Why GRC is important to you and your customers/prospects What do we mean by GRC? How does it relate to Oracle? Brian Gregory, ACA, EMEA GRC
|
|
- Avis Pearson
- 6 years ago
- Views:
Transcription
1 Why GRC is important to you and your customers/prospects What do we mean by GRC? How does it relate to Oracle? Brian Gregory, ACA, EMEA GRC
2 Safe Harbor Statements The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle.
3 Safe Harbor Statement Caution The following presentation will challenge your current views. The presenter has no responsibility for any distress you may suffer from having your views changed and/or your sales horizons expanded. In the event of a panic attack take deep breaths and if necessary hold the hand of the person next to you!
4 3 X 2 Compelling Reasons
5
6 One Product alone could be worth 82m in UK One sale this year was just short of $1 Million
7 Competition
8 3 rd Reason Confidence and Trust
9
10
11 But what is Governance, Risk and Compliance?
12 Governance What does GRC Mean? Set and evaluate performance against objectives Authorize business strategy & model to achieve objectives Risk Identify, assess, and address potential obstacles to achieving objectives Identify / address violation of mandated and voluntary boundaries Compliance Encourage / require compliance with established policies and boundaries Detect non-compliance and respond accordingly
13 Governance Or put another way Managing the business efficiently and effectively Ensuring No Surprises Risk Identifying and seeking to mitigating risks that could lead to surprises For example, compliance fails [SOX, Basel II] but also operational risks Data Security [HMRC] Ethics [Primark] Compliance The obvious one legal and regulatory failures
14 It is about trying to prevent Surprises from happening
15 GRC Terminology Processes Risks Best Practices Financial Governance (COSO) Operational Risk Management (ISO, 6Sigma) IT Governance (COBIT, ITIL) Risk Assurance Partners Specialists Audit Firms Controls Automated Controls Detective & Preventative Reports/Documentation Attestation ( I confirm that... )
16 Governance Risk Compliance Compliance
17 What is the Oracle GRC Strategy?
18 Oracle GRC Has Come A Long Way July 2006 May 2008 SAP definitely in my mind has the lead on Oracle in developing a very comprehensive strategy for GRC. Michael Rasmussen, Forrester July 5, 2006 SAP needs to put urgency into fleshing out its GRC management capabilities to match its vision Until SAP does so, enterprise GRC platform buyers should look to Oracle and the many bestof-breed EGRC platform vendors. * French Caldwell, Gartner May 22, 2008 Shift Happens! *As Quoted in Article by Courtney Bjorlin, News Editor29 May 2008 SearchSAP.com
19 Acquired Innovation Timeline: Scale, technology and vertical specialization drive growth across all product lines 4 Acquisitions 15 Acquisitions* 12 Acquisitions** 16 Acquisitions Oracle FY2005 Oracle Fiscal Year 2006 Oracle Fiscal Year 2007 Oracle FY 2008 YTD * Excludes acquisitions of Covansys and Hexaware operations. ** Acquisition of Mantas through majority-owned i-flex solutions company.
20 Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms Committing adequate investment to an aggressive development road map with plans for many vertical-specific versions of GRC Manager A suite of controls products, such as Oracle Application Access Controls Governor and Oracle Transaction Controls Governor, that is integrated into the GRC Manager platform
21
22 New Products Applications Shift Has Happened GRC Controls [aka LogicalApps] Automated Detection and Enforcement of key, foundational controls Any ERP customer Technology Identity Management and Database Vault now certified for EBS
23 How Oracle GRC Solutions help Challenge: Solution: Multiple Consolidate Requirements, Fragmented Response Regulation Regulation Risk Standard Standard A A BB C C R1 R2 R3 R1 R1 R2 R2 R3 R3 R1 R2 R3 C1a C2a C3a C1b C2b C3b C1c C2c C3c C5a C6a C7a C5b C6b C7b C5c C6c C7c C9a C10a C11a C9b C10b C11b C9c C10c C11c Challenge: Solution: Insufficient Automate Resources, Manual Efforts Challenge: Solution: GRC Embed as an Afterthought Or Holding Up the Business Process Reporting & Diagnostics Policy Remediation GRC Risk Issues GRC Business Business Process Processes Assessment Detective Control Preventive Control Sources: Adapted from Deloitte Consulting, Open Compliance and Ethics Group, and IDC
24 Oracle Solutions for GRC Access Policy KPIs Documentation & Reporting Identity Mgmt SOD & Access GRC Reporting & Analytics GRC Infrastructure Controls Data Security Risk & Control KPIs GRC Process Management Management Assessments GRC Application Controls Application Configuration Systems Mgmt Certification KPIs Issues & Remediation Transaction Monitoring Records & Content Mgmt Digital Rights Purpose-built business solutions for key industries and GRC initiatives Best-in-class GRC core solutions to support all mandates and regulations Pre-integrated with Oracle applications and technology, supports heterogeneous environments Custom or Legacy Applications
