GRC TOOL IMPLEMENTATION RAEF MEEUWISSE CISA, FUNCTIONAL ARCHITECT, ADAPTIVEGRC

Size: px
Start display at page:

Download "GRC TOOL IMPLEMENTATION RAEF MEEUWISSE CISA, FUNCTIONAL ARCHITECT, ADAPTIVEGRC"

Transcription

1 GRC TOOL IMPLEMENTATION RAEF MEEUWISSE CISA, FUNCTIONAL ARCHITECT, ADAPTIVEGRC GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014

2 RAEF MEEUWISSE Functional Architect, AdaptiveGRC GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014

3 IMPLEMENTING GRC NEED NOT BE A PUZZLE GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014

4 GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014

5 LEARNING OBJECTIVES WHAT IS GRC HOW TO START TO APPROACH A GRC IMPLEMENTATION WHERE GRC ACTIVITY OVERLAPS OCCUR WHY GRC ACTIVITY OVERLAPS EXIST HOW TO SET CENTRAL GRC ENGINEERING GOALS GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014

6 WHAT IS GRC? ANYTHING THAT CONTRIBUTES TOWARDS ONE OR MORE OF THE 3 CENTRAL GRC PILLARS GOVERNANCE: TYPICALLY POLICIES, PROCEDURES, GUIDELINES, EXECUTIVE REPORTS AND EVEN EXPLICIT CONTROL OBJECTIVES USED TO INFLUENCE OR CONTROL THE ORGANIZATION RISK MANAGEMENT: ANYTHING USED TO HELP IDENTIFY, ASSESS AND MITIGATE POTENTIAL THREATS AND OPPORTUNITIES TO THE ORGANIZATION COMPLIANCE: ANYTHING USED TO MONITOR, TRACK OR ENFORCE ADHERENCE BY THE ORGANIZATION (OR THEIR REPRESENTATIVES) TO THE REQUIRED STANDARDS IMPOSED BY THE GOVERNANCE GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014

7 TECHNOLOGY RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT VENDOR RISK PROFILING INTERNAL SERVICE RISK PROFILING INTERNAL AUDIT COMPLIANCE SELF-ASSESSMENTS VENDOR AUDITS VENDOR ASSESSMENTS DATA PRIVACY COMPLIANCE REPORTING SECURITY INCIDENT MANAGEMENT DATA LOSS MANAGEMENT POLICY & PROCEDURE MANAGEMENT CORRECTIVE / PREVENTIVE ACTIONS DEVIATION MANAGEMENT EXTERNAL REGULATORY INSPECTIONS SYSTEM COMPLIANCE MANAGEMENT PERIODIC REGULATORY REPORTING PERIODIC REVIEWS FINDINGS MANAGEMENT QUALITY INCIDENTS SECURITY TESTING... GRC ACTIVITIES CAN BELONG TO ONE OR MORE GRC PILLAR ALL GRC ACTIVITIES USE AND DELIVER INFORMATION USEFUL TO OTHER GRC ACTIVITIES

8 HOW TO START TO APPROACH A GRC IMPLEMENTATION? GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014

9 ALICE: WOULD YOU TELL ME, PLEASE, WHICH WAY I OUGHT TO GO FROM HERE? THE CHESHIRE CAT: THAT DEPENDS A GOOD DEAL ON WHERE YOU WANT TO GET TO. ALICE: I DON'T MUCH CARE WHERE. THE CHESHIRE CAT: THEN IT DOESN'T MUCH MATTER WHICH WAY YOU GO. ALICE:...SO LONG AS I GET SOMEWHERE. THE CHESHIRE CAT: OH, YOU'RE SURE TO DO THAT, IF ONLY YOU WALK LONG ENOUGH. - LEWIS CARROLL, ALICE IN WONDERLAN

10 KNOW WHAT YOU WANT TO ACHIEVE I JUST NEED TO USE WHAT I HAVE I JUST NEED TO IMPROVE A SINGLE GRC ACTIVITY AREA I NEED TO IMPROVE MULTIPLE GRC ACTIVITY AREAS I NEED TO TRANSFORM MULTIPLE GRC ACTIVITY AREAS I NEED TO TRANSFORM ALL GRC ACTIVITY AREAS & EXECUTIVE REPORTING

11 NEBULOUS GOALS MAY APPEAR EASIER IN EARLY STAGES BUT CREATE FAILURE LATER PARALLEL ACTION WITH COLLISION EVERYBODY HAS DIFFERENT IDEAS ABOUT WHAT THEY ARE BUILDING THE SHOWDOWN ONLY HAPPENS AS THE TASKS START TO DELIVER GUARANTEED CHALLENGES AND MISSED EXPECTATIONS

