GRC TOOL IMPLEMENTATION RAEF MEEUWISSE CISA, FUNCTIONAL ARCHITECT, ADAPTIVEGRC
|
|
- Angel Peters
- 5 years ago
- Views:
Transcription
1 GRC TOOL IMPLEMENTATION RAEF MEEUWISSE CISA, FUNCTIONAL ARCHITECT, ADAPTIVEGRC GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014
2 RAEF MEEUWISSE Functional Architect, AdaptiveGRC GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014
3 IMPLEMENTING GRC NEED NOT BE A PUZZLE GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014
4 GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014
5 LEARNING OBJECTIVES WHAT IS GRC HOW TO START TO APPROACH A GRC IMPLEMENTATION WHERE GRC ACTIVITY OVERLAPS OCCUR WHY GRC ACTIVITY OVERLAPS EXIST HOW TO SET CENTRAL GRC ENGINEERING GOALS GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014
6 WHAT IS GRC? ANYTHING THAT CONTRIBUTES TOWARDS ONE OR MORE OF THE 3 CENTRAL GRC PILLARS GOVERNANCE: TYPICALLY POLICIES, PROCEDURES, GUIDELINES, EXECUTIVE REPORTS AND EVEN EXPLICIT CONTROL OBJECTIVES USED TO INFLUENCE OR CONTROL THE ORGANIZATION RISK MANAGEMENT: ANYTHING USED TO HELP IDENTIFY, ASSESS AND MITIGATE POTENTIAL THREATS AND OPPORTUNITIES TO THE ORGANIZATION COMPLIANCE: ANYTHING USED TO MONITOR, TRACK OR ENFORCE ADHERENCE BY THE ORGANIZATION (OR THEIR REPRESENTATIVES) TO THE REQUIRED STANDARDS IMPOSED BY THE GOVERNANCE GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014
7 TECHNOLOGY RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT VENDOR RISK PROFILING INTERNAL SERVICE RISK PROFILING INTERNAL AUDIT COMPLIANCE SELF-ASSESSMENTS VENDOR AUDITS VENDOR ASSESSMENTS DATA PRIVACY COMPLIANCE REPORTING SECURITY INCIDENT MANAGEMENT DATA LOSS MANAGEMENT POLICY & PROCEDURE MANAGEMENT CORRECTIVE / PREVENTIVE ACTIONS DEVIATION MANAGEMENT EXTERNAL REGULATORY INSPECTIONS SYSTEM COMPLIANCE MANAGEMENT PERIODIC REGULATORY REPORTING PERIODIC REVIEWS FINDINGS MANAGEMENT QUALITY INCIDENTS SECURITY TESTING... GRC ACTIVITIES CAN BELONG TO ONE OR MORE GRC PILLAR ALL GRC ACTIVITIES USE AND DELIVER INFORMATION USEFUL TO OTHER GRC ACTIVITIES
8 HOW TO START TO APPROACH A GRC IMPLEMENTATION? GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014
9 ALICE: WOULD YOU TELL ME, PLEASE, WHICH WAY I OUGHT TO GO FROM HERE? THE CHESHIRE CAT: THAT DEPENDS A GOOD DEAL ON WHERE YOU WANT TO GET TO. ALICE: I DON'T MUCH CARE WHERE. THE CHESHIRE CAT: THEN IT DOESN'T MUCH MATTER WHICH WAY YOU GO. ALICE:...SO LONG AS I GET SOMEWHERE. THE CHESHIRE CAT: OH, YOU'RE SURE TO DO THAT, IF ONLY YOU WALK LONG ENOUGH. - LEWIS CARROLL, ALICE IN WONDERLAN
10 KNOW WHAT YOU WANT TO ACHIEVE I JUST NEED TO USE WHAT I HAVE I JUST NEED TO IMPROVE A SINGLE GRC ACTIVITY AREA I NEED TO IMPROVE MULTIPLE GRC ACTIVITY AREAS I NEED TO TRANSFORM MULTIPLE GRC ACTIVITY AREAS I NEED TO TRANSFORM ALL GRC ACTIVITY AREAS & EXECUTIVE REPORTING
11 NEBULOUS GOALS MAY APPEAR EASIER IN EARLY STAGES BUT CREATE FAILURE LATER PARALLEL ACTION WITH COLLISION EVERYBODY HAS DIFFERENT IDEAS ABOUT WHAT THEY ARE BUILDING THE SHOWDOWN ONLY HAPPENS AS THE TASKS START TO DELIVER GUARANTEED CHALLENGES AND MISSED EXPECTATIONS
12 IN ORDER TO LEARN HOW TO SIMPLIFY OUR GRC IMPLEMENTATION, WE HAVE TO GET A SENSE OF: WHAT CHANGES DRIVE THE NEED FOR A GRC SOLUTION WHAT IMPACT THAT HAS ON OUR ORGANIZATIONS GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014
