This year’s conference theme is The Fundamentals are Fundamental. Organizations today often get distracted by hype surrounding the latest cyber threats and waste a tremendous amount of resources trying to mitigate threats that they may not be vulnerable to. An effective threat model is one of the most critical and fundamental elements of any risk management program. An effective threat model must be based on a thorough understanding of the organization’s critical assets and the realistic threats that could impact those assets. This session introduces the innovative concept of CAPS and OARS for developing comprehensive and effective threat models. CAPS is designed to protect critical assets while OARS is designed to propel organizations forward through proactive opportunity management. Critical Asset Protection Solution (CAPS) focuses on properly identifying critical organizational assets and the associated threats; contrary to some, all organizational assets are not critical, and some threats can be ignored. Opportunity Analysis and Rationalization Solution (OARS) is a proactive opportunity management component that resides in the risk management program. OARS seeks to aggressively pursue and capitalize on emerging opportunities thereby enabling the risk management organization to create value in addition to preserving existing value.
Joseph W. Mayo is an award-winning project manager and Internationally recognized risk management expert. Mr. Mayo is an Information Technology professional with nearly three decades of experience. He holds a bachelor’s degree in Information Technology and a master’s degree in Information Systems. Mr. Mayo is a PMI certified Project Management Professional (PMP), Risk Management Professional (RMP), holds a Certified in Risk and Information Systems Control (CRISC) credential from the Information Systems Audit and Control Association (ISACA), and is certified by the Risk Management Society (RIMS) as a Certified Risk Management Professional (RIMS-CRMP). Mr. Mayo is the first risk practitioner to be credentialed by the three internationally recognized, risk management credentialing bodies; PMI, ISACA, and RIMS. He is an active industry volunteer who regularly participates in industry working groups and strives to enhance global risk management and project management practices. He is an author, speaker and conference presenter on topics that include risk management, project management, and quality assurance. Career highlights include the following:
- Cultural Calamity – Culture Driven Risk Management Disasters and How to Avoid Them
- Chaos to Clarity – The Tao of Risk Management
- Program manager for project #7 of the top 100 IT projects of 2006 by InfoWorld.
- Creator of the Risk Hurricane, an organizational culture barometer to indicate culture traits that can lead to disastrous results.
- Developed a risk management maturity roadmap for a U.S. government agency and was instrumental in the implementation of the Enterprise Risk Policy.
- Developed an IV&V program that was recognized by the Government Accounting Office (GAO) as a model for large complex government programs.