Enterprise GRC Implementation

Size: px
Start display at page:

Download "Enterprise GRC Implementation"

Transcription

1 Enterprise GRC Implementation Our journey so far implementation observations and learning points Derek Walker Corporate Risk Manager National Grid 1

2 Introduction to National Grid One of the world s largest 100% listed utilities focused on regulated transmission and distribution activities in electricity and gas in the United Kingdom and the United States 2

3 Introduction to National Grid National Grid s principal UK businesses Electricity generators Gas producers and importers Regional electricity distribution networks National Grid Transmission UK Other regional gas distribution networks National Grid Gas Distribution UK Commercial and domestic customers 3

4 Introduction to National Grid National Grid UK 4

5 Introduction to National Grid National Grid s principal US businesses Electricity generators Gas producers and importers National Grid Transmission US National Grid Electricity Distribution US Other Electricity Transmission networks Other electricity/gas distribution networks Gas Transmission pipelines National Grid Gas Distribution US Commercial and domestic customers 5

6 Introduction to National Grid National Grid US 6

7 GRC Selection & Implementation Background National Grid conducted a review of governance, risk and compliance functions across the enterprise Broad consolidated review initiated to understand benefits of pulling together governance, risk and compliance Review included governance, risk and compliance: Processes Culture Information and data Systems Review found areas were fit-for-purpose Potential for improvement and closer integration 7

8 GRC Selection & Implementation Processes, information and systems review Conducted a wide review involving many GRC business departments within the enterprise (UK and US) The process-systems-information workstream looked at Current systems and data Products on the market which could support governance, risk and compliance processes independently Integrated egrc products Full procurement exercise Company organisational change Business programme change 8

9 GRC Implementation Sponsorship, ownership and governance Start-up of the GRC programme Ensure clear rationale understood at the top of the company Sponsorship Executive sponsor Formed Steering Group with sponsorship across the governance, risk and compliance groups benefiting from GRC including GRC business areas in planned future implementation Stages Group Audit and Risk Committees Ownership Steering Group nominated lead business SMEs within each of the business areas the Business Leads Governance Programme and project governance Business Leads, RSA Archer and IS Independent programme review and implementation assurance 9

10 GRC Implementation Objective Implement an integrated, company-wide, cost-effective GRC system capable of adequately managing information to meet our current and future risk, compliance and assurance requirements Configured GRC will Enable controlled data sharing and alignment Use common information single source of the truth Facilitate automated monitoring, action-tracking and reporting Help ensure that the Company is acting in accordance with its rules and controls 10

11 GRC Implementation Defining the implementation roadmap Strategy Roadmap exercise optimum start point for full future GRC configuration Start small and build from stable core Take account of final system configuration at the outset Start with the business areas which derive the greatest benefit from using the solutions Final roadmap influenced by business areas best able to support programme Strategy Roadmap produced with business SMEs and RSA Professional Services 11

12 GRC Implementation Defining the implementation roadmap 12

13 GRC Implementation Defining the implementation roadmap Roadmap an optimum balance of, starting small, and yet large enough business critical-mass to ensure visibility at the highest level justify the enterprise licence costs generating value generating speed-to-value Full project scope divided in two to reduce implementation risk (Stages 1 & 2) Sanction initially sought for Stage 1 as part of the full programme 13

14 We using many solutions of RSA Archer egrc Business Continuity Management Automate your approach to business continuity and disaster recovery planning, and enable rapid, effective crisis management in one solution. Audit Management Centrally manage the planning, prioritization, staffing, procedures and reporting of audits to increase collaboration and efficiency. Policy Management Centrally manage policies, map them to objectives and guidelines, and promote awareness to support a culture of corporate governance. Risk Management Identify risks to your business, evaluate them through online assessments and metrics, and respond with remediation or acceptance. Threat Management Track threats through a centralized early warning system to help prevent attacks before they affect your enterprise. Vendor Management Centralize vendor data, manage relationships, assess vendor risk, and ensure compliance with your policies and controls. Incident Management Report incidents and ethics violations, manage their escalation, track investigations and analyse resolutions. Compliance Management Document your control framework, assess design and operational effectiveness, and respond to policy and regulatory compliance issues. Enterprise Management Manage relationships and dependencies within your enterprise hierarchy and infrastructure to support GRC initiatives. 14