25 Oracle GRC Product Set GRC Reporting and Analytics Fusion GRC Intelligence Dashboards Audit Identity Mgmt SOD & Access GRC Reporting & Analytics Reporting GRC Process Management Management Assessment GRC Application Controls Application Configuration GRC Infrastructure Controls Data Security Systems Mgmt Issue & Remediation Records & Content Mgmt Custom or Legacy Applications KRI & Alerts Event & Loss Mgmt Transaction Monitoring Digital Rights GRC Process Management GRC Manager GRC Application Controls Application Access Controls Governor Configuration Controls Governor Transaction Controls Governor Preventive Controls Governor GRC Infrastructure Controls Identity Manager Access Manager Role Manager Database Vault Audit Vault Advanced Security Secure Backup Enterprise Manager Universal Content Management Universal Records Management Information Rights Management
26 Step 5 Secure the IT Infrastructure. User Indemnity Management across all systems, security of data, availability of systems etc are all important. Of course you also need to be able to show that the IT policies and procedures are adequate and functioning Policies and Procedures Document, Evaluate, Verify and Conclude Step 1 - Understand what your policies and procedures are and whether they are adequate. Where are the weaknesses and are there any mitigating controls Secure IT Infrastructure User Access and Provisioning, Data Security, Availability People Align required skills and competencies with staff Step 4 Plan your business and have Business Intelligence systems that monitor performance and alert to possible deviations. Of course you should understand the processes for creating the budgets and forecasts. Step 2 - Ensure that your staff have the necessary skills and experience to undertake their duties. Of course this is an on-going process Plan, Forecast and Monitor Create, Manage, Update and Report Step 3 Automate the flow of transactions and approvals as much as possible. Of course this requires a link to HR. Simplify the number of processes and ERP. Automate Controls, Approvals and Business flows
27 Oracle GRC Reporting & Analytics Run your Business Better and Prove It IT Governance Financial Compliance Dashboards Policy & Procedures Regulatory Policy Mgmt Environmental Information Privacy GRC Reporting & Analytics Reporting GRC Process Management Issues & Remediation Global Trade Mgmt Product Quality &Safety GRC Application Controls Public Sector Financial Services Life Sciences KRI & Alerts Certification Retail High Tech Pre-built dashboards aggregate information from all sources Combine performance & GRC information Respond to KRI and issues Produce attestations and disclosures Configure to meet your specific needs SOD & Access Application Configuration Transaction Monitoring GRC Infrastructure Controls Identity Mgmt Data Security Change Mgmt Records Mgmt Digital Rights Custom or Legacy Applications
28 Oracle GRC Intelligence Better decisions, more timely access to information, balanced performance Pre-built dashboards aggregate information from all sources Combine performance & GRC information Respond to KRI and issues Role based Configure to meet your specific needs
29 Consolidated view of financial balances and risk rating
30 GRC Intelligence for SOD
31 Oracle GRC Process Management Simplify GRC and Reduce Costs IT Governance Financial Compliance Regulatory Policy Mgmt Environmental Information Privacy Global Trade Mgmt Product Quality &Safety Reporting & Analytics Public Sector Financial Services Life Sciences Retail High Tech Dashboards Reporting KRI & Alerts Audit SOD & Access GRC Process Management Management Assessment GRC Application Controls Application Configuration Issue & Remediation Event & Loss Mgmt Transaction Monitoring GRC system of record End-to-end GRC process management Platform independent Integrated control management Closed-loop issue remediation GRC Infrastructure Controls Identity Mgmt Data Security Change Mgmt Records Mgmt Digital Rights Custom or Legacy Applications
32 GRC Manager
33 Example of a process: basics
34 Example of a process: Risks
35 Example of a process: Controls
36 Is it time to do an assessment again? Manage Compliance Processes Automate Labor Intensive, Manual Processes
37 Oracle GRC Applications Controls Protect Brand and Reputation IT Governance Financial Compliance Regulatory Policy Mgmt Environmental Information Privacy Global Trade Mgmt Product Quality &Safety Reporting & Analytics Public Sector Financial Services Life Sciences Retail High Tech Dashboards Reporting KRI & Alerts GRC Process Management Audit Management Assessment Issue & Remediation Event & Loss Mgmt SOD & Access GRC Application Controls Application Configuration GRC Infrastructure Controls Transaction Monitoring Preventive and detective controls What-if risk simulation Automated controls testing Identity Mgmt Data Security Change Mgmt Records Mgmt Digital Rights Custom or Legacy Applications
38 Oracle GRC Controls Monitor Control Effectiveness What users have done Detective Controls What s changed in the environment What are the execution patterns ACCESS Controls CONFIGURATION Controls TRANSACTION Controls What users can do How the environment is setup Preventive Controls Enforce Policies in Context How users execute processes
39 Oracle GRC Controls Monitor Control Effectiveness What users have done Detective Controls What s changed in the environment What are the execution patterns ACCESS Controls CONFIGURATION Controls TRANSACTION Controls What users can do How the environment is setup Preventive Controls Enforce Policies in Context How users execute processes