12 IN ORDER TO LEARN HOW TO SIMPLIFY OUR GRC IMPLEMENTATION, WE HAVE TO GET A SENSE OF: WHAT CHANGES DRIVE THE NEED FOR A GRC SOLUTION WHAT IMPACT THAT HAS ON OUR ORGANIZATIONS GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014

13 WHAT HAS CHANGED?

14 DATA 1980: 10 MB HARD DISK $10,000 RETAIL 1990: 1 GB $ : 1GB $1 2014: 1GB $0.20 GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014

15 TECHNOLOGIES: LOCATIONS & SPEED OF ADOPTION GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014

16 REGULATIONS: TRYING TO KEEP PACE WITH CHANGES & IMPOSE MOTIVATIONAL PENALTIES GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014

17 A LOT OF MORE DATA A LOT MORE DISTRIBUTION OF THE DATA OUTSIDE OUR DIRECT CONTROL BUT STILL INSIDE OUR RESPONSIBILITY SOME BIG POTENTIAL FOR FINANCIAL PENALTIES AND REPUTATIONAL DAMAGE FOR ITEMS THAT CAN SEEM LIKE THEY ARE OUT OF OUR CONTROL + POTENTIALLY HUGE INEFFICIENCES IF WE TAKEN AN AD HOC APPROACH TO THE WORK: DUPLICATED EFFORT CONFLICTING OF COLLIDING OBJECTIVES MASSIVE EFFORT TO OBTAIN THE RIGHT METRICS TO: MEASURE MONITOR AND MANAGE THE INFORMATION SECURITY AND COMPLIANCE LANDSCAPE

18 THIS MEANS: MANAGEMENT NEEDS: MUCH BETTER REPORTING OF RISK AND COMPLIANCE STATUS MORE EFFICIENCY IN THE GRC ACTIVITIES THAT TAKE PLACE FASTER AND SAFER USE OF NEW DATA AND TECHNOLOGIES OPERATIONS NEEDS: LESS IMPACT FROM GRC ACTIVITIES AT THE SAME TIME AS BETTER CONTROLS IMPROVED ENABLEMENT TO USE NEW TECHNOLOGIES & DATA

19 WHERE DO GRC ACTIVITY OVERLAPS OCCUR? GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014

20 ANATOMY OF AN ORGANIZATION YOUR ORGANIZATION IS DRIVEN BY THE VISION, STRATEGY AND PLANS OF ITS EXECUTIVES PRODUCTS AND/OR SERVICES ARE DELIVERED TO YOUR CUSTOMERS THROUGH THE EFFORTS OF YOUR ORGANIZATION AND ITS SUPPLIERS

21 INTERNAL AUDIT

22 RISK

23 DATA PRIVACY MANAGEMENT

24 WHAT ABOUT SECURITY TESTING..? WHAT ABOUT COMPLIANCE FRAMEWORK..?

25 GRC ACTIVITIES HAVE VALUE, RELEVANCE AND IMPACT ACROSS OUR ORGANIZATION

26 WHY DO GRC ACTIVITY OVERLAPS EXIST? GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014

27 BECAUSE WE ARE ALL TOUCHING THE SAME PEOPLE, PROCESSES, SYSTEMS AND INFORMATION

28 CHAOS vs. HARMONY & PEACE COLLATING UNSTRUCTURED GRC DATA & ACTIVITIES TARGETED & STRUCTURED GRC DATA & ACTIVITIES INFORMATION ISSUES & CONTINUING ACTIVITY DUPLICATIONS & COLLISIONS UNEQUALLED METRICS AND EFFICIENCY

29 - STRESS - PIECEMEAL REPORTING - LACK OF EXECUTIVE TRANSPARENCY ON RISKS AND STATUS - POST-INCIDENT WITCH HUNTS! - OPERATIONAL INEFFICIENCY

30 HOW TO SET CENTRAL GRC FRAMEWORK ENGINEERING GOALS? GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014

31 WITHOUT GRC ENGINEERING: 1 IMPRESSIONS OF DUPLICATED / OVERLAPPING ACTIVITY 2 3 INEFFICIENCY IN PROCESSES INFORMATION SHARING ACROSS ACTIVITIES ABSENCE OF COHERENT EXECUTIVE INFORMATION

32 STEP 1 IS (NEARLY) ALWAYS: TO DEFINE THE PRIMARY REGULATIONS, STANDARDS AND GUIDELINES THAT YOUR ORGANIZATION AIMS TO COMPLY WITH (WE CALL THESE GOVERNANCE FACTORS ) WHY? ACTS AS A CORRELATION POINT TO YOUR GRC UNIVERSE USED IN ALL KINDS OF REPORTS AND METRICS THIS IS THE MOST FUNDAMENTAL GRC ENGINEERING SYNCHRONIZATION POINT

