ASSOCHAM Thought Leadership Series_Homeland Security_June 2011
Assocham conf grc sept 13
-
Upload
subramanian-k -
Category
Business
-
view
195 -
download
0
description
Transcript of Assocham conf grc sept 13
Cyber Governance & Business Assurance in Cyber Era-Challenges Before the Corporates
Prof. K. Subramanian SM(IEEE, USA), SMACM(USA), FIETE, SM(IEEE, USA), SMACM(USA), FIETE,
SMCSI,MAIMA,MAIS(USA),MCFE(USA)SMCSI,MAIMA,MAIS(USA),MCFE(USA)
Founder Director & Professor, Advanced Center for Informatics & Innovative Learning (ACIIL), IGNOU
EX- IT Adviser to CAG of IndiaEx-DDG(NIC), Ministry of Comm. & IT
Emeritus President, eInformation Systems, Security, Audit Association
Former President, Cyber Society of India
22
Agenda• Introduction• Cyber Governance & Governance
components• Risk assurance(Modelling & other
approaches)• Standards & Compliance • Assurance Framework & PPP• Challenges for Technologists & Businesses
3
Notable Quotes"The poor have sometimes objected to being
governed badly; the rich have always objected to being governed at all." G. K. Chesterton
“Ever since men began to modify their lives by using technology they have found themselves in a series of technological traps.” Roger Revelle
“The law is the last interpretation of the law given by the last judge.”- Anon.
“Privacy is where technology and the law collide.” --Richard Smith (who traced the ‘I Love You’ and ‘Melissa viruses’)
"Technology makes it possible for people to gain control over everything, except over technology" John Tudor
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 44
MEDIATING FACTORS:MEDIATING FACTORS: Environment Environment Culture Culture
Structure Structure Standard Procedures Standard Procedures Politics Politics Management Decisions Management Decisions Chance Chance
ORGANIZATIONSORGANIZATIONS INFORMATION INFORMATION TECHNOLOGYTECHNOLOGY
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 5
Principles of Good GovernanceLeadershipSelflessnessIntegrityObjectivityAccountabilityOpennessHonesty
Humane GovernanceShould be CreativeUses Knowledge for
National Wealth and Health creation
Understands the economics of Knowledge
High Morality
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 66
Governance ComponentsProject GovernanceIT GovernanceLegal GovernanceSecurity GovernanceHuman & Humane Governance
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 7
Cyber Governance Components Environmental & ICT Infrastructure
Operational (logistics Integration)
Technology (synergy & Convergence)
Network (multi Modal Network)
Management (HRM & SCM &CRM)
Impact (feed-back correction)
Operational Integration (Functional)
Professional Integration (HR) Emotional/Cultural Integration Technology Integration
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 8
Corporate GovernanceBusiness Assurance Framework
Global Phenomena Combines Code of
UK and SOX of USABasel II & IIIProject GovernanceIT GovernanceHuman & Humane
Governance
India Initiatives1. Clause 492. Basel II & III -RBI3.SEBI- Corporate
Governance Implementation directives
4.Risk management-RBI & TRAI
5. MCA Initiatives
8
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 9
Global issues with Governance ofCyber Space
Information Technology & Business: current status and future
Does IT matter? IT--enabled Business - Role of Information, Information Systems - In business - Role of information technology in enabling
business - IT dependenceChanging Role of the CIOWeb 2.0 and 3.0 and governing cyberspaceeBusiness, eHealth, eBanking, eGovernanceCurrent Challenges and Issues
9
Creating Trust in an Enterprise
Today's information explosion is creating challenges for business and technology leaders at virtually every organization. The lack of trusted information and pressure to reduce costs is on the minds of CEOs and senior executives around the world.
What's required to solve these challenges is a paradigm shift - from generating and managing silos - of information, of talent and skills, of technologies and of projects to an environment where information is a trusted, strategic asset that is shared across the company.
