"Implementing Network Security System in Business" an approach to cost-benefit analysis technique
-
Upload
perbanasinstitute -
Category
Documents
-
view
4 -
download
0
Transcript of "Implementing Network Security System in Business" an approach to cost-benefit analysis technique
Agenda for Today
Introduction Security Risk Domain Business Risk Spectrum Level of Business Criticality Simple Cost-Benefit Analysis
Discussion and Q&A
Agenda for Today
Introduction Security Risk Domain Business Risk Spectrum Level of Business Criticality Simple Cost-Benefit Analysis
Discussion and Q&A
INDRAJIT APPROACH
Internal Relation Domain
Security Risk Domain
Data/Information as Production Resources
Data/Information as Internal Control Tools
Internal Relation Domain
Data/Information as Production Resources
Data/Information as Internal Control Tools
Security Risk Domain
Virus
Steal Important Data
? Destroy Valuable
Data Changing Critical Data
! Network Threat
Internal Relation Domain
Customer Relation Domain
Security Risk Domain
Company Threat
Customer Threat
Internal Relation Domain
Customer Relation Domain
Security Risk Domain
Steal the Credit Card Number
Get the Privacy Data
Record the Password
Fake the Transaction
Destroy the Network
Steal Digital Products
Company Threat
Customer Threat
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Security Risk Domain
Business Partners Threat
Company Threat
Internal Relation Domain
Consumer Relation Domain
Business Partner Relation Domain
Security Risk Domain
Fake the Transaction
Get the Signature
Steal the Payment
Send ““Trojan Horse””
Business Partners Threat
Company Threat
Business Partner Relation Domain
Customer Relation Domain
Business Risk Spectrum
Internal Relation Domain
Business Partner Relation Domain
Customer Relation Domain
Business Risk Spectrum
Internal Relation Domain
Stop the production processes Potential chaos
Customers lose their money
Company lose its customers
Privacy issues related to individuals
Extra cost allocation by the company
Bad relationship
No trust anymore (black list)
Fake transaction cost money and energy
Legal issues
Level of Business Criticality
High Risk
Company lose its strategic partners (suppliers, vendors,
etc.)
Company can continue Its production processes
Company in a chaos and uncontrollable condition
Company lose its existing and potential
customers
Medium Risk
Extra cost should be allocated for recovery
Decreasing efficiency level in several aspects of
business
Extra cost should be allocated for bring the customers back
Low Risk
Bad evaluation record
Business partner complaints
Spend extra unnecessary energy
Customer complaints
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Level of Business Criticality
High Risk
Company lose its strategic partners (suppliers, vendors,
etc.)
Company can continue Its production processes
Company in a chaos and uncontrollable condition
Company lose its existing and potential
customers
Medium Risk
Extra cost should be allocated for recovery
Decreasing efficiency level in several aspects of
business
Extra cost should be allocated for bring the customers back
Low Risk
Bad evaluation record
Business partner complaints
Spend extra unnecessary energy
Customer complaints
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Level of Business Criticality
High Risk
Company lose its strategic partners (suppliers, vendors,
etc.)
Company can continue Its production processes
Company in a chaos and uncontrollable condition
Company lose its existing and potential
customers
Medium Risk
Extra cost should be allocated for recovery
Decreasing efficiency level in several aspects of
business
Extra cost should be allocated for bring the customers back
Low Risk
Bad evaluation record
Business partner complaints
Spend extra unnecessary energy
Customer complaints
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Level of Business Criticality
High Risk
Company lose its strategic partners (suppliers, vendors,
etc.)
Company can continue Its production processes
Company in a chaos and uncontrollable condition
Company lose its existing and potential
customers
Medium Risk
Extra cost should be allocated for recovery
Decreasing efficiency level in several aspects of
business
Extra cost should be allocated for bring the customers back
Low Risk
Bad evaluation record
Business partner complaints
Spend extra unnecessary energy
Customer complaints
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Level of Business Criticality
High Risk
Company lose its strategic partners (suppliers, vendors,
etc.)