15 To support the GRC processes in the first stage of implementation Incident Management (Ethics) Corporate Risk Management Group Compliance IS Digital Risk & Security Information Records M ment US Regulatory Compliance US Network Strategy Policy Management Centrally manage policies, map them to objectives and guidelines, and promote awareness to support a culture of corporate governance Risk Management Identify and capture risks, evaluate them and respond with remediation or acceptance Compliance Management Document control framework and respond to policy and regulatory compliance issues Incident Management Report incidents and ethics violations, manage their escalation, track investigations and analyse resolution Threat Management Track threats through centralised warning to help ensure reduced impact on enterprise Enterprise Management Manage relationships and dependencies within hierarchy and infrastructure to support GRC initiatives. 15

16 GRC Implementation Original stages and phases Stage 1 Stage 2 Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Enterprise Management Risk Management Incident Management {Risk Management, IS DR&S, Ethics Case Management} Compliance Management Policy Management {Group Compliance, US Regulatory Compliance, IS DR&S} Policy Management {Information Records Management, IS DR&S} Issues Management Policy Management {IS DR&S, Regulatory Support & Reporting, US Controls and Governance} Audit Management and extending Stage 1 solutions {Project Management and Construction (UK, US)} Threat Management and extending Stage 1 solutions {Global Security, Group Finance and Controls, IS DR&S} 16

17 Targeted Benefits Risk Management Improved review and change-tracking capability Improved ease of data entry Closer integration with other assurance-related processes 17

18 Targeted Benefits Group Compliance Help ensure consistent adherence to the corporate Compliance Management Procedure Enable more efficient and timely Compliance reporting and resolution actions Promote improved compliance information to enable the more effective monitoring and challenging of controls Reduce the compliance management administrative burden Increase transparency of ownership and traceability of controls across the enterprise 18

19 Targeted Benefits US Regulatory Compliance Provide a central database for managing and tracking regulatory requirements Centralise action tracking for issues management reducing administrative burden Provide automated workflows across the organisation Link identified risks and internal audit findings to associated compliance action plans Provide dashboard reports to aid both executive and business oversight of compliance obligations and corrective action plans 19

20 Targeted Benefits Ethics and Compliance Office Provide a more timely and efficient reporting mechanism Reduction of administrative burden Improved collaboration on more complex cases/ incidents Opportunity for further flexibility and adaptability to changing business needs and requirements 20

21 Targeted Benefits US Network Strategy - Regulatory Support & Reporting Single repository of compliance documentation Enhanced transparency and ownership of compliance requirements Improved compliance reporting Reduced risk of non-compliance with standards 21

22 Learning points from our implementation experience so far Know your organisation s hierarchy Need for business collaboration and potential compromise on shared solutions Significant effort and time required from Business SMEs Business priorities will change Business areas may not have the same GRC process maturity Enterprise GRC implementation is not the panacea to resolve organisational process challenges alone Potential for integrated reporting is a step on path towards improved assurance-community interactions but not the sole enabler Allow time to get through the governance and procurement processes 22

23 Thank you

INTELLIGENCE DRIVEN GRC FOR SECURITY

INTELLIGENCE DRIVEN GRC FOR SECURITY INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to

More information

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...

More information

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion

More information

RSA Advanced Cyber Defence Summit

RSA Advanced Cyber Defence Summit Lee Edge Head Archer Business UK&I RSA Advanced Cyber Defence Summit London 30-April-2015 1 64% 8% 2014 Gartner CEO and Senior Executive Survey: 'Risk-On' Attitudes Will Accelerate Digital Business. 2

More information

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY RSA ARCHER BUSINESS RESILIENCY INTRODUCTION Organizations are becoming a complex tapestry of products and services, processes, technologies, third parties, employees and more. Each element adds another

More information

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE John McDonald 1 What is Trust? Can I trust that my assets will be available when I need them? Availability Critical Assets Security Can I trust

More information

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief RSA Solution Brief Managing Risk Within Advanced Security Operations RSA Solution Brief How do you advance your security operations function? Increasingly sophisticated security threats and the growing

More information

CCISO Blueprint v1. EC-Council

CCISO Blueprint v1. EC-Council CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance

More information

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Charting the Course... Certified Information Systems Auditor (CISA) Course Summary Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business

More information

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

Disaster Recovery and Business Continuity Planning (Mile2)

Disaster Recovery and Business Continuity Planning (Mile2) Disaster Recovery and Business Continuity Planning (Mile2) Course Number: DRBCP Length: 4 Day(s) Certification Exam This course will help you prepare for the following exams: ABCP: Associate Business Continuity

More information

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL The EU GDPR imposes interrelated obligations for organizations handling

More information

Best Practices & Lesson Learned from 100+ ITGRC Implementations

Best Practices & Lesson Learned from 100+ ITGRC Implementations Best Practices & Lesson Learned from 100+ ITGRC Implementations Presenter: Vivek Shivananda CEO of Rsam Dec 3, 2010 ISACA -NY Chapter Copyright 2002 2010 Relational Security Corp. (dba Rsam) Agenda Overview

More information

Cyber Security Program

Cyber Security Program Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by

More information

Business Continuity and Disaster Recovery

Business Continuity and Disaster Recovery Business Continuity and Disaster Recovery Index Section Title 1. Executive Summary 2. Policy Statement 3. Strategy 4. Governance 5. Key Documentation 6. Testing 1 Executive Summary Business Continuity

More information

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI CONTENTS Overview Conceptual Definition Implementation of Strategic Risk Governance Success Factors Changing Internal Audit Roles

More information

Bradford J. Willke. 19 September 2007

Bradford J. Willke. 19 September 2007 A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure

More information

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies

More information

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Exam4Tests.   Latest exam questions & answers help you to pass IT exam test easily Exam4Tests http://www.exam4tests.com Latest exam questions & answers help you to pass IT exam test easily Exam : CISM Title : Certified Information Security Manager Vendor : ISACA Version : DEMO 1 / 10

More information

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016 Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data

More information

How to Conduct a Business Impact Analysis and Risk Assessment

How to Conduct a Business Impact Analysis and Risk Assessment How to Conduct a Business Impact Analysis and Risk Assessment By Larry Pedrazoli Business Recovery Analyst Miller Brewing Company February 2006 Project Management Institute, La Crosse, WI Chapter Agenda

More information

Introduction to Business continuity Planning

Introduction to Business continuity Planning Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources

More information

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan Ready, Willing & Able Michael Cover, Manager, Blue Cross Blue Shield of Michigan Agenda 1. Organization Overview 2. GRC Journey Story 3. GRC Program Roadmap 4. Program Objectives and Guiding Principals

More information

April 17, Ronald Layne Manager, Data Quality and Data Governance

April 17, Ronald Layne Manager, Data Quality and Data Governance Ensuring the highest quality data is delivered throughout the university providing valuable information serving individual and organizational need April 17, 2015 Ronald Layne Manager, Data Quality and

More information

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting

More information

OVERVIEW BROCHURE GRC. When you have to be right

OVERVIEW BROCHURE GRC. When you have to be right OVERVIEW BROCHURE GRC When you have to be right WoltersKluwerFS.com In response to today s demanding economic and regulatory climate, many financial services firms are transforming operations to enhance

More information

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory UAE National Space Policy Agenda Item 11; LSC 2017 06 April 2017 By: Space Policy and Regulations Directory 1 Federal Decree Law No.1 of 2014 establishes the UAE Space Agency UAE Space Agency Objectives

More information

Convergence of BCM and Information Security at Direct Energy

Convergence of BCM and Information Security at Direct Energy Convergence of BCM and Information Security at Direct Energy Karen Kemp Direct Energy Session ID: GRC-403 Session Classification: Advanced About Direct Energy Direct Energy was acquired by Centrica Plc

More information

Solutions Technology, Inc. (STI) Corporate Capability Brief

Solutions Technology, Inc. (STI) Corporate Capability Brief Solutions Technology, Inc. (STI) Corporate Capability Brief STI CORPORATE OVERVIEW Located in the metropolitan area of Washington, District of Columbia (D.C.), Solutions Technology Inc. (STI), women owned

More information

Turning Risk into Advantage

Turning Risk into Advantage Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview

More information

Cyber Resilience - Protecting your Business 1

Cyber Resilience - Protecting your Business 1 Cyber Resilience - Protecting your Business 1 2 Cyber Resilience - Protecting your Business Cyber Resilience - Protecting your Business 1 2 Cyber Resilience - Protecting your Business Cyber Resilience

More information

locuz.com SOC Services

locuz.com SOC Services locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security

More information

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product. Isaca EXAM - CISM Certified Information Security Manager Buy Full Product http://www.examskey.com/cism.html Examskey Isaca CISM exam demo product is here for you to test the quality of the product. This

More information

Appendix 3 Disaster Recovery Plan

Appendix 3 Disaster Recovery Plan Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Logistics Start Time Breaks End Time Fire escapes Instructor Introductions Introduction to Information Security Management

More information

Compliance Program Assessment Overview of Findings. Report to the Audit and Risk Committee of the Teachers Retirement Board June 8, 2016

Compliance Program Assessment Overview of Findings. Report to the Audit and Risk Committee of the Teachers Retirement Board June 8, 2016 Compliance Program Assessment Overview of Findings Report to the Audit and Risk Committee of the Teachers Retirement Board June 8, 2016 Kaplan & Walker LLP 2 Law firm specializing in counseling organizations

More information

GOVERNANCE, RISK & COMPLIANCE CPD FOR MEMBERS IN COMMERCE & INDUSTRY AUGUST 2018

GOVERNANCE, RISK & COMPLIANCE CPD FOR MEMBERS IN COMMERCE & INDUSTRY AUGUST 2018 GOVERNANCE, RISK & COMPLIANCE CPD FOR MEMBERS IN COMMERCE & INDUSTRY AUGUST 2018 1 GRC - INTRODUCTION A growing regulatory environment, higher business complexity and increased focus on accountability

More information

Managing IT Risk: The ISACA Risk IT Framework. 1 st ISACA Day, Sofia 15 October Charalampos (Haris)Brilakis, CISA

Managing IT Risk: The ISACA Risk IT Framework. 1 st ISACA Day, Sofia 15 October Charalampos (Haris)Brilakis, CISA Managing IT Risk: The ISACA Risk IT Framework Charalampos (Haris)Brilakis, CISA ISACA Athens Chapter BoD / Education Committee Chair Sr. Manager, Internal Audit, Eurobank (Greece) 1 st ISACA Day, Sofia

More information

SOLUTION BRIEF Virtual CISO

SOLUTION BRIEF Virtual CISO SOLUTION BRIEF Virtual CISO programs that prepare you for tomorrow s threats today Organizations often find themselves in a vise between ever-evolving cyber threats and regulatory requirements that tighten

More information

Helping the C-Suite Define Cyber Risk Appetite. The executive Imperative

Helping the C-Suite Define Cyber Risk Appetite. The executive Imperative Helping the C-Suite Define Cyber Risk Appetite The executive Imperative Welcome Steve Schlarman GRC Strategist CISSP, CISM @steveschlarman Executive Priorities Growth is the highest priority. 54 % 25 %

More information

01.0 Policy Responsibilities and Oversight

01.0 Policy Responsibilities and Oversight Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities

More information

Next Generation Policy & Compliance

Next Generation Policy & Compliance Next Generation Policy & Compliance Mason Karrer, CISSP, CISA GRC Strategist - Policy and Compliance, RSA Core Competencies C33 2013 Fall Conference Sail to Success CRISC CGEIT CISM CISA Introductions...

More information

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant

More information

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating

More information

Information Security Controls Policy

Information Security Controls Policy Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January

More information

Implementing a BCM Programme

Implementing a BCM Programme Implementing a BCM Programme EPICC Vancouver BC April 2009 Russ Stewart UK Head of Continuity Safety & Security Europe KPMG LLP Russell.stewart@kpmg.co.uk 1 Implementing a BCM Programme Lots of good stuff

More information

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO

More information

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases Gen Fields Senior Solution Consultant, Federal Government ServiceNow 1 Agenda The Current State of Governance, Risk, and Compliance

More information

Improve Internal Controls with Governance, Risk, and Compliance Solutions

Improve Internal Controls with Governance, Risk, and Compliance Solutions Improve Internal Controls with Governance, Risk, and Compliance Solutions Jay Castleberry Director, Technology Delivery & Maintenance 0 (SCE) Company Overview One of the largest electric utilities in North

More information

OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK WITH ENTERPRISE GRC

OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK WITH ENTERPRISE GRC OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK WITH ENTERPRISE GRC TOP RISKS: THE WORLD WITHOUT GRC LACK OF ENTERPRISE-WIDE VISIBILITY Every organizational unit has some level of risk it must address.

More information

RSA IT Security Risk Management

RSA IT Security Risk Management RSA IT Security Risk Adding Insight to Security March 18, 2014 Wael Jaroudi GRC Sales Specialist 1 Where is Security Today? Companies have built layer upon layer of security, but is it helping? Complexity

More information

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13 Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13 I. Vision A highly reliable and secure bulk power system in the Electric Reliability Council of Texas

More information

National Policy and Guiding Principles

National Policy and Guiding Principles National Policy and Guiding Principles National Policy, Principles, and Organization This section describes the national policy that shapes the National Strategy to Secure Cyberspace and the basic framework

More information

Global Statement of Business Continuity

Global Statement of Business Continuity Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program

More information

Security Director - VisionFund International

Security Director - VisionFund International Security Director - VisionFund International Location: [Europe & the Middle East] [United Kingdom] Category: Security Job Type: Open-ended, Full-time *Preferred location: United Kingdom/Eastern Time Zone

More information

<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1

<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1 RSA Ready Implementation Guide for Rapid 7 Jeffrey Carlson, RSA Partner Engineering Last Modified: 04/11/2016 Solution Summary Rapid7 Nexpose Enterprise drives the collection

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

UAE Space Policy Efforts Towards Long Term Sustainability of Space Activities Agenda Item 4; COPUOS June 2017 By: Space Policy and

UAE Space Policy Efforts Towards Long Term Sustainability of Space Activities Agenda Item 4; COPUOS June 2017 By: Space Policy and UAE Space Policy Efforts Towards Long Term Sustainability of Space Activities Agenda Item 4; COPUOS 2017 07-16 June 2017 By: Space Policy and Regulations Directory 1 The UAE will build the first city on

More information

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18 Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are

More information

Data Governance Central to Data Management Success

Data Governance Central to Data Management Success Data Governance Central to Data Success International Anne Marie Smith, Ph.D. DAMA International DMBOK Editorial Review Board Primary Contributor EWSolutions, Inc Principal Consultant and Director of Education

More information

Cyber Resilience. Think18. Felicity March IBM Corporation

Cyber Resilience. Think18. Felicity March IBM Corporation Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack

More information

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN 24-27 July 2016 1 CONTENT INTRODUCTION POLICY OBJECTIVES POLICY AND LEGISLATIVE PRINCIPLES CYBER SECURITY STRATEGY CHALLENGES AND OPPORTUNITIES CAPACITY BUILDING

More information

Protecting your data. EY s approach to data privacy and information security

Protecting your data. EY s approach to data privacy and information security Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

Building a BC/DR Control Library and Regulatory Response Program

Building a BC/DR Control Library and Regulatory Response Program Building a BC/DR Control Library and Regulatory Response Program David Garland, Senior Director, Disaster Recovery & Regulatory Compliance, Business Continuity Management CME Group Regulatory Compliance

More information

Accelerate Your Enterprise Private Cloud Initiative

Accelerate Your Enterprise Private Cloud Initiative Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service

More information

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business

More information

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program

More information

The University of Queensland

The University of Queensland UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council

More information

Certified Information Security Manager (CISM) Course Overview

Certified Information Security Manager (CISM) Course Overview Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,

More information

Introduction to Business Continuity Management

Introduction to Business Continuity Management Introduction to Business Continuity Management Audio Presented by ABD s Occupational Health and Safety Team Featuring The Cross Connection JULY 24, 2018 Speaker Panel ABD Insurance & Financial Services

More information

Business Context: Key for Successful Risk Management

Business Context: Key for Successful Risk Management Business Context: Key for Successful Risk Management Philip Aldrich, CISSP, CISM, CISA, CRISC, CIPP Program Director, Risk Management EMC Event Alert Finding Incident Law Vulnerability Regulation Audit

More information

RISK INTELLIGENCE Assurance and efficiency improvement through a robust Enterprise Risk Management approach

RISK INTELLIGENCE Assurance and efficiency improvement through a robust Enterprise Risk Management approach INTELLIGENCE RISK INTELLIGENCE Assurance and efficiency improvement through a robust Enterprise Risk Management approach Carla De Geyseleer CFO Investor Days 2018, Bordeaux CERTIFICATION ACTIVATION 2 Prioritizing

More information

Sustainable Security Operations

Sustainable Security Operations Sustainable Security Operations Optimize processes and tools to make the most of your team s time and talent The number and types of security incidents organizations face daily are steadily increasing,

More information

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx SAMPLE REPORT Business Continuity Gap Analysis Report Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx COMMERCIAL-IN-CONFIDENCE PAGE 1 OF 11 Contact Details CSC Contacts CSC

More information

Initiative. Copyright Techdemocracy, 2017

Initiative. Copyright Techdemocracy, 2017 A Initiative 1 A Initiative 2 November 2 nd, 2017 Ken Pfeil / Gautam Dev 3 What is the purpose of the ACRG? The alliance purpose is to establish a standard framework for risk measurement, reporting and

More information

Reinvent Your 2013 Security Management Strategy

Reinvent Your 2013 Security Management Strategy Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for

More information

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill

More information

How to Derive Value from Business Continuity Planning

How to Derive Value from Business Continuity Planning How to Derive Value from Continuity Planning Presented by Randall J. Till, Principal Till Continuity Group Spring World 2011 Disaster Recovery Journal March 28, 2011 1 BCM Challenges BCM funding is limited

More information

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project

More information

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Cloud First Policy General Directorate of Governance and Operations Version April 2017 General Directorate of Governance and Operations Version 1.0 24 April 2017 Table of Contents Definitions/Glossary... 2 Policy statement... 3 Entities Affected by this Policy... 3 Who Should Read this Policy...