13 WHAT HAS CHANGED?
14 DATA 1980: 10 MB HARD DISK $10,000 RETAIL 1990: 1 GB $ : 1GB $1 2014: 1GB $0.20 GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014
15 TECHNOLOGIES: LOCATIONS & SPEED OF ADOPTION GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014
16 REGULATIONS: TRYING TO KEEP PACE WITH CHANGES & IMPOSE MOTIVATIONAL PENALTIES GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014
17 A LOT OF MORE DATA A LOT MORE DISTRIBUTION OF THE DATA OUTSIDE OUR DIRECT CONTROL BUT STILL INSIDE OUR RESPONSIBILITY SOME BIG POTENTIAL FOR FINANCIAL PENALTIES AND REPUTATIONAL DAMAGE FOR ITEMS THAT CAN SEEM LIKE THEY ARE OUT OF OUR CONTROL + POTENTIALLY HUGE INEFFICIENCES IF WE TAKEN AN AD HOC APPROACH TO THE WORK: DUPLICATED EFFORT CONFLICTING OF COLLIDING OBJECTIVES MASSIVE EFFORT TO OBTAIN THE RIGHT METRICS TO: MEASURE MONITOR AND MANAGE THE INFORMATION SECURITY AND COMPLIANCE LANDSCAPE
18 THIS MEANS: MANAGEMENT NEEDS: MUCH BETTER REPORTING OF RISK AND COMPLIANCE STATUS MORE EFFICIENCY IN THE GRC ACTIVITIES THAT TAKE PLACE FASTER AND SAFER USE OF NEW DATA AND TECHNOLOGIES OPERATIONS NEEDS: LESS IMPACT FROM GRC ACTIVITIES AT THE SAME TIME AS BETTER CONTROLS IMPROVED ENABLEMENT TO USE NEW TECHNOLOGIES & DATA
19 WHERE DO GRC ACTIVITY OVERLAPS OCCUR? GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014
20 ANATOMY OF AN ORGANIZATION YOUR ORGANIZATION IS DRIVEN BY THE VISION, STRATEGY AND PLANS OF ITS EXECUTIVES PRODUCTS AND/OR SERVICES ARE DELIVERED TO YOUR CUSTOMERS THROUGH THE EFFORTS OF YOUR ORGANIZATION AND ITS SUPPLIERS
