cybersecurity risk research center

http://www.riskgroupllc.com


[email protected]

+ (832) 971 8322

CYBERSECURITY RISK RESEARCH

CENTER

http://www.riskgroupllc.com/


mailto:[email protected]

COPYRIGHT RISK GROUP LLC 1

Cyber-Security Risk Research Centre

In this era of interconnected and

interdependent digitalized global economy, the nature and

definition of security is going through a fundamental

transformation. The revolution in information technologies,

processes and connected computers are altering

everything-- from how we communicate to how we work,

how we bank, how we shop and how we go to war. The

emergence of this whole new world of cyberspace has,

and is been more or less like an alien territory today—where

there are very few knowns—and mostly unknowns.

The connected computers, information technology and digitalization capability

of information that is revolutionizing every aspect of society—has brought

nations: its governments, industries, organizations, academia and individuals

(NGIOA-I)—a fundamental ability to connect and access information—without

any obstacle and interference. This has leveled the NGIOA-I playing field and

has brought a possibility of progress, prosperity and pride. What needs to be

seen is whether the connected computers can bring communication and

collaboration or chaos and calamities!

While information technology on connected computers is

fundamentally shaking the status quo and the power structure of

NGIOA-I, it has also been instrumental in shaking the

fundamentals of security and pointing out the inadequacy and

ineffectiveness of its current form of definition, structure, nature

and response

For much of human history, the concept of security has largely revolved around

use of force and territorial integrity. As the definition and meaning of security is

getting fundamentally challenged and changed in the world of cyberspace,


the blurring territorial boundaries and integrity are also becoming hard to define

and maintain. The notion that traditional security is about violence towards

respective nations—from within or across its geographical boundaries is now

outdated, and needs to be evaluated and updated. Just like in any traditional

physical security ecosystem, in cyberspace—and its ecosystem also, one is only

as strong as the weakest link in the chain. It is time nations’ collectively

incorporate a different, more accurate meaning of boundaries-if any, and of

security—irrespective of in space, cyberspace or geo-space.

The challenges and complexities of evolving threats and security has crossed

the barriers of space, ideology and politics—demanding a constructive

collaborative effort of all stakeholders. When the changing nature of threats are

bringing new sets of challenges and complexities, collective brainstorming is a

necessity and not an option—to have an objective evaluation of what is at

threat and how can it be secured!

While the debate on the structure and role of government, industries,

organizations, academia will continue in the coming years, any attempt to

redefine security needs to begin with identifying, understanding, incorporating

and broadening the definition and nature of threat.

While information technology provides tools and technology to

communicate information on connected computers, it also

provides tools and technology to misuse information

Connected computers and its ecosystem—that makes the cyberspace, brings

complex challenges and complexities. A cyber-security system –like any system

is made of collection of parts that have complex level of inter-connectivity and

inter-dependencies, designed to achieve a desired goal. In spite of this inter-

connectivity and inter-dependencies of collection of sub-parts of any and all

systems, there is currently no culture of collective brainstorming, identifying,

evaluating or managing risks across nations—and cyber-security is no exception.

Irrespective of whether it is a geo-security system or cyber-security system, any

and all systems needs to be evaluated holistically and collectively—not merely a


sum of its parts (because whole is always more than sum of its parts)—but as a

complete functioning unit. When any complex system that is made up of a

collection of parts, not only the individual parts needs to be evaluated, but the

environment in which the parts operate, its internal and external processes—and

its entire ecosystem needs to be evaluated. The cyber-security system, like the

human body, comprises of different components that interacts in complex

ways—within and across the cyber space. Nations need to understand the

cyber-security atmosphere, technology, processes, people, management,

governance-- its inter-connectedness and inter-dependencies—within and

across the cyberspace as one complete system. Understanding the cyberspace

completely will help nations improve their cyber-security risk understanding and

capabilities.

At the moment, cyber threats and cyber-security are not clearly

understood by any nations: its governments, industries,

organizations, academia and individuals

In the cyberspace, information is critical for not only survival but also

sustainability—and hence becomes a critical necessity to protect it at all costs.

When the cyber space is riddled with challenges and complexities, it is vital to

have a cyber-security model that is dynamic, holistic, and collective-- and that

considers all variables and integration points of NGIO-I.

Cyber-security vulnerabilities does not arise only from only technology, but also

from inadequacies in governance, processes, management, culture, inter-

dependencies and integration. When each nation: its government, industries,

organizations, academia and individuals are now vulnerable to cyber-attacks, it

is important to understand that short term fixes, that are preferred over

identifying and fixing root cause of the problems generally do not work. The

approach to security is currently reactive—not only governments, but most of

the industries and organizations do not give importance to securing their

information data and are reactive in their response and do not invest

proactively in cyber-security. This reactive response approach limits entire

nation’s ability to have a proactive cyber- security risk management

capabilities.