33 GRC ENGINEERING PILLARS WHY IS GRC ENGINEERING SO IMPORTANT?

34 LET S DESIGN A NEW GERMAN RAIL SYSTEM THE ROUTES: 1. COLOGNE TO BONNE 2. BERLIN TO DUSSELDORF 3. DUSSELDORF TO COLOGNE 4. ESSEN TO DUSSELDORF

35 MAKE YOUR CHOICES TRACK GAUGE PLATFORM HEIGHT (ABOVE RAIL) TYPE OF SIGNALLING MM MM MM MM MM POWER SOURCE 1. MAGLEV 2. OVERHEAD ELECTRICITY 3. CENTRE RAIL ELECTRICITY 4. DIESEL % RENEWABLE BY MM MM MM MM MM CONNECTORS FOR LOCOMOTIVES AND ROLLING STOCK 1. BUFFERS AND CHAIN 2. THREE-LINK COUPLINGS 3. LINK AND PIN 4. ALBERT COUPLER 5. UNICOUPLER/INTERMAT

36 WHAT DO WE HAVE? GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014

37 I COULD CAPTURE MY IS STATUS IN ONE PLACE

38 I COULD HOLD MY DATA PRIVACY STATUS SOMEPLACE ELSE

39 AND HOLD MY SOX AUDIT INFORMATION IN YET ANOTHER SEPARATE CONTAINER

40 AND PUT VENDOR AUDIT AND ASSESSMENT OUTCOMES INTO ANOTHER AREA

41 AND MAYBE I WON T EVEN USE THE SAME RESULTS FORMAT

42 BUT WHAT COULD I ACHIEVE IF I USED ENGINEERING AND HAD A SINGLE DATA SOURCE?

43 FAILING TO PROVIDE GRC ENGINEERING RESULTS IN CONTINUING DUPLICATIONS AND COLLISIONS COLLATING UNSTRUCTURED GRC DATA & ACTIVITIES TARGETED & STRUCTURED GRC DATA & ACTIVITIES INFORMATION ISSUES & CONTINUING ACTIVITY DUPLICATIONS & COLLISIONS UNEQUALLED METRICS AND EFFICIENCY

44 2 STEP THINKING THINK BEYOND THE SINGLE DELIVERABLE CONSIDER THE OVERALL GRC GOALS: NOT DUPLICATING DATA OR ACTIVITIES SUPPORTING COMPANY WIDE METRICS REDUCING STRESS AND EFFORT ALL ACHIEVED BY USING GRC ENGINEERING GUIDELINES

45 WHAT IS GRC? > Governance, Risk Management & Compliance HOW TO START TO APPROACH A GRC IMPLEMENTATION? > Have a clear understanding of the end state > Do it in achievable steps WHERE GRC ACTIVITY OVERLAPS OCCUR? > Everywhere WHY GRC ACTIVITY OVERLAPS EXIST? > Because different GRC activities touch the same places HOW TO SET CENTRAL GRC FRAMEWORK ENGINEERING GOALS? > Wherever data synchronization is required GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014

46 SOME FINAL ADDITIONAL TIPS

47 1 ENSURE YOUR TEAM HAS THE RIGHT REPRESENTATION & ENDORSEMENT 3 PROVIDE A TOP DOWN ENGINEERING FRAMEWORK BUT IMPROVE IT BASED ON BOTTOM-UP INPUT AND FEEDBACK ENSURE YOU HAVE EXPERTISE AVAILABLE TO ADVISE THE TEAM TAKE AN ITERATIVE APPROACH 2 4

48 5 7 IF TACKLING MULTIPLE AREAS, MANAGE YOUR IMPLEMENTATION AS A PROGRAM AND IN STAGES ALIGNED WITH THE ORGANIZATIONS PRIORITIES USE COMMON SENSE. - YOU HAVE IT RIGHT WHEN YOU HAVE CONFIDENCE THAT THE PROCESSES BEING DEPLOYED ARE MATURE AND CORRECT TRACK YOUR RISKS AND THE BENEFITS CAREFULLY 6 8

49 THANK YOU RAEF MEEUWISSE, FUNCTIONAL ARCHITECT, ADAPTIVEGRC GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014

Next Generation Policy & Compliance

Next Generation Policy & Compliance Next Generation Policy & Compliance Mason Karrer, CISSP, CISA GRC Strategist - Policy and Compliance, RSA Core Competencies C33 2013 Fall Conference Sail to Success CRISC CGEIT CISM CISA Introductions...