40 Segregation of Duties You mean I can t approve my own expenses?
41 Integrity of Accounting Segregation of Duties [SOD] Fraud Accuracy Foundation to ANY accounting system Strong control is essential to ALL accounting operations X-Industry - Private, Public, Public Sector, Not for Profit etc NOT DRIVEN BY ANY SPECIFIC LEGISLATION
42 Oracle Application Access Controls Governor Enforce proper segregation of duties in applications Policy Library Conflict Paths Simplify segregation of duties enforcement with simulation and remediation Mitigate risk of privileged user access to enterprise applications with approval workflow and audit trails Accelerate deployment and time to value with pre-delivered controls library Detection Prevention Define Access Controls Access Analysis Remediation (Clean-up) Preventive Provisioning Compensating Policies
43 Conflict Analysis Define Access Controls Conflict Analysis Remediation (Clean-up) Preventive Provisioning Compensating Controls View detailed conflict reports by various dimensions (e.g. by Application)
44 Compensating Controls Define Access Controls Conflict Analysis Remediation (Clean-up) Preventive Provisioning Compensating Controls Implement compensating SOD control by removing the payment tab to enforce policy
45 Compensating Controls Define Access Controls Conflict Analysis Remediation (Clean-up) Preventive Provisioning Compensating Controls Payment tab is removed
46 What should I be looking for? 4 Simple Questions Are you interested in understanding who has access to your systems? Are you interested to know what access they have? Are you interested in finding potential conflicts in access rights? Are you interested in enforcing access controls and preventing inappropriate access?
47 Oracle GRC Controls Monitor Control Effectiveness What users have done Detective Controls What s changed in the environment What are the execution patterns ACCESS Controls CONFIGURATION Controls TRANSACTION Controls What users can do How the environment is setup Preventive Controls Enforce Policies in Context How users execute processes
48 Configuration Management As you can see there have been some changes to the computer systems
49 Integrity of Accounting Integrity of Financial System Changes Monitor Prevent Track Assess Strong control is essential to ALL accounting operations X-Industry - Private, Public, Public Sector, Not for Profit etc NOT DRIVEN BY ANY SPECIFIC LEGISLATION
50 Oracle Configuration Controls Governor Ensure integrity of critical application setups Achieve consistent application setup and operating standards across multiple instances Track complete audit trails for changes to key configurations Tightly control change management to accelerate development and test time Detection Prevention Define Configuration Controls Document or Compare Configurations Monitor Configuration Changes Enforce Change Control Manage Data Integrity
51 Data Privacy and Data Integrity Mask sensitive data, disable buttons, validate data input, etc. Granular user interface Employee Update Name John Doe Conceal SSN number if User Address is NOT from 123 HR Main dept St Center City, NY restrictions Restrict access to data or actions Embedded control enforcement SSN Salary XXX-XX-XXXXX $ 53, Supervisor Mary Smith John Jones Phil Johnson Sue Thompson Sally Struthers Bill Seibel OK Employees can only view the Salary field (can t update) Cancel Disable Invoice action button for Invoices created by same user
52 What should I be looking for? 4 Simple Questions Are you interested in understanding what changes have been made to your configuration? Are changes have been made to key data in your systems? Are you interested in being able to report on differences between configurations both over time and between different instances? Are you interested in enforcing controls over changes?
53 Transaction Management So isn t it strange that this user is raising a number of POs just under their approval level?
54 Integrity of Accounting Detection and Prevention of Unusual transactions Continuous monitoring of Transaction Master data Strong control is essential to ALL accounting operations X-Industry - Private, Public, Public Sector, Not for Profit etc NOT DRIVEN BY ANY SPECIFIC LEGISLATION
55 Oracle Transaction Controls Governor Identify inaccurate or fraudulent transactions Pre-delivered Transaction Controls Suspect Transactions Continuously monitor accuracy of transactions and mitigate exposure to fraud Test against thresholds Search for anomalies Perform transaction sampling Detection Prevention Define Transaction Controls Perform Transaction Analysis Review and Address Suspects Preventive Transaction Controls
56 What should I be looking for? 4 Simple Questions Are you interested in being able to identify unusual transactions in your systems? Are you interested in being able to identify users trying to circumvent authority limits by undertaking multiple transactions? Are you interested in being able to speed your period close process? Are you interested in being able to enforce controls over transactions?
57 Oracle GRC Reporting & Analytics Run your Business Better and Prove It IT Governance Financial Compliance Regulatory Policy Mgmt Environmental Information Privacy Global Trade Mgmt Product Quality &Safety GRC Reporting & Analytics Public Sector Financial Services Life Sciences Retail High Tech Dashboards Reporting KRI & Alerts GRC Process Management Policy & Procedures Issues & Remediation Certification Identity Mgmt SOD & Access GRC Application Controls Application Configuration GRC Infrastructure Controls Data Security Change Mgmt Records Mgmt Transaction Monitoring Digital Rights Secure the IT Infrastructure Extend user access and SOD to cover ALL systems Secure data inside and outside IT environment Protect sensitive data from unauthorized access Manage flow of data between systems Custom or Legacy Applications
58 Oracle Identity & Access Management End Users Administrator Info. Sec, Auditor Strong Authentication Risk Based Authorization Federation Self-Service Identity Admin Account Admin Organization Admin Role Management Delegated Admin Reporting & Analytics Attestation Segregation of Duties Fraud Detection Oracle Identity Management & Security Platform Provisioning Reconciliation Password Mgmt. WS Security LDAP Storage LDAP Synchronization LDAP Virtualization DB User Security Java Platform Security Authentication For Operating Systems Business Apps, HR Directories, DB App Server, OS
59 Compliant Access Provisioning Segregation of Duties in User Provisioning IDENTITY MANAGEMENT GRC CONTROLS! Set Up User Profile Determine User Role Validate with SOD Policies Violations Found New Hire, Change of Role Provision Application Access No Violations Remediate: Seek Approval Apply Mitigating Control Deny Access
60 Oracle Database Security Defense-in-Depth for Security and Compliance Configuration Management Audit Vault Total Recall Database Vault Label Security Advanced Security Secure Backup Data Masking
61 Oracle Database Vault Controls on privileged users Restrict highly privileged users from application data Provide Separation of Duty Security for database and information consolidation Real time access controls Control who, when, where and how data is accessed Make decision based on IP address, time, auth Reports Command Rules Protection Realms Multi-Factor Authorization Separation of Duty
62 Patented distributed rights management between centralized server and desktop Centralized revocation of rights and up-todate audit trail Transparent mobile access to sealed information Classification-based rights management Enterprise-scalable Oracle Information Rights Management
63 Summary GRC is a huge opportunity Oracle is unique in the depth and breadth of our offering For every EBS and P/Soft customer [new and existing] you should include: GRC Controls SOD is the lead Extend GRC C with Technology for complete Every system we sell is in order to automate and improve business processes so why not talk to them about GRC Manager and GRC Intelligence to record the processes? UPK and/or Tutor to enable staff effectiveness? Think beyond your comp plan GRC is Never about 1 product Our strength is the completeness of offering Engage with Partners
64 Resources for Accelerating Growth
65 Resources for Accelerating Growth
66 Partner Communities Partner Communities Live Partner Communities for BI, ECM, IDM, Persuasive, SOA Material available from Partner Communities Technology: white papers, documentations, downloads Sales: sales kits, cheat sheets, references, ROI calculator Marketing: brochures, presentations, industry papers Education: Online Training & Assessments & Certification Activities Regular updates available in OPN Monthly newsletters Monthly webcasts Quarterly Partner Community Forums Online Discussion Forums Next step Sign up for the communities: ology/home.html
67
Oracle Buys Automated Applications Controls Leader LogicalApps
Oracle Buys Automated Applications Controls Leader LogicalApps To strengthen Oracle s Governance, Risk and Compliance Suite with Real-time Policy Enforcement October 26, 2007 Disclaimer The following is
More informationGovernance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture.
Governance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture. Natasak Rodjanapiches, Managing Director, Oracle Corporation (Thailand) 1 Governance, Risk, and Compliance (GRC) Natasak
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationThe 10 Principles of Security in Modern Cloud Applications
The 10 Principles of Security in Modern Cloud Applications Nigel King, Vice President, Oracle In-Depth Seminars D11 1 Safe Harbor Statement The following is intended to outline our general product direction.
