/ DSM1244) TPs (PK) Ahmad Tarmizi Bin Abdullah Ketua Penguatkuasa Bahagian Penguatkuasa Perbadanan Putrajaya Housekeeping
• 1. Please inform me if you could not attend the lecture.
• 2. Open your video for attendance • 3. Kindly write your name on video • 4. Ask if you do not understand – use the chat box or just ask anytime in the class only Introduce Yourself
• 1. What is your name?
• 2. Where is your hometown? • 3. Which Programme are you currently enrolled on and semester? • 4. What is your job and experienced? 4 • Any relevant historical information. • Original assumptions that are no longer valid. Waktu Kelas Sabtu : 2.00 petang-6 petang Ahad : 9.00 pagi-1.00 petang Lecture Hours Saturday • 2:00 pm – 3:30 pm → Lecture • 3.30 pm – 3:45 pm → Coffee Break • 3:45 pm – 5:00 pm → Lecture • 5:00 pm – 5:15 pm → Coffee Break • 5:00 pm – 6:00 pm → Q&A, Discussion, Quiz • 6:00 pm → End Session Lecture Hours Sunday • 9:00 am – 10:00 am → Lecture • 10:00 am – 10:15 am → Coffee Break • 10:15 am – 11:00 am → Lecture • 11:00 am – 11:15 am → Coffee Break • 11:15 am – 12:00 pm → Lecture • 12.00 pm – 13.00 pm → Q&A, Discussion, Quiz • 13:00 pm → End Session BRAIN STORMING Chapter 1 Introduction to the Security Risk Management (SRM) What is Security Risk Management (SRM)
1. SRM is the application of fundamental risk principles to manage all security
risks – whether related to information, cyber, physical security, asset management, or business continuity – in a comprehensive, holistic, all encompassing approach. 2. When we say, “security risk,” we mean anything that threatens harm to the enterprise: its mission, its employees, customers, or partners, its operations, its reputation – anything at all. 3. Practicing SRM helps security professionals identify the risk areas that restrict the organization from achieving its goals and objectives Why We Need SRM? In 2015, ASIS International’s CSO Roundtable published an early description of SRM. In their report, the group offered a clear description of the mission and goals of SRM: 1. The mission of SRM is to identify, evaluate and mitigate the impact of security risks to the business, with prioritized protective activities that enable the business to advance its overall mission.
2. The goal of SRM is to engage with the business to establish organizational
policies, standards, and procedures that identify and manage security risks to the enterprise Chapter 2 Fundamentals of SRM Understand Your Organisation The first activity in an ESRM implementation process, before even entering the steps of the cycle itself, is to spend time investigating your enterprise and truly understanding it. It is impossible to know the measures you will need to take to evaluate, mitigate, and protect against enterprise risks unless you know what those risks are. You cannot understand those risks unless you understand the business, what it does, and why it does it. End of Session Thank You….