PROJECT RISK MANAGEMENT AND RESPONSE PLANNING (INCLUDING

CYBER SECURITY)JILL ALMAGUER, PE, MBA, PMP

PMI HOUSTON CHAPTER LUNCH N LEARN

TCH MEDICAL CENTER

JULY 23, 2018

AGENDA

• Introduction to Risk Management Processes

• Risk Happens

• Risk Assessment

• Risk Response Planning

• Cyber Security Project Risk

• Tools to Minimize Theft Risk

• Q&A

• Next Steps

INTRODUCTION

• Jill B. Almaguer, PE, MBA, PMP

• Passed PMP exam in 2011after attending a prep course provided by PMI Houston at DeVry University

• Taught Project Management as adjunct faculty at DeVry University

• Now teaching PMP exam prep courses

• Project Manager for NSG system integrator with projects in healthcare and higher education

• Attended recent FBI Infraguard presentations on Cyber Security threat landscape

• Presentation based on PMI Registered Education Provider materials for PMP Exam Prep Course

• PMP Course Risk Management Module Learning Objectives:

• Define risk

• Identify key terms related to risk

• Calculate risk

• Identify different categories of risk

• Describe Project Risk Management processes

PROJECT MANAGEMENT BODY OF KNOWLEDGE (PMBOK GUIDE) 5TH EDITION

PMI’s SIX PROJECT RISK MANAGEMENT PROCESSES:

• PLAN RISK MANAGEMENT

• IDENTIFY RISKS

• PERFORM QUALITATIVE RISK ANALYSIS

• PERFORM QUANTITATIVE RISK ANALYSIS

• PLAN RISK RESPONSES

• CONTROL RISKS

RISK HAPPENS (PLAN RISK MANAGEMENT)

PMBOK Definition:

Risk is an uncertain event or condition that, if it occurs, has a positive

or negative effect on a project’s objectives.

Risk management and response planning:

Minimize negative effects (threats) and

Maximize positive effects (opportunities) if risk happens.

This presentation will focus on ways to minimize the negative effects of risk.

RISK ASSESSMENT (IDENTIFY RISKS)

• Resource Risks

• Money

• People

• Equipment or Data

DATA AT-RISK

• Identity theft

• Credit card theft

• Customer lists

• Price lists

• Financials

• Trade secrets

• Project plans

RISK ANALYSIS

• Categories of risk (Perform Qualitative Analysis)

• Known unknowns

• Unknown unknowns

• SWOT Analysis (internal and external risks)

• Calculation of risk (Perform Quantitative Analysis)

Risk Weight = Risk Probability * Risk Impact

20% PROBABILITY:

through malware or malicious Wi-Fi (external risk)

One in 5 employees (internal risk) will be the cause of a mobile breach

IMPACT IN TIME AND MONEY*How much cash was lost to unplanned downtime in the past 12 months, including productivity?

• Survey set $10,000 as the line between “OK, we can fix this” and “There goes the

holiday party.”

• 18% of IT professionals responded they lost more than $10,000.

• How much data loss is OK, and how long application users can sit idle?

• 70% say it’s acceptable to lose no more than two (2) hours of data

• 76% think it should take less than four (4) hours to bring mission-critical systems online.

• Spend on Business Continuity/Disaster Recovery (BC/DR) as a percentage of the IT budget?

• 39% say BC/DR gets less than 5% of the cash in 2017

• 61% expect that to continue in the new year.

• Ability to recover from a disaster or cybersecurity incident?

• 64% are very or somewhat sure they could recover fully.

*Data: Channel Partners 2017 BC/DR Survey

PROJECT CONTINUITY

Two important parameters for a BC/DR (i.e. project continuity) plan are the Recovery

Point Objective (RPO) and Recovery Time Objective (RTO).

• RPO limits how far to roll back in time, and defines the maximum allowable amount

of lost data measured in time from a failure occurrence to the last valid backup.

