Security and Risk Management

1 Security & Risk Mgmnt Copyright Doug Knehr

Click on the above link for a condensed view (not all links opened) of my deep research and expertise in Security and Risk Management covering the following areas:

1.Security and Risk Management

Critical Areas
Data Breaches
Conducting a Business Impact Analysis (BIA)
Continuous improvement
Threat Modeling
Determining potential attacks
Performing a Reduction Analysis
Technologies and processes used to remediate threats
Integrating security risk considerations into acquisitions strategy and practice
Third-Party assessments
Minimum security requirements
Service-Level requirements
Appropriate levels of awareness, training, and education within an organization
Periodic reviews for content relevancy”
Security Principles
Security & Risk Governance
Industry best practices (i.e., NIST, ITIL, ISO 27000, COSO, and COBIT). ”
Mechanisms for the board of directors and management to have the proper oversight to manage the risk to the enterprise to an acceptable level.”
Purpose of governance
Board of directors should:
Be informed about information security
Set direction to drive policy and strategy
Provide resources to security efforts
Assign management responsibilities
Set priorities
Support changes required
Define cultural values related to risk assessment
Obtain assurance from internal or external auditors
Insist that security investments are made measurable and reported on for program effectiveness.”

Security Mgmnt
Interrelationship of Security & Risk Mgmnt
Common Business Issues Affecting Security Risk mgmnt
Governance Committees –
Governance Committees – A governance committee is responsible for recruiting and maintaining the governance board for an organization. ”

Security Roles and Responsibilities
Security Activities
How its done
Implementing Metrics
“Security Council”
Review and Audit the Security Program”
Establish Control Frameworks for Governance
Global Legal and Regulatory Issues
Develop and Implement Security Policy
Business Continuity (BC) & Disaster Recovery (DR) Requirements
Personnel security
Risk Mgmnt Concept
Risk Assessment Process (NIST – National Institute of Standards and Technology)
Security & Audit Frameworks
ID threats and vulnerabilities
Risk assessment analysis
Risk Mitigation
Risk Acceptance
Counter Measures
Type of controls
Access Control Types
Control assessment/ monitoring measurement
Tangible and intangible Asset Valuation
Continuous Improvement
Risk Mgmnt Frameworks
Create a risk inventory of risks and counter measures
Threat Modeling
enables informed decision making on application security risk
procedure to id objectives and vulnerabilities and then define countermeasures to the threats
Determining Potential attacks and reduction analysis
Technologies and processes to reduce threats
Acquisitions Strategy
Security Education Training & Awareness
Formal Training
Creating security awareness course
Creating culture of awareness
Job Training
Performance Metrics

COPYRIGHT Douglas S. Knehr Esq.,MBA, CIPM, CIPP, CISSP  (in Training)

Doug at DougKnehr . com


Welcome. International Data Protection =Information Security + Data Privacy + Governance

Please do stay in touch with me. Enter your contact info:



Email: Please reach me thru linked in

US Citizen



CISSP  – Certified Information Security System Professional 2015

FIP – Fellow of Information Privacy-2017

CIPM –  Certified Information Privacy Manager 2014

CIPP /US – Certified Information Privacy Professional  2014


JD-Juris Doctor-Stetson College of Law FL 1999

MBA        Master of Business Administration (Finance) – Rutgers Graduate School of Management NJ 1994

BS            Bachelor of Science in Business Economics – Rutgers University Cook College NJ 1992

Strengths:  Information Security/Cyber Security, Data Privacy, Data Protection, Litigation. I am a SME at  GRC aspects of cross border Information Security and Data Privacy. I am a full member CISSP (Cyber Security) , FIP (Fellow of Information Privacy), CIPM (Certified Information Privacy Manager), and CIPP/US (Certified Information Privacy Professional).

In House Consulting: I have consulted to the United States SIFMUs (Systemically Important Financial Market Utility to the United States) guiding CISO, CPO and GC departments. I have also consulted for a 27000+ person international organization with a 23 country footprint building out a 2nd Data Protection department.

I have operationalized information security as CISO and created governance for a $193 billion financial conglomerate with 6 major entities.

Cyber Security Tooling & Monitoring: Knowing how to implement cyber security monitoring tools lawfully in an international environment requires a global understanding of data protection.

GDPR and GRC: Possessing deep cyber security, information security and data privacy expertise, I am a GRC, GDPR and data protection guru. I’ve built and worked on multiple data protection programs affecting more than 30,000 employees across  23 countries

I welcome your call: Please reach me on 609-635-2226 or email