Information—irrespective of individuals, industries, organizations, academia or

governments across nations is at risk. Unless security becomes a collective

proactive initiative, there will be recurring incidents of cyber-attacks with varied

levels of impact and intensity. The increasing level of cyber-security challenges

from integration within, between and across NGIOA-I forces a collective mindset

and efforts for securing cyberspace.

In order to be able to minimize and manage-- any and all cyber-security risks, it

is important to understand every possible building block of cyberspace: its

framework, associated processes, technology, people and ecosystem. When

managing cyber security seems to be near impossible at the moment, it is

important to acknowledge that there is a need for collective understanding and

integrated NGIOA-I cyber-security framework without which, any and all efforts

will be meaningless.

Cyber-security requires an integrated approach with a common language.

While appropriate hardware and software is a fundamental necessity,

establishing effective cyber-security framework, integrated NGIOA-I approach,

structured processes is even more important.

What do we know about the cyberspace? Who does it belong to?

Who is accountable? Governments-Department of Defense?

Homeland Security? Industries? Organizations? Academia?

While going digital is a global age necessity, the question is whether going

digital is wise through open internet -- especially when nation’s digital

infrastructure is put together in a haste in silo—with no coordinated framework,

standards, policies and regulations. Unless there are significant advances in the

nature of digital infrastructure, its processes, technology, tools, accountability

and oversight, it is not only the privacy of NGIOA-I that is @ risk—everything is at

risk.

In an interconnected world, NGIOA-I need to be responsible for securing the

cyberspace. Relying on government alone to provide and enforce cyber-

security is like asking a thief to break in with doors and windows wide open. Each


one of us—each NGIOA-I has a responsibility towards securing the cyber

space—just like each one of us has responsibility towards securing our valuables,

homes and businesses!!

Cyberspace cannot be secured if nations and its governments work in silo within

and across its national boundaries. The need for integration and collaboration

between NGIOA-I—within and across nation’s geographical boundaries is a

fundamental necessity for not only managing the cyberspace but to manage

any global threat! Time for NGIOA integration and collaboration is now!

Jayshree Pandya

Founder: Risk Group


[email protected]

+ (832)9718322

Risk Group pioneers value in Integrated NGIOA Risks


mailto:[email protected]


Need for Integrated Risk Research Services

What risks are managed depends on what risks have been

identified!

RISKS ARE INEVITABLE. ALL THE TOOLS, TECHNOLOGY, PROCESSES, GUIDELINES

AND FRAMEWORK IN THE WORLD WON’T HELP, IF RISKS CANNOT BE ACCURATELY

IDENTIFIED, OBJECTIVELY EVALUATED AND PROACTIVELY MANAGED!

Everything has risks. It is the ability to take risks that gives rise to possibility of

progress and advancement. Progress and advancement is all about risk taking.

Every decision-whether it be for investment, innovation, product choice, market

penetration or strategy comes with risks and a possibility of failure. The

fundamental reality of risks and uncertainty brings a possibility of failure, and the

very promise of progress and prosperity— crushed and shattered. Amidst this, no

decision makers can stand unconcerned. It is in their own interests, and their

initiatives interest that they need to educate themselves with the knowledge

that is necessary and essential, to identify real risks and issues.

It is vital for nations: its governments, industries, organizations and

academia to be risk aware—to accurately anticipate, prepare

and plan!

No decision maker can live and operate in a culture that lacks basic

understanding and acknowledgement of risks. Neither can they deny or refuse

to take personal and professional responsibility of the decisions that they make;

nor can they refuse to take accountability and ownership of their decisions. No

decision maker can be in denial, or can develop tone deafness towards risks. It

is time to change, the culture habit of not identifying real risks, ignoring risks or

transferring risks.

Developing a culture of objective, non-partisan risk awareness is very critical

and vital to the success of any initiative or progress and development. This risk

aware culture will ultimately help ensure trust and understanding of critical risks

and issues, as well as its impact. Amidst exposure to turbulent times and its


associated perils, no tools in the world can help meet any initiative’s objectives -

-whose risks are not identified. Risk identification is the key.

When risk transcends initiatives, industries, borders, cultures,

nations, societies and human existence, taking timely risk

initiatives, is a necessary forward-looking move.

As today’s risks are tomorrow’s crisis, there is a need to make transition from a

reactive approach to proactive for identifying, evaluating and managing risks.

