Governance, Regulation & Compliance


Education Level: Intermediate

6417 - Assessing Inherent and Residual Risks in an Enterprise Applications/Systems Portfolio

Wednesday, September 27
2:15 PM - 3:15 PM

This session presents a model based on weighted criteria to identify the inherent risk of applications/systems. The model is flexible enough to adjust factors/criteria/weights based on changes in an enterprise's future environment, priorities, strategy or risk tolerance. Inherently high-risk applications/systems warrant a residual (deep dive) risk assessment by evaluating various security controls in place to mitigate risk against specific threats and vulnerabilities.

This session presents a residual risk assessment model based on STRIDE threat classification (spoofing, tampering, repudiation, information-disclosure, denial of service, elevation of privilege), which helps categorize different threats to systematically evaluate controls across applications/systems. The model looks at various control areas to determine residual risk of inherently risky applications/systems assigning appropriate qualitative (critical, high, medium, low) risk levels.

Learning Objectives:

Shankar Chebrolu

Consulting Enterprise Security Architect
Red Hat Inc.

Shankar Chebrolu is an enterprise security architect at Red Hat, Inc., leading the efforts to establish and maintain enterprise security standards, define and assess target architectures for several business programs and initiatives, customize security and risk assessment frameworks, and work with various IT and business teams toward security and privacy compliance. He holds a doctorate in information technology from Capella University and master's degree in computer science and engineering from IIT Mumbai, India. Shankar's research and enterprise security work have been published in several peer-reviewed IT journals, books and magazines. He holds several security, privacy and architecture certifications including CISSP, ISSAP, CCSP, HCISPP, CIPT, PCIP, TOGAF, FAIR. Shankar has presented at multiple professional conferences including IEEE Cloud, Oracle Open World, CA World, and The Open Group.


Send Email for Shankar Chebrolu

Vinay Bansal

Principal Engineer
Cisco Systems Inc

Vinay K. Bansal is a principle engineer in Cisco System's Security and Trust Organization (Infosec). He is the lead security architect in InfoSec for Cisco cloud solutions and strategy. His current focus is the Cisco Cloud Services platform and various Cisco teams building cloud products. He leads the security architect for Cisco's various cloud-hosted offerings. Previously he was the global security lead for Cisco’s Web and Application Security Architecture Team that focuses on improving security for Cisco’s 2,000-plus IT web applications, databases, mobile services and external cloud providers. Vinay has 23-plus years of industry experience in successfully leading, securing and architecting innovative technology solutions. He holds a master's degree in computer science from Duke University.


Send Email for Vinay Bansal


6417 - Assessing Inherent and Residual Risks in an Enterprise Applications/Systems Portfolio

MP3 Audio Slides Video

Attendees who have favorited this

Please enter your access key

The asset you are trying to access is locked. Please enter your access key to unlock.

Send Email for Assessing Inherent and Residual Risks in an Enterprise Applications/Systems Portfolio