Training Session Video
- What’s the Universe?
- Putting it into Practice
- Use Cases
OISRU: Risk Framework for Risk Taxonomy and structured approach for risk identification.
Sources + Events + Consequences
Sources: accidental insider, ineffective insider, criminal external… Events: abusive content, availability interruption, information gathering… Consequences: non-compliance, safety failure, slow recovery….
- risk statements
- risk scenarios
- narrative form
- stakeholder communication
- practitioner comms
Scenarios in breakout rooms: Maersk/NotPetya Equifax TalkTalk German Steel Mill Cyber Attack
Bow tie diagrams
Incorporating OISRU in Risk Graphs Risk vs Opportunity Q&A - Where do the vulnerabilities come in - Risk aggregation - Risk titles - Look out for same instances of the same risk - Risk Registers
OISRU as a framework for risk identification
- Introduce participants to OISRU
- Use cases
Back to list of all Working Sessions