� Published in association with IBM � Effective and comprehensive solutions This book describes how to develop a holistic framework for measuring, controlling, detecting, and responding to operational risk in all its manifestations. It provides the reader with a viable route to addressing this increasingly important issue in an effective and comprehensive manner.

Well publicised failures in risk management have appeared with shocking frequency over the past few years. Affected firms can suffer significant commercial damage or even bankruptcy as a result. Only now is there a growing realisation that risk management is a key management responsibility. This book will help turn your firm into a 'risk aware' organization which will be able to avoid catastrophic loss. It will also enable senior management to make better strategic and operational decisions, thanks to an informed understanding of business hazards. Case studies from a wide cross section of different firms and markets are used to explain how to define, analyse and control operational risk. - An insightful guide to one of the key topics of modern strategic and operational management, written by a team of expert risk management professionals - Learn about the application of operational risk management to a wide range of market sectors, including commercial, retail and investment banking, investment management, insurance, the energy industry, telecommunications, manufacturing and logistics - Case studies and worked examples from around the world, including North America, Western Europe, South East Asia and Latin America

Providing essential guidance to thrive in a complex environment, this book showcases tools to take the leadership role in the process of building resilience in any organization in a timely, effective, and practical way for today’s risks and tomorrow’s challenges. All organizations seek to be resilient, yet most do not have a clear definition of what that means for them, or a plan to manage the journey to attain it. This resilience playbook includes the right combination of technical knowledge, team structure, leadership support, and behavioral competencies, all based on a clear “Lead, Follow, Guide” framework. Based on the author’s three decades of successfully implementing resilience-based strategies at Goodyear and other major firms, this book offers road-tested advice and techniques to bring quick wins and long-term success in organizational resilience. With this book to assist, risk-savvy executive leaders and professionals working in business continuity, risk management, security, IT, supply chain, operations management, and process improvement will maintain a constant pulse on their journey towards resilience, keep the right people engaged, and create a team-based approach to reach their goals.

Major operational incidents in payment systems suggest the need to improve their resiliency. Meanwhile, as payment infrastructures become more digitalized, integrated, and interdependent, they require an even higher degree of resilience. Moreover, risks that could trigger major disruptions have become more acute given the rise in power outages, cyber incidents, and natural disasters. International experiences suggest the need to strengthen reliability objectives, redundancies, assessment of critical service providers, endpoint security, and alternative arrangements

The importance of businesses being ‘operationally resilient’ is becoming increasingly important, and a driving force behind whether an organization can ensure that its valuable business operations can ‘bounce back’ from or manage to evade impactful occurrences is its security risk management capabilities. In this book, we change the perspective on an organization’s operational resilience capabilities so that it shifts from being a reactive (tick box) approach to being proactive. The perspectives of every chapter in this book focus on risk profiles and how your business can reduce these profiles using effective mitigation measures. The book is divided into two sections: 1. Security Risk Management (SRM). All the components of security risk management contribute to your organization’s operational resilience capabilities, to help reduce your risks. • Reduce the probability/ likelihood. 2. Survive to Operate. If your SRM capabilities fail your organization, these are the components that are needed to allow you to quickly ‘bounce back.’ • Reduce the severity/ impact. Rather than looking at this from an operational resilience compliance capabilities aspect, we have written these to be agnostic of any specific operational resilience framework (e.g., CERT RMM, ISO 22316, SP 800- 160 Vol. 2 Rev. 1, etc.), with the idea of looking at operational resilience through a risk management lens instead. This book is not intended to replace these numerous operational resilience standards/ frameworks but, rather, has been designed to complement them by getting you to appreciate their value in helping to identify and mitigate your operational resilience risks. Unlike the cybersecurity or information security domains, operational resilience looks at risks from a business-oriented view, so that anything that might disrupt your essential business operations are risk-assessed and appropriate countermeasures identified and applied. Consequently, this book is not limited to cyberattacks or the loss of sensitive data but, instead, looks at things from a holistic business-based perspective.

