mipro 2013. prezentacija - information security cost management in offshore smb ict, saša...
TRANSCRIPT
-
8/12/2019 MIPRO 2013. prezentacija - Information Security Cost Management in Offshore SMB ICT, Saa Aksentijevi, PhD
1/13
Information Security Cost Management inOffshore SMB ICT Companies
SaaAksentijevi1, Edvard Tijan2
1 Saipem SpA Croatian Branch
Alda Colonnella 2, Rijeka, Croatia
Tel: +385 51 65 17 00 Fax: +385 51 65 17 81 E-mail: [email protected]
2 University of Rijeka, Faculty of Maritime Studies
Studentska 2, 51000 Rijeka, Croatia
Tel: +385 51 33 84 11 Fax: +385 51 33 67 55 E-mail:[email protected]
MIPRO 2013..
mailto:[email protected]:[email protected] -
8/12/2019 MIPRO 2013. prezentacija - Information Security Cost Management in Offshore SMB ICT, Saa Aksentijevi, PhD
2/13
Statement of the Problem
Companies belonging to offshore SMB ICT segment are subjected to various
costs arising from several sources like: legal compliance, alignment with best
practice guidelines and standards, employee education, basic computer and
network infrastructure security and cost of SaaS/cloud solutions.
Furthermore, such companies usually have very limited financial resources,
yet they are often involved in large projects working for major offshore
installation contractors. In this paper the authors will outline basic costs of
information security management systems in offshore SMB companies andpropose a simple model to continuously monitor and control them
-
8/12/2019 MIPRO 2013. prezentacija - Information Security Cost Management in Offshore SMB ICT, Saa Aksentijevi, PhD
3/13
Overview of offshore operations in oil&energy sector
Term offshore is nowadays usually used for oil and gas drilling operations that are
conducted in the ocean
Common offshore installations constructed during offshore operations are: drilling rigs,floating production storage and offloading vessels, natural gas platforms, oil platformsand
offshore wind farms
-
8/12/2019 MIPRO 2013. prezentacija - Information Security Cost Management in Offshore SMB ICT, Saa Aksentijevi, PhD
4/13
Characteristics of offshore projects
Very complex, require large capital base, modern technology and best
human resources
Diverse in length, from short term to long term
Include several subcontractors using diverse methodologies
Usually connected with large risks that have to be quantified to be
managed
Key success drivers: health, safety and sustainability
Contracts are typically stipulated very close to project start
Usually executed in difficult areas (harsh environment, politically
unstable countries, technically challenging environment, logistics
problems, war zones)
-
8/12/2019 MIPRO 2013. prezentacija - Information Security Cost Management in Offshore SMB ICT, Saa Aksentijevi, PhD
5/13
Goals of offshore risk project management
Realistic and reasonable cost and schedule contingencies
Understanding the probability of cost overrun and schedule
delays
Understanding the accuracy of cost estimate or project
schedule
Ensuring that project teams identify and properly
communicate risks and implement risk mitigation plan
-
8/12/2019 MIPRO 2013. prezentacija - Information Security Cost Management in Offshore SMB ICT, Saa Aksentijevi, PhD
6/13
Requirements of offshore ICT security
Legal framework transcends several nations
Different business context, so existing legal requirements are not
easily applicable to offshore ICT security Best practice ISMS systems do not evaluate influence of investments
in SMS to companys or project financial results
SMB companies lack financial and human resources
ISMS management viewed as minimal cost or technical discipline
SMB ICT companies tend to accept unreasonably high risk levels Business financing sector does not recognize importance of ICT
security in offshore SMB ICT companies
-
8/12/2019 MIPRO 2013. prezentacija - Information Security Cost Management in Offshore SMB ICT, Saa Aksentijevi, PhD
7/13
Proposal of model for SMB companies working on
offshore projects
Proposal of portfolio model, consisting of baseline ICT security and
project portfolio ICT solutions
Baselineoffshore
SMB ICTsecurity
Project ASMB ICTsecurity
Project BSMB ICTsecurity
Project CSMB ICTsecurity
Project DSMB ICTsecurity
Project ESMB ICTsecurity
-
8/12/2019 MIPRO 2013. prezentacija - Information Security Cost Management in Offshore SMB ICT, Saa Aksentijevi, PhD
8/13
Cumulative baseline SMB offshore ICT security
BaselineSMB
offshoreICT security
Legal requirements
Best practicerequirements
Risk assessmentapproach requirements
-
8/12/2019 MIPRO 2013. prezentacija - Information Security Cost Management in Offshore SMB ICT, Saa Aksentijevi, PhD
9/13
Legal requirements of SMB ICT offshore companies
Legalrequirements
National legalrequirements
Local legalrequirements
Maritime law specificrequirements
-
8/12/2019 MIPRO 2013. prezentacija - Information Security Cost Management in Offshore SMB ICT, Saa Aksentijevi, PhD
10/13
Best practice requirements
Best practicerequirements
Technical best practiceframeworks
ISMS best praticeframeworks
Best practices of projectmanagement
-
8/12/2019 MIPRO 2013. prezentacija - Information Security Cost Management in Offshore SMB ICT, Saa Aksentijevi, PhD
11/13
Risk assessment approach of SMB offshore ICT
companies
Risk
assessment
approach
requirements
SMB offshore ICT assets
Asset threats
Asset vulnerabilities
-
8/12/2019 MIPRO 2013. prezentacija - Information Security Cost Management in Offshore SMB ICT, Saa Aksentijevi, PhD
12/13
Expected developments in the near future
Shift towards cloud based solutions not always easily applicable in
offshore projects
Offshore project clients prefer standard and well-proven solutions andmeasures to achieve goals of ICT security on projects
Host countries are likely to continue implementing strict measures for
control of information
Local infrastructure in host countries continues to be lacking,
consequence is reliance on foreign solutions
Cost of required local certification continues having major impact on
cost effectiveness
Hidden and sunk costs will have a big impact on efficiency of SMB
ICT companies on offshore projects
-
8/12/2019 MIPRO 2013. prezentacija - Information Security Cost Management in Offshore SMB ICT, Saa Aksentijevi, PhD
13/13
Information Security Cost
Management in Offshore SMBICT Companies
THANK YOU FOR YOUR PATIENCE!