The Role of Public Sector Audit and Risk Committees in Cybersecurity & Digital Transformation. ISACA All Rights Reserved.

Similar documents
Risk Based IT Auditing Master Class. Unlocking your World to a Sea of Opportunities

BRING EXPERT TRAINING TO YOUR WORKPLACE.

IT Strategic Planning: Making Your IT Organization Efficient and Effective

ISACA International Perspective

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Certified in the Governance of Enterprise IT Training - Brochure

CISM Certified Information Security Manager

A Global Look at IT Audit Best Practices

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Table of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING

IT risks and controls

Business Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

Security and Privacy Governance Program Guidelines

What is IT Governance and Why is it Important?

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

The Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA

ISACA Enterprise. Solutions and Resources

Cloud solution consultant

Developed and Prepared by Institute for Digital Business Strategy (IDBS) Brackenfell, Cape Town South Africa

Cyber Risks in the Boardroom Conference

Cloud solution consultant

COPYRIGHTED MATERIAL. Index

Invest in. ISACA-certified professionals, see the. rewards.

HCL GRC IT AUDIT & ASSURANCE SERVICES

THE POWER OF TECH-SAVVY BOARDS:

MY CERTIFICATION HELPED ME GET HERE. MY MEMBERSHIP HELPS KEEP ME HERE.

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

COBIT 5 With COSO 2013

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Risk Advisory Academy Training Brochure

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

BCS Certificates in VeriSM Foundation, Essentials and Plus

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert

Table of Contents. Preface xiii PART I: IT GOVERNANCE CONCEPTS. Chapter 1: Importance of IT Governance for All Enterprises 3

Survey Report Industry Survey. Data Governance, Technology & Analytics Trends Q1 2014

Supporting the Cloud Transformation of Agencies across the Public Sector

2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers

Helping you understand the impact of GDPR.

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Oracle Buys Palerra Extends Oracle Identity Cloud Service with Innovative Cloud Access Security Broker

NOVEMBER 2017 Leading Digital Transformation Driving innovation at scale Marc Leroux Executive Evangelist/Digital ABB

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

EXAM PREPARATION GUIDE

Implementation PREVIEW VERSION

Introduction. ISNR Abu Dhabi 2020 Program. Participation & Partnership Opportunities

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

ISO 27001:2013 certification

How ISO can assist with your GDPR compliance

Strategic Security Analyst

Cyber Security: Are digital doors still open?

Leading our discussion today

EXIN BCS SIAM Foundation. Sample Exam. Edition

DELIVERING SIMPLIFIED CYBER SECURITY JOURNEYS

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Managing IT Risk: The ISACA Risk IT Framework. 1 st ISACA Day, Sofia 15 October Charalampos (Haris)Brilakis, CISA

BECOME TOMORROW S LEADER, TODAY. SEE WHAT S NEXT, NOW

Next Generation Policy & Compliance

COBIT 5 Assessor Certification Course

Securing Your Digital Transformation

Getting Security Right: The CISO of the Future

Oracle Buys Automated Applications Controls Leader LogicalApps

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

ROLE DESCRIPTION IT SPECIALIST

Report of the Nominating Committee

ADDING BUSINESS VALUE THROUGH EFFECTIVE IT SECURITY MANAGEMENT

Think Vulnerability Management Has Been Commoditized? You're using the wrong vendor.

Position Description IT Auditor

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

Achieving effective risk management and continuous compliance with Deloitte and SAP

CYBERSECURITY: E-COMMERCE, GOVERNANCE AND APPLIED CERTIFICATIONS A ROUNDTABLE DISCUSSION 15 DECEMBER 2015

Spring Education Conference. Securing the Organization (Ensuring Trustworthy Systems)

REPORT 2015/010 INTERNAL AUDIT DIVISION

ISACA 2017 OVERVIEW. 3º Fórum IBGP de Tecnologias da Informação. Paulo Henrique Abreu Moreira. Brasília Chapter Associate & CSX Director 08/11/2017

ROI for Your Enterprise Through ISACA A global IS association helping members achieve organisational success.

CLOUD ANALYTICS: GIVING YOU THE WINNING HAND

Course List & Pricing Crest Advisory Africa

Simplifying Information Sharing Across Security Boundaries. Deep-Secure Overview 12 th November 2013, Prague. Presentation to.

Day One Success for DevSecOps and Automation on Azure

Cybersecurity. Securely enabling transformation and change

Run the business. Not the risks.

EU General Data Protection Regulation (GDPR) Achieving compliance

Position Title: IT Security Specialist

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

Manchester Metropolitan University Information Security Strategy

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Planning and Implementing ITIL in ICT Organisations

Leading the Digital Transformation from the Centre of Government

ISO/IEC ISO/IEC White Paper

COBIT 5 Foundation Certification Training Course - Brochure

- OQSF - Occupational Qualifications Sub-framework

Making hybrid IT simple with Capgemini and Microsoft Azure Stack

Course List & Pricing Crest Advisory Africa

CAPM TRAINING EXAM PREPARATION TRAINING

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

VeriSM Foundation, Essentials and Plus. Preparation Guide. Edition

Transcription:

The Role of Public Sector Audit and Risk Committees in Cybersecurity & Digital Transformation

Tichaona Zororo CIA, CISA, CISM, CRISC, CRMA, CGEIT, COBIT 5 Certified Assessor B.Sc. Honours Information Systems, PGD Computer Auditing Accredited COBIT 5 & Certifications Trainer