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform
More informationDatabase Centric Information Security. Speaker Name / Title
Database Centric Information Security Speaker Name / Title The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated
More informationAchieving effective risk management and continuous compliance with Deloitte and SAP
Achieving effective risk management and continuous compliance with Deloitte and SAP 2 Deloitte and SAP: collaborating to make GRC work for you Meeting Governance, Risk and Compliance (GRC) requirements
More informationCA Security Management
CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate
More informationHyperion Application Access Control Governor Blueprint for Oracle GRC Applications
Hyperion Application Access Control Governor Blueprint for Oracle GRC Applications Providing organizations the ability to enforce Segregation of Duties across Hyperion Applications
More informationGovernance, Risk, and Compliance: A Practical Guide to Points of Entry
An Oracle White Paper January 2010 Governance, Risk, and Compliance: A Practical Guide to Points of Entry Disclaimer The following is intended to outline our general product direction. It is intended for
More informationData Management and Security in the GDPR Era
Data Management and Security in the GDPR Era Franck Hourdin; Vice President, EMEA Security Russ Lowenthal; Director, Database Security Product Management Mike Turner; Chief Operating Officer, Capgemini
More informationThe Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory
The Future of IT Internal Controls Automation: A Game Changer January 2018 Risk Advisory Contents Introduction 01 Future Operating Models for Managing Internal Controls 02 Summary 07 Introduction Internal
More informationFulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation Solutions
Public Sector Best Practices that Protect the Citizens against Financial Losses, Waste and Fraud Using Advanced Controls FulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation
More informationBPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.
BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...
More informationwith Oracle IDM Peter Heintzen, Sen. Mgr. Information Security Oracle
Data Privacy Enhanced Database Security with Oracle IDM Peter Heintzen, Sen. Mgr. Information Security Oracle Security Levels for SLAs Preventive Controls Detective Controls Corrective
More informationOracle Database Vault
An Oracle White Paper July 2009 Oracle Database Vault Introduction... 3 Oracle Database Vault... 3 Oracle Database Vault and Regulations... 4 Oracle Database Vault Realms... 5 Oracle Database Vault Command
More informationCompliance and Privileged Password Management
Introduces Compliance and Privileged Password Management [ W H I T E P A P E R ] Written by Kris Zupan, CEO/CTO e-dmz Security, LLC April 13, 2007 Compliance and Privileged Password Management Overview
More informationOVERVIEW BROCHURE GRC. When you have to be right
OVERVIEW BROCHURE GRC When you have to be right WoltersKluwerFS.com In response to today s demanding economic and regulatory climate, many financial services firms are transforming operations to enhance
More informationLEADING WITH GRC. Common Controls Framework. Sundar Venkat, Sr. Director Technology Compliance Salesforce
LEADING WITH GRC Common Controls Framework Sundar Venkat, Sr. Director Technology Compliance Salesforce Forward-Looking Statements Statement under the Private Securities Litigation Reform Act of 1995:
More informationREALIZE YOUR. DIGITAL VISION with Digital Private Cloud from Atos and VMware
REALIZE YOUR DIGITAL VISION with Digital Private Cloud from Atos and VMware Today s critical business challenges and their IT impact Business challenges Maximizing agility to accelerate time to market
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationOracle Database Vault and Applications Unlimited Certification Overview
Oracle Database Vault and Applications Unlimited Certification Overview Kamal Tbeileh, Principal Product Manager, Database Vault Oracle Corporation The following is intended to outline
More information2-4 April 2019 Taets Art and Event Park, Amsterdam CLICK TO KNOW MORE
Co-Host Host 2-4 April 2019 Taets Art and Event Park, Amsterdam CLICK TO KNOW MORE Oracle Cloud Computing Strategy Han Wammes Public Sector Market Development Manager 1 Copyright 2012, Oracle and/or its
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationCloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.
George Gerchow, Sumo Logic Chief Information Security Officer Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. Agenda Sumo Security
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationISACA Cincinnati Chapter March Meeting
ISACA Cincinnati Chapter March Meeting Recent and Proposed Changes to SOC Reports Impacting Service and User Organizations. March 3, 2015 Presenters: Sayontan Basu-Mallick Lori Johnson Agenda SOCR Overview
More informationThe risk of SQL forms within the Oracle Applications- How did that Happen?
The risk of SQL forms within the Oracle Applications- How did that Happen? Alfredo Pantaleon, Sr. Principal- GRC Services, KBACE Jeffrey Hare, CPA CISA CIA - ERP Seminars March 26, 2009 1. Presenter Alfredo
More informationOracle and Tangosol Acquisition Announcement
Oracle and Tangosol Acquisition Announcement March 23, 2007 The following is intended to outline our general product direction. It is intended for information purposes only, and may
More informationDATACENTER SERVICES DATACENTER
SERVICES SOLUTION SUMMARY ALL CHANGE React, grow and innovate faster with Computacenter s agile infrastructure services Customers expect an always-on, superfast response. Businesses need to release new
More informationRegulatory Compliance Using Identity Management
Regulatory Compliance Using Identity Management 2016 Hitachi ID Systems, Inc. All rights reserved. Regulations such as Sarbanes-Oxley, FDA 21-CFR-11 and HSPD-12 require stronger security, to protect sensitive
More informationHow will cyber risk management affect tomorrow's business?
How will cyber risk management affect tomorrow's business? The "integrated" path towards continuous improvement of information security Cyber Risk as a Balance Sheet Risk exposing Board and C-Levels 2018
More informationPave the way: Build a value driven SAP GRC roadmap March 2015
www.pwc.be/erp Pave the way: Build a value driven SAP GRC roadmap March 2015 Agenda Introduction Measuring GRC Progression & Benchmarking GRC Program Roadmap Building a Business Case 2 Introduction Pave
More informationData Protection. Plugging the gap. Gary Comiskey 26 February 2010
Data Protection. Plugging the gap Gary Comiskey 26 February 2010 Data Protection Trends in Financial Services Financial services firms are deploying data protection solutions across their enterprise at
More informationA Global Look at IT Audit Best Practices
A Global Look at IT Audit Best Practices 2015 IT Audit Benchmarking Survey March 2015 Speakers Kevin McCreary is a Senior Manager in Protiviti s IT Risk practice. He has extensive IT audit and regulatory
More informationImplementation of a SAP GRC solution at a Swiss Mobile Network Operator. Andreas Eberhardt, Senior Consultant Barcelona,
Implementation of a SAP GRC solution at a Swiss Mobile Network Operator Andreas Eberhardt, Senior Consultant Barcelona, 14.05.2009 Agenda Success factors for the implementation of a SAP GRC solution GRC
More informationTech Data s Acquisition of Avnet Technology Solutions
Tech Data s Acquisition of Avnet Technology Solutions Creating a Premier Global IT Distributor: From the Data Center to the Living Room September 19, 2016 techdata.com 1 Forward-Looking Statements Safe
More informationTransforming IT: From Silos To Services
Transforming IT: From Silos To Services Chuck Hollis Global Marketing CTO EMC Corporation http://chucksblog.emc.com @chuckhollis IT is being transformed. Our world is changing fast New Technologies New
More information1 Introduction to Identity Management. 2 Access needs evolve. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications
1 Introduction to Identity Management Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications An overview of business drivers and technology solutions. 2 Access needs evolve Digital
More informationCrises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.
Crises Control Cloud Security Principles Transputec provides ICT Services and Solutions to leading organisations around the globe. As a provider of these services for over 30 years, we have the credibility
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationCIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products
CIAM: Need for Identity Governance & Assurance Yash Prakash VP of Products Key Tenets of CIAM Solution Empower consumers, CSRs & administrators Scale to millions of entities, cloud based service Security
More informationSAP security solutions Is your business protected?
www.pwc.com SAP security solutions Is your business protected? SAP security overview Background SAP Security is becoming more difficult to control due to a constantly evolving compliance landscape and
More information10 Considerations for a Cloud Procurement. March 2017
10 Considerations for a Cloud Procurement March 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationOverview. Business value
PRODUCT SHEET CA Top Secret for z/vse CA Top Secret for z/vse CA Top Secret for z/vse provides innovative and comprehensive security for business transaction environments which enable your business to
More informationNext Generation Policy & Compliance
Next Generation Policy & Compliance Mason Karrer, CISSP, CISA GRC Strategist - Policy and Compliance, RSA Core Competencies C33 2013 Fall Conference Sail to Success CRISC CGEIT CISM CISA Introductions...
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Securing Privileged Accounts with an Integrated IDM Solution Olaf.Stullich@oracle.com Product Manager, Oracle Mike Laramie Oracle Cloud for Industry Architecture Team Buddhika Kottahachchi OPAM Architect
More informationA Pragmatic Path to Compliance. Jaffa Law
A Pragmatic Path to Compliance Jaffa Law jaffalaw@hk1.ibm.com Introduction & Agenda What are the typical regulatory & corporate governance requirements? What do they imply in terms of adjusting the organization's
More informationIT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)
DESIGNATION Reporting to Division Office Location IT MANAGER PERMANENT SALARY SCALE: P07 (R806 593.00) Ref:AgriS042/2019 Information Technology Manager CEO Information Technology (IT) Head office JOB PURPOSE
More informationGDPR How we can help. Solvit Networks CA. ALL RIGHTS RESERVED.
GDPR How we can help Solvit Networks 01.11.2017 2016 CA. ALL RIGHTS RESERVED. GDPR The facts The General Data Protection Regulation (GDPR) applies to all companies trading in the EU and processing personal
More informationTable of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING
Table of Contents Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING Chapter 1: Significance of Internal Auditing in Enterprises Today: An Update 3 1.1 Internal Auditing History and Background
More informationICT OPERATING SYSTEM SECURITY CONTROLS POLICY
ICT OPERATING SYSTEM SECURITY CONTROLS POLICY TABLE OF CONTENTS 1. INTRODUCTION... 3 2. LEGISLATIVE FRAMEWORK... 3 3. OBJECTIVE OF THE POLICY... 4 4. AIM OF THE POLICY... 4 5. SCOPE... 4 6. BREACH OF POLICY...