21 INTERNAL AUDIT
22 RISK
23 DATA PRIVACY MANAGEMENT
24 WHAT ABOUT SECURITY TESTING..? WHAT ABOUT COMPLIANCE FRAMEWORK..?
25 GRC ACTIVITIES HAVE VALUE, RELEVANCE AND IMPACT ACROSS OUR ORGANIZATION
26 WHY DO GRC ACTIVITY OVERLAPS EXIST? GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014
27 BECAUSE WE ARE ALL TOUCHING THE SAME PEOPLE, PROCESSES, SYSTEMS AND INFORMATION
28 CHAOS vs. HARMONY & PEACE COLLATING UNSTRUCTURED GRC DATA & ACTIVITIES TARGETED & STRUCTURED GRC DATA & ACTIVITIES INFORMATION ISSUES & CONTINUING ACTIVITY DUPLICATIONS & COLLISIONS UNEQUALLED METRICS AND EFFICIENCY
29 - STRESS - PIECEMEAL REPORTING - LACK OF EXECUTIVE TRANSPARENCY ON RISKS AND STATUS - POST-INCIDENT WITCH HUNTS! - OPERATIONAL INEFFICIENCY
30 HOW TO SET CENTRAL GRC FRAMEWORK ENGINEERING GOALS? GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014
31 WITHOUT GRC ENGINEERING: 1 IMPRESSIONS OF DUPLICATED / OVERLAPPING ACTIVITY 2 3 INEFFICIENCY IN PROCESSES INFORMATION SHARING ACROSS ACTIVITIES ABSENCE OF COHERENT EXECUTIVE INFORMATION
32 STEP 1 IS (NEARLY) ALWAYS: TO DEFINE THE PRIMARY REGULATIONS, STANDARDS AND GUIDELINES THAT YOUR ORGANIZATION AIMS TO COMPLY WITH (WE CALL THESE GOVERNANCE FACTORS ) WHY? ACTS AS A CORRELATION POINT TO YOUR GRC UNIVERSE USED IN ALL KINDS OF REPORTS AND METRICS THIS IS THE MOST FUNDAMENTAL GRC ENGINEERING SYNCHRONIZATION POINT
33 GRC ENGINEERING PILLARS WHY IS GRC ENGINEERING SO IMPORTANT?
34 LET S DESIGN A NEW GERMAN RAIL SYSTEM THE ROUTES: 1. COLOGNE TO BONNE 2. BERLIN TO DUSSELDORF 3. DUSSELDORF TO COLOGNE 4. ESSEN TO DUSSELDORF
35 MAKE YOUR CHOICES TRACK GAUGE PLATFORM HEIGHT (ABOVE RAIL) TYPE OF SIGNALLING MM MM MM MM MM POWER SOURCE 1. MAGLEV 2. OVERHEAD ELECTRICITY 3. CENTRE RAIL ELECTRICITY 4. DIESEL % RENEWABLE BY MM MM MM MM MM CONNECTORS FOR LOCOMOTIVES AND ROLLING STOCK 1. BUFFERS AND CHAIN 2. THREE-LINK COUPLINGS 3. LINK AND PIN 4. ALBERT COUPLER 5. UNICOUPLER/INTERMAT