More information

INTELLIGENCE DRIVEN GRC FOR SECURITY

INTELLIGENCE DRIVEN GRC FOR SECURITY INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to

More information

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...

More information

GOVERNANCE, RISK & COMPLIANCE CPD FOR MEMBERS IN COMMERCE & INDUSTRY AUGUST 2018

GOVERNANCE, RISK & COMPLIANCE CPD FOR MEMBERS IN COMMERCE & INDUSTRY AUGUST 2018 GOVERNANCE, RISK & COMPLIANCE CPD FOR MEMBERS IN COMMERCE & INDUSTRY AUGUST 2018 1 GRC - INTRODUCTION A growing regulatory environment, higher business complexity and increased focus on accountability

More information

Now on Now: How ServiceNow has transformed its own GRC processes

Now on Now: How ServiceNow has transformed its own GRC processes Now on Now: How ServiceNow has transformed its own GRC processes Increasing scalability, lowering risk, and slashing costs by $30,000 START 1 Introduction When your business is growing at 0% a year, it

More information

Importance of the Data Management process in setting up the GDPR within a company CREOBIS

Importance of the Data Management process in setting up the GDPR within a company CREOBIS Importance of the Data Management process in setting up the GDPR within a company CREOBIS 1 Alain Cieslik Personal Data is the oil of the digital world 2 Alain Cieslik Personal information comes in different

More information

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating

More information

Oracle Buys Automated Applications Controls Leader LogicalApps

Oracle Buys Automated Applications Controls Leader LogicalApps Oracle Buys Automated Applications Controls Leader LogicalApps To strengthen Oracle s Governance, Risk and Compliance Suite with Real-time Policy Enforcement October 26, 2007 Disclaimer The following is

More information

MITIGATE CYBER ATTACK RISK

MITIGATE CYBER ATTACK RISK SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations

More information

How to get the Enterprise to Understand the Value of Security

How to get the Enterprise to Understand the Value of Security PART 1 of 2 Insight into Security Leader Success How to get the Enterprise to Understand the Value of Security A SEC Research Finding Intended Audience This presentation is intended for security leaders

More information

Accelerate Your Enterprise Private Cloud Initiative

Accelerate Your Enterprise Private Cloud Initiative Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service

More information

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

Data Governance Quick Start

Data Governance Quick Start Service Offering Data Governance Quick Start Congratulations! You ve been named the Data Governance Leader Now What? Benefits Accelerate the initiation of your Data Governance program with an industry

More information

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO A New Cyber Defense Management Regulation Ophir Zilbiger, CRISC, CISSP SECOZ CEO Personal Background IT and Internet professional (since 1992) PwC (1999-2003) Global SME for Network Director Information

More information

Best Practices & Lesson Learned from 100+ ITGRC Implementations

Best Practices & Lesson Learned from 100+ ITGRC Implementations Best Practices & Lesson Learned from 100+ ITGRC Implementations Presenter: Vivek Shivananda CEO of Rsam Dec 3, 2010 ISACA -NY Chapter Copyright 2002 2010 Relational Security Corp. (dba Rsam) Agenda Overview

More information

Run the business. Not the risks.

Run the business. Not the risks. Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.

More information

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan Ready, Willing & Able Michael Cover, Manager, Blue Cross Blue Shield of Michigan Agenda 1. Organization Overview 2. GRC Journey Story 3. GRC Program Roadmap 4. Program Objectives and Guiding Principals

More information

Turning Risk into Advantage

Turning Risk into Advantage Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview

More information

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion

More information

Securing Your Digital Transformation

Securing Your Digital Transformation Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,

More information

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product. Isaca EXAM - CISM Certified Information Security Manager Buy Full Product http://www.examskey.com/cism.html Examskey Isaca CISM exam demo product is here for you to test the quality of the product. This

More information

SDLC Maturity Models

SDLC Maturity Models www.pwc.com SDLC Maturity Models SecAppDev 2017 Bart De Win Bart De Win? 20 years of Information Security Experience Ph.D. in Computer Science - Application Security Author of >60 scientific publications

More information

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better

More information

Enabling efficiency through Data Governance: a phased approach

Enabling efficiency through Data Governance: a phased approach Enabling efficiency through Data Governance: a phased approach Transform your process efficiency, decision-making, and customer engagement by improving data accuracy An Experian white paper Enabling efficiency

More information

THE POWER OF TECH-SAVVY BOARDS:

THE POWER OF TECH-SAVVY BOARDS: THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES

More information

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Exam4Tests.   Latest exam questions & answers help you to pass IT exam test easily Exam4Tests http://www.exam4tests.com Latest exam questions & answers help you to pass IT exam test easily Exam : CISM Title : Certified Information Security Manager Vendor : ISACA Version : DEMO 1 / 10

More information

TDWI Data Governance Fundamentals: Managing Data as an Asset

TDWI Data Governance Fundamentals: Managing Data as an Asset TDWI Data Governance Fundamentals: Managing Data as an Asset Training Details Training Time : 1 Day Capacity : 10 Prerequisites : There are no prerequisites for this course. About Training About Training

More information

Enterprise GRC Implementation

Enterprise GRC Implementation Enterprise GRC Implementation Our journey so far implementation observations and learning points Derek Walker Corporate Risk Manager National Grid 1 Introduction to National Grid One of the world s largest

More information

Introduction to ISO/IEC 27001:2005

Introduction to ISO/IEC 27001:2005 Introduction to ISO/IEC 27001:2005 For ISACA Melbourne Chapter Technical Session 18 th of July 2006 AD Prepared by Endre P. Bihari JP of Performance Resources What is ISO/IEC 17799? 2/20 Aim: Creating

More information

M&A Cyber Security Due Diligence

M&A Cyber Security Due Diligence M&A Cyber Security Due Diligence Prepared by: Robert Horton, Ollie Whitehouse & Sherief Hammad Contents Page 1 Introduction 3 2 Technical due diligence goals 3 3 Enabling the business through cyber security

More information

GRC Maturity. Benchmarking Your GRC Program. October 2014

GRC Maturity. Benchmarking Your GRC Program. October 2014 GRC Maturity Benchmarking Your GRC Program October 2014 Michael Rasmussen, J.D., GRCP, CCEP The GRC Pundit @ GRC 20/20 Research, LLC OCEG Fellow @ www.oceg.org Are you truly aware of your risks? Never

More information

CISO MASTERCLASS FOR SENIOR EXECUTIVES 2 DAYS

CISO MASTERCLASS FOR SENIOR EXECUTIVES 2 DAYS CISO MASTERCLASS FOR SENIOR EXECUTIVES 2 DAYS CISO MASTERCLASS FOR SENIOR EXECUTIVES Introduction The CISO (Chief Information Security Officer) boot camp does not focus on technical knowledge but on the

More information

CA Security Management

CA Security Management CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate

More information

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016 Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data

More information

The GDPR data just got personal

The GDPR data just got personal GDPR QUICK REFERENCE GUIDE The GDPR data just got personal What it is, what it means and how it affects you The GDPR is a gamechanger for organizations holding, and protecting, personal, identifiable data

More information

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP Six Weeks to Security Operations The AMP Story Mike Byrne Cyber Security AMP 1 Agenda Introductions The AMP Security Operations Story Lessons Learned 2 Speaker Introduction NAME: Mike Byrne TITLE: Consultant

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Logistics Start Time Breaks End Time Fire escapes Instructor Introductions Introduction to Information Security Management

More information

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it

More information

Demystifying GRC. Abstract

Demystifying GRC. Abstract White Paper Demystifying GRC Abstract Executives globally are highly focused on initiatives around Governance, Risk and Compliance (GRC), to improve upon risk management and regulatory compliances. Over

More information

GRC SURVEY RESULT Please indicate your profession

GRC SURVEY RESULT Please indicate your profession COPENHAGEN?=! CO?=! MPLIANCE T o p i c a l a n d T i m e l y Riskability GRC Controllers Governance, Risk & Compliance COPENHAGEN?=! CHARTER Bribery, Fraud & Corruption GRC SURVEY RESULT. Please indicate

More information

Sustainable Security Operations

Sustainable Security Operations Sustainable Security Operations Optimize processes and tools to make the most of your team s time and talent The number and types of security incidents organizations face daily are steadily increasing,

More information

EMC Ionix IT Compliance Analyzer Application Edition

EMC Ionix IT Compliance Analyzer Application Edition DATA SHEET EMC Ionix IT Compliance Analyzer Application Edition Part of the Ionix Data Center Automation and Compliance Family Automatically validates application-related compliance with IT governance

More information

IT Audit Process. Prof. Mike Romeu. January 30, IT Audit Process. Prof. Mike Romeu

IT Audit Process. Prof. Mike Romeu. January 30, IT Audit Process. Prof. Mike Romeu January 30, 2017 1 Corporate Structures Shareholders Governance Level: Board of Directors External Director CFO CEO Legal Counsel External Director Responsible for: Evaluate Direct Monitor Internal Directors

More information

ACL Interpretive Visual Remediation

ACL Interpretive Visual Remediation January 2016 ACL Interpretive Visual Remediation Innovation in Internal Control Management SOLUTIONPERSPECTIVE Governance, Risk Management & Compliance Insight 2015 GRC 20/20 Research, LLC. All Rights

More information

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant

More information

BRING EXPERT TRAINING TO YOUR WORKPLACE.