More informationCustomer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach
Customer Breach Support A Deloitte managed service Notifying, supporting and protecting your customers through a data breach Customer Breach Support Client challenges Protecting your customers, your brand
More informationSecurity and PCI Compliance for Retail Point-of-Sale Systems
Security and PCI Compliance for Retail Point-of-Sale Systems In the retail business, certain security issues can impact customer confidence and the bottom line regulatory penalties, breaches, and unscheduled
More informationRisk Management in Electronic Banking: Concepts and Best Practices
Risk Management in Electronic Banking: Concepts and Best Practices Jayaram Kondabagil BICENTENNIAL B1CBNTENNIAL John Wiley & Sons (Asia) Pte Ltd. Contents List of Figures xiii List of Tables xv Preface
More informationJ.P. Morgan Healthcare Conference Investor Presentation Matt Wallach, President & Co-Founder January 14, Veeva Systems veeva.
J.P. Morgan Healthcare Conference Investor Presentation Matt Wallach, President & Co-Founder January 14, 2016 2016 Veeva Systems veeva.com Safe Harbor Forward-looking Statements This presentation contains
More informationBEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.
More informationUSING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES
WHITE PAPER USING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES Table of Contents I. Overview II. COSO to CobIT III. CobIT / COSO Objectives met by using QualysGuard 2 3 4 Using QualysGuard
More informationChallenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9
HAWK Overview Agenda Contents Slide Challenges 3 HAWK Introduction 4 Key Benefits 6 About Gavin Technologies 7 Our Security Practice 8 Security Services Approach 9 Why Gavin Technologies 10 Key Clients
More informationSAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010
JAYACHANDRAN.B,CISA,CISM jb@esecurityaudit.com August 2010 SAS 70 Audit Concepts and Benefits Agenda Compliance requirements Overview Business Environment IT Governance and Compliance Management Vendor
More informationAccess Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions
Access Governance in a Cloudy Environment Nabeel Nizar VP Worldwide Solutions Engineering @nabeelnizar Nabeel.Nizar@saviynt.com How do I manage multiple cloud instances from a single place? Is my sensitive
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationManaging Your Privileged Identities: The Choke Point of Advanced Attacks
Managing Your Privileged Identities: The Choke Point of Advanced Attacks Shirief Nosseir EMEA Alliances Director Identity & API Management Tuesday, 16 May 2017 Agenda Why Privileged Access Management Why
More informationSymantec To Acquire VeriSign s Identity and Authentication Business. May 19, 2010
Symantec To Acquire VeriSign s Identity and Authentication Business May 19, 2010 Forward-Looking Statements This presentation contains forward-looking statements within the meaning of U.S. federal securities
More informationGain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services
Solution Overview Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services OPTIMIZE YOUR CLOUD SERVICES TO DRIVE BETTER BUSINESS OUTCOMES Reduce Cloud Business Risks and Costs
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationMNsure Privacy Program Strategic Plan FY
MNsure Privacy Program Strategic Plan FY 2018-2019 July 2018 Table of Contents Introduction... 3 Privacy Program Mission... 4 Strategic Goals of the Privacy Office... 4 Short-Term Goals... 4 Long-Term
More informationAuditing IT General Controls
Auditing IT General Controls Amanthi Pendegraft and Nadine Yassine September 27, 2017 Agenda Introduction and Objectives IT Audit Fundamentals IT General Controls Overview Access to Programs and Data Program
More informationhcloud Deployment Models
hcloud Deployment Models Drew Dietrich Director, Oracle Managed Cloud Services 1 The Safe Harbor The following is intended to outline our general product direction. It is intended for information purposes
More informationReady, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan
Ready, Willing & Able Michael Cover, Manager, Blue Cross Blue Shield of Michigan Agenda 1. Organization Overview 2. GRC Journey Story 3. GRC Program Roadmap 4. Program Objectives and Guiding Principals
More informationThe Honest Advantage
The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents
More informationHeading Text. Manage your Organization s Governance, Risks, and Compliance Requirements and Transform your Business Potential with SAP GRC
Heading Text Manage your Organization s Governance, Risks, and Compliance Requirements and Transform your Business Potential with SAP GRC Why Governance, Risk Management, and Compliance? Unidentified risks
More informationPolicy for Accrediting Assessment Bodies Operating within the Cradle to Cradle Certified Product Certification Scheme. Version 1.2
Policy for Accrediting Assessment Bodies Operating within the Cradle to Cradle Certified Product Certification Scheme Version 1.2 July 2015 Copyright, Cradle to Cradle Products Innovation Institute, 2015
More informationOpenText Buys Guidance Software
OpenText Buys Guidance Software September 14, 2017 NASDAQ: OTEX TSX: OTEX Safe Harbor Statement Certain statements in this presentation, including statements regarding OpenText's plans, objectives, expectations
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationSymantec Data Center Transformation
Symantec Data Center Transformation A holistic framework for IT evolution As enterprises become increasingly dependent on information technology, the complexity, cost, and performance of IT environments
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationDoes a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?
Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA? A brief overview of security requirements for Federal government agencies applicable to contracted IT services,
More informationEMC Ionix IT Compliance Analyzer Application Edition
DATA SHEET EMC Ionix IT Compliance Analyzer Application Edition Part of the Ionix Data Center Automation and Compliance Family Automatically validates application-related compliance with IT governance
More informationPrivate Clouds: Opportunity to Improve Data Security and Lower Costs. InfoTRAMS Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt t W Pracy
Private Clouds: Opportunity to Improve Data Security and Lower Costs InfoTRAMS Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt t W Pracy Private Clouds: Opportunity to Improve Data Security and
More informationThree Key Challenges Facing ISPs and Their Enterprise Clients
Three Key Challenges Facing ISPs and Their Enterprise Clients GRC, enterprise services, and ever-evolving hybrid infrastructures are all dynamic and significant challenges to the ISP s enterprise clients.
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationRethinking Information Security Risk Management CRM002
Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design
More informationService Description VMware Workspace ONE
VMware Workspace ONE Last Updated: 05 April 2018 The product described in this Service Description is protected by U.S. and international copyright and intellectual property laws. The product described
More informationGlobal Security Consulting Services, compliancy and risk asessment services
Global Security Consulting Services, compliancy and risk asessment services Introduced by Nadine Dereza Presented by Suheil Shahryar Director of Global Security Consulting Today s Business Environment
More informationThe ProcessGene GRC Suite. Solution Presentation
B u s i n e s s P r o c e s s R e a l i z a t i o n The ProcessGene GRC Suite Solution Presentation Design Processes Supervise Realization Control Changes Enforce Compliance Copyright 2007 About ProcessGene
More information<< Practice Test Demo - 2PassEasy >> Exam Questions CISM. Certified Information Security Manager. https://www.2passeasy.
Exam Questions CISM Certified Information Security Manager https://www.2passeasy.com/dumps/cism/ 1.Senior management commitment and support for information security can BEST be obtained through presentations
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. reserved. Insert Information Protection Policy Classification from Slide 8
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material,
More informationWhat is ISO ISMS? Business Beam
1 Business Beam Contents 2 Your Information is your Asset! The need for Information Security? About ISO 27001 ISMS Benefits of ISO 27001 ISMS 3 Your information is your asset! Information is an Asset 4
More informationSecuring Your Most Sensitive Data
Software-Defined Access Securing Your Most Sensitive Data Company Overview Digital Growth Means Digital Threats Digital technologies offer organizations unprecedented opportunities to innovate their way
More informationMcAfee epolicy Orchestrator
McAfee epolicy Orchestrator Centrally get, visualize, share, and act on security insights Security management requires cumbersome juggling between tools and data. This puts the adversary at an advantage
More informationSaving Time Amanda McPherson, CCBIA Vice President/Internal Audit Manager Colorado East Bank & Trust
Saving Time Amanda McPherson, CCBIA Vice President/Internal Audit Manager Colorado East Bank & Trust Life before ACL GRC Life before ACL GRC Where do I start? In the beginning Dry erase board Word documents
More informationThe Value of Force.com as a GRC Platform
The Value of Force.com as a GRC Platform Andy Evans - Xactium Limited March 2009 Executive Summary The importance of governance, risk and compliance (GRC) activities to organizations has become increasingly
More informationADDING BUSINESS VALUE THROUGH EFFECTIVE IT SECURITY MANAGEMENT
ADDING BUSINESS VALUE THROUGH EFFECTIVE IT SECURITY MANAGEMENT 1 BY HUSSEIN K. ISINGOMA CISA,FCCA,CIA, CPA, MSC,BBS AG. ASSISTANT COMMISSIONER/INTERNAL AUDIT MINISTRY OF FINANCE, PLANNING AND ECONOMIC
More informationIT Attestation in the Cloud Era
IT Attestation in the Cloud Era The need for increased assurance over outsourced operations/ controls April 2013 Symeon Kalamatianos M.Sc., CISA, CISM Senior Manager, IT Risk Consulting Contents Introduction
More informationWhite Paper. How to Write an MSSP RFP
White Paper How to Write an MSSP RFP https://www.solutionary.com (866) 333-2133 Contents 3 Introduction 3 Why a Managed Security Services Provider? 5 Major Items to Consider Before Writing an RFP 5 Current
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationBig data privacy in Australia
Five-article series Big data privacy in Australia Three actions you can take towards compliance Article 5 Big data and privacy Three actions you can take towards compliance There are three actions that
More information