36 WHAT DO WE HAVE? GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014
37 I COULD CAPTURE MY IS STATUS IN ONE PLACE
38 I COULD HOLD MY DATA PRIVACY STATUS SOMEPLACE ELSE
39 AND HOLD MY SOX AUDIT INFORMATION IN YET ANOTHER SEPARATE CONTAINER
40 AND PUT VENDOR AUDIT AND ASSESSMENT OUTCOMES INTO ANOTHER AREA
41 AND MAYBE I WON T EVEN USE THE SAME RESULTS FORMAT
42 BUT WHAT COULD I ACHIEVE IF I USED ENGINEERING AND HAD A SINGLE DATA SOURCE?
43 FAILING TO PROVIDE GRC ENGINEERING RESULTS IN CONTINUING DUPLICATIONS AND COLLISIONS COLLATING UNSTRUCTURED GRC DATA & ACTIVITIES TARGETED & STRUCTURED GRC DATA & ACTIVITIES INFORMATION ISSUES & CONTINUING ACTIVITY DUPLICATIONS & COLLISIONS UNEQUALLED METRICS AND EFFICIENCY
44 2 STEP THINKING THINK BEYOND THE SINGLE DELIVERABLE CONSIDER THE OVERALL GRC GOALS: NOT DUPLICATING DATA OR ACTIVITIES SUPPORTING COMPANY WIDE METRICS REDUCING STRESS AND EFFORT ALL ACHIEVED BY USING GRC ENGINEERING GUIDELINES
45 WHAT IS GRC? > Governance, Risk Management & Compliance HOW TO START TO APPROACH A GRC IMPLEMENTATION? > Have a clear understanding of the end state > Do it in achievable steps WHERE GRC ACTIVITY OVERLAPS OCCUR? > Everywhere WHY GRC ACTIVITY OVERLAPS EXIST? > Because different GRC activities touch the same places HOW TO SET CENTRAL GRC FRAMEWORK ENGINEERING GOALS? > Wherever data synchronization is required GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014
46 SOME FINAL ADDITIONAL TIPS
47 1 ENSURE YOUR TEAM HAS THE RIGHT REPRESENTATION & ENDORSEMENT 3 PROVIDE A TOP DOWN ENGINEERING FRAMEWORK BUT IMPROVE IT BASED ON BOTTOM-UP INPUT AND FEEDBACK ENSURE YOU HAVE EXPERTISE AVAILABLE TO ADVISE THE TEAM TAKE AN ITERATIVE APPROACH 2 4
48 5 7 IF TACKLING MULTIPLE AREAS, MANAGE YOUR IMPLEMENTATION AS A PROGRAM AND IN STAGES ALIGNED WITH THE ORGANIZATIONS PRIORITIES USE COMMON SENSE. - YOU HAVE IT RIGHT WHEN YOU HAVE CONFIDENCE THAT THE PROCESSES BEING DEPLOYED ARE MATURE AND CORRECT TRACK YOUR RISKS AND THE BENEFITS CAREFULLY 6 8
49 THANK YOU RAEF MEEUWISSE, FUNCTIONAL ARCHITECT, ADAPTIVEGRC GRC Breaking Down The Silos ISACA Ireland Conference 3 rd October 2014
Next Generation Policy & Compliance
Next Generation Policy & Compliance Mason Karrer, CISSP, CISA GRC Strategist - Policy and Compliance, RSA Core Competencies C33 2013 Fall Conference Sail to Success CRISC CGEIT CISM CISA Introductions...
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationBPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.
BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...
More informationGOVERNANCE, RISK & COMPLIANCE CPD FOR MEMBERS IN COMMERCE & INDUSTRY AUGUST 2018
GOVERNANCE, RISK & COMPLIANCE CPD FOR MEMBERS IN COMMERCE & INDUSTRY AUGUST 2018 1 GRC - INTRODUCTION A growing regulatory environment, higher business complexity and increased focus on accountability
More informationNow on Now: How ServiceNow has transformed its own GRC processes
Now on Now: How ServiceNow has transformed its own GRC processes Increasing scalability, lowering risk, and slashing costs by $30,000 START 1 Introduction When your business is growing at 0% a year, it
More informationImportance of the Data Management process in setting up the GDPR within a company CREOBIS
Importance of the Data Management process in setting up the GDPR within a company CREOBIS 1 Alain Cieslik Personal Data is the oil of the digital world 2 Alain Cieslik Personal information comes in different
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationOracle Buys Automated Applications Controls Leader LogicalApps
Oracle Buys Automated Applications Controls Leader LogicalApps To strengthen Oracle s Governance, Risk and Compliance Suite with Real-time Policy Enforcement October 26, 2007 Disclaimer The following is
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationHow to get the Enterprise to Understand the Value of Security
PART 1 of 2 Insight into Security Leader Success How to get the Enterprise to Understand the Value of Security A SEC Research Finding Intended Audience This presentation is intended for security leaders
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationData Governance Quick Start
Service Offering Data Governance Quick Start Congratulations! You ve been named the Data Governance Leader Now What? Benefits Accelerate the initiation of your Data Governance program with an industry
More informationA New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO
A New Cyber Defense Management Regulation Ophir Zilbiger, CRISC, CISSP SECOZ CEO Personal Background IT and Internet professional (since 1992) PwC (1999-2003) Global SME for Network Director Information
More informationBest Practices & Lesson Learned from 100+ ITGRC Implementations
Best Practices & Lesson Learned from 100+ ITGRC Implementations Presenter: Vivek Shivananda CEO of Rsam Dec 3, 2010 ISACA -NY Chapter Copyright 2002 2010 Relational Security Corp. (dba Rsam) Agenda Overview
More informationRun the business. Not the risks.
Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.
