Speaker
Description
Implementing a Risk Management Process to a distributed infrastructure can be a tedious task. Usually one need to agree on a certain Risk management methodology, get a clear picture on the scope and the governance, and from that assign the relevant roles and responsibilities. Clearly this is only possible with with sufficient support from the governing body.
But even if the above mentioned parameters are defined, a meaningful risk study of a distributed infrastructure can run into various issues.
In this presentation we take a look at the European Commissions (EC) IT Security
Risk Management Methodology (ITSRM$^2$) applied to fictitious distributed infrastructure.
From real world experience we examine possible pitfalls and derive a strategy for a useful Risk Management, that leverages the inherent enforcement capabilities of the methodology.