Proactive Risk Identification is fundamental for progress and advancement and

it is an on-going process. Risk Group’s understanding of the changing global

fundamentals and years of research on risks facing nations: its governments,

industries, organizations and academia (NGIOA) will help:

Board of Directors

C-Suite

Executive Management

Senior Management

Decision Makers

Policy Makers

Investors

While traditional risk management can offer tools, technology, processes,

guidelines and framework, it cannot provide global insights and integrated

knowledge and understanding of globalized cyberspace risks—this is where Risk

Group steps in! Risk Group’s stellar reputation in global risk industry is derived

from its expertise in understanding of global age, changing global

fundamentals, defining broader problems of traditional risk management,

creating an advanced risk management practice, developing integrated risk

research designs, executing complex integrated studies, analyzing data and

identifying integrated risks that has the biggest impact on any initiative—to help

decision makers make the most informed decision possible.

All of Risk Group’s core competencies are supported by an

active commitment to on-going advanced risk research and

development programs!


Risk Group’s passion in studying NGIOA (nations: its governments, industries,

organizations and academia) is to guide them towards excellence through

sustainable change. As integrated risk experts, Risk Group offers extensive risk

research, out of the box solutions, and future thinking in supporting all NGIOA to

face and overcome global challenges. Risk Group achieves this by engaging in

a dialogue with our clients to identify risks that matter, manage change and co-

create the meaning of risks and risk management!

Risk Group’s advanced risk research services will help you identify

integrated risks facing your decisions, be prepared and compete

in a digitalized global age


Need for Cyber-Security Risk Research Services

Concerns about cyber-security risks are increasing across nations: its

governments, industries, organizations, academia-and individuals (NGIOA-I)! For

NGIOA-I, identifying, evaluating and understanding the many complex

interconnected and interdependent – internal and external sources to have

objective, risk centric, relevant, targeted and actionable information is like

finding a needle in a haystack: time-consuming, resource-intensive and

inefficient. This is where Risk Group can help-

With a global network of highly skilled integrated risk resources,

Risk Group is well positioned to provide NGIOA-I, the Cyber-

security Risk Research Centre that it needs.

Risk Group’s Cyber-Security Risk Services can help NGIOA-I understand:

Cyberspace: Opportunities and Risks

Cyberspace Infrastructure: Current and Crucial

Cyberspace: Digital Assets and Valuation

Cyber-security Tools and Technology: Current and Crucial

Cyber-security Processes: Current and Crucial

Cyber-security Human Resources: Current and Crucial

Cyber-security Insurance: Current and Crucial

Cyber-warfare: From Geo wars to Cyber war

Risk Group’s Cyber-Security Risk Research Centre is being developed to help

nations: its governments, industries, organizations and academia make risk

informed and intelligent decisions.

How well do you understand cyberspace?

How secure is your organizations cyber infrastructure?

What is your organization’s cyber-security approach?

What is your organization’s cyber-security risk strategy?

What cyber-security capabilities do you have right now?

What cyber-security resources do you have right now?

What cyber-security processes do you have right now?


Survival and success of nations: its government, industries, organizations and

academia are subject to uncertainty, gaps, strength, weaknesses, resources,

capabilities, motivation, risks-rewards and much more. The rapidly changing

fundamentals of the emerging cyberspace are creating unusual complexities

and challenges for every nation: its government, industries, organizations and

academia (NGIOA).

Because of the rapid pace of change in the cyberspace

ecosystem, cyber-security risk research has become a

fundamental need for survival

Cyber-security risks are most consequential for an ability to achieve objectives,

build, and protect value—and cyber-security risk research is about identifying

the risks that are most vital to achieving core objectives and goals.

Planning cyber strategy and managing cyber-security risks goes

hand in hand!


Cyber-Security Risk Research Center’s Objectives

Without understanding independent and integrated cyber-

security risks, no nation: its government, industries, organizations

and academia can make appropriate investments, take

necessary initiatives, compete and succeed!

The objective of Cyber-Security Risk Research Centre is to:

Identify, analyze and respond to those cyber-security risks that could

potentially impact any organizations ability to realize its current and

strategic / operational objectives in cyberspace as well as geo-space.

Support the development of collaborative thinking about the integrated

cyber-security risk challenges facing nations: its government, industries,

organizations and academia.

Promote the ability of NGIOA-I to share common understanding and

awareness of threats facing NGIOA-so as to prepare an organization

ready to act independently but collaboratively.