More informationReady, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan
Ready, Willing & Able Michael Cover, Manager, Blue Cross Blue Shield of Michigan Agenda 1. Organization Overview 2. GRC Journey Story 3. GRC Program Roadmap 4. Program Objectives and Guiding Principals
More informationTurning Risk into Advantage
Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationSecuring Your Digital Transformation
Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,
More informationIsaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.
Isaca EXAM - CISM Certified Information Security Manager Buy Full Product http://www.examskey.com/cism.html Examskey Isaca CISM exam demo product is here for you to test the quality of the product. This
More informationSDLC Maturity Models
www.pwc.com SDLC Maturity Models SecAppDev 2017 Bart De Win Bart De Win? 20 years of Information Security Experience Ph.D. in Computer Science - Application Security Author of >60 scientific publications
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationEnabling efficiency through Data Governance: a phased approach
Enabling efficiency through Data Governance: a phased approach Transform your process efficiency, decision-making, and customer engagement by improving data accuracy An Experian white paper Enabling efficiency
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationExam4Tests. Latest exam questions & answers help you to pass IT exam test easily
Exam4Tests http://www.exam4tests.com Latest exam questions & answers help you to pass IT exam test easily Exam : CISM Title : Certified Information Security Manager Vendor : ISACA Version : DEMO 1 / 10
More informationTDWI Data Governance Fundamentals: Managing Data as an Asset
TDWI Data Governance Fundamentals: Managing Data as an Asset Training Details Training Time : 1 Day Capacity : 10 Prerequisites : There are no prerequisites for this course. About Training About Training
More informationEnterprise GRC Implementation
Enterprise GRC Implementation Our journey so far implementation observations and learning points Derek Walker Corporate Risk Manager National Grid 1 Introduction to National Grid One of the world s largest
More informationIntroduction to ISO/IEC 27001:2005
Introduction to ISO/IEC 27001:2005 For ISACA Melbourne Chapter Technical Session 18 th of July 2006 AD Prepared by Endre P. Bihari JP of Performance Resources What is ISO/IEC 17799? 2/20 Aim: Creating
More informationM&A Cyber Security Due Diligence
M&A Cyber Security Due Diligence Prepared by: Robert Horton, Ollie Whitehouse & Sherief Hammad Contents Page 1 Introduction 3 2 Technical due diligence goals 3 3 Enabling the business through cyber security
More informationGRC Maturity. Benchmarking Your GRC Program. October 2014
GRC Maturity Benchmarking Your GRC Program October 2014 Michael Rasmussen, J.D., GRCP, CCEP The GRC Pundit @ GRC 20/20 Research, LLC OCEG Fellow @ www.oceg.org Are you truly aware of your risks? Never
More informationCISO MASTERCLASS FOR SENIOR EXECUTIVES 2 DAYS
CISO MASTERCLASS FOR SENIOR EXECUTIVES 2 DAYS CISO MASTERCLASS FOR SENIOR EXECUTIVES Introduction The CISO (Chief Information Security Officer) boot camp does not focus on technical knowledge but on the
More informationCA Security Management
CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate
More informationData Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016
Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data
More informationThe GDPR data just got personal
GDPR QUICK REFERENCE GUIDE The GDPR data just got personal What it is, what it means and how it affects you The GDPR is a gamechanger for organizations holding, and protecting, personal, identifiable data
More informationSix Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP
Six Weeks to Security Operations The AMP Story Mike Byrne Cyber Security AMP 1 Agenda Introductions The AMP Security Operations Story Lessons Learned 2 Speaker Introduction NAME: Mike Byrne TITLE: Consultant
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Logistics Start Time Breaks End Time Fire escapes Instructor Introductions Introduction to Information Security Management
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationDemystifying GRC. Abstract
White Paper Demystifying GRC Abstract Executives globally are highly focused on initiatives around Governance, Risk and Compliance (GRC), to improve upon risk management and regulatory compliances. Over
More informationGRC SURVEY RESULT Please indicate your profession
COPENHAGEN?=! CO?=! MPLIANCE T o p i c a l a n d T i m e l y Riskability GRC Controllers Governance, Risk & Compliance COPENHAGEN?=! CHARTER Bribery, Fraud & Corruption GRC SURVEY RESULT. Please indicate
More informationSustainable Security Operations
Sustainable Security Operations Optimize processes and tools to make the most of your team s time and talent The number and types of security incidents organizations face daily are steadily increasing,
More informationEMC Ionix IT Compliance Analyzer Application Edition
DATA SHEET EMC Ionix IT Compliance Analyzer Application Edition Part of the Ionix Data Center Automation and Compliance Family Automatically validates application-related compliance with IT governance
More informationIT Audit Process. Prof. Mike Romeu. January 30, IT Audit Process. Prof. Mike Romeu
January 30, 2017 1 Corporate Structures Shareholders Governance Level: Board of Directors External Director CFO CEO Legal Counsel External Director Responsible for: Evaluate Direct Monitor Internal Directors
More informationACL Interpretive Visual Remediation
January 2016 ACL Interpretive Visual Remediation Innovation in Internal Control Management SOLUTIONPERSPECTIVE Governance, Risk Management & Compliance Insight 2015 GRC 20/20 Research, LLC. All Rights
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationBRING EXPERT TRAINING TO YOUR WORKPLACE.
