Organizations tend to focus on the technical controls for protection of the company’s assets and reduction of risk. Security Operations Centers, IDS/IPS, Vulnerability Scanning and other controls are implemented and publicized. The number of implemented controls, and the number of standards satisfied are the measures of risk and risk maturity.
Unfortunately, this is not optimum, nor does it a keep an organization safe. Organizations need to measure Risk Maturity on a different scale. A scale that includes People, Processes and Systems, as much as the technical controls and compliance certificates.
This session will focus on a Risk Maturity model that covers the entire risk continuum, includes people, processes and systems, is measurable and definable. This model, which parallels proven risk reduction and quality improvement in manufacturing, will walk organizations through the 2 classes and 5 phases of risk maturity:
Class 1: Risk Control
• Phase 1: Unknown Incident
Something occurs and it can’t be fixed because we don’t even know it happened
• Phase 2: Incident Management
A risk manifests itself, somebody creates an incident ticket and the organization rushes to close the risk and mitigate the impact
• Phase 3: Protection Control
A risk manifests itself and organization mitigates the impact before the client is aware, or must be notified.
• Phase 4: In-Process Protection
We identify a trend in a risk getting worse, or new and implement controls before the risk manifests itself.
• Final Phase: Continuous Protection Improvement
There is a culture and a focus by all individuals on identifying and reducing the the risk profile on a daily basis
Gerard Scheitlin is the owner and founder of RISQ Management, a company specializing in product and organizational risk solutions. Before devoting his work fulltime to RISQ Management, Gerard was an executive leader with a thirty-year extensive background in multiple industries including Health Care, Information Technology, Automotive, Electronics, and Distribution.
Gerard is actively involved in publicizing by how focusing on RISQ Management and Business Transformation is able to achieve sustainable growth. Gerard currently has nineteen publications ranging across multiple media platforms, and covering a broad range of topics focusing on his RISQ Model. Gerard has been a guest speaker and a panelist at a number of nationally accredited symposiums, as well as individual company summits. Gerard has been a guest lecturer at Arizona State University in the School of Biomedical Informatics.
Gerard is passionate about RISQ remediation and process improvement with a 'client-centered' approach that focus on prevention, rather than reaction. Gerard is a Lean Six Sigma Black Belt with Engineering degrees from Purdue University and The University of Alabama.