Security- Centric Integrated Risk Management Framework

Prof. Daniel Shoemaker, the Director of the Masters of Science Information Assurance Program (for Cyber-security), and a Principal Investigator for the Center of Academic Excellence Program with the National Security Agency participates in Risk Roundup to discuss Security- Centric Integrated Risk Management Framework.

Security- Centric Integrated Risk Management Framework

Why do we need a security-centric integrated risk management framework?

Everything has risks and risks are inevitable. It is the ability to take risks that give each nation: its government, industries, organizations, and academia (NGIOA) the possibility of progress and advancement. Progress and advancement are all about risk-taking. But when risk transcends initiatives, industries, borders, cultures, nations, societies, and human existence, taking timely risk initiatives, is a necessary forward-looking move.

As today’s risks are tomorrow’s crisis, there is a need to make the transition from a reactive approach to proactive for identifying, evaluating, and managing risks. Having said that, all the tools, technology, processes, guidelines, and frameworks in the world won’t help, if risks cannot be accurately identified, objectively evaluated, and effectively managed! In addition, what risks are managed depends on what risks have been identified.

Cyberspace has brought complex, chaotic, and challenging times for each nation: its government, industries, organizations, and academia (NGIOA) in cyberspace, geospace, and space (CGS). As cyberspace is deeply embedded across each component of a nation: its government, industries, organizations, and academia, its crowded interconnections have caught nations off guard.

These interconnections and inter-dependencies raise an important question, on whether our current risk management framework, tools, technologies, and processes are effective in managing the security risks of cyberspace. Time is now to discuss the Security Centric Integrated Risk Management Framework.

For more please watch the Risk Roundup Webcast or hear the Risk Roundup Podcast

About the Guest

Prof. Daniel Shoemaker is the Director of the Masters of Science Information Assurance Program (for Cybersecurity), and a Principal Investigator for the Center of Academic Excellence Program with the National Security Agency.

As the co-chair for the National Workforce Training and Education Initiative, he is also one of the authors of the DHS Software Assurance Common Body of Knowledge (CBK). He has also helped author the DHS Information. Assurance (IA) Essential Body of Knowledge and serves as a subject matter expert for the NIST-NICE workforce framework.

He has written several books: Cyber Security: The Essential Body of Knowledge Information Assurance for the Enterprise, The CSSLP Certification All-in-One Exam Guide. Engineering a More Secure Software Organization, and has just finished working on two new books – The Complete Guide to Cybersecurity Risk & Controls and Cyber Security, and finally, A Guide to the National Initiative for Cybersecurity Education (NICE) Framework (2.0).