10
11
Transition: InsuranceAudit Assurance &
Assurance Layered Framework Insurance Audit
Pre, Concurrent, Post IT Audit
Environmental Operational Technology Network Financial Management Impact
Electronics Continuous Audit Certification Assurance
Management & Operational Assurance
(Risk & ROI) Technical Assurance
(Availability, Serviceability & Maintainability)
Financial ASSURANCE Revenue Assurance (Leakage & Fraud) Legal Compliance &
Assurance (Governance)
Why Assurance?Competitive Threats & Way Forward
Internal Competition from Liberalization
World Competition from Globalization
Entrenched Competition Abroad
Asymmetry in Scale, Technology, Brands
Industry Shakeouts and Restructuring
Learn more about own Businesses.
Reach out to all Business & Function Heads.
Sharpen Internal Consultancy Competences.
Proactively Seize the Repertoire of MS & Partners
Foster two way flow of IS & Line Talent.
10th september 2013 12Prof. KS@2013 Assocham conf GRC 2013
13
Key Areas of AssuranceKey Areas of Assurance
• OrganizationalOrganizational
- Systems in place to identify & mitigate differing risk perceptions of - Systems in place to identify & mitigate differing risk perceptions of
stakeholders to meet business needs stakeholders to meet business needs
• Supplier Supplier
- Confidence that controls of third party suppliers adequate & - Confidence that controls of third party suppliers adequate & meets meets
organization’s benchmarksorganization’s benchmarks
• Business Partners Business Partners
- Confirmation that security arrangements with partners assess & - Confirmation that security arrangements with partners assess & mitigate mitigate
business riskbusiness risk
• Services & IT Systems Services & IT Systems
- Capability of developers, suppliers of IT services & systems to - Capability of developers, suppliers of IT services & systems to implement effective systems to manage risks to the organization’s implement effective systems to manage risks to the organization’s businessbusiness
14
What and Why of Business What and Why of Business AssuranceAssurance
• Manufacturing: Developing & implementing policies & Manufacturing: Developing & implementing policies & procedures to procedures to ensure operations are ensure operations are efficient, consistent, effective & efficient, consistent, effective & compliant with compliant with lawlaw
• ServicesServices : Process that establishes uninterrupted : Process that establishes uninterrupted delivery of delivery of services to customer and services to customer and protects interest & protects interest & information information
• ProjectProject : Confirmation that business case viable and actual : Confirmation that business case viable and actual costs and time lines in line with plan costs and time lines in line with plan
costs & schedulescosts & schedules
• ObjectiveObjective : Delivers significant commercial value to the : Delivers significant commercial value to the business while fully business while fully
compliant with regulatory compliant with regulatory requirementsrequirements
: To avoid Enron type scandals and comply with : To avoid Enron type scandals and comply with Sarbanes Oxley in US and Clause 49 in India Sarbanes Oxley in US and Clause 49 in India
15
Assurance StakeholdersAssurance Stakeholders
Stakeholders
for business
assurance
Board of Directors
Management
Staff/Employees
Organisation
Customers
Public
Suppliers
Enforcement
& regulatory
authorities
Owner
Creditors
Shareholders
Insurers
Business partners
16
Benefits of Assurance Benefits of Assurance
• Contributes to effectiveness & efficiency of business operationsContributes to effectiveness & efficiency of business operations
• Ensures reliability & continuity of information systemsEnsures reliability & continuity of information systems
• Assists in compliance with laws & regulationsAssists in compliance with laws & regulations
• Assures that organizational risk exposure mitigatedAssures that organizational risk exposure mitigated
• Confirms that internal information accurate & reliableConfirms that internal information accurate & reliable
• Increases investor and lenders confidenceIncreases investor and lenders confidence
17
Benefits of Assurance Benefits of Assurance
• Supports informed decision making at management and Board Supports informed decision making at management and Board levellevel
• Identifies and exploits areas of risk based advantageIdentifies and exploits areas of risk based advantage
• Ability to aggregate business unit risk in multiple jurisdictions & Ability to aggregate business unit risk in multiple jurisdictions & locationslocations