Company can continue Its production processes
Company in a chaos and uncontrollable condition
Company lose its existing and potential
customers
Medium Risk
Extra cost should be allocated for recovery
Decreasing efficiency level in several aspects of
business
Extra cost should be allocated for bring the customers back
Low Risk
Bad evaluation record
Business partner complaints
Spend extra unnecessary energy
Customer complaints
security at any cost
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Level of Business Criticality
High Risk
Company lose its strategic partners (suppliers, vendors,
etc.)
Company can continue Its production processes
Company in a chaos and uncontrollable condition
Company lose its existing and potential
customers
Medium Risk
Extra cost should be allocated for recovery
Decreasing efficiency level in several aspects of
business
Extra cost should be allocated for bring the customers back
Low Risk
Bad evaluation record
Business partner complaints
Spend extra unnecessary energy
Customer complaints
appropriate level of sec.
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Level of Business Criticality
High Risk
Company lose its strategic partners (suppliers, vendors,
etc.)
Company can continue Its production processes
Company in a chaos and uncontrollable condition
Company lose its existing and potential
customers
Medium Risk
Extra cost should be allocated for recovery
Decreasing efficiency level in several aspects of
business
Extra cost should be allocated for bring the customers back
Low Risk
Bad evaluation record
Business partner complaints
Spend extra unnecessary energy
Customer complaints Minimum security
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Level of Business Criticality
High Risk
Company lose its strategic partners (suppliers, vendors,
etc.)
Company can continue Its production processes
Company in a chaos and uncontrollable condition
Company lose its existing and potential
customers
Medium Risk
Extra cost should be allocated for recovery
Decreasing efficiency level in several aspects of
business
Extra cost should be allocated for bring the customers back
Low Risk
Bad evaluation record
Business partner complaints
Spend extra unnecessary energy
Customer complaints
security at any cost
appropriate level of sec.
Minimum security
BENEFIT OF INVESTMENT ON SECURITY
High Risk à no significant business disturbance that can put the company into a danger situation
Medium Risk à avoid from losing potential revenue and extra cost increasing Low Risk à good relationship with stakeholders
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Simple Cost-Benefit Analysis
High Risk
““unlimited budget”” negotiate the business partners for sharing cost and investment
““unlimited budget”” consider as
operational cost (overhead)
““unlimited budget”” invite third party as partners (insurance, banking, security
company, etc.)
Medium Risk
join investment base on ““business value””
ROI based on potential lost (revenue vs.. cost)
invest based on security assessment (probability and
potential lost value)
Low Risk
throw the cost to the business partners
benchmarking for total cost or allocation ratio
throw the cost to the customers
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Simple Cost-Benefit Analysis
High Risk
““unlimited budget”” negotiate the business partners for sharing cost and investment
““unlimited budget”” consider as
operational cost (overhead)
““unlimited budget”” invite third party as partners (insurance, banking, security
company, etc.)
Medium Risk
join investment base on ““business value””
ROI based on potential lost (revenue vs. cost)
invest based on security assessment (probability and
potential lost value)
Low Risk
throw the cost to the business partners
benchmarking for total cost or allocation ratio
throw the cost to the customers
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Simple Cost-Benefit Analysis
High Risk
““unlimited budget”” negotiate the business partners for sharing cost and investment
““unlimited budget”” consider as
operational cost (overhead)
““unlimited budget”” invite third party as partners (insurance, banking, security
company, etc.)
Medium Risk
join investment base on ““business value””
ROI based on potential lost (revenue vs. cost)
invest based on security assessment (probability and
potential lost value)
Low Risk
throw the cost to the business partners
benchmarking for total cost or allocation ratio
throw the cost to the customers
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Simple Cost-Benefit Analysis
High Risk
““unlimited budget”” negotiate the business partners for sharing cost and investment
““unlimited budget”” consider as
operational cost (overhead)
““unlimited budget”” invite third party as partners (insurance, banking, security
company, etc.)