BRING EXPERT TRAINING TO YOUR WORKPLACE. ISACA s globally respected training and certification programs inspire confidence that enables innovation in the workplace. ISACA s On-Site Training brings a unique
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationSample Exam. Advanced Test Automation - Engineer
Sample Exam Advanced Test Automation - Engineer Questions ASTQB Created - 2018 American Software Testing Qualifications Board Copyright Notice This document may be copied in its entirety, or extracts made,
More informationSecurity and Architecture SUZANNE GRAHAM
Security and Architecture SUZANNE GRAHAM Why What How When Why Information Security Information Assurance has been more involved with assessing the overall risk of an organisation's technology and working
More informationRisk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23
Risk: Security s New Compliance Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Agenda Market Dynamics Organizational Challenges Risk: Security s New Compliance
More informationRSA Advanced Cyber Defence Summit
Lee Edge Head Archer Business UK&I RSA Advanced Cyber Defence Summit London 30-April-2015 1 64% 8% 2014 Gartner CEO and Senior Executive Survey: 'Risk-On' Attitudes Will Accelerate Digital Business. 2
More informationARCHIVE ESSENTIALS
EMAIL ARCHIVE ESSENTIALS KEY CONSIDERATIONS WHEN MOVING TO OFFICE 365 DISCUSSION PAPER PREFACE The last few years have seen significant changes in the way that organisations conduct business. There has
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More information21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING
WWW.HCLTECH.COM 21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING THE AGE OF DISRUPTION: THE AGE OF CYBER THREATS While the digital era has brought with it significant advances in technology, capabilities
More informationSTANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange
STANDARD INFORMATION SHARING FORMATS Will Semple Head of Threat and Vulnerability Management New York Stock Exchange AGENDA Information Sharing from the Practitioner s view Changing the focus from Risk
More informationGOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI
GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI CONTENTS Overview Conceptual Definition Implementation of Strategic Risk Governance Success Factors Changing Internal Audit Roles
More informationSAP security solutions Is your business protected?
www.pwc.com SAP security solutions Is your business protected? SAP security overview Background SAP Security is becoming more difficult to control due to a constantly evolving compliance landscape and
More informationAchieving effective risk management and continuous compliance with Deloitte and SAP
Achieving effective risk management and continuous compliance with Deloitte and SAP 2 Deloitte and SAP: collaborating to make GRC work for you Meeting Governance, Risk and Compliance (GRC) requirements
More information2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers
2017 PORT SECURITY SEMINAR & EXPO ISACA/CISM Information Security Management Training for Security Directors/Managers Agenda Introduction ISACA Information security vs. cybersecurity CISM certification
More informationBHConsulting. Your trusted cybersecurity partner
Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised
More informationISO/ IEC (ITSM) Certification Roadmap
ISO/ IEC 20000 (ITSM) Certification Roadmap Rasheed Adegoke June 2013 Outline About First Bank Motivations Definitions ITIL, ISO/IEC 20000 & DIFFERENCES ISO/ IEC 20000 Certification Roadmap First Bank
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationSecurity. Made Smarter.
