expectations ROI TCO

42 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Audit People Processes Technology

43 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Notes

44 Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Risk Conversion Data Context Storage & Handling Asset Valuation Threats & Vulnerabilities Mitigation Risk Management Insurability

Download ppt "Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. CyberRAVE January 24, 2006 Strategic Approach to Developing Corporate Data Insurance."

Similar presentations

Armand Racine Consultant Chemicals Branch

Armand Racine Consultant Chemicals Branch
1 U. S. Risk-Based Capital Requirements and Their Context Alfred W. Gross Virginia Commissioner of Insurance National Association of Insurance Commissioners.

1 U. S. Risk-Based Capital Requirements and Their Context Alfred W. Gross Virginia Commissioner of Insurance National Association of Insurance Commissioners.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems

Control and Accounting Information Systems
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Security Controls – What Works

Security Controls – What Works
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
The Information Systems Audit Process

The Information Systems Audit Process
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 11 Business/IT Strategies for Development.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 11 Business/IT Strategies for Development.
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
The Role of the Actuary in a General Insurance Company Yangon, Myanmar 14 July 2014 Scott Yen.

The Role of the Actuary in a General Insurance Company Yangon, Myanmar 14 July 2014 Scott Yen.
Sapient Insurance Partners. Overview & Services We have almost four decades of combined experience in the property & casualty insurance and reinsurance.

Sapient Insurance Partners. Overview & Services We have almost four decades of combined experience in the property & casualty insurance and reinsurance.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Consultancy.

Consultancy.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.

Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
Lecture 5 MGMT 6180 - © 2012 Houman Younessi Framework for Cogenerating IS Strategy with Business Strategy (Co-Planning)

Lecture 5 MGMT © 2012 Houman Younessi Framework for Cogenerating IS Strategy with Business Strategy (Co-Planning)

Similar presentations

Ads by Google