PROJECT RISK MANAGEMENT AND RESPONSE PLANNING (INCLUDING
CYBER SECURITY)JILL ALMAGUER, PE, MBA, PMP
PMI HOUSTON CHAPTER LUNCH N LEARN
TCH MEDICAL CENTER
JULY 23, 2018
AGENDA
• Introduction to Risk Management Processes
• Risk Happens
• Risk Assessment
• Risk Response Planning
• Cyber Security Project Risk
• Tools to Minimize Theft Risk
• Q&A
• Next Steps
INTRODUCTION
• Jill B. Almaguer, PE, MBA, PMP
• Passed PMP exam in 2011after attending a prep course provided by PMI Houston at DeVry University
• Taught Project Management as adjunct faculty at DeVry University
• Now teaching PMP exam prep courses
• Project Manager for NSG system integrator with projects in healthcare and higher education
• Attended recent FBI Infraguard presentations on Cyber Security threat landscape
• Presentation based on PMI Registered Education Provider materials for PMP Exam Prep Course
• PMP Course Risk Management Module Learning Objectives:
• Define risk
• Identify key terms related to risk
• Calculate risk
• Identify different categories of risk
• Describe Project Risk Management processes
PROJECT MANAGEMENT BODY OF KNOWLEDGE (PMBOK GUIDE) 5TH EDITION
PMI’s SIX PROJECT RISK MANAGEMENT PROCESSES:
• PLAN RISK MANAGEMENT
• IDENTIFY RISKS
• PERFORM QUALITATIVE RISK ANALYSIS
• PERFORM QUANTITATIVE RISK ANALYSIS
• PLAN RISK RESPONSES
• CONTROL RISKS
RISK HAPPENS (PLAN RISK MANAGEMENT)
PMBOK Definition:
Risk is an uncertain event or condition that, if it occurs, has a positive
or negative effect on a project’s objectives.
Risk management and response planning:
Minimize negative effects (threats) and
Maximize positive effects (opportunities) if risk happens.
This presentation will focus on ways to minimize the negative effects of risk.
RISK ASSESSMENT (IDENTIFY RISKS)
• Resource Risks
• Money
• People
• Equipment or Data
DATA AT-RISK
• Identity theft
• Credit card theft
• Customer lists
• Price lists
• Financials
• Trade secrets
• Project plans
RISK ANALYSIS
• Categories of risk (Perform Qualitative Analysis)
• Known unknowns
• Unknown unknowns
• SWOT Analysis (internal and external risks)
• Calculation of risk (Perform Quantitative Analysis)
Risk Weight = Risk Probability * Risk Impact
20% PROBABILITY:
through malware or malicious Wi-Fi (external risk)
One in 5 employees (internal risk) will be the cause of a mobile breach
IMPACT IN TIME AND MONEY*How much cash was lost to unplanned downtime in the past 12 months, including productivity?
• Survey set $10,000 as the line between “OK, we can fix this” and “There goes the
holiday party.”
• 18% of IT professionals responded they lost more than $10,000.
• How much data loss is OK, and how long application users can sit idle?
• 70% say it’s acceptable to lose no more than two (2) hours of data
• 76% think it should take less than four (4) hours to bring mission-critical systems online.
• Spend on Business Continuity/Disaster Recovery (BC/DR) as a percentage of the IT budget?
• 39% say BC/DR gets less than 5% of the cash in 2017
• 61% expect that to continue in the new year.
• Ability to recover from a disaster or cybersecurity incident?
• 64% are very or somewhat sure they could recover fully.
*Data: Channel Partners 2017 BC/DR Survey
PROJECT CONTINUITY
Two important parameters for a BC/DR (i.e. project continuity) plan are the Recovery
Point Objective (RPO) and Recovery Time Objective (RTO).
• RPO limits how far to roll back in time, and defines the maximum allowable amount
of lost data measured in time from a failure occurrence to the last valid backup.