Emerging & Merging Technologies - The 4 th Industrial Revolution

Internet of Threats Artificial Intelligence Predictive Analytics Social Media Mobility Cloud Computing Blockchain Drones & Robotics DevOps Augmented Reality Cybersecurity Smart Cities

2017 Internet Users 3.78 Billion 2018 Global Internet Users 4.021 Billion 2018 Global Active Mobile Social Users 2.958 Billion 218 Million Unique Mobile Users increase from 2017 to 2018 2018 Active Social Media Users 3.196 Billion 2017 Active Social Media Users 2.789 Billion 2018 Unique Mobile Users 5.135 Billion

28.66 Million South Africans are active Internet Users. 1.8 Million Increase from 2016 15 Million South Africans are active Social Media Users. 2 Million Increase from 2016 There are 79.91 Mobile Subscriptions in South Africa out of 55.21 South Africans

2018 South Africa Unique Mobile Devices 38 Million 2016 Active Social Media Users in South Africa 18 Million 2018 South Africa Internet Users - 30.81 Million 2018 Active Mobile Social Users 16 Million 2018 Monthly Active Facebook users in South Africa 18 Million

Perpetual development and improvement model Central to a company s ability to test new digital business capabilities and bring them to market rapidly Integration of product development with IT operations Moving code to production every 12 sections DevOps Improved IT operations, improve business efficiency to meet market demands IT operations staffers work closely to test and launch new software features quickly - Breaking traditional barriers Teams would no longer have to wait for signoffs, handoffs, and preparation of test environments when writing code. Those tasks would be managed within the team, with immediate input from development and operations specialists.

Stakeholders Development Operations DevOps Quality Assurance Security

Stakeholders The Business benefits of DevOps: Reduced time to market Faster return on investment High performance Amazon, Google Increased quality Customer satisfaction Reduced IT waste Improved supplier and business partner performance Human errors

Stakeholders Risks Conflicting roles leading to loss of segregation of duties and authentication Release rates faster than business established business metrics Non compliance with some regulations e.g., PCI DSS, HIPAA, Shadow adoption Lack of skills Resistance Traditional assurance providers

King IV TM on Digital Transformation Governance & Cybersecurity

Governing Body Responsibilities Strategy Policy Oversight Accountability 17 Principles & 214 Recommended Practices Governing Body Responsibilities Ethical Culture Good Performance Effective Control Legitimacy

Governance and Cybersecurity of Information and Technology has become critical issues Technology is no longer simply an enabler, the system created by an enterprise provide the platform to deliver its strategic (integrated development plan) and performance (service delivery and budget implementation plan) objectives Information and technology is now the source of many enterprise s future opportunities and potential disruption - Risk and Opportunity are increasingly two sides of the same coin Information and Technology Governance and Cybersecurity should become a recurring item on Audit and Risk Committees agenda

Principle Number 12: The governing body should governance technology and information in a way that supports the organisation setting and achieving its strategic objectives.

8 Practices

Exercise ongoing oversight of information & technology management Assume responsibility for the governance of information and technology Exercise ongoing oversight of the management of information Delegate to Management the responsibility to implement and execute effective information and technology management

Assume responsibility for the governance of information and technology by setting the direction for how information and technology should be approached and addressed in the organisation Related disclosures Consider the need to receive periodic independent assurance on the effectiveness of the organisation s information and technology arrangements including outsourced services Exercise ongoing oversight of the management of technology

King III on IT Governance 9 Chapters and 75 Principles

Chapter 2 Boards & Directors 27 Principles Chapter 3 Audit Committees 10 Principles Chapter 4 The Governance of Risk 10 Principles Chapter 1 Ethical Leadership & Corporate Citizenship 3 Principles Chapter 9 Integrated Reporting & Disclosure 3 Principles Chapter 8 Governing Stakeholder Relationships 6 Principles Chapter 5 The Governance of Enterprise IT 7 Principles Chapter 6 Compliance with Laws, Rules, Codes and Standards 4 Principles Chapter 7 Internal Audit 5 Principles

Principle 5.4: The board should monitor and evaluate significant IT investments and expenditure Principle 5.1: The board should be responsible for information technology (IT) governance Principle 5.5: IT should form an integral part of the company s risk management Principle 5.2: IT should be aligned with the performance and sustainability objectives of the company Principle 5.3: The board should delegate to management the responsibility for the implementation of an IT governance framework The Governance of Enterprise IT Principle 5.7: Principle 5.6: The board should ensure that information assets are managed effectively A risk committee and audit committee should assist the board in carrying out its IT responsibilities

The 10 Core Principles for the Professional Practice of Internal Auditing

Is objective and free from undue influence (independent) Demonstrates quality and continuous improvement Demonstrates integrity Demonstrates competence and due professional care Is appropriately positioned and adequately resourced

Promotes organisational improvement Provides riskbased assurance Aligns with the strategies, objectives, and risks of the organisation Is insightful, proactive, and future-focused Communicates effectively

Cultural Shift

Questions

+27 (0) 11 234 2597 tichaona.zororo Tichaona Zororo tichaonazororo Tichaona Zororo tichaona.zororo@egit.co.za @TichaonaZororo Tichaona Zororo +27 (0) 73 298 9606 EGIT Enterprise Governance of IT (Pty) Ltd

Thank you

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback