Systemic Approach of RIsk Management (SARIM) Sébastien Pineau Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
Transcript
Systemic Approach of RIsk Management (SARIM) Sbastien Pineau
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014
All rights reserved
Trusted Hub ? Luxembourg Trusted ICT Ecosystem - Copyright CRP
Henri Tudor, 2014 All rights reserved
ICT PUBLIC SUPPORT POLITICAL LEVEL Luxembourg Trusted ICT
Ecosystem - Copyright CRP Henri Tudor, 2014 All rights
reserved
ICT ENABLERS INFRASTRUCTURES ICT PUBLIC SUPPORT ICT ENABLERS
SERVICES POLITICAL LEVEL RESEARCH AND DEVELOPMENT MARKET ANALYSIS
COMMUNICATION REGULATORY ENVIRONMENT Luxembourg Trusted ICT
Ecosystem - Copyright CRP Henri Tudor, 2014 All rights
reserved
POLITICAL LEVEL ICT PUBLIC SUPPORT RESEARCH AND DEVELOPMENT
REGULATORY ENVIRONMENT ICT ENABLERS INFRASTRUCTURES ICT ENABLERS
SERVICES MARKET ANALYSIS COMMUNICATION Luxembourg Trusted ICT
Ecosystem - Copyright CRP Henri Tudor, 2014 All rights
reserved
Bank Data center Telco Gaming ePayment Scanning Telco Data
center Data center Telco Cloud Hospital TelcoLaboratory Integrator
How do we manage the risks? Luxembourg Trusted ICT Ecosystem -
Copyright CRP Henri Tudor, 2014 All rights reserved
Bank Data center Telco Gaming ePayment Scanning Telco Data
center Data center Telco Cloud Hospital TelcoLaboratory Integrator
How do we manage the risks? Luxembourg Trusted ICT Ecosystem -
Copyright CRP Henri Tudor, 2014 All rights reserved
Bank Data center Telco Gaming ePayment Scanning Telco Data
center Data center Telco Cloud Hospital TelcoLaboratory Integrator
CSSF 12/544 - RBA Luxembourg Trusted ICT Ecosystem - Copyright CRP
Henri Tudor, 2014 All rights reserved
Bank Data center Telco Gaming ePayment Scanning Telco Data
center Data center Telco Cloud Hospital TelcoLaboratory Integrator
Technical regulation for PSDC Luxembourg Trusted ICT Ecosystem -
Copyright CRP Henri Tudor, 2014 All rights reserved
Bank Data center Telco Gaming ePayment Scanning Telco Data
center Data center Telco Cloud Hospital TelcoLaboratory Integrator
Data Protection Regulation Luxembourg Trusted ICT Ecosystem -
Copyright CRP Henri Tudor, 2014 All rights reserved
Bank Data center Telco Gaming ePayment Scanning Telco Data
center Data center Telco Cloud Hospital TelcoLaboratory Integrator
Art. 13a Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri
Tudor, 2014 All rights reserved
Telco Telco Telco Telco First challenge: sector Bank Data
center Gaming ePayment Scanning Data center Data center Cloud
Hospital Laboratory Integrator Art. 13a Luxembourg Trusted ICT
Ecosystem - Copyright CRP Henri Tudor, 2014 All rights
reserved
Telco Telco Telco Telco First challenge: sector Infrastructure
External infrastructure services Application components and
services Roles and actors External application services External
business services Damage claiming process Client Insurant
InsurerArchiSurance Registration PaymentValuationAcceptance
Customer information service Claims payment service Customer
administration service Payment service CRM system Financial
application Customer information service Claim registration service
Claim registration service Claims administration service Policy
administration Claim files service zSeries mainframe DB2 database
Financial application EJBs Customer files service Sun Blade iPlanet
app server Claim information service Luxembourg Trusted ICT
Ecosystem - Copyright CRP Henri Tudor, 2014 All rights
reserved
Scanning Data center Bank Data center Telco Gaming
ePaymentTelco Data center Telco Cloud Hospital TelcoLaboratory
Integrator Second challenge: B to B Luxembourg Trusted ICT
Ecosystem - Copyright CRP Henri Tudor, 2014 All rights
reserved
ScanningData center Second challenge: B to B ASSETS
VULNERABILITIES CONTROLS SERVICES OBJECTIVES IMPACTS RISK INTERFACE
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014
All rights reserved
BankScanning Data center Data center Telco Data center Telco
Gaming ePaymentTelco Cloud Hospital TelcoLaboratory Integrator
Third challenge: service system Luxembourg Trusted ICT Ecosystem -
Copyright CRP Henri Tudor, 2014 All rights reserved
BankScanning Data center Data center Telco Third challenge:
service system Luxembourg Trusted ICT Ecosystem - Copyright CRP
Henri Tudor, 2014 All rights reserved
Bank Data center Telco Gaming ePayment Scanning Telco Data
center Data center Telco Cloud Hospital TelcoLaboratory Integrator
Fourth challenge: ecosystem Luxembourg Trusted ICT Ecosystem -
Copyright CRP Henri Tudor, 2014 All rights reserved
Previous experiences and partnerships Previous and current
projects: - ISMS-PME, Cassis - Grif, Progress - Interoperability
& modelling - Systemic approach - Regulator package Partners:
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014
All rights reserved
Objectives and key figures Objective 1 Merge risk management
methodologies and systemic concepts Objective 2 Define
interoperable framework and tools to enable the risk interface
Objective 3 Build a set of service system measurement and KPI
Objective 4 Tool up the regulators for the visualization and the
analysis of the ecosystem Objective 5 Define architectural models
for critical activities 2 years FEDER support 6 people involved 2
PhD Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor,
2014 All rights reserved
Data center Hospital TelcoLaboratory Health Modelling project
Radiology Lab Doctor Luxembourg Trusted ICT Ecosystem - Copyright
CRP Henri Tudor, 2014 All rights reserved
Data center Hospital TelcoLaboratory Health Modelling project
Radiology Lab Doctor Luxembourg Trusted ICT Ecosystem - Copyright
CRP Henri Tudor, 2014 All rights reserved
Health Model Architecture Health Modelling project Model
Transformation Meta Model Integration Health Industry Reference
Model Health National Reference Model IS Security Risk Reference
Model Health Security Risk National Reference Model CASES Reference