Medium Risk
join investment base on ““business value””
ROI based on potential lost (revenue vs. cost)
invest based on security assessment (probability and
potential lost value)
Low Risk
throw the cost to the business partners
benchmarking for total cost or allocation ratio
throw the cost to the customers
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Simple Cost-Benefit Analysis
High Risk
““unlimited budget”” negotiate the business partners for sharing cost and investment
““unlimited budget”” consider as
operational cost (overhead)
““unlimited budget”” invite third party as partners (insurance, banking, security
company, etc.)
Medium Risk
join investment base on ““business value””
ROI based on potential lost (revenue vs. cost)
invest based on security assessment (probability and
potential lost value)
Low Risk
throw the cost to the business partners
benchmarking for total cost or allocation ratio
throw the cost to the customers
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Simple Cost-Benefit Analysis
High Risk
““unlimited budget”” negotiate the business partners for sharing cost and investment
““unlimited budget”” consider as
operational cost (overhead)
““unlimited budget”” invite third party as partners (insurance, banking, security
company, etc.)
Medium Risk
join investment base on ““business value””
ROI based on potential lost (revenue vs. cost)
invest based on security assessment (probability and
potential lost value)
Low Risk
throw the cost to the business partners
benchmarking for total cost or allocation ratio
throw the cost to the customers
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Simple Cost-Benefit Analysis
High Risk
““unlimited budget”” negotiate the business partners for sharing cost and investment
““unlimited budget”” consider as
operational cost (overhead)
““unlimited budget”” invite third party as partners (insurance, banking, security
company, etc.)
Medium Risk
join investment base on ““business value””
ROI based on potential lost (revenue vs. cost)
invest based on security assessment (probability and
potential lost value)
Low Risk
throw the cost to the business partners
benchmarking for total cost or allocation ratio
throw the cost to the customers
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Simple Cost-Benefit Analysis
High Risk
““unlimited budget”” negotiate the business partners for sharing cost and investment
““unlimited budget”” consider as
operational cost (overhead)
““unlimited budget”” invite third party as partners (insurance, banking, security
company, etc.)
Medium Risk
join investment base on ““business value””
ROI based on potential lost (revenue vs. cost)
invest based on security assessment (probability and
potential lost value)
Low Risk
throw the cost to the business partners
benchmarking for total cost or allocation ratio
throw the cost to the customers
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Simple Cost-Benefit Analysis
High Risk
““unlimited budget”” negotiate the business partners for sharing cost and investment
““unlimited budget”” consider as
operational cost (overhead)
““unlimited budget”” invite third party as partners (insurance, banking, security
company, etc.)
Medium Risk
join investment base on ““business value””
ROI based on potential lost (revenue vs. cost)
invest based on security assessment (probability and
potential lost value)
Low Risk
throw the cost to the business partners
benchmarking for total cost or allocation ratio
throw the cost to the customers
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Simple Cost-Benefit Analysis
High Risk
““unlimited budget”” negotiate the business partners for sharing cost and investment
““unlimited budget”” consider as
operational cost (overhead)
““unlimited budget”” invite third party as partners (insurance, banking, security
company, etc.)
Medium Risk
join investment base on ““business value””
ROI based on potential lost (revenue vs. cost)
invest based on security assessment (probability and
potential lost value)
Low Risk
throw the cost to the business partners
benchmarking for total cost or allocation ratio
throw the cost to the customers
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Simple Cost-Benefit Analysis
High Risk
““unlimited budget”” negotiate the business partners for sharing cost and investment
““unlimited budget”” consider as
operational cost (overhead)
““unlimited budget”” invite third party as partners (insurance, banking, security
company, etc.)
Medium Risk
join investment base on ““business value””
ROI based on potential lost (revenue vs. cost)
invest based on security assessment (probability and
potential lost value)
Low Risk
throw the cost to the business partners
benchmarking for total cost or allocation ratio
throw the cost to the customers
Internal Relation Domain
Customer Relation Domain
Business Partner Relation Domain
Strategy IT Role and Position in Business + Management Style
Closing Statement
”.....seorang kepala rumah tangga tidak akan pernah berfikir untuk menyisihkan sebagian pendapatannya guna membeli sistem alarm rumah, sampai tetangga atau teman dekatnya mengalami musibah perampokan.....”