Security. Made Smarter. Your job is to keep your organization safe from cyberattacks. To do so, your team has to review a monumental amount of data that is growing exponentially by the minute. Your team
More informationSTEP Data Governance: At a Glance
STEP Data Governance: At a Glance Master data is the heart of business optimization and refers to organizational data, such as product, asset, location, supplier and customer information. Companies today
More informationBusiness Architecture Implementation Workshop
Delivering a Business Architecture Transformation Project using the Business Architecture Guild BIZBOK Hands-on Workshop In this turbulent and competitive global economy, and the rapid pace of change in
More informationBCM s Role in Effective Risk Management: A Risk Manager s Point of View
BCM s Role in Effective Risk Management: A Risk Manager s Point of View Date: March 24, 2015 Presenter: Randall Davis, MBA, IBD, CPCU, ERM, ARM, ARM E, ABCP Agenda for this session Explore the case for
More informationGDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018
GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018 GDPR Roadmap Continuous Awareness Program Implement Privacy Solutions Intergrade Privacy into
More informationARCHIVE ESSENTIALS: Key Considerations When Moving to Office 365 DISCUSSION PAPER
EMAIL ARCHIVE ESSENTIALS: Key Considerations When Moving to Office 365 DISCUSSION PAPER preface The last few years have seen significant changes in the way organisations conduct business. There has been
More informationHow to Become a DATA GOVERNANCE EXPERT
How to Become a DATA GOVERNANCE EXPERT You re already a data expert. You ve been working with enterprise data for years. You ve seen the good, the bad, and the downright ugly. And you ve watched the business
More informationMultimodality and accessibility. Charlotte Magnusson Certec, Department of Design Sciences, Lund University Sweden
Multimodality and accessibility Charlotte Magnusson Certec, Department of Design Sciences, Lund University Sweden Certec, http://www.certec.lth.se Division of Rehabilitation Engineering Research Department
More informationAligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert
Aligning IT, Security and Risk Management Programs Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert Challenges to Risk Management & Governance Balancing extensive requirements
More informationA Working Paper of the EastWest Institute Breakthrough Group. Increasing the Global Availability and Use of Secure ICT Products and Services
A Working Paper of the EastWest Institute Breakthrough Group Increasing the Global Availability and Use of Secure ICT Products and Services August 5, 2015 The EastWest Institute (EWI) is leading a Global
More informationSymantec Data Center Transformation
Symantec Data Center Transformation A holistic framework for IT evolution As enterprises become increasingly dependent on information technology, the complexity, cost, and performance of IT environments
More informationCloud Security. Copyright Ramesh Nagappan. All rights reserved.
Cloud Security 1 Cloud Security Week 1 Lecture 1 Ramesh Nagappan Harvard University Extension School Brandeis University GPS 2 Week 1 Lecture - 1 Course Introduction Evolution of Cloud Computing Introduction
More informationOptimisation drives digital transformation
January 2017 Executive summary Forward-thinking business leaders are challenging their organisations to achieve transformation by harnessing digital technologies with organisational, operational, and business
More informationInstitute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI
Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee
More informationREPORT 2015/149 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/149 Audit of the information and communications technology operations in the Investment Management Division of the United Nations Joint Staff Pension Fund Overall results
More informationBetter together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com
Better together KPMG LLP s GRC Advisory Services for IBM OpenPages implementations kpmg.com KPMG A leader in GRC services KPMG LLP (KPMG) is the U.S. member firm of the KPMG global network of professional
More informationBig data privacy in Australia
Five-article series Big data privacy in Australia Three actions you can take towards compliance Article 5 Big data and privacy Three actions you can take towards compliance There are three actions that
More informationGRC 3.0 is GRC by Design
GRC 3.0 is GRC by Design Taking an Architecture Approach to GRC October 2013 Michael Rasmussen, J.D., GRCP, CCEP Chief GRC Pundit @ GRC 20/20 Research, LLC OCEG Fellow @ www.oceg.org The Winchester Mystery
