Professional Documents
Culture Documents
Lecture 9
Introduction to Cybersecurity
Governance
1
RMIT Classification: Trusted
Session Objectives
22
RMIT Classification: Trusted
etc.
33
RMIT Classification: Trusted
44
RMIT Classification: Trusted
facts.
55
RMIT Classification: Trusted
66
RMIT Classification: Trusted
operational level)
77
RMIT Classification: Trusted
88
RMIT Classification: Trusted
by senior executives.
99
RMIT Classification: Trusted
normative requirements.
10
10
RMIT Classification: Trusted
11
11
RMIT Classification: Trusted
12
12
RMIT Classification: Trusted
13
13
RMIT Classification: Trusted
to demonstrate).
14
14
RMIT Classification: Trusted
15
15
RMIT Classification: Trusted
16
16
RMIT Classification: Trusted
17
17
RMIT Classification: Trusted
follows:
18
18
RMIT Classification: Trusted
19
19
RMIT Classification: Trusted
• The main difficulty with these methods is that the estimate of a loss
business units and all the controls deployed, which may be very
inaccurate.
20
20
RMIT Classification: Trusted
• This will happen if the impact of the residual risk is very small (or
21
21
RMIT Classification: Trusted
22
22
RMIT Classification: Trusted
3.2a. Modelling
23
23
RMIT Classification: Trusted
3.2b. Modelling
24
24
RMIT Classification: Trusted
Example (1)
25
25
RMIT Classification: Trusted
Example (2)
data: project cost, annual operational cost of the new solution, and
26
26
RMIT Classification: Trusted
Example (3)
27
27
RMIT Classification: Trusted
security.
28
28
RMIT Classification: Trusted
• The standards present the processes that are required but do not
requirements.
29
29
RMIT Classification: Trusted
or product.
30
30
RMIT Classification: Trusted
of values
assessed.
31
31
RMIT Classification: Trusted
32
32
RMIT Classification: Trusted
Example
33
33
RMIT Classification: Trusted
34
34
RMIT Classification: Trusted
35
35
RMIT Classification: Trusted
36
36
RMIT Classification: Trusted
37
37
RMIT Classification: Trusted
following formula:
38
38
RMIT Classification: Trusted
• “You can’t measure if you don’t know what you’re looking for.”
39
39
RMIT Classification: Trusted
• “You can’t measure if you don’t know what you’re looking for.”
40
40
RMIT Classification: Trusted
assumption.
41
41
RMIT Classification: Trusted
42
42
RMIT Classification: Trusted
43
43
RMIT Classification: Trusted
Example.
44
44
RMIT Classification: Trusted
business strategy
45
45
RMIT Classification: Trusted
46
46
RMIT Classification: Trusted
47
47
RMIT Classification: Trusted
be applied.
48
48
RMIT Classification: Trusted
49
49
RMIT Classification: Trusted
• Operations Perspective:
strategy.
50
50
RMIT Classification: Trusted
• Client Perspective:
51
51
RMIT Classification: Trusted
• Evolution Perspective:
. 52
52
RMIT Classification: Trusted
3.6a. Measuring Operational
Performance
54
54
RMIT Classification: Trusted
3.6b. Measuring Operational
Performance
55
55
RMIT Classification: Trusted
56
56
RMIT Classification: Trusted
57
57
RMIT Classification: Trusted
• Security expenses
company
58
58
RMIT Classification: Trusted
59
59
RMIT Classification: Trusted
into account the objectives of the analyses that may be made later.
• Expenses distribution:
60
60
RMIT Classification: Trusted
etc.
units
61
61
RMIT Classification: Trusted
62
62
RMIT Classification: Trusted
3.8a. Benchmarking
63
63
RMIT Classification: Trusted
3.8b. Benchmarking
different strategies.
64
64
RMIT Classification: Trusted
3.8c. Benchmarking
65
65
RMIT Classification: Trusted
Benchmarking (1)
field of security.
Benchmarking (2)
benchmarking services.
67
67
RMIT Classification: Trusted
Benchmarking (3)
in solving problems.
68
68
RMIT Classification: Trusted
Benchmarking (4)
information.
69
69
RMIT Classification: Trusted
Benchmarking (5)
in other companies.
• They cannot transmit confidential data, but they may recall certain
findings.
70
70
RMIT Classification: Trusted
Benchmarking (6)
other companies.
71
71