• Demonstrates proactive risk stewardshipDemonstrates proactive risk stewardship
• Establishes a process to stabilize results by protecting them from Establishes a process to stabilize results by protecting them from disturbancedisturbance
• Enables independent directors to decide with comfort and Enables independent directors to decide with comfort and confidenceconfidence
1818
Business - technical G
ove
rnm
en
t
reg
ula
tory
Go
vern
me
nt
deve
lopm
ent
al
Bu
siness –
fina
ncial
Civil society
-
informational
Civil society - technical
ICT operations and maintenance
ICT planning and design
Investment in R & D
Marketing and distribution Project management
and construction Training
Borrowing capacity
Capital investment, eg network expansion
ICT technical solutions
Revenue collection
ICT Risk/venture capital
Sales and promotions
Subsidies
Access to development finance
ICT Regulatory powers – price, quality, interconnections, competition)
ICT Transaction/ concession design
Investment promotion
Legal framework for freedom of information
ICT Infrastructure strategy
ICT skills development
Innovation (high risk), eg community telecentres
Local customer knowledge
Capacity to network
A voice for the socially excluded
Expertise in design of ‘relevant’ content
Knowledge of user demand, eg
technology and information gaps
Capacity to mobilise civil society
Human Capacity ICT technicians in govt, business
and civil societyICT user-awareness and skills
Support for Entrepreneurs
Infrastructure Suitable primary architecture
Suitable secondary technology Acceptable cost/risks of
deploymentUniversal access (rural/urban)Adequate subscriber density
EnterpriseAccess to finance and credit
Supportive property rights and commercial lawDevelopment of ICT suppliers and service SMEs
Stimulation of demand, eg govt ‘leads by example’ through procurement
Policy and RegulationsInvestment promotion and
ownership rulesFair tax regimes for business
and society Transparent policy making
Effective regulatory frameworks (price, quality, interconnection,
competition)Adequate institutional capacity
Content and ApplicationsRelevant to development goals
and user needs, eg voice, e-mail, nat/global connectivity Content compatible with
education, cultural sensitivities and language
Affordable access (equipment, connection and content)
Human Capacity
Infrastructure
Enterprise Content & Applications
Policy and Regulation
strategic compact / partnerships
Civil so
ciety
-
info
rma
tiona
l
Design Parameters
1919
Operational Integration
Professional Integration (HR)
Emotional/Cultural Integration
ICT & Government Business & Services Integration
Multi Technology coexistence and seamless integration
Information Assurance
Quality, Currency, Customization/Personalization
ICE is the sole integrator IT Governance is Important
Managing InterdependenciesCritical IssuesInfrastructure characteristics (Organizational,
operational, temporal, spatial)
Environment (economic, legal /regulatory, technical, social/political)
Coupling and response behavior (adaptive, inflexible, loose/tight, linear/complex)
Type of failure (common cause, cascading, escalating)
Types of interdependencies
(Physical, cyber, logical, geographic)
State of operations
(normal, stressed /disrupted, repair/restoration)
. 20
21
Towards Information Assurance
Increasingly, the goal isn't about information security but about information assurance, which deals with issues such as data availability and integrity.
That means organizations should focus not only on risk avoidance but also on risk management, she said. "You have to be able to evaluate risks and articulate them in business terms“
--Jane Scott-Norris, CISO at the U.S. State Department
22
Up The Value Chain
Enabling to rapidly move up the Governance Evolution Staircase
Strategy/PolicyPeopleProcessTechnology
3. TransactionCompetition
Confidentiality/privacy
Fee for transaction
E-authentication
Self-services
Skill set changes
Portfolio mgmt.
Sourcing
Inc. business staff
BPR
Relationship mgmt.
Online interfaces
Channel mgmt.
Legacy sys. links
Security
Information access
24x7 infrastructure
Sourcing
Funding stream allocations
Agency identity
“Big Browser”
Job structures
Relocation/telecommuting
Organization
Performance accountability
Multiple-programs skills
Privacy reduces
Integrated services
Change value chain
New processes/services
Change relationships(G2G, G2B, G2C, G2E)
New applications
New data structures
Time
2. InteractionSearchable
Database
Public response/ email
Content mgmt.
Increased support staff
Governance
Knowledge mgmt.
E-mail best prac.
Content mgmt.
Metadata
Data synch.