More informationExperiences in Data Quality
Experiences in Data Quality MIT IQIS 2010 Annette Pence July 14-16, 2010 Approved for Public Release: 10-0686 Distribution Unlimited As a public interest company, MITRE works in partnership with the government
More informationThe Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory
The Future of IT Internal Controls Automation: A Game Changer January 2018 Risk Advisory Contents Introduction 01 Future Operating Models for Managing Internal Controls 02 Summary 07 Introduction Internal
More informationCyber Security in Smart Commercial Buildings 2017 to 2021
Smart Buildings Cyber Security in Smart Commercial Buildings 2017 to 2021 Published: Q2 2017 Cyber Security in Smart Buildings Synopsis 2017 This report will help all stakeholders and investors in the
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationData center automation: realizing rapid value. Automation and business transformation. Business white paper
Data center automation: realizing rapid value Business white paper and business transformation For generations, businesses have seen automation as the answer to inefficiency. Today it is used as much to
More informationData Protection and GDPR
Data Protection and GDPR At DPDgroup UK Ltd (DPD & DPD Local) we take data protection seriously and have updated all our relevant policies and documents to ensure we meet the requirements of GDPR. We have
More informationTrusted Identities. Foundational to Cloud Services LILA KEE CHIEF PRODUCT OFFICER GLOBALSIGN
Trusted Identities Foundational to Cloud Services LILA KEE CHIEF PRODUCT OFFICER GLOBALSIGN WHAT YOU WILL LEARN TODAY Strong identity verification as a security measure and business enabler Authentication
More informationCOBIT 5 With COSO 2013
Integrating COBIT 5 With COSO 2013 Stephen Head Senior Manager, IT Risk Advisory Services 1 Our Time This Evening Importance of Governance COBIT 5 Overview COSO Overview Mapping These Frameworks Stakeholder
More informationIBM Software IBM InfoSphere Information Server for Data Quality
IBM InfoSphere Information Server for Data Quality A component index Table of contents 3 6 9 9 InfoSphere QualityStage 10 InfoSphere Information Analyzer 12 InfoSphere Discovery 13 14 2 Do you have confidence
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationIMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES
IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES Introductions Agenda Overall data risk and benefit landscape / shifting risk and opportunity landscape and market expectations Looking at data
More informationChallenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9
HAWK Overview Agenda Contents Slide Challenges 3 HAWK Introduction 4 Key Benefits 6 About Gavin Technologies 7 Our Security Practice 8 Security Services Approach 9 Why Gavin Technologies 10 Key Clients
More informationOVERVIEW BROCHURE GRC. When you have to be right
OVERVIEW BROCHURE GRC When you have to be right WoltersKluwerFS.com In response to today s demanding economic and regulatory climate, many financial services firms are transforming operations to enhance
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationEndpoint Security Can Be Much More Effective and Less Costly. Here s How
Endpoint Security Can Be Much More Effective and Less Costly Here s How Contents Introduction More is not always better Escalating IT Security Budgets Ineffective management Need of the hour System management
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationTHALES DATA THREAT REPORT
2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security INDIA EDITION EXECUTIVE SUMMARY #2018DataThreat THE TOPLINE Rising risks for sensitive data in India In India, as in the rest of the
More informationGeneral Data Protection Regulation (GDPR) The impact of doing business in Asia
SESSION ID: GPS-R09 General Data Protection Regulation (GDPR) The impact of doing business in Asia Ilias Chantzos Senior Director EMEA & APJ Government Affairs Symantec Corporation @ichantzos Typical Customer
More informationE X E C U T I V E B R I E F
Create a Better Way to Work: OpenText Suite 16 & OpenText Cloud 16 Over the next five years, executives expect digital disruption to displace four out of 10 incumbents or 40 percent of established market
More informationGDPR: The Day After. Pierre-Luc REFALO
GDPR: The Day After Pierre-Luc REFALO The speaker: Pierre-Luc REFALO Global Head of Strategic Cybersecurity Consulting 25+ years in Information & Cyber Security consultancy CISO for SFR & Vivendi Universal
More information