6 hours 30 minutes
now, the next tool we're gonna use is called the Calls and effect diagram, and this cause and effect diagram is for route calls analysis. What we're trying to do is getting in the bottom of why, perhaps a defect or, ah, flaw in design, perhaps
why I would ever risk that's materializing
what's at the root of it.
So this can also be called a call so you can hear it called cause and effect. You can hear it called the Fish Bone Diagram, and you can kind of see why in this diagram it can also be called in Ishikawa diagram. I kind of in my mind call it official Kawa because that combines the two and I can kind of keep them together.
But anyway, what you concede E
is, let's say we're doing software development and we're trying to figure out what's at the bottom of this flaw that we found. Maybe we found that Ah, it's upset the susceptible to, um,
code injection. So we have to think about, well, water all the causes for that. Or what if there's a security error that allows a com prom, prom ise or a bypass of access control. So on the backbone we write out, what is the defect?
And then each of these little vertebrae that stemming off the backbone is where we say, Okay, here's one of the possible causes.
Here's another possible cause. Here's another possible calls. And then you can also have information branched off the vertebrae as well. But ultimately, you know, we're gonna brainstorm. We're going to track our defects and try to get to the root underneath things.
The next tool that we have is gonna be the SWAT analysis. SWAT analysis is really helpful. When we're looking to take on endeavors. We have to think about our strengths and our weaknesses and then look at the endeavor for opportunities and techniques. So it's called SWAT. So of course, with strength, what do we do? Well,
we as a company, what are those things that we're good at?
Okay. How are we better than our competitors in this particular focus?
Now, if we're gonna look at the positives, we've also got a look at the negative. So we have to think about what? Of our weaknesses. What are the things that our competitors do better than us?
Waterson limitations that we have. What are areas that were just not a strong at Those are our weaknesses, of course.
And then, like I've said, you know, we've been talking about opportunities versus threats. So in undertaking this particular endeavor, what is the potential for positive outcomes? Right. So what are our opportunities?
Ah, is this Ah, an area that, um,
you know, is is this an area that just hasn't been? Ah, well, we see here underserved markets. So in this particular market, is there real need where there's no competitors present? Perhaps. Do we see a trend? Can we get aboard the get on board the train before our competitors do?
What are the opportunities there?
We've also going to think about threats, Of course.
we've got to think about Okay. If we invest all of this money and moving in this direction, our competitors gonna get there first. And we've done all this work for nothing. Do we run the risk of alienating customers or stakeholders by taking on this new endeavor? Whatever the threats are. So
what we've got to do when we're considering new endeavors is we sit down. We conduct a SWAT analysis to determine
Is this the right move for me right now?
Now, Comparable technique one, that kind of ah reminds me a little bit of SWAT is called the BCG matrix. And the BCG matrix comes to us from the balls Boston Consulting Group. And this is all about evaluating I t endeavors or in evaluating
the elements in your portfolio and determining
how to move forward with it.
So the BCG matrix says they're basically four types of investments. You have stars, you have question marks. You have cash cows and you have dogs.
That's a sad little picture of the doll there in the corner, isn't it?
All right, so when I'm looking my portfolio I have some investments that are making me money. They're stable or growing.
I can feel like these areas are gonna continue throughout, and I feel like they're gonna grow.
So in that instance, that would be considered a star. So I'm gonna continue to invest in it
now a cash cow.
Money's coming in. Money's come in, it's going to come in. It's just one of those things that just keeps profiting us. I'm going to continue to invest there as well. I'm gonna do everything I can to continue to maximize the cash flow.
So the star in the cash cow obviously are positive.
The question mark, though, is that that investment that's kind of iffy. It's unstable. It's not profiting me anything, you know. It's kind of up and down, up and down. So at that point in time, we can't just let it go into that nebulous unknown,
you know, frame. We we want to really take a look and analyze and see,
you know, go through further analysis and determine where do we really think this is going? Because as it is right now, it really has the potential to become a money suck, right? So we've gotta analyze it and figure out and become a star or is gonna become adult,
which, personally, I take offense that the most negative one on this is a dog. I'm a huge dog lover.
It's a matter of fact. You can note
my coffee cup.
I have a paw ge. So
it's a sad little dog here. Put its qualified to be a dog. If it doesn't make money, not only does it not make money, but it's likely losing you money
the earning potential is low. It's unstable, unstable. It's just one of those things where we sunk some money in.
Just because you've put money in doesn't mean you continue to do so. So at some point in time, you gotta look at that and say, You know what? It's too unstable. It's costing me money. It's not worth the time and interest and effort, and at that time you need to divest. You need to get rid of that stock and move or that endeavor,
and you need to move along to something that has a higher potential.
So that's the BCG matrix, and those are just a couple of the tools that you can use in order to address or assess risk.
IoT Product Security
This course will focus on the fundamentals of how to set up a functioning IoT ...
8 CEU/CPE Hours Available
Certificate of Completion Offered
50 CISO Security Controls
Dr. Edward G. Amoroso, CEO of TAG Cyber and former CISO of AT&T, covers six ...