How Do I Embed Cyber Risk Management in All Aspects of the Organization?

2021 ◽  
pp. 160-172
Author(s):  
Gregory Falco ◽  
Eric Rosenbach
Keyword(s):  
Risk Management ◽  
Real World ◽  
Mitigation Measures ◽  
Critical Systems ◽  
The Real ◽  
Cyber Insurance ◽  
Risk Framework ◽  
Strategic Goals ◽  
Cyber Risk

The question “How do I embed cyber risk management in all aspects of the organization?” addresses how to adopt an Embedded Endurance cyber risk strategy in your day-to-day work as a cyber leader. The chapter begins with a case study about the NotPetya cyberattack, which highlights ongoing challenges in cyber insurance and illuminates the need for embedding cyber mitigation measures across all prioritized critical systems, networks, and data. The chapter describes how to develop an Embedded Endurance cyber risk strategy that is customized for your organization. This chapter walks readers through the key elements of a cyber strategy, from start to finish. This includes defining a risk framework, setting strategic goals, identifying metrics, and establishing strong leadership. The chapter concludes with experiences highlighting the real-world importance of an Embedded Endurance cyber risk strategy from Rosenbach and Falco.

Why Is Cyber Risk an Issue?

2021 ◽  
pp. 1-15
Author(s):  
Gregory Falco ◽  
Eric Rosenbach
Keyword(s):  
Real World ◽  
Digital Systems ◽  
Mitigation Measures ◽  
Cyber Threats ◽  
Cyber Risk ◽  
The Impact

The question “Why is cyber risk an issue?” pinpoints the leadership challenge that cyber risk poses. The chapter begins with a WannaCry case study that demonstrates how cyberattacks can impact every aspect of organizations given the pervasive nature of digital systems. The chapter describes how leadership must address cyber risk by analyzing the organization’s unique threats, its vulnerabilities, and the impact an attack can have on the organization. It describes how mitigation measures minimize cyber vulnerabilities and maximize an organization’s ability to respond to cyberattacks. It emphasizes that leadership must strategically manage cyber risk through carefully selected mitigations. This chapter introduces how an Embedded Endurance cyber risk strategy offers a systems-level approach to mitigating cyber risk by addressing interdependent components of the organization’s risk and preparing for the inevitability of cyber threats over the long term, and details real-world Embedded Endurance cyber risk strategy experiences.

scholarly journals Feminist Judging in the 'Real World'

2018 ◽  
Vol 8 (9) ◽  
pp. 1275-1306 ◽  
Author(s):  
Rosemary Hunter
Keyword(s):  
Decision Making ◽  
Empirical Research ◽  
Real World ◽  
Interview Data ◽  
Feminist Perspective ◽  
Decision Making Process ◽  
The Real ◽  
Judicial Practice ◽  
Tools And Techniques

The various feminist judgment projects (FJPs) have explored through the imagined rewriting of judgments a range of ways in which a feminist perspective may be applied to the practice of judging. But how do these imagined judgments compare to what actual feminist judges do? This article presents the results of the author’s empirical research to date on ‘real world’ feminist judging. Drawing on case study and interview data it explores the how, when and where of feminist judging, that is, the feminist resources, tools and techniques judges have drawn upon, the stages in the hearing and decision-making process at which these resources, tools and techniques have been deployed, and the areas of law in which they have been applied. The article goes on to consider observed and potential limits on feminist judicial practice, before drawing conclusions about the comparison between ‘real world’ feminist judging and the practices of FJPs. Los proyectos de sentencias feministas, a través de la reelaboración imaginaria de sentencias judiciales, han explorado multitud de vías en las que las perspectivas feministas se podrían aplicar a la práctica judicial. Pero ¿qué resulta de la comparación entre dichas sentencias y la práctica real de las juezas feministas? Este artículo presenta los resultados de la investigación empírica de la autora. Se analiza el cómo, el cuándo y el dónde de la labor judicial feminista, es decir, los recursos, herramientas y técnicas feministas que las juezas han utilizado, las fases de audiencia y toma de decisión en las que se han utilizado y las áreas del derecho en que se han aplicado. Además, se toman en consideración los límites observados y potenciales de la práctica judicial feminista, y se extraen conclusiones sobre la comparación entre la labor judicial feminista en el “mundo real” y la práctica de los proyectos de tribunales feministas.

