Risk Session III

From AFCEAWiki

Jump to: navigation, search

Contents

[edit] Session III: Enterprise Security Management

JOIN THE ONGOING SOLUTIONS DIALOGUE ON THE GOOGLE GROUP SITE

[edit] Abstract

What are the next generation threats in your systems and how do you recommend protecting against them? How do you recommend pinpointing future potential breaches in your implemented tools? Do you think common solutions should be considered to address some of the security challenges today? What is the state of standards related to enterprise security management. Is there a lack of standards that hinders implementation or forces vendor specific stove-piped solutions? Are there technologies like Active Management Technology (AMT) and Trusted Platform Modules (TPM) playing a big role in Enterprise Security Management?

[edit] Moderator

  • Mr. Joe Grace, Grace and Associates

[edit] Panel

  • Mr. John Abeles, President & CEO, System 1
  • Mr. Ron Knode, Director, CSC
  • Mr. Rich Mangan, Manager, Key & Identity Management, General Dynamics C4 Systems
  • Ms. Marcia Weaver, Chief of Enterprise Security Management Special Program Office, NSA


I was hoping to hear more about risk management in this session including the tactics and strategies one could use to combat various adverse security effects in netcentric systems.

My operational definition for risk is that risk is uncertaintly and the prospect for loss or gain depending on the outcome of an event. So risk is the uncertainty of meeting a goal, such as, ensuring continuous operation during a mission or being able to open the financial markets the next day. So we must start with the goal.

In ensuring continuous operation, I want to be able to withstand or at least minimize the effects of adversity on the mission.

In opening the market the next day, I want to be able to anticipate and avoid the effects of adversity. In other words, I want to drive cleanup costs, lost opportunity costs, and reconstitution cost to zero.... and I want to ensure public trust in the operation at all times. One of the actions in my risk management repetoire is to shut down when impending adversity is anticipated. This does the job of avoiding the effects of adversity... except for being shut down at the moment.

Action 1: Would someone list real goals for which they are managing security risk in the context of netcentric systems?

Action 2: Would someone list practical tactics and strategies for achieving these goals in operation?


Speaker BIOS

Audio Podcast

Retrieved from "http://www.afcea.org/wiki/index.php?title=Risk_Session_III"
Personal tools