Managing Risk Enabling Growth Through … Risk – Enabling Growth Through Compliance! Alex Sinvani...
Transcript of Managing Risk Enabling Growth Through … Risk – Enabling Growth Through Compliance! Alex Sinvani...
Highlight text
Please mark which point you
has reached in the agenda
Use Orange to highlight the
Agenda point
Get the grey color back,
use the last light grey colorcell
Headline are written here in one line
Section title (Arial Regular, 24/26 pt) Second section title Third section title goes here Fourth section title to follow the third Fifth section Sixth section
Nu & fremtid
1. Threat levels will grow – and there will be more serious breaches.
2. Cloud computing will continue to grow – and require new security solutions.
3. Mobile devices will challenge traditional security solutions.
4. Security platforms will continue to converge.
5. Regulation of personally identifiable information (PII) will increase – including
expanding definitions of what PII means.
6. Organisations will increasingly pursue ‘business-centric compliance.’
Kilde: Security 360° Risks and Realities: Inside and Out, 2011
Compliance landskabet
PCI 2.0
ISO 27001
ARROW
BS 25999
SOX
MIFID
BASEL 2
SAS 70
COBIT
ITIL 3.0
nerc
CLERP 9
Rosh /wee
SOLVENCY 2
HIPAA
FERC
SEC
ERM
C49
ISO 14001
ISO 9001
ISO 38001
OMB 123A
HITECH
GLBA
RAC
ISO 27799
ISO 27009
NIST800 14
NIST800 18
NIST800 30
NIST800 33
NIST800 41
FIPS 200
NIST 800
FIPS 199
SAS 109
SAS 110
JSOX
CSOX
Patriot ACT
ESOX
PRIVACY LAW
COSO ISO
31000
PM BOK
SOX ITGC
17799
Tabaks- blat
ISO 27005
ISO 27002
ISO 27010
FFCRA
FDA
357
FCPA
FAA HACCP
257
AML
ICM
CAPA
Goshen
ICM
Stark III
Efterleve regulativer
På forkant med trusler
Fokus på top prioriteter
Bygge bæredygtig risk program
Forbindelse til forretningen
Fra Compliance til Forretning
Average enterprise explores 17
standards and frameworks
38% rely on spreadsheets
and manual documents
Kilde: Symantec 2011 State of the
Enterprise Security Report
Council, 2011
Efterleve regulativer
På forkant med trusler
Fokus på top prioriteter
Bygge bæredygtig risk program
Forbindelse til forretningen
Fra Compliance til Forretning
88% of data breaches are
related to poor IT and
Information security controls
Kilde: Internet Security Alliance,
2011 report
add picture or info
graphic
Efterleve regulativer
På forkant med trusler
Fokus på top prioriteter
Bygge bæredygtig risk program
Forbindelse til forretningen
Fra Compliance til Forretning
When everything is a priority,
nothing is a priority!
Kilde: Almen visdom
Efterleve regulativer
På forkant med trusler
Fokus på top prioriteter
Bygge bæredygtig risk program
Forbindelse til forretningen
Fra Compliance til Forretning
“It all starts by building and
maintaining your systems in a
secure state…only then will you
have the flexibility to adapt
quickly.”
Kilde: CISO Financial Organization
Efterleve regulativer
På forkant med trusler
Fokus på top prioriteter
Bygge bæredygtig risk program
Forbindelse til forretningen
Fra Compliance til Forretning
Efterleve regulativer
På forkant med trusler
Fokus på top prioriteter
Byg bæredygtig risk program
Forbindelse til forretningen
Only 1 in 8 best performing
organizations feel Info Sec can
influence business decisions
Kilde: Information Risk Executive
Council, 2011
Fra Compliance til Forretning
Audit deficiencies in IT
Spend on audit*
> 16
$0.60
9
$1.00
< 3
$0.30
Business downtime - IT disruptions
Associated financial loss
> 60 hours
10% of revenue
28 hours
1% of revenue
< 4 hours
0.1% of revenue
Theft or loss of sensitive information
Associated financial loss
> 16 losses
9.6% of revenue
9 losses
6.4% of revenue
< 3 losses
0.4% of revenue
Level 1
Level 2, 3 & 4
Level 5
Outcomes
* Spend on audit: Audit spend increases for average performing organizations because they start to assess controls more frequently but they still have not automated many of these assessments
Forretningsfordele
IT Policy Compliance Group
Hurtigere identifikation = lavere risiko/omkostninger
• Reducere risiko og omkostninger
dramatisk ved at reducere den tid
det tager for en effektiv respons!
Hvor lang tid tager det at handle fra det tidpunkt et problem opdages?
Ris
iko/om
kost
nin
g
Udbedringstid
Compliance behov
COMPLIANCE
IT Tekniske
Kontroller
Manuelle
Processer og
rutiner
REGULATIVER
Business Risk
Eksterne Interne
IT Risk og Compliance udfordringer
Organisational
Risks
Information
Compliance Governance
Financial
Operational Human
Ressources
Integrity
Compliance ift. Risk