Strengthen the resilience of an organization through systemic preparation

for the cyber threats that pose the greatest risks to its survival, security and

sustainability in cyberspace and geospace

Emerging Cyber-security threats

Emerging Cyber-

Security threats

Resources

Technology

Products

Processes

InvestmentSkills

Regulations

Cyber-Space Governance

Cyber-Space Knowledge


Cyber-Security Risk Research Centre will merge the boundaries of

Geo-security, Cyber-security and Space-security

Understanding the nature of client objectives and their current challenges, Risk

Group will recommend the scope of the Risk Research Services.

Broad cyber-security scope:

Global cyber- security risks

Regional cyber-security risks

National cyber-security risks

Industry cyber-security risks

Organization cyber- security risks

Academia cyber-security risks

Individuals cyber- security risks

Narrow Scope:

Cyber-security technology risks

Cyber -security product risks

Cyber-security process risks

Cyber-security resource risks

The scope will determine the need for resources—both on-site as

well as off-site


Cyber- Security Risk Research Approach

Risk Group’s proactive, objective, neutral and participatory

approach to cyber-security risks will help NGIOA take informed

decisions about risks facing their initiatives

Risk Group will draw risk data and information from

In house Risk Group research

Client interviews

Public information

All sources will be documented to promote credibility and transparency of the

risk identification and assessment. Given the uncertainty inherent in assessing

evolving cyber-security risks, a wide degree of uncertainty will be likely. Key

limitations and assumptions will be noted.

In spite of the inherent nature of uncertainties in cyber-space, risk

identification and analysis supports better decision-making

Risk Group’s approach to cyber-security risk research is designed to provide

maximum value, with integrity and privacy that is desired by the board rooms

and c-suites.


Cyber-Security Risk Research Methodology

Risk Group approach will be tailored to the needs of the

organization

Risk Group Methodology

Cyber-security risks, impact an organization’s ability to achieve its current and

strategic objectives. Cyber-security risk research is a process to identify, evaluate

and communicate the risks facing current and strategic objectives. This process

protects and creates value for shareholder/investors.

Cyber-security risk management is a process to identify, evaluate and

manage cyber-security risks. Cyber-security risk research needs to be

an on-going process.

Risk Group will

Research and review cyber-security risks impacting the

sector/industry/nation to achieve a preliminary understanding of the risks

facing organization


Prepare an initial risk review that will help understand the cyber-security

risks facing organization

Collaborate and achieve a deeper understanding of the strategic risks

facing organization through meetings, interviews and brainstorming

sessions with c-suites, executive management, boardroom etc.

Evaluate the understanding of cyber-security risks and risk management

processes by organization

Review and record the cyber-security risk profile of the organization (Risk

Group views + organization views)

Communicate the cyber-security risk profile to the stakeholders

Perform regular cyber-security risk research reviews

Understanding of cyber-security risks is the foundation to

preparedness

Cyber-security risk research will provide nations: its government, industries,

organizations and academia a clear view of risk variables to which they may be

exposed –collectively or individually. An on-going thorough integrated risk

analysis will empower the decision-makers with a better decision making criteria

and process. A structured integrated risk research would allow organization

within any NGIOA be better prepared to meet its goals and objectives.

Risk Group research would not be based on purely what

organizations think their risks are—but would also have Risk Group

internal thought leaders add to what the risks are—that would

help complete the risk profile


Cyber-Security Risk Research Plan

The cyber-security risk research would be conducted with a view that the

primary purpose of any organization is to meet the shareholders / investors’

expectations. Any unforeseen and unidentified cyber-security risk compromises

the ability to support its fundamental objectives

Understand the organization

o Understand organizations objectives, strategies, business model,

culture, technology, operations, resource model, working practices,

communication protocol and so on

o Understand the broader challenges facing the organization,

industry and nation through Risk Group internal research

o Understand the challenges as experienced by the organization and

its executives

Understand the cyber-security challenges facing organization

Evaluate the cyber-security risks

o Cyber-security risks that can be managed by the organization

o Cyber-security risks that have interdependencies and needs

collaboration of NGIOA to be managed

Develop a cyber-security risk profile

Communicate the cyber-security risk profile

Risk research frequency is established –quarterly recommended

Risk Research plans will be revised as necessary

An objective, independent, cyber-security risk analysis plays a

significant role in the development and sustainability of any

initiative / and or organization within any NGIOA.


Cyber-Security Risk Research Deliverables

A Cyber-Security Risk Map: Cyber-security risks will be individually rated and

summarized. A cyber-security risk map will reveal which risks are most significant

and should be the focus of management for mitigation / and or management.

It will also enable analysis of risk interdependencies that will help them evaluate

whether there is need for collaboration within the sector/ industry/nation for

possible mitigation/ and or management of risks.