• RTO represents how long it takes to restore from the incident until normal

operations resume.

https://www.veeam.com/blog/rto-rpo-definitions-values-common-practice.html

RISK RESPONSE PLANNING (PLAN RISK RESPONSES)

• Goal-minimize impact of negative risk

• Reduce cost by catching risk early in project

• Catch risk early by monitoring triggers on the Risk Register

• Key terms for planning response

• Risk averse

• Risk tolerance

• Risk threshold

• Contingency Reserve and Management Reserve

• Response methods for negative risk

• Accept

• Avoid

• Transfer (business continuity insurance)

• Mitigate

CYBER SECURITY PROJECT RISK (CONTROL RISKS)

• Not just IT’s problem anymore

• Anything attached to the Internet is vulnerable, especially via Wi-Fi

• Vendor contracts need to include encryption requirements and malware remedies

• Trust but verify all email correspondence/text involving $$ or links

• Risk response plans need to include data backup/restore method

• Assume you are a target

Average time attackers dwell

on networks until discovered

of challenge is detecting hidden,

unknown, and emerging threats1

12017 Threat Hunting Report, Crowd Research Partners

of Threats go undetected by

automated security tools1

ATTACKERS CONTINUE TO EVADE SECURITY DEFENSES

They get in They expand and hide They are tough to detect

Attacker Dwell Time: The Central Issue

Exploitation Installation Command & Control Lateral Movement Exfiltration Persist

Attack In Progress Attacker Dwell Time Response

NETWORK

BREACHED

INCIDENT

DISCOVERED

Reconnaissance

THE FASTER YOU HUNT AND CONTAIN BREACHES, THE SMALLER THE FINANCIAL IMPACT

TOOLS-RISK ASSESSMENTS TO MINIMIZE IMPACT

• Penetration Test

• Web Application Vulnerability

• Social Engineering Test

• Wireless Network Assessment

Reducing Dwell Time

is Key

Organizations that

are able to contain a breach

in less than

30 days paid nearly

$1 million less in

total breach costs.*

*Ponemon Institute 2017 Cost of Data Breach Study: Global Overview

TOOLS-CYBER RISK AUDIT

Exploitation Installation Command & Control Lateral Movement Exfiltration Persist

Real-Time Prevention & Monitoring Threat HuntingContainment, Eradication &

Recovery

Attack In Progress Post Breach Activity Incident Response

Reconnaissance

Endpoint Protection Platforms (EPP)

Endpoint Detection and Response (EDR)

• Detect attacks in progress based on application behavior

• Collect event history for big data investigation & downstream IR

• Block known attack entry and/or malware installation

Incident Response (IR) Platforms

• Breach breadth and depth identification, containment, eradication, recovery and hardening against future attacks

• Root cause and impact assessment via log, alert, and traffic analysis

Hunt Platforms

• Detect post breach activity and persistence that has bypassed EPP and EDR solutions

• Identify exact endpoints that need remediation

• Triage IR activity and workload

User Entity & Behavior Analytics• User / device behavioral anomaly analytics

NETWORK

BREACHED

INCIDENT

DISCOVERED

TOOLS-WIRELESS TAGS AND ASSET TRACKING

ASSET TRACKING AND WAYFINDING

Electronically tracking assets and staff allows hospitals to better manage what they

have, streamline staff efficiencies, and reduce risk of loss, which in turn improves

patient and staff satisfaction and bottom line savings.

Uses Real-time Locating Systems (RTLS) to locate assets and improve efficiency.

Can also be used for wayfinding and patient safety tracking.

Uses technology built into Aruba Access Points, software and low cost, low power

Bluetooth Low Energy (BLE) “tags” that are placed on high value project assets.

ASSET TRACKINGEXAMPLE:

Find the nearest

IV Pump

TOOLS-FALL DETECTION

• Could safety risks delay your project?

• Fall Detection Use Cases:

• Retail

• Corporate

• Manufacturing

• Hospitals (high fall risk)

• Parking garages

• Parking lots; and

• other public areas where falls can occur.

• Configurable “Cool Down” period to align

with the client’s needs-if fall is cleared quickly and no injury

• Integrated with Hitachi Visualization Suite or sold as a stand-alone solution.

Q&A

• Thank you for attending PMI lunch n learn

• Additional questions can be sent to:

Jill Almaguer, PE, MBA, PMP

jalmaguer@nordstargroup.com

832-467-0000 x227

www.nordstargroup.com

NEXT STEPS

• PMP Exam Prep Class

• October 8-11, 2018, at SCA in Houston

• PMBOK 6th edition

• More processes and 150 more pages!

• Registration and location details at www.scacompanies.com

• Course includes tool to help with PMP exam application and online study resources after the

class provided by PMI Registered Education Provider.

• Minimize risk impact by scanning regularly for cyber security threats!

• Complimentary Infocyte scan for 50 nodes of a >100 node network