We lack an agreed definition for cybersecurity and even worse, despite an international risk management standard endorsed by more than 160 nations, our profession uses multiple differing security risk management frameworks. If every employer, client and supplier has a different view of risk management, how can we expect to keep up with the bad guys, let alone beat them consistently? Even if your cybersecurity framework is best in the world, we all need to be in alignment. When 100 security professionals developed the Security Risk Management Body Of Knowledge, we integrated best practice from around the world. And it started with the ISO31000 Risk Management Guideline. This presentation is about applying ISO31000 principles, framework and process in the real cybersecurity world, and in the internet of things.
List the internationally agreed six-word definition of risk, explain the key implications of this risk definition, and describe the key components of the ISO31000 Risk Management Guideline.
List the key limitations of existing risk management frameworks and describe why some of the current approaches to risk management enable attackers to breach systems far too easily.
Argue for a better risk management framework, explain the critical importance of objectives and describe the implications of the internet of things in the context of risk management.