More information

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported

More information

Cybersecurity Considerations for GDPR

Cybersecurity Considerations for GDPR Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union

More information

Data Governance Quick Start

Data Governance Quick Start Service Offering Data Governance Quick Start Congratulations! You ve been named the Data Governance Leader Now What? Benefits Accelerate the initiation of your Data Governance program with an industry

More information

IT123: SABSA Foundation Training

IT123: SABSA Foundation Training IT123: SABSA Foundation Training IT123 Rev.002 CMCT COURSE OUTLINE Page 1 of 8 Training Description: SABSA is the world s leading open security architecture framework and methodology. SABSA is a top-tobottom

More information

The new cybersecurity operating model

The new cybersecurity operating model The new cybersecurity operating model Help your organization become more resilient and reach its business goals. 1 slalom.com Struggling to meet security goals While the digital economy is providing major

More information

Best-in-Class Crisis Preparation: Maximize Readiness with the Four T s. Business Continuity Readiness Overview

Best-in-Class Crisis Preparation: Maximize Readiness with the Four T s. Business Continuity Readiness Overview Best-in-Class Crisis Preparation: Maximize Readiness with the Four T s Robert Edson Vice President, Global Sales and Marketing Business Continuity Readiness Overview Business Continuity Management (BCM)

More information

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9 HAWK Overview Agenda Contents Slide Challenges 3 HAWK Introduction 4 Key Benefits 6 About Gavin Technologies 7 Our Security Practice 8 Security Services Approach 9 Why Gavin Technologies 10 Key Clients

More information

HIPAA Security and Privacy Policies & Procedures

HIPAA Security and Privacy Policies & Procedures Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400

More information

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners Agile Master Data Management TM : Data Governance in Action A whitepaper by First San Francisco Partners First San Francisco Partners Whitepaper Executive Summary What do data management, master data management,

More information

Cybersecurity and the Board of Directors

Cybersecurity and the Board of Directors Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education

More information

Achieving effective risk management and continuous compliance with Deloitte and SAP

Achieving effective risk management and continuous compliance with Deloitte and SAP Achieving effective risk management and continuous compliance with Deloitte and SAP 2 Deloitte and SAP: collaborating to make GRC work for you Meeting Governance, Risk and Compliance (GRC) requirements

More information

Enterprise resilience and the role of Standards

Enterprise resilience and the role of Standards www.pwc.co.uk Enterprise resilience and the role of Standards Why do we have Standards? Globalisation Consistency Quality Supply chain and outsourcing Marketing value Slide 2 Stakeholder value Ultimately,

More information

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology

More information

Quality Assurance and IT Risk Management

Quality Assurance and IT Risk Management Quality Assurance and IT Risk Deutsche Bank s QA and Testing Transformation Journey Michael Venditti Head of Enterprise Testing Services, Deutsche Bank IT RISK - REGULATORY GOVERNANCE Major shifts in the

More information

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary Aon Client Data Privacy Summary Table of Contents Our Commitment to Data Privacy 3 Our Data Privacy Principles 4 Aon Client Data Privacy Summary 2 Our Commitment to Data Privacy Data Privacy Backdrop As

More information

112 th Annual Conference May 6-9, 2018 St. Louis, Missouri

112 th Annual Conference May 6-9, 2018 St. Louis, Missouri 8:30 10:30 May 6, 2018 Room 240 Complex 112 th Annual Conference May 6-9, 2018 St. Louis, Missouri Moderator/Speakers: Kevin Wachtel Finance Director/Treasurer, Villa Park, IL Alex Brown Senior Manager,

More information

Securing an IT. Governance, Risk. Management, and Audit

Securing an IT. Governance, Risk. Management, and Audit Securing an IT Organization through Governance, Risk Management, and Audit Ken Sigler Dr. James L. Rainey, III CRC Press Taylor & Francis Group Boca Raton London New York CRC Press Is an imprint cf the

More information

THE ESSENCE OF DATA GOVERNANCE ARTICLE

THE ESSENCE OF DATA GOVERNANCE ARTICLE THE ESSENCE OF ARTICLE OVERVIEW The availability of timely and accurate data is an essential element of the everyday operations of many organizations. Equally, an inability to capitalize on data assets

More information