Unlocking the value of HR to drive a change-ready culture

2017 ◽  
Vol 16 (4) ◽  
pp. 171-176
Author(s):  
Campbell Macpherson
Keyword(s):  
Real World ◽  
Culture Change ◽  
Design Methodology ◽  
Lessons Learned ◽  
World Culture ◽  
Content Type ◽  
Large Organization ◽  
The Real ◽  
Personal Experiences

Purpose This paper aims to present a case study focused on developing a change-ready culture within a large organization. Design/methodology/approach This paper is based on personal experiences gleaned while driving an organization-wide culture change program throughout a major financial advisory firm. Findings This paper details over a dozen key lessons learned while transforming the HR department from a fragmented, ineffective, reclusive and disrespected department into one that was competent, knowledgeable, enabling and a leader of change. Originality/value Drawing on the real-world culture change intervention detailed here, including results and lessons learned, other organizations can apply similar approaches in their own organizations – hopefully to similar effect.

How Do I Assess Our Cyber Risk?

2021 ◽  
pp. 41-57
Author(s):  
Gregory Falco ◽  
Eric Rosenbach
Keyword(s):  
Communication Networks ◽  
Impact Analysis ◽  
Critical Systems ◽  
Safety Critical ◽  
Safety Critical Systems ◽  
Mission Critical ◽  
Delivery Networks ◽  
Cyber Risk ◽  
Digital Assets

The question “How do I assess our cyber risk?” addresses how to identify and characterize cyber risk unique to an organization’s critical systems, networks, and data. The chapter begins with a case study about a cyberattack on Ukraine’s electric grid. It details risk assessment for three types of critical systems: mission-critical systems, business-critical systems, and safety-critical systems. It explains the three types of networks critical to many organizations: business and administrative networks, operational and service delivery networks, and communication networks. In outlining the “CIA triad,” it shows how cyber risk can be characterized as a confidentiality, integrity, or availability issue relating to digital assets. Further, it describes how to assess the importance of different digital assets and how to prioritize them using a business impact analysis (BIA). The chapter concludes with real-world Embedded Endurance strategy lessons Rosenbach gained in Saudi Arabia in the wake of one of the world’s most destructive cyberattacks.

A Database Project in a Small Company (or How the Real World Doesn't Always Follow the Book)

2009 ◽  
pp. 468-483
Author(s):  
Efrem Mallach
Keyword(s):  
Information Retrieval ◽  
Real World ◽  
Retrieval System ◽  
Information Retrieval System ◽  
Small Company ◽  
The Real ◽  
Design And Implementation ◽  
Development Methods

The case study describes a small consulting company’s experience in the design and implementation of a database and associated information retrieval system. Their choices are explained within the context of the firm’s needs and constraints. Issues associated with development methods are discussed, along with problems that arose from not following proper development disciplines.

Emergence of Analogies in Collaboratively Conducted Computer Simulations

2009 ◽  
pp. 340-361
Author(s):  
Wolff-Michael Roth
Keyword(s):  
Computer Simulations ◽  
Teaching Strategies ◽  
Real World ◽  
Relevant Information ◽  
Multimedia Application ◽  
The Real ◽  
Physics Course

To learn by means of analogies, students have to see surface and deep structures in both source and target domains. Educators generally assume that students, presented with images, texts, video, or demonstrations, see what the curriculum designer intends them to see, that is, pick out and integrate information into their existing understanding. However, there is evidence that students do not see what they are supposed to see, which precisely inhibits them to learn what they are supposed to learn. In this extended case study, which exemplifies a successful multimedia application, 3 classroom episodes are used (a) to show how students in an advanced physics course do not see relevant information on the computer monitor; (b) to exemplify teaching strategies designed to allow relevant structures to become salient in students’ perception, allowing them to generate analogies and thereby learn; and (c) to exemplify how a teacher might assist students in bridging from the multimedia context to the real world.

scholarly journals Cyber risk ordering with rank-based statistical models

2020 ◽  
Author(s):  
Paolo Giudici ◽  
Emanuela Raffinetti
Keyword(s):  
Risk Management ◽  
Statistical Model ◽  
Real World ◽  
Statistical Models ◽  
Risk Models ◽  
Loss Data ◽  
On Line ◽  
Severity Levels ◽  
Cyber Risk

AbstractIn a world that is increasingly connected on-line, cyber risks become critical. Cyber risk management is very difficult, as cyber loss data are typically not disclosed. To mitigate the reputational risks associated with their disclosure, loss data may be collected in terms of ordered severity levels. However, to date, there are no risk models for ordinal cyber data. We fill the gap, proposing a rank-based statistical model aimed at predicting the severity levels of cyber risks. The application of our approach to a real-world case shows that the proposed models are, while statistically sound, simple to implement and interpret.

Sign in / Sign up

Export Citation Format

Share Document