Abstract image of a woman sitting on books and studying on a laptop

Cyber Risk Operation Center … is not a SOC

Francesco Faenzi, profile picture
Francesco Faenzi

The document discusses the strategic importance of the Cyber Risk Operation Center (CROC) in enhancing cyber risk management within an operational framework. It emphasizes the distinction between CROC and traditional Security Operations Centers (SOC) and outlines the lifecycle of cyber risk management, including risk scoring and threat detection. Additionally, it highlights factors such as asset importance and the likelihood of successful attacks to illustrate the value of CROC in a cybersecurity context.

Technology
Related topics:
Risk-Management Cyber-Risk
1 of 8
1
2
3
4
5
6
7
8
CYBER RISK OPERATION CENTER STRATEGIC VALUE in CYBER RISK MANAGEMENT and OPERATIONAL FRAMEWORK FRANCESCO FAENZI HEAD OF CYBERSECURITY & RESILIENCY Itway.com
ITWAY CYBER SECURITY & RESILIENCY CYBER-PHYSICAL SECURITY & RESILIENCY IDENTITY & MICROSOFT SECURITY & RESILIENCY MULTI-CLOUD & HYBRID INFRA SECURITY & RESILIENCY MODERN PLATFORM ENGENEERING & MODERN OPS CYBER RISK OPERATION CENTER RISK MANAGEMENT
CROC IS NOT A SOC CROC SOC
CYBER DOMAINS
WHAT CROC MEANS FOR A CISO
CYBER RISK MANAGEMENT LIFECYCLE
CROC MEANS CYBER RISK SCORING INTELLIGENT CYBER RISK SCORING Vulnerability Exposure - Vulnerabilities detected - Misconfigurations - Suspicius activity - Suspicius data access Security Config + control - Security Policies implemented - Regulatory Compliance Threat Activity - Threat Detections - Detection from investigation - Attack attempts Business Value - Asset importance - Impact of outage Asset Posture - Asset Discovery - Asset Influence - Asset Context Likelihood for a successfull attack Impact for a successfull attack Reduce Likelihood Minimaze Impact scope
THANK YOU

More Related Content

PDF
" Operacje militarne w cyberprzestrzeni, czyli jak wojsko realizuje zadania w...
PROIDEA
 
PPTX
Cyber security.pptx
Suru42
 
PDF
DTS Solution - Cyber Security Services Portfolio
Shah Sheikh
 
PDF
INTRODUCTION TO CYBER FORENSICS
Sylvain Martinez
 
PDF
CYBER SECURITY CAREER GUIDE CHEAT SHEET
TravarsaPrivateLimit
 
PDF
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
Cristian Garcia G.
 
PDF
Cyber_Services_2015_company_intro_ENG_v2p0
Ferenc Fresz
 
PDF
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
Shah Sheikh
 
" Operacje militarne w cyberprzestrzeni, czyli jak wojsko realizuje zadania w...
PROIDEA
 
Cyber security.pptx
Suru42
 
DTS Solution - Cyber Security Services Portfolio
Shah Sheikh
 
INTRODUCTION TO CYBER FORENSICS
Sylvain Martinez
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
TravarsaPrivateLimit
 
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
Cristian Garcia G.
 
Cyber_Services_2015_company_intro_ENG_v2p0
Ferenc Fresz
 
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
Shah Sheikh
 

Similar to Cyber Risk Operation Center … is not a SOC (20)

PDF
DTS Solution - Company Presentation
Shah Sheikh
 
PDF
MID_SIEM_Boubker_EN
Vladyslav Radetsky
 
PPTX
So You Want a Job in Cybersecurity
2nd Sight Lab
 
PDF
cybersecurity-careers.pdf
RakeshKumar442494
 
PPTX
Be the Hunter
Rahul Neel Mani
 
PDF
Information Security Risk Management
ipspat
 
PPTX
LIFT OFF 2017: Transforming Security
Robert Herjavec
 
PDF
Apache Kafka as the Backbone for Cybersecurity with Kai Waehner | Kafka Summi...
HostedbyConfluent
 
PDF
Reducing cyber risks in the era of digital transformation
Sergey Soldatov
 
PDF
Revolutionizing Advanced Threat Protection
Blue Coat
 
PPTX
Information Security: We are all InfoSec (updated for 2018)
Michael Swinarski
 
DOCX
CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief in
OllieShoresna
 
PPTX
2016 - Cyber Security for the Public Sector
Scott Geye
 
PPTX
Prezentare_RSA.pptx
AgusNursidik
 
PPTX
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
SurfWatch Labs
 
PDF
DTS Solution - Company Presentation
Shah Sheikh
 
PDF
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Cisco do Brasil
 
PDF
Splunk for Security
Gabrielle Knowles
 
PDF
SplunkLive Auckland 2015 - Splunk for Security
Splunk
 
PDF
SplunkLive Wellington 2015 - Splunk for Security
Splunk
 
DTS Solution - Company Presentation
Shah Sheikh
 
MID_SIEM_Boubker_EN
Vladyslav Radetsky
 
So You Want a Job in Cybersecurity
2nd Sight Lab
 
cybersecurity-careers.pdf
RakeshKumar442494
 
Be the Hunter
Rahul Neel Mani
 
Information Security Risk Management
ipspat
 
LIFT OFF 2017: Transforming Security
Robert Herjavec
 
Apache Kafka as the Backbone for Cybersecurity with Kai Waehner | Kafka Summi...
HostedbyConfluent
 