BRING EXPERT TRAINING TO YOUR WORKPLACE. BRING EXPERT TRAINING TO YOUR WORKPLACE. ISACA s globally respected training and certification programs inspire confidence that enables innovation in the workplace. ISACA s On-Site Training brings a unique

More information

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice

More information

Sample Exam. Advanced Test Automation - Engineer

Sample Exam. Advanced Test Automation - Engineer Sample Exam Advanced Test Automation - Engineer Questions ASTQB Created - 2018 American Software Testing Qualifications Board Copyright Notice This document may be copied in its entirety, or extracts made,

More information

Security and Architecture SUZANNE GRAHAM

Security and Architecture SUZANNE GRAHAM Security and Architecture SUZANNE GRAHAM Why What How When Why Information Security Information Assurance has been more involved with assessing the overall risk of an organisation's technology and working

More information

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Risk: Security s New Compliance Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Agenda Market Dynamics Organizational Challenges Risk: Security s New Compliance

More information

RSA Advanced Cyber Defence Summit

RSA Advanced Cyber Defence Summit Lee Edge Head Archer Business UK&I RSA Advanced Cyber Defence Summit London 30-April-2015 1 64% 8% 2014 Gartner CEO and Senior Executive Survey: 'Risk-On' Attitudes Will Accelerate Digital Business. 2

More information

ARCHIVE ESSENTIALS

ARCHIVE ESSENTIALS EMAIL ARCHIVE ESSENTIALS KEY CONSIDERATIONS WHEN MOVING TO OFFICE 365 DISCUSSION PAPER PREFACE The last few years have seen significant changes in the way that organisations conduct business. There has

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING

21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING WWW.HCLTECH.COM 21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING THE AGE OF DISRUPTION: THE AGE OF CYBER THREATS While the digital era has brought with it significant advances in technology, capabilities

More information

STANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange

STANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange STANDARD INFORMATION SHARING FORMATS Will Semple Head of Threat and Vulnerability Management New York Stock Exchange AGENDA Information Sharing from the Practitioner s view Changing the focus from Risk

More information

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI CONTENTS Overview Conceptual Definition Implementation of Strategic Risk Governance Success Factors Changing Internal Audit Roles

More information

SAP security solutions Is your business protected?

SAP security solutions Is your business protected? www.pwc.com SAP security solutions Is your business protected? SAP security overview Background SAP Security is becoming more difficult to control due to a constantly evolving compliance landscape and

More information

Achieving effective risk management and continuous compliance with Deloitte and SAP

Achieving effective risk management and continuous compliance with Deloitte and SAP Achieving effective risk management and continuous compliance with Deloitte and SAP 2 Deloitte and SAP: collaborating to make GRC work for you Meeting Governance, Risk and Compliance (GRC) requirements

More information

2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers

2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers 2017 PORT SECURITY SEMINAR & EXPO ISACA/CISM Information Security Management Training for Security Directors/Managers Agenda Introduction ISACA Information security vs. cybersecurity CISM certification

More information

BHConsulting. Your trusted cybersecurity partner

BHConsulting. Your trusted cybersecurity partner Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised

More information

ISO/ IEC (ITSM) Certification Roadmap

ISO/ IEC (ITSM) Certification Roadmap ISO/ IEC 20000 (ITSM) Certification Roadmap Rasheed Adegoke June 2013 Outline About First Bank Motivations Definitions ITIL, ISO/IEC 20000 & DIFFERENCES ISO/ IEC 20000 Certification Roadmap First Bank

More information

locuz.com SOC Services

locuz.com SOC Services locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security

More information

Security. Made Smarter.