A Cyber-Security Risk Report: A cyber-security risk report will detail the

identification, evaluation and communication of the identified cyber-security

risks


RISK GROUP HOPES TO PARTNER WITH NATIONS: ITS GOVERNMENT, INDUSTRIES,

ORGANIZATIONS AND ACADEMIA (NGIOA) FOR THE SUPPORT OF INDEPENDENT

AND INTERDEPENDENT CYBERSECURITY RISK RESEARCH THAT IS IN CONSONANT

WITH ITS MISSION OF GLOBAL PEACE THROUGH RISK MANAGEMENT!

It is our belief that collaboration between and across NGIOA will be mutually

beneficial to all cybersecurity stakeholders across nations—for not only the

identification and understanding of critical Cyber-security risks, cyber space and

its ecosystem (for what risks are managed depends on what risks are identified),

but also raising awareness of the much-needed critical risks of the

interconnected and interdependent global age.

Risk Group intends to carry out independent and integrated

Cyber-security risk research to advance the frontiers of

Cyberspace and its ecosystem.

Risk Group’s Cyber-security Risk Research Centre and its projects will not be of

only intellectual interest and debate but also provide practical and forward

looking understanding and guidance for the survival and sustainability of

NGIOAs in the digitalized Global Age. In addition it will also provide operational

guidance for the development of useful products, processes and services to

make Cyberspace and its ecosystem secure.

Risk Group is available to enter into agreement for both public as well as private

research. Depending on the scope, Risk Group research will be either

independent or interdependent and will depend on collaboration and support

of NGIOA.

A valuable benefit of Risk Group approach to Cyber-security Risk

Research is Collaboration, Cooperation and Comprehension.


Cyber-Security Risk Research and Advisory Pricing

Risk Group offers Fixed Price framework for funding Sponsored Strategic Risk

Research as well as Advisory Services.

FIXED PRICE CYBER-SECURITY RISK RESEARCH FUNDING FRAMEWORK: Under this

framework, Risk Group and the client organization agrees upon a fixed-price

arrangement based on the best estimate of costs needed to complete the

Cyber-Security Risk Research, which can be adjusted if the parties agree or if the

client organization requests additional work.

FIXED PRICE CYBER-SECURITY RISK ADVISORY SERVICES: Depending on the scope

of the advisory services, Risk Group and the client organization will agree upon a

fixed price yearly advisory services fees.


Cyber-Security Risk Research Areas: On-going Research

Topic #

Cyber-Space

Research Areas

Scope of

Research

Fixed Price

Research

Funding

(USD)

Details

Comments

1 Blurring

boundaries :

Geospace -

Cyberspace-

Interplanetary

Space

2 Traditional-

Security to Cyber-

Security

3 Cyberspace:

Need for

Integrated Cyber-

Governance

4 Cyberspace:

Evolving

Regulations and

Compliance

5 Cyber-Security

Technologies:

Current and

Needed

6 Cyber-Systems:

Unknowns

7 Cyber-Security

Standards: Need

for common

language

8 Cyberspace:

Privacy and

Identity

Management

9 Cyber-Security:

Beyond Hackers

and Crackers

10 Cyberspace: Its

impact on Geo-

space

11 Cyberspace: Laws

and Law

Enforcement

12 Cyberspace:

Leveled Playing

Field


13 Cyberspace:

Computer

Forensics

14 Cyberspace:

Information Data

Flow

15 Cyberspace:

Blurring

boundaries with

traditional

geography

16 Cyberspace:

Crime and

Criminals

17 Cyberspace:

Impact on

Commerce

18 Cyberspace:

Impact on

Healthcare

19 Cyberspace:

Impact on

Economy

20 Cyberspace:

Impact on Military

21 Cyberspace:

Impact on

Government

22 Cyberspace:

Impact on Nations

Culture

23 Cyberspace:

Impact on Society

24 Cyberspace:

Impact on

Innovation and

Entrepreneurship

25 Cyberspace:

Impact on

Banking

26 Cyberspace:

Impact on

Communication

and Media

27 Cyberspace:

Evolving

Authentication

protocols

28 Cyberspace:

Liability and

Cyber-insurance


29

Cyber warfare

30

Cyberspace:

Impact on Energy

Infrastructure

31

Cyberspace:

Impact on

Transportation

Infrastructure

32

Cyberspace:

Impact on

Financial

Infrastructure

33

Cyberspace: A

key to Global

Peace

Risk Group is in process of identifying additional areas of interest for Cyber-

security Risk Research. In case Sponsoring Organization suggests research

topics relevant to their interests, Risk Group, after internal evaluation of cost will

quote the Fixed Price of suggested work-

INFORMATION

For further information, contact Risk Group at +832 971 8322