PREV  SCENE

PROGRESS COUNTER

RESET

NEXT SCENE

Attachment

 

Clare Rane

Immersive Objectives:

Log in as ClareAttend the conference call for the Risk TeamClose the call

Username:

C

*

Password:

Cl

Cla

Clare.

Clare.Ran

Clare.Rane

**

***

****

*****

******

*******

********

*********

**********

***********

************

*************

Steve Romano

Vulnerabilities and Threats

Yesterday

Mitigation

Next Steps

Dear Ms. Rane, It was a pleasure speaking with you and Mr. McKenna. I appreciate the opportunity to assist your company in developing your risk strategy. At our last meeting, I mentioned the next steps are to host a meeting with you, your leadership team, and senior teamsters to ensure everyone is informed about the process. For this first meeting, I would recommend including a large group of decision makers including c-suite, department managers, and senior teamsters. Going forward, we’ll bring together a smaller work group that will consist of a subset of these folks as we move into the “how-to” aspects of working with risks. Please feel free to send a calendar invite once a day and time has been confirmed and I will join you virtually. Looking forward to working with the team. Sincerely, Steve Romano

Last Week

Thank you for your high praise of the proposed solution to the issue with the tire sensors. My team is currently testing and vetting several replacement options...

Hello, Ms. Rane. It is a pleasure to make your acquaintance and thank you for reaching out. Many organizations struggle with this topic, viewing it as somewhat esoteric and outside of their core business skillset. You’ve taken the important first step; you’ve realized that this is something you need to learn more about. Going forward, I can teach you the terms and concepts. With those in mind, you can master the procedures. I have forwarded the signed contract and NDA to your legal department and am able to start walking through this process right away. I know you mentioned that you do not currently have a company-wide risk strategy in place (which is okay at the stage you are at in the process), but I wanted to gauge your current work around risk to help guide our discussion: Do you have policies or procedures in place dealing with the management of risks and issues at the business unit level, such as within divisions or departments?What do you consider to be the differences between a risk and an issue?From a risk standpoint, does your company conduct qualitative or quantitative analysis?If you do not have a firm answer to these questions at this point, it is not a problem; I would be happy to discuss these with you. To make the best use of your time, I’d like a copy of your organizational chart, business plan, and an after-action report for any recent incident (confidentiality will be observed). I’ll study these over the next few days and recommend who should attend the conference call. I cover a lot of ground in the first session, so you’ll want to block out some time. In the interim, I’ll send you some information to look at; you’re free to share it with everyone. You are also welcome to share with me any specific questions you or your team has ahead of our call. Thank you for your time and I am looking forward to working with you and your team. Sincerely,  Steve Romano

Last Week

Steve Romano

Ms. Rane, Thank you for your high praise of the proposed solution to the issue with the tire sensors. My team is currently testing and vetting several replacement options. I have attached more information regarding vulnerabilities and threats. I have some experience working with risk in the cybersecurity field, but I have to admit I am not sure where to start regarding instituting a company-wide risk assessment or analysis. I am including the contact information of a contractor, Steven Romano. I heard him speak at the most recent (ISC)2 Cybersecurity Congress, and he seemed to have a wealth of experience working organizations through this process, if you are interested in reaching out for a consult. Thank you, Kyle McKenna CIO, CISO Rane Logistics

Threats

Risk Strategy (See Attachments)

Risk Strategy

Risk Issues

Kyle McKenna

Vulnerabilities and Threats (See Attachments)

It is a pleasure to make your acquaintance and thank you for reaching out. Many organizations struggle with this topic, viewing it as somewhat esoteric and outside of their core business skillset...

It was a pleasure speaking with you and Mr. McKenna. I appreciate the opportunity to assist your company in developing your risk strategy. At our last meeting, I mentioned...

Vulnerabilities

New Text

You’ve completed the objectives for this immersive exercise. Help the Rane Logistics team learn more about conducting practical risk analysis by continuing on to the next page. 

Black Swan Events

File Name Goes Here

Considerations

Issues and Opportunities

Butterfly Effect

Vulnerabilities

Elicited Risks

Mitigations

Threat Actors

Prompt Lists