Security. Made Smarter. Security. Made Smarter. Your job is to keep your organization safe from cyberattacks. To do so, your team has to review a monumental amount of data that is growing exponentially by the minute. Your team

More information

STEP Data Governance: At a Glance

STEP Data Governance: At a Glance STEP Data Governance: At a Glance Master data is the heart of business optimization and refers to organizational data, such as product, asset, location, supplier and customer information. Companies today

More information

Business Architecture Implementation Workshop

Business Architecture Implementation Workshop Delivering a Business Architecture Transformation Project using the Business Architecture Guild BIZBOK Hands-on Workshop In this turbulent and competitive global economy, and the rapid pace of change in

More information

BCM s Role in Effective Risk Management: A Risk Manager s Point of View

BCM s Role in Effective Risk Management: A Risk Manager s Point of View BCM s Role in Effective Risk Management: A Risk Manager s Point of View Date: March 24, 2015 Presenter: Randall Davis, MBA, IBD, CPCU, ERM, ARM, ARM E, ABCP Agenda for this session Explore the case for

More information

GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018

GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018 GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018 GDPR Roadmap Continuous Awareness Program Implement Privacy Solutions Intergrade Privacy into

More information

ARCHIVE ESSENTIALS: Key Considerations When Moving to Office 365 DISCUSSION PAPER

ARCHIVE ESSENTIALS: Key Considerations When Moving to Office 365 DISCUSSION PAPER EMAIL ARCHIVE ESSENTIALS: Key Considerations When Moving to Office 365 DISCUSSION PAPER preface The last few years have seen significant changes in the way organisations conduct business. There has been

More information

How to Become a DATA GOVERNANCE EXPERT

How to Become a DATA GOVERNANCE EXPERT How to Become a DATA GOVERNANCE EXPERT You re already a data expert. You ve been working with enterprise data for years. You ve seen the good, the bad, and the downright ugly. And you ve watched the business

More information

Multimodality and accessibility. Charlotte Magnusson Certec, Department of Design Sciences, Lund University Sweden

Multimodality and accessibility. Charlotte Magnusson Certec, Department of Design Sciences, Lund University Sweden Multimodality and accessibility Charlotte Magnusson Certec, Department of Design Sciences, Lund University Sweden Certec, http://www.certec.lth.se Division of Rehabilitation Engineering Research Department

More information

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert Aligning IT, Security and Risk Management Programs Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert Challenges to Risk Management & Governance Balancing extensive requirements

More information

A Working Paper of the EastWest Institute Breakthrough Group. Increasing the Global Availability and Use of Secure ICT Products and Services

A Working Paper of the EastWest Institute Breakthrough Group. Increasing the Global Availability and Use of Secure ICT Products and Services A Working Paper of the EastWest Institute Breakthrough Group Increasing the Global Availability and Use of Secure ICT Products and Services August 5, 2015 The EastWest Institute (EWI) is leading a Global

More information

Symantec Data Center Transformation

Symantec Data Center Transformation Symantec Data Center Transformation A holistic framework for IT evolution As enterprises become increasingly dependent on information technology, the complexity, cost, and performance of IT environments

More information

Cloud Security. Copyright Ramesh Nagappan. All rights reserved.

Cloud Security. Copyright Ramesh Nagappan. All rights reserved. Cloud Security 1 Cloud Security Week 1 Lecture 1 Ramesh Nagappan Harvard University Extension School Brandeis University GPS 2 Week 1 Lecture - 1 Course Introduction Evolution of Cloud Computing Introduction

More information

Optimisation drives digital transformation

Optimisation drives digital transformation January 2017 Executive summary Forward-thinking business leaders are challenging their organisations to achieve transformation by harnessing digital technologies with organisational, operational, and business

More information

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee

More information

REPORT 2015/149 INTERNAL AUDIT DIVISION

REPORT 2015/149 INTERNAL AUDIT DIVISION INTERNAL AUDIT DIVISION REPORT 2015/149 Audit of the information and communications technology operations in the Investment Management Division of the United Nations Joint Staff Pension Fund Overall results

More information

Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com

Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com Better together KPMG LLP s GRC Advisory Services for IBM OpenPages implementations kpmg.com KPMG A leader in GRC services KPMG LLP (KPMG) is the U.S. member firm of the KPMG global network of professional

More information

Big data privacy in Australia

Big data privacy in Australia Five-article series Big data privacy in Australia Three actions you can take towards compliance Article 5 Big data and privacy Three actions you can take towards compliance There are three actions that

More information

GRC 3.0 is GRC by Design

GRC 3.0 is GRC by Design GRC 3.0 is GRC by Design Taking an Architecture Approach to GRC October 2013 Michael Rasmussen, J.D., GRCP, CCEP Chief GRC Pundit @ GRC 20/20 Research, LLC OCEG Fellow @ www.oceg.org The Winchester Mystery

More information

Experiences in Data Quality

Experiences in Data Quality Experiences in Data Quality MIT IQIS 2010 Annette Pence July 14-16, 2010 Approved for Public Release: 10-0686 Distribution Unlimited As a public interest company, MITRE works in partnership with the government