Search engine
1. Presence
Publish
Existing
Streamlineprocesses
Web site
Markup
Trigger
4. Transformation
Cost/Complexity
Define policy and outsource execution
Retain monitoring and control
Outsource service delivery staff
Outsource process execution staff
Outsource customer facing processes
Outsource backend processes
Applications
Infrastructure
Value
5. Outsourcing
Constituent
Evolve PPP model
23
Why information security Governance is important
With security incidents and data breaches having a huge impact on corporations, security governance or oversight by the board and executive management, has assumed importance.
Security governance refers to the strategic direction given by the board and executive management for managing information security risks to achieve corporate objectives by reducing losses and liabilities arising from security incidents
24
Towards Security GovernanceSecurity governance
would lead to development of an information security strategy and an action plan for implementation through a well defined information security program. Governance would lead to establishment of organizational structures and processes and monitoring schemes
For the past few years, IT and security professionals have talked about information technology – and particularly information security – as a "business enabler." Today, it might also be called a "compliance enabler." IT and security organizations have both been on the front lines for compliance efforts and are now being asked to play two pivotal roles:
first, to provide a secure, well-controlled IT environment to improve business performance
and second, to assist the organization in strategically and tactically addressing its governance, risk and compliance requirements
2510th september 2013 Prof. KS@2013 Assocham conf GRC 2013
Threat & Vulnerability Management
Authenticating user identities with a range of mechanisms, such as tokens, biometrics and Public Key Infrastructure
Developing user access policies and procedures, rules and responsibilities and a standardized role structure that helps organizations meet and enforce security standards
Centralizing user data stores in a single enterprise directory that enables increased efficiencies in user administration, access control and authentication
Reducing IT operating costs and increasing efficiency by implementing effective user management to support self-service and automate workflow, and by provisioning and instituting flexible user administration
You need an integrated threat and vulnerability management solution to better monitor, report on and respond to complex security threats and vulnerabilities, as well as meet regulatory requirements.
You need to protect both your own information assets and those you are custodian of, such as sensitive customer data.
You want a real-time, integrated snapshot of your security posture.
You want to correlate events from data emerging from multiple security touch points.
You need support from a comprehensive inventory of known threat exposures.
You need to reduce the cost of ownership of your threat and vulnerability management system
2610th september 2013 Prof. KS@2013 Assocham conf GRC 2013
Risk Identification Assess current security capabilities, including threat management, vulnerability
management, compliance management, reporting and intelligence analysis. Define c Identify technology requirements for bridging security gaps Integrated Security Information Management Develop processes to evaluate and prioritize security intelligence information
received from external sources, allowing organizations to minimize risks before an attack
Implement processes that support the ongoing maintenance, evolution and administration of security standards and policies
Determine asset attributes, such as direct and indirect associations, sensitivity and asset criticality, to help organizations allocate resources strategically
Assist in aggregating security data from multiple sources in a central repository or "dashboard" for user-friendly presentation to managers and auditors
Help design and implement a comprehensive security reporting system that provides a periodic, holistic view of all IT risk and compliance systems and outputs
Assist in developing governance programs to enforce policies and accountability
27
28
9 Rules of Risk Management There is no return without risk
Rewards to go to those who take risks.
Be Transparent Risk is measured, and managed by
people, not mathematical models. Know what you Don’t know
Question the assumptions you make Communicate
Risk should be discussed openly Diversify
Multiple risk will produce more consistent rewards
Sow Discipline A consistent and rigorous approach
will beat a constantly changing strategy
Use common sense It is better to be approximately right,
than to be precisely wrong. Return is only half the question
Decisions to be made only by considering the risk and return of the possibilities.
RiskMetrics Group
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 29
The Insider – Who are They?
Who is an insider? Those who work for the target organization or those having relationships with
the firm with some level of access Employees, contractors, business partners, customers etc.
CSI/FBI Survey key findings (2007-2013) average annual losses $billion in the past year, up sharply from the $350,000
reported previous year Insider attacks have now surpassed viruses as the most common cause of
security incidents in the enterprise 63 percent of respondents said that losses due to insider-related events
accounted for 20 percent of their losses (prevalence of insider criminals may be overblown by vendors of insider threat
tools!)
