Framing Security- Centric Integrated Risk Management Framework

Prof. Daniel Shoemaker, the Director of the Masters of Science Information Assurance Program (for Cyber-security), and a Principal Investigator for the Center of Academic Excellence Program with the National Security Agency participates in Risk Roundup with Jayshree Pandya to discuss “The Need for Security-Centric Integrated Risk Management Framework”.

 

Overview
Everything has risks and risks are inevitable. It is the ability to take risks that gives each nation: its government, industries, organizations, academia and individuals (NGIOA-I) the possibility of progress and advancement. Progress and advancement is all about risk taking. But when risk transcends initiatives, industries, borders, cultures, nations, societies and human existence, taking timely risk initiatives, is a necessary forward-looking move.
As today’s risks are tomorrow’s crisis, there is a need to make transition from a reactive approach to proactive for identifying, evaluating and managing risks. Having said that, all the tools, technology, processes, guidelines and framework in the world won’t help, if risks cannot be accurately identified, objectively evaluated and effectively managed! In addition, what risks are managed depends on what risks have been identified.
The cyberspace has brought complex, chaotic, and challenging time for each nation: its government, industries, organizations and academia (NGIOA) in cyberspace, geospace and space (CGS). As cyberspace is deeply embedded across each component of a nation: its government, industries, organizations and academia, its crowded interconnections has caught nations off guard.
These interconnections and interdependencies raise an important question, on whether our current risk management framework, tools, technologies and processes are effective in managing the security risks of the cyberspace. For e.g. the on-going battle between government and technology companies for the back door access is a perfect example of ineffectiveness in our current approach to risk management.

 


About the Guest
Prof. Daniel Shoemaker is the Director of the Masters of Science Information Assurance Program (for Cybersecurity), and a Principal Investigator for the Center of Academic Excellence Program with the National Security Agency. As the co-chair for the National Workforce Training and Education Initiative, he is also one of the authors of the DHS Software Assurance Common Body of Knowledge (CBK). He has also helped author the DHS Information. Assurance (IA) Essential Body of Knowledge and serves as a subject matter expert for the NIST-NICE workforce framework.
He has written several books: Cyber Security: The Essential Body of Knowledge Information Assurance for the Enterprise, The CSSLP Certification All-in-One Exam Guide. Engineering a More Secure Software Organization, and has just finished working on two new books – The Complete Guide to Cybersecurity Risk & Controls and Cyber Security, and finally, A Guide to the National Initiative for Cybersecurity Education (NICE) Framework (2.0).

About the Host of Risk Roundup
Jayshree Pandya (née Bhatt) is a visionary leader, who is working passionately with imagination, insight and boldness to achieve “Global Peace through Risk Management”. It is her strong belief that collaboration between and across nations: its government, industries, organizations and academia (NGIOA) will be mutually beneficial to all—for not only in the identification and understanding of critical risks facing one nation, but also for managing the interconnected and interdependent risks facing all nations. She calls on nations to build a shared sense of identity and purpose, for how the NGIOA framework is structured will determine the survival and success of nations in the digital global age. She sees the big picture, thinks strategically and works with the power of intentionality and alignment for a higher purpose—for her eyes are not just on the near at hand but on the future of humanity!
At Risk Group, Jayshree is defining the language of risks and currently developing thought leadership, researching needed practices, tools, framework and systems to manage the “strategic and shared risks” facing nations in a “Global Age”. She believes that cyberspace cannot be secured if NGIOA works in silo within and across its geographical boundaries. As cyber-security requires an integrated NGIOA approach with a common language, she has recently launched “cyber-security risk research center” that will merge the boundaries of “geo-security, cyber-security and space-security”.
Previously, she launched and managed “Risk Management Matters”, an online risk journal and one of the first risk publications, publishing “Industry Risk Reports of Biotechnology, Energy, Healthcare, Nanotechnology, and Natural Disasters” over the course of five years. Jayshree’s inaugural book, “The Global Age: NGIOA @ Risk”, was published by Springer in 2012.

About Risk Roundup

“Risk Roundup” is an “integrated strategic security risk dialogue” for nations: its government,  industries, organizations and academia (NGIOA) in cyberspace, geospace and space (CGS).Risk Roundup is released in both audio and video format and is available for subscription at (Risk Group WebsiteiTunesGoogle PlayStitcher RadioAndroid, and Risk Group Professional Social Media).

About Risk Group
Risk Group believes that risk management, security and peace walk together hand in hand. Though security is related to management of threats and peace to the management of conflict, risk management is related to management of security vulnerabilities as well as management of conflict, and it is not possible to conceive any one of the three without the existence of the other two. All three concepts feed into each other. Risk Group believes that the security we build for ourselves is precarious and uncertain until it is secured for everyone across nations. Tradition becomes our security-so if we build a culture of managing risks effectively it will lead us to security and security will lead us to peace!

Copyright Risk Group LLC. All Rights Reserved