Model Health Industry Standards Sectorial Committee Luxembourg
Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights
reserved
Research agenda at TUDOR/LIST Prof. Dr. Eric Dubois (Director
of Service Science & Innovation department) Luxembourg Trusted
ICT ecosystem - Copyright CRP Henri Tudor, 2014 All rights
reserved
Bank Data center Telco Gaming ePayment Scanning Telco Data
center Data center Telco Cloud Hospital TelcoLaboratory Integrator
Compliance Issues - Regulations - Laws - Standards - Contracts -
Best Practices - Issues for the service system (interdependent
entities) - Performance Transparency - Interoperable SLAs - Global
level of trust Implementation costs for each enterprise: -
Requirements interpretation - Deployment with some performance
target - Audit of the performance
Bank Data center Telco Gaming ePayment Scanning Telco Data
center Data center Telco Cloud Hospital TelcoLaboratory Integrator
Research proposal based on architectural models supporting
enterprise transformation Luxembourg Trusted ICT ecosystem -
Copyright CRP Henri Tudor, 2014 All rights reserved
Bank Data center Telco Gaming ePayment Scanning Telco Data
center Data center Telco Cloud Hospital TelcoLaboratory Integrator
Research proposal based on architectural models supporting
enterprise transformation Infrastructure External infrastructure
services Application components and services Roles and actors
External application services External business services Damage
claiming process Client Insurant InsurerArchiSurance Registration
PaymentValuationAcceptance Customer information service Claims
payment service Customer administration service Payment service CRM
system Financial application Customer information service Claim
registration service Claim registration service Claims
administration service Policy administration Claim files service
zSeries mainframe DB2 database Financial application EJBs Customer
files service Sun Blade iPlanet app server Claim information
service Enterprise architecture framework is a formal and highly
structured way of viewing and defining an enterprise (Zachman 87)
for the purpose of governing its transformation - TOGAF: a detailed
method and a set of supporting tools for developing an enterprise
architecture. - ArchiMate: a language for modelling Enterprise
Architecture Luxembourg Trusted ICT ecosystem - Copyright CRP Henri
Tudor, 2014 All rights reserved
Tudors Research Assets Infrastructure External infrastructure
services Application components and services Roles and actors
External application services External business services Damage
claiming process Client Insurant InsurerArchiSurance Registration
PaymentValuationAcceptance Customer information service Claims
payment service Customer administration service Payment service CRM
system Financial application Customer information service Claim
registration service Claim registration service Claims
administration service Policy administration Claim files service
zSeries mainframe DB2 database Financial application EJBs Customer
files service Sun Blade iPlanet app server Claim information
service Enhancement of ArchiMate models for capturing objective
performance indicators associated with the compliance requirements
Maturity Models Enhancement of ArchiMate models for capturing
service systems (interdependencies, SLA interoperability)
Enterprise Engineering Pearl ASINE Luxembourg Trusted ICT ecosystem
- Copyright CRP Henri Tudor, 2014 All rights reserved
Research Goal: Towards an Enterprise Architecture Reference
Model factory Process Reference Framework Enterprise Architecture
Reference Model Infrastructure External infrastructure services
Application components and services Roles and actors External
application services External business services Damage claiming
process Client Insurant InsurerArchiSurance Registration
PaymentValuationAcceptance Customer information service Claims
payment service Customer administration service Payment service CRM
system Financial application Customer information service Claim
registration service Claim registration service Claims
administration service Policy administration Claim files service
zSeries mainframe DB2 database Financial application EJBs Customer
files service Sun Blade iPlanet app server Claim information
service Process Assesment Measurement Structured Text - Regulations
- Laws - Standards - Contracts - Best Practices - Architecture
blueprints: - Reducing the work of individual entities for
deploying compliant solutions - Allowing entities to demonstrate
their level of performance in terms of objective measures - SLAs
interoperability - Guarantee the transparency and level of
assurance of the service system to its customers (Trust) Luxembourg
Trusted ICT ecosystem - Copyright CRP Henri Tudor, 2014 All rights
reserved
From Tudor (Service Science & Innovation) to Luxembourg
Institute for Science and Technology (IT for Innovative Services)
Luxembourg Trusted ICT ecosystem - Copyright CRP Henri Tudor, 2014
All rights reserved
Knowledge-based Decision Support Cognitive systems helping
human experts making better decisions in the context of data deluge
Trusted Service Systems Digital information models for designing
and monitoring dynamic and adaptive networked services IT-Service
Innovation in a Living Lab setting IT-Service Design Research Cycle
IT-services Innovation Management Application Domains Luxembourg
Trusted ICT ecosystem - Copyright CRP Henri Tudor, 2014 All rights
reserved
IT- Service Open Innovation Integrated services in information
security SME awareness Training According to a PPP approach and a
platform steering the RDI agenda according to socio-economic
priorities Systemic risk management Information security policies
Assessment of information security maturity Risk management
Information security management system Interoperability