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 30
Solutions Based on Study RecommendationsPrevention by
Pre-hire screening of employeesTraining and education
Early detection and treat the symptomsAttack precursors exist, some non-cyber events
Establish good audit proceduresDisable access at appropriate timesDevelop Best practices for the prevention and
detectionSeparation of duties and least privilegeStrict password and account management policies
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 31
Threat Modeling
Threat modeling is critical to address securityPrevention, detection, mitigation
There is no universal model yetMostly case-by-caseEfforts are under wayMicrosoft threat modeling tool
Allows one to uncover security flaws using STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege)
Decompose, analyze and mitigate Insider threat modeling essential
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 32
Insider Threat ModelingHow modeling can help you?
An alternative to live vulnerability testing (which is not feasible)
Modeling and analysis will reveal possible attack strategies of an insider
Modeling and risk analysis can help answer the following questions statically:How secure is the existing setup?Which points are most vulnerable?What are likely attack strategies?Where must security systems be placed?
What you cannot modelNon-cyber events – disclosures, memory dumps, etc.
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 33
Information-Centric Modeling University at Buffalo- CEISARE
Developed the concept of a Capability Acquisition Graph for insider threat assessment
Part of a DARPA initiativeBuilt a tool called ICMAP (Information-Centric Modeler
and Auditor Program)Publications in ACSAC 2004, IEEE DSN 2005, JCO 2005,
IEEE ICC 2006, IFIP 11.9 Digital Forensics Conference 2007
CURRICULUM: Computing, mathematical, legal, managerial and informatics
Various CAEs (certified by NSA, DHS), USMA, Syracuse, Buffalo, Stony Brook, Polytechnic, Pace, RIT
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 34
How is a model instance generated? Define the scope of the threat A step-by-step bottom up approach starting with
potential targets Who constructs the model instance?
A knowledgeable security analyst How are costs defined?
Cryptographic access control mechanisms have well-defined costs
Use attack templates, vulnerability reports, attacker’s privilege and the resources that need to be protected
Low, Medium and High – relative cost assignment
Practical Considerations
35
Three Key Issues and 5 Major IT Decisions1.The need to reduce IT
Confusion and Chaos2. Environment demands
Accountability3. Only most Productive
organisations will thrive
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 36
Calder- Moir IT Governance Framework
3737
CIO & CEOCIO & CEO Business Led Info. strategy Business Led Info. strategy
CIO & CMOCIO & CMO Competitive Edge & CVP Competitive Edge & CVP
CIO & CTOCIO & CTO Cost-Benefit Optimization Cost-Benefit Optimization
CIO & CFO Shareholder Value CIO & CFO Shareholder Value MaximizationMaximization
CIO & CHRO Employee Performance and CIO & CHRO Employee Performance and RewardsRewards
CIO & Business Partners Virtual Extended CIO & Business Partners Virtual Extended EnterpriseEnterprise
CXO Internal Strategic AlliancesCXO Internal Strategic Alliances
3838
Capital Productivity (ROI, EVA, MVA)
Material Productivity (60% of Cost)
Managerial Productivity (Information Worker)
Labour Productivity (Enabled by IW)
Company Productivity Micro
Factor Productivity Macro
The Productivity Promise
39
CEO-CTO-CIO-CSO Responsibility
"These systems should ensure that both business and technology managers are properly engaged in identifying compliance requirements and planning compliance initiatives which typically involve complementary adjustments in systems, practices, training and organization"
CXO & IT Governance the roles and
responsibilities for IT governance, highlighting the parts played by the CEO, business executives, CIO, IT steering committee, technology council, and IT architecture review board
40
Four Faces of a CIO &CIO Management Framework
41
For Visioning and Strategic Planning -For Visioning and Strategic Planning -
Scenarios & Simulations.Scenarios & Simulations.
World Class Project Management -World Class Project Management -
Hard and Soft.Hard and Soft.
Implementation andImplementation and
Operational ExcellenceOperational Excellence
DSS, EIS, CRM etc. for DSS, EIS, CRM etc. for
Optimization and Control.Optimization and Control.