• RTO represents how long it takes to restore from the incident until normal
operations resume.
https://www.veeam.com/blog/rto-rpo-definitions-values-common-practice.html
RISK RESPONSE PLANNING (PLAN RISK RESPONSES)
• Goal-minimize impact of negative risk
• Reduce cost by catching risk early in project
• Catch risk early by monitoring triggers on the Risk Register
• Key terms for planning response
• Risk averse
• Risk tolerance
• Risk threshold
• Contingency Reserve and Management Reserve
• Response methods for negative risk
• Accept
• Avoid
• Transfer (business continuity insurance)
• Mitigate
CYBER SECURITY PROJECT RISK (CONTROL RISKS)
• Not just IT’s problem anymore
• Anything attached to the Internet is vulnerable, especially via Wi-Fi
• Vendor contracts need to include encryption requirements and malware remedies
• Trust but verify all email correspondence/text involving $$ or links
• Risk response plans need to include data backup/restore method
• Assume you are a target
Average time attackers dwell
on networks until discovered
of challenge is detecting hidden,
unknown, and emerging threats1
12017 Threat Hunting Report, Crowd Research Partners
of Threats go undetected by
automated security tools1
ATTACKERS CONTINUE TO EVADE SECURITY DEFENSES
They get in They expand and hide They are tough to detect
Attacker Dwell Time: The Central Issue
Exploitation Installation Command & Control Lateral Movement Exfiltration Persist
Attack In Progress Attacker Dwell Time Response
NETWORK
BREACHED
INCIDENT
DISCOVERED
Reconnaissance
THE FASTER YOU HUNT AND CONTAIN BREACHES, THE SMALLER THE FINANCIAL IMPACT
TOOLS-RISK ASSESSMENTS TO MINIMIZE IMPACT
• Penetration Test
• Web Application Vulnerability
• Social Engineering Test
• Wireless Network Assessment
Reducing Dwell Time
is Key
Organizations that
are able to contain a breach
in less than
30 days paid nearly
$1 million less in
total breach costs.*
*Ponemon Institute 2017 Cost of Data Breach Study: Global Overview
TOOLS-CYBER RISK AUDIT
Exploitation Installation Command & Control Lateral Movement Exfiltration Persist
Real-Time Prevention & Monitoring Threat HuntingContainment, Eradication &
Recovery
Attack In Progress Post Breach Activity Incident Response
Reconnaissance
Endpoint Protection Platforms (EPP)
Endpoint Detection and Response (EDR)
• Detect attacks in progress based on application behavior
• Collect event history for big data investigation & downstream IR
• Block known attack entry and/or malware installation
Incident Response (IR) Platforms
• Breach breadth and depth identification, containment, eradication, recovery and hardening against future attacks
• Root cause and impact assessment via log, alert, and traffic analysis
Hunt Platforms
• Detect post breach activity and persistence that has bypassed EPP and EDR solutions
• Identify exact endpoints that need remediation
• Triage IR activity and workload
User Entity & Behavior Analytics• User / device behavioral anomaly analytics
NETWORK
BREACHED
INCIDENT
DISCOVERED
TOOLS-WIRELESS TAGS AND ASSET TRACKING
ASSET TRACKING AND WAYFINDING
Electronically tracking assets and staff allows hospitals to better manage what they
have, streamline staff efficiencies, and reduce risk of loss, which in turn improves
patient and staff satisfaction and bottom line savings.
Uses Real-time Locating Systems (RTLS) to locate assets and improve efficiency.
Can also be used for wayfinding and patient safety tracking.
Uses technology built into Aruba Access Points, software and low cost, low power
Bluetooth Low Energy (BLE) “tags” that are placed on high value project assets.
ASSET TRACKINGEXAMPLE:
Find the nearest
IV Pump
TOOLS-FALL DETECTION
• Could safety risks delay your project?
• Fall Detection Use Cases:
• Retail
• Corporate
• Manufacturing
• Hospitals (high fall risk)
• Parking garages
• Parking lots; and
• other public areas where falls can occur.
• Configurable “Cool Down” period to align
with the client’s needs-if fall is cleared quickly and no injury
• Integrated with Hitachi Visualization Suite or sold as a stand-alone solution.
Q&A
• Thank you for attending PMI lunch n learn
• Additional questions can be sent to:
Jill Almaguer, PE, MBA, PMP
832-467-0000 x227
www.nordstargroup.com
NEXT STEPS
• PMP Exam Prep Class
• October 8-11, 2018, at SCA in Houston
• PMBOK 6th edition
• More processes and 150 more pages!
• Registration and location details at www.scacompanies.com
• Course includes tool to help with PMP exam application and online study resources after the
class provided by PMI Registered Education Provider.
• Minimize risk impact by scanning regularly for cyber security threats!
• Complimentary Infocyte scan for 50 nodes of a >100 node network