“If you can’t figure out what your risk management program’s value is up and above audio or being pre-audit, then you really need to take a step back and think if that investment is worth its while,” said Alex Hutton (@AlexHutton), Director of Operations Risk & Governance for Zions Bancorporation, in a conversation with Dwayne Melançon (@ThatDwayne), CTO of Tripwire, at the 2013 Security B-Sides Conference in San Francisco.
At Hutton’s bank they take a Big Data approach to risk management. While this helps them create better models, Hutton admits there’s still a lot of unpredictability to risk management. How then do you make less gut-based decisions?
A lot gut, and a little science
“The trick is to tune people’s guts to a more quality-based decision,” said Hutton. “That requires a lot of data.” Hutton explains that Big Data allows for two different types of decision making.
Tactical layer: This is your ability to make instant decisions, informed by the models you’re creating from the data you’re collecting. For example, certain alerts indicate a trend which may lend itself to bad things.
Strategic model: These are the organizational and resource-based decisions you make based on your Big Data analysis. Given that this requires planning, it can be based more on evidence and less on gut.
Shopping for a risk management vendor
When you’re interviewing risk management vendors, said Hutton, ask them what evidence based reports they’ve collected and given back to the community.
“If you’re going to look for partners for risk management, don’t look for people who talk about risk. Look for people who talk about data,” said Hutton. “Those are the people who are going to understand the approach you should take.”
For more, here’s a copy of the presentation Alex Hutton and David Mortman gave at both Security B-Sides Las Vegas and Black Hat, along with the audio right below.
Alex Hutton and David Mortman – Can Risk Management be Science? Challenging the Epistemological Anarchist to Escape our Dark Age
Powered by www.Mp3Olimp.net
Stock image of numbers courtesy of Shutterstock.