Reducing cyber risks in the era of digital transformation
Sergey Soldatov
 
Revolutionizing Advanced Threat Protection
Blue Coat
 
Information Security: We are all InfoSec (updated for 2018)
Michael Swinarski
 
CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief in
OllieShoresna
 
2016 - Cyber Security for the Public Sector
Scott Geye
 
Prezentare_RSA.pptx
AgusNursidik
 
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
SurfWatch Labs
 
DTS Solution - Company Presentation
Shah Sheikh
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Cisco do Brasil
 
Splunk for Security
Gabrielle Knowles
 
SplunkLive Auckland 2015 - Splunk for Security
Splunk
 
SplunkLive Wellington 2015 - Splunk for Security
Splunk
 
Ad

More from Francesco Faenzi (16)

PPTX
Security Architecture Anti-Patterns and Design Mistakes
Francesco Faenzi
 
PPTX
Anatomy of Modern Identity-Based Attacks
Francesco Faenzi
 
PPTX
Cyber Security and Resiliency Twin - Anomaly Detection with AI @ Edge
Francesco Faenzi
 
PPTX
Industry 4.0 CyberSecurity Assessment.pptx
Francesco Faenzi
 
PPTX
Advanced Metering Infrastructure Security Test.pptx
Francesco Faenzi
 
PPTX
Customer digital identity and consent management
Francesco Faenzi
 
PPTX
Identità digitale e identità in real-life: rischi e rimedi
Francesco Faenzi
 
PPTX
Telegram chatbot - considerazioni di sicurezza
Francesco Faenzi
 
PPTX
Cyber Threat Intelligence - La rilevanza del dato per il business
Francesco Faenzi
 
PPTX
Cybercrime underground: Vendita ed evoluzione del carding
Francesco Faenzi
 
PPTX
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
Francesco Faenzi
 
PPTX
Cyber Attack: stories from the field - Threat analysis: useful methodologies ...
Francesco Faenzi
 
PPTX
Analisi del fenomeno carding nei blackmarket
Francesco Faenzi
 
PPTX
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
Francesco Faenzi
 
PPTX
Analysis of exposed ICS//SCADA/IoT systems in Europe
Francesco Faenzi
 
PPTX
SCADA Cybersecurity: Sessione live di Attacco e Difesa by Lutech & Phoenix Co...
Francesco Faenzi
 
Security Architecture Anti-Patterns and Design Mistakes
Francesco Faenzi
 
Anatomy of Modern Identity-Based Attacks
Francesco Faenzi
 
Cyber Security and Resiliency Twin - Anomaly Detection with AI @ Edge
Francesco Faenzi
 
Industry 4.0 CyberSecurity Assessment.pptx
Francesco Faenzi
 
Advanced Metering Infrastructure Security Test.pptx
Francesco Faenzi
 
Customer digital identity and consent management
Francesco Faenzi
 
Identità digitale e identità in real-life: rischi e rimedi
Francesco Faenzi
 
Telegram chatbot - considerazioni di sicurezza
Francesco Faenzi
 
Cyber Threat Intelligence - La rilevanza del dato per il business
Francesco Faenzi
 
Cybercrime underground: Vendita ed evoluzione del carding
Francesco Faenzi
 
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
Francesco Faenzi
 
Cyber Attack: stories from the field - Threat analysis: useful methodologies ...
Francesco Faenzi
 
Analisi del fenomeno carding nei blackmarket
Francesco Faenzi
 
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
Francesco Faenzi
 
Analysis of exposed ICS//SCADA/IoT systems in Europe
Francesco Faenzi
 
SCADA Cybersecurity: Sessione live di Attacco e Difesa by Lutech & Phoenix Co...
Francesco Faenzi
 
Ad

Recently uploaded (20)

PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
August Patch Tuesday
Ivanti
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PPTX
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PPTX
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
The various Industrial Revolutions .pptx
bandileshozi3
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
August Patch Tuesday
Ivanti
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 

Cyber Risk Operation Center … is not a SOC

  • 1. CYBER RISK OPERATION CENTER STRATEGIC VALUE in CYBER RISK MANAGEMENT and OPERATIONAL FRAMEWORK FRANCESCO FAENZI HEAD OF CYBERSECURITY & RESILIENCY Itway.com
  • 2. ITWAY CYBER SECURITY & RESILIENCY CYBER-PHYSICAL SECURITY & RESILIENCY IDENTITY & MICROSOFT SECURITY & RESILIENCY MULTI-CLOUD & HYBRID INFRA SECURITY & RESILIENCY MODERN PLATFORM ENGENEERING & MODERN OPS CYBER RISK OPERATION CENTER RISK MANAGEMENT
  • 3. CROC IS NOT A SOC CROC SOC
  • 5. WHAT CROC MEANS FOR A CISO
  • 7. CROC MEANS CYBER RISK SCORING INTELLIGENT CYBER RISK SCORING Vulnerability Exposure - Vulnerabilities detected - Misconfigurations - Suspicius activity - Suspicius data access Security Config + control - Security Policies implemented - Regulatory Compliance Threat Activity - Threat Detections - Detection from investigation - Attack attempts Business Value - Asset importance - Impact of outage Asset Posture - Asset Discovery - Asset Influence - Asset Context Likelihood for a successfull attack Impact for a successfull attack Reduce Likelihood Minimaze Impact scope