Information As Competitive AdvantageInformation As Competitive Advantage
42
Learn more about own Businesses.Learn more about own Businesses.
Reach out to all Business & Function Reach out to all Business & Function Heads.Heads.
Sharpen Internal Consultancy Sharpen Internal Consultancy Competences.Competences.
Proactively Seize the Repertoire of MS & Proactively Seize the Repertoire of MS & PartnersPartners
Foster two way flow of IS & Line Talent.Foster two way flow of IS & Line Talent.
Way ForwardWay Forward
43
Process Governance1. Develop an Aligned
Strategic IT Plan: The step-by-step formatof this methodology willwalk you through ourproven process forcreating a strategic ITplan that is aligned withyour organization's businessobjectives
2. Create a Collaborative Decision-Making Process
As IT impacts morebusiness procedures, morestakeholders will becomeinvolved in the decisionmaking process. Thismethodology helps youdevelop a structured andefficient decision-makingforum.
4444
Process Governance3. Raise the Profile of IT:
By aligning IT planning with organizational goals, IT will become a key player in evaluating the business issues that factor into enterprise-wide decision making
4. Get the Green Light:Keep going
45
Measurement of IT Projects Value and Effectiveness
IT Assessment 1.Validity or Relevance
2.Protectibility 3.Quantifiability 4.Informativeness
5.Generality 6.Transferability 7. Reliability to other parts
of organization
Effectiveness Utility Efficiency Economy Control Security
Assessment of IT Functions
StrategyDeliveryTechnologyPeopleSystems
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013
Standards, Standards, StandardsSecurityAuditInteroperabilityInterface
(systems/devises/comm.)
Architecture/Building Blocks/Reusable
HCI (Human Computer Interface)
ProcessEnvironmental
(Physical, Safety)Data Interchange
& mail messagingLayout/Imprint
4610th september 2013 Prof. KS@2013 Assocham conf GRC 2013
47
Importance of Group Standards -no one standard meets all requirementsISO 27001/BS7799 Vs COBIT Vs CMM & PCMM Vs ITIL
MissionMission
Business ObjectivesBusiness Objectives
Business RisksBusiness Risks
Applicable RisksApplicable Risks
Internal ControlsInternal Controls
ReviewReview
10th september 2013Prof. KS@2013 Assocham conf GRC 2013
48
“IT Regulations and Policies-Compliance & Management”
Pre-requisites physical infrastructure and mind-setPAST: We have inherited a past, for which we cannot be held
responsible ; PRESENT: have fashioned the present on the basis of development
models, which have undergone many mid-course corrections
FUTURE: The path to the future -- a future in which India and Indians will play a dominant role in world affairs -- is replete with opportunities and challenges.
In a number of key areas, it is necessary Break from the past in order to achieve our Vision.
We have within ourselves the capacity to succeed
We have to embrace ICE for Innovation, Creativity, Management, Productivity & Governance
49
“IT Regulations and Policies-Compliance & Management” CREATIVITY VS COMMAND CONTROL
Too much Creativity results in anarchyToo much command & control Kills Creativity
We Need a Balancing Act In IT Regulations and Policies-Compliance & Management
50
Gouvernance & AssuranceGouvernance & Assurance Maturity ModelMaturity Model
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 51
Assurance in the PPP Environment
52
Governance - Final Message
“In Governance matters Past is no guarantee;
Present is imperfect &
Future is uncertain“
“Failure is not when we fall down, but when we fail to get up”
53
Learning From Experience========================
1. The only source of knowledge is experience. -- Einstein
2. One must learn by doing the thing; for though you think you know it, you have no certainty, until you try. -- Sophocles
3. Experience is a hard teacher because she gives the test first, and the lesson afterwards. -- Vernon Sanders Law
4. Nothing is a waste of time if you use the experience wisely. -- Rodin
54
“To determine how much is too much, so that we can implement appropriate security measures to build
adequate confidence and trust”
“To derive a powerful logic for implementing or not implementing a security measure”
Security/Risk Assurance - Expectations
THANK YOUFor Interaction:
Prof. K. [email protected]
[email protected]: 011-22723557
Let us Assure Good Cyber Governance & Business Assurance in Cyber Era