CERT® Resilience Management Model (CERT-RMM) is an innovative and transformative way to manage operational resilience in complex, risk-evolving environments. CERT-RMM distills years of research into best practices for managing the security and survivability of people, information, technology, and facilities. It integrates these best practices into a unified, capability-focused maturity model that encompasses security, business continuity, and IT operations. By using CERT-RMM, organizations can escape silo-driven approaches to managing operational risk and align to achieve strategic resilience management goals. This book both introduces CERT-RMM and presents the model in its entirety. It begins with essential background for all professionals, whether they have previously used process improvement models or not. Next, it explains CERT-RMM’s Generic Goals and Practices and discusses various approaches for using the model. Short essays by a number of contributors illustrate how CERT-RMM can be applied for different purposes or can be used to improve an existing program. Finally, the book provides a complete baseline understanding of all 26 process areas included in CERT-RMM. Part One summarizes the value of a process improvement approach to managing resilience, explains CERT-RMM’s conventions and core principles, describes the model architecturally, and shows how itsupports relationships tightly linked to your objectives. Part Two focuses on using CERT-RMM to establish a foundation for sustaining operational resilience management processes in complex environments where risks rapidly emerge and change. Part Three details all 26 CERT-RMM process areas, from asset definition through vulnerability resolution. For each, complete descriptions of goals and practices are presented, with realistic examples. Part Four contains appendices, including Targeted Improvement Roadmaps, a glossary, and other reference materials. This book will be valuable to anyone seeking to improve the mission assurance of high-value services, including leaders of large enterprise or organizational units, security or business continuity specialists, managers of large IT operations, and those using methodologies such as ISO 27000, COBIT, ITIL, or CMMI.

This bookdefines more than 900 metrics measuring compliance with current legislation, resiliency of security controls, and return on investment. It explains what needs to be measured, why and how to measure it, and how to tie security and privacy metrics to business goals and objectives. The metrics are scaled by information sensitivity, asset criticality, and risk; aligned to correspond with different lateral and hierarchical functions; designed with flexible measurement boundaries; and can be implemented individually or in combination. The text includes numerous examples and sample reports and stresses a complete assessment by evaluating physical, personnel, IT, and operational security controls.

This book describes why a Resilience Operations Center is vital to any organization that relies on partners to deliver products and services, and it provides the tactics and procedures necessary to achieve Operational Resilience.

This thesis is about the design and the implementation of a resilient grid operation for the distribution grid. This research question is induced by the advancing of three trends: Decarbonisation, decentralisation and digitalisation. These three trends transform the hitherto passive distribution grid into an active system that contains an active operation. The term “resilience” describes capabilities of the system to absorb, to adapt, and to recover from faults and disturbances. This concept is realised on the one hand with the choice of the operation architecture, on the other hand for the choice of possible methods and functions. This thesis develops a distributed-hierarchical operation architecture. For this architecture several methods have been developed that optimally benefit from the operation architecture and that allow the fully automated operation of the distribution grid. For that purpose a heuristic optimisation has been developed to solve problems like voltage profile violations and congestions. Another important method, especially with regard to resilience, is the self-healing capability to resupply clients after permanent faults.

In the Digital Age of the twenty-first century, the question is not if you will be targeted, but when. Are you prepared? If not, where does one begin? For an enterprise to be fully prepared for the immanent attack, it must be actively monitoring networks, taking proactive steps to understand and contain attacks, enabling continued operation during an incident, and have a full recovery plan already in place. Cybersecurity expert Ray Rothrock has provided for businesses large and small a must-have resource that highlights: the tactics used by today’s hackers, vulnerabilities lurking in networks, and strategies not just for surviving attacks, but thriving while under assault. Businesses and individuals will understand better the threats they face, be able to identify and address weaknesses, and respond to exploits swiftly and effectively. From data theft to downed servers, from malware to human error, cyber events can be triggered anytime from anywhere around the globe. Digital Resilience provides the resilience-building strategies your business needs to prevail--no matter what strikes.