Security Risk

Management (CLE 1233

/ DSM1244)
TPs (PK) Ahmad Tarmizi Bin Abdullah
Ketua Penguatkuasa
Bahagian Penguatkuasa
Perbadanan Putrajaya
Housekeeping

• 1. Please inform me if you could not attend the lecture.

• 2. Open your video for attendance
• 3. Kindly write your name on video
• 4. Ask if you do not understand – use the chat box or just ask
anytime in the class only
Introduce Yourself

• 1. What is your name?

• 2. Where is your hometown?
• 3. Which Programme are you currently enrolled
on and semester?
• 4. What is your job and experienced?
4
• Any relevant historical information.
• Original assumptions that are no longer valid.
 Waktu Kelas
Sabtu : 2.00 petang-6 petang
Ahad : 9.00 pagi-1.00 petang
 Lecture Hours
Saturday
• 2:00 pm – 3:30 pm → Lecture
• 3.30 pm – 3:45 pm → Coffee Break
• 3:45 pm – 5:00 pm → Lecture
• 5:00 pm – 5:15 pm → Coffee Break
• 5:00 pm – 6:00 pm → Q&A, Discussion, Quiz
• 6:00 pm → End Session
 Lecture Hours
Sunday
• 9:00 am – 10:00 am → Lecture
• 10:00 am – 10:15 am → Coffee Break
• 10:15 am – 11:00 am → Lecture
• 11:00 am – 11:15 am → Coffee Break
• 11:15 am – 12:00 pm → Lecture
• 12.00 pm – 13.00 pm → Q&A, Discussion, Quiz
• 13:00 pm → End Session
BRAIN STORMING
 Chapter 1
Introduction to the Security
Risk Management (SRM)
What is Security Risk Management (SRM)

1. SRM is the application of fundamental risk principles to manage all security

risks – whether related to information, cyber, physical security, asset
management, or business continuity – in a comprehensive, holistic,
all encompassing approach.
2. When we say, “security risk,” we mean anything that threatens harm to the
enterprise: its mission, its employees, customers, or partners, its operations,
its reputation – anything at all.
3. Practicing SRM helps security professionals identify the risk areas that restrict
the organization from achieving its goals and objectives
Why We Need SRM?
In 2015, ASIS International’s CSO Roundtable published an early description of
SRM. In their
report, the group offered a clear description of the mission and goals of SRM:
1. The mission of SRM is to identify, evaluate and mitigate the impact of security
risks to the business, with prioritized protective activities that enable the
business to advance its overall mission.

2. The goal of SRM is to engage with the business to establish organizational

policies, standards, and procedures that identify and manage security risks to
the enterprise
 Chapter 2
Fundamentals of SRM
Understand Your Organisation
The first activity in an ESRM implementation process, before even entering
the
steps of the cycle itself, is to spend time investigating your enterprise and
truly
understanding it.
It is impossible to know the measures you will need to take to evaluate,
mitigate,
and protect against enterprise risks unless you know what those risks are.
You cannot understand those risks unless you understand the business,
what it does, and why it does it.
End of Session
Thank You….