More information

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory The Future of IT Internal Controls Automation: A Game Changer January 2018 Risk Advisory Contents Introduction 01 Future Operating Models for Managing Internal Controls 02 Summary 07 Introduction Internal

More information

Cyber Security in Smart Commercial Buildings 2017 to 2021

Cyber Security in Smart Commercial Buildings 2017 to 2021 Smart Buildings Cyber Security in Smart Commercial Buildings 2017 to 2021 Published: Q2 2017 Cyber Security in Smart Buildings Synopsis 2017 This report will help all stakeholders and investors in the

More information

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

More information

Data center automation: realizing rapid value. Automation and business transformation. Business white paper

Data center automation: realizing rapid value. Automation and business transformation. Business white paper Data center automation: realizing rapid value Business white paper and business transformation For generations, businesses have seen automation as the answer to inefficiency. Today it is used as much to

More information

Data Protection and GDPR

Data Protection and GDPR Data Protection and GDPR At DPDgroup UK Ltd (DPD & DPD Local) we take data protection seriously and have updated all our relevant policies and documents to ensure we meet the requirements of GDPR. We have

More information

Trusted Identities. Foundational to Cloud Services LILA KEE CHIEF PRODUCT OFFICER GLOBALSIGN

Trusted Identities. Foundational to Cloud Services LILA KEE CHIEF PRODUCT OFFICER GLOBALSIGN Trusted Identities Foundational to Cloud Services LILA KEE CHIEF PRODUCT OFFICER GLOBALSIGN WHAT YOU WILL LEARN TODAY Strong identity verification as a security measure and business enabler Authentication

More information

COBIT 5 With COSO 2013

COBIT 5 With COSO 2013 Integrating COBIT 5 With COSO 2013 Stephen Head Senior Manager, IT Risk Advisory Services 1 Our Time This Evening Importance of Governance COBIT 5 Overview COSO Overview Mapping These Frameworks Stakeholder

More information

IBM Software IBM InfoSphere Information Server for Data Quality

IBM Software IBM InfoSphere Information Server for Data Quality IBM InfoSphere Information Server for Data Quality A component index Table of contents 3 6 9 9 InfoSphere QualityStage 10 InfoSphere Information Analyzer 12 InfoSphere Discovery 13 14 2 Do you have confidence

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES Introductions Agenda Overall data risk and benefit landscape / shifting risk and opportunity landscape and market expectations Looking at data

More information

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9 HAWK Overview Agenda Contents Slide Challenges 3 HAWK Introduction 4 Key Benefits 6 About Gavin Technologies 7 Our Security Practice 8 Security Services Approach 9 Why Gavin Technologies 10 Key Clients

More information

OVERVIEW BROCHURE GRC. When you have to be right

OVERVIEW BROCHURE GRC. When you have to be right OVERVIEW BROCHURE GRC When you have to be right WoltersKluwerFS.com In response to today s demanding economic and regulatory climate, many financial services firms are transforming operations to enhance

More information

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements

More information

Endpoint Security Can Be Much More Effective and Less Costly. Here s How

Endpoint Security Can Be Much More Effective and Less Costly. Here s How Endpoint Security Can Be Much More Effective and Less Costly Here s How Contents Introduction More is not always better Escalating IT Security Budgets Ineffective management Need of the hour System management

More information

SIEM: Five Requirements that Solve the Bigger Business Issues

SIEM: Five Requirements that Solve the Bigger Business Issues SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered

More information

THALES DATA THREAT REPORT

THALES DATA THREAT REPORT 2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security INDIA EDITION EXECUTIVE SUMMARY #2018DataThreat THE TOPLINE Rising risks for sensitive data in India In India, as in the rest of the

More information

General Data Protection Regulation (GDPR) The impact of doing business in Asia

General Data Protection Regulation (GDPR) The impact of doing business in Asia SESSION ID: GPS-R09 General Data Protection Regulation (GDPR) The impact of doing business in Asia Ilias Chantzos Senior Director EMEA & APJ Government Affairs Symantec Corporation @ichantzos Typical Customer

More information

E X E C U T I V E B R I E F

E X E C U T I V E B R I E F Create a Better Way to Work: OpenText Suite 16 & OpenText Cloud 16 Over the next five years, executives expect digital disruption to displace four out of 10 incumbents or 40 percent of established market

More information

GDPR: The Day After. Pierre-Luc REFALO

GDPR: The Day After. Pierre-Luc REFALO GDPR: The Day After Pierre-Luc REFALO The speaker: Pierre-Luc REFALO Global Head of Strategic Cybersecurity Consulting 25+ years in Information & Cyber Security consultancy CISO for SFR & Vivendi Universal

More information