Enterprise Risk Management: Strategie e Soluzioni a …...Enterprise Risk Management: Strategie e...
Transcript of Enterprise Risk Management: Strategie e Soluzioni a …...Enterprise Risk Management: Strategie e...
Enterprise Risk Management:Strategie e Soluzioni a confrontoZeroUno Executive Lunch - Milano 25 Settembre 2008Fabio Battelli, CISSP, CISAPractice Manager - Advisory ServicesSymantec Consulting Services
ZeroUno Executive Lunch
Symantec Global ServicesEnabling Confidence in a Connected World
Global Reach: 4000+ professionals across Americas, EMEA, APAC, Japan
6000+ consulting engagements per year
Deep technology expertise
Consulting company acquisition (Company-i)
Advisory & Solutions enablement skills
Real-world implementation experience
Work with 95% of Fortune 500
Leveraging industry best practices
Professioanls certification (ITIL, CISM, CISSP)
ZeroUno Executive Lunch
Symantec Consulting Services in Italia
• Governance, Risk & Compliance• IT Transformation Services• Business Continuity Management
• Information Foundation• Data Centre Management• Threat Management/IT policy Compliance• Backup & Storage Management
• Operational support• Antivirus and Data Protection op. svcs.• SOC operational services• Brand monitoring and online fraud mgmt.
ZeroUno Executive Lunch
…Ad un aumento della conformità IT, corrisponde una riduzione dei rischi IT
La conformità ed i rischi IT sono strettamente legati….
Risk Management & Compliance
ZeroUno Executive Lunch
Compliance
GovernanceGovernance
Compliance
People
Processes
Technology
RiskGovernance• Crea Valore• Definisce obiettivi ed
aspettative• Individua le Regulation• Definisce regole e
politiche
Risk Management• Individua Minacce,
Vulnerabilità, Probabilità• Seleziona le
contromisure• Stabilisce l’“Asset
Value”• Definisce la strategia di
minitigazione
Compliance• Definisce i controlli• Lega i controlli alle politiche• Fornisce evidenze
Governance, Risk & Compliance
• Dimostra la “due diligence”
Risk
ZeroUno Executive Lunch Symantec IT Security Risk Management & Compliance
Risk Management: Metodologie e soluzioni
ZeroUno Executive Lunch
Risk ManagementTop Issues (Fonte: ENISA)
Principali ostacoli alla gestione del rischio secondo ENISA (European Network and Information Security Agency)...
ZeroUno Executive Lunch
Risk AnalysisThreats or Control
• Disponibilità di dati storici inerenti la probabilità di accadimento• Per Industry Specifiche (es. Banking)• Prevalenza del metodo Quantitativo (es. Valutazione monetaria)
• Ottenere risultati con rapidità, soprattutto nelle grandi organizzazioni• Valutare conformità a Standard e Regulation• Prevalenza del metodo Qualitativo
ZeroUno Executive Lunch Advisory Service Overview 16
Governance, Risk & Compliance (GRC) Process Automation
ZeroUno Executive Lunch
Symantec’s Automated IT Compliance Approach
Assess Infrastructure and Processes
Assess Report RemediateDefine
Assess Risk andRemediateProblems
Monitor andDemonstrateDue Care
Determine Riskand Develop Policies
TECHNICAL CONTROLS
DASHBOARDS
AUDIT REPORTS
RISK ASSESSMENTS
RISK WEIGHTEDREMEDIATION
PROCEDURALCONTROLS
POLICIES and CONTROLS
ZeroUno Executive Lunch 18
Copyright © 2007 Symantec Corporation. All rights reserved.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Thank You!
Fabio BattelliPractice Manager - Advisory Consulting [email protected]+39 3351860905