Real Time Risk Management
-
Upload
mikepopham -
Category
Technology
-
view
125 -
download
0
description
Transcript of Real Time Risk Management
13 e 14 de Março de 2013
Brasília - BrasilMr. Mike Popham MBA FRSA
PartnerSyndicus IS LLP
[email protected]+44 797 650 4897
2
Proteus® Real Time Risk Operations
Integrated Physical, Environmental, Information, Risk Measures and Controls in Real Time for Measured
ProtectionMr. Mike Popham MBA FRSA
PartnerSyndicus IS LLP
[email protected]+44 797 650 4897
Presentation of Syndicus IS LLP Real Time GRC Operations Service Benefits Multi-faceted Governance, Risk and Compliance Activities Proteus GRC Engine Proteus iGRC Engine Real Time Demonstrator
3
Proteus® Real Time Risk Operations AGENDA
Proteus® Real Time Risk OperationsSYNDICUS INFORMATION SECURITY LLP
Proteus® Real Time Risk MAKING PROTECTION MORE COMPLETE
Information Security Sensors
Environmental Sensors
Physical Security Sensors
Asset Based Risk
Assessment
Impact on Process and Continuity
Health & Safety Controls
Management, Specialists, and Users
facilitating processes together
using best practices, harnessed in
technologies integrated for best protective effect in real time
Real Time Risk Management
Demonstration
Click Heresee
“Geoff Ibbett and Team” 2nd down on right
6
Proteus® Real Time Risk OperationsMULTI-FACETED GRC
Compliance (Gap Analysis) for anyStandard, Regulation, or Legislation
Gather information from subject matter expertsand add value through integration of data
Flexible reporting to enable the auditcommittee to quickly evaluate the company’s risk
A ‘dashboard’ bridges the gap between the complexity of the subject and
senior management
Proteus® Real Time Risk INTEGRATED GRC FACETS
88
Benefits of the Service
Dedicated physical, information, environmental security, H&S controls etc with integrated risk management professionals working to best practice, e.g. ISO 27001, ISO 9001 etc etc to meet the GRC needs of the enterprise
In-depth range of validation measures are included in the service Reports on compliance and risk status and progress are available to the customer
within minutes of data input and analysis Your dedicated information security and risk management professions all work from
a leading GRC engine that interrelates compliance, risk and business continuity status into the process oriented business impact assessment
Departmental specific GRC performance is available GRC engine integrates with fraud and cyber/network sensors/agents for real time
risk management
Proteus® Time Risk Operations SERVICE BENEFITS
9
Controlling the Enterprise
Centralized Asset Register Single Repository for Policies and Documents, plus dissemination and e-examination Gap analysis – status of alignment to standards and non-conformities Identification of impact of risk on assets and business processes Integrates incident management and mitigation / improvements Consistent and easy visibility of global reporting Rapid installation, via the web as necessary Designed for configurability Extensions available, e.g. active directory, single sign on Intuitive interface and multi-site access worldwide, via the web Transforms governance dynamics Provides new opportunities and significant improvements in governance, risk and compliance BIA, BCP, assigning tasks and accountability, action planner and work-flow sign-off Offers tangible productivity enhancements (capacity building) Extends to operations domain via Proteus iGRC Offers a real return on investment
Proteus® Real Time Risk OperationsTRANSFORMING ENTERPRISE CONTROL
1010
Referencing Best Practice
Supports a set of rules and has a capacity for rapid transition / integration rules customizable (2 months)
ISO 27001, Information Security Management, ISMS / ISMS BS 25999 (ISO 22301) - Business Continuity Management PCI DSS - Payment Card Industry Data Security BS 10012 - Data Protection, Specification for a Personal Information Management
System ISO 9001 - Quality management of businesses ISO 14001 - Environmental Management ISO 20000 - Service Management, Information, products and services to support Cobit 4.1 - Control Objectives for Information and related Technology Physical Controls
Proteus® Real Time Risk OperationsSPREAD OF BEST PRACTICES
Governance, Policies,
Processes, Procedures
Management
International Standards
ISO
Proteus Enterprise
Risk, BIA, BCM,
Threats and Mitigations
1111
Multi-Disciplinary Teams
Preparing the organization for the future Achieve compliance, perform risk management, assess impacts, demonstrate proper governance Conduct real time risk management operations via sensors and agents, e.g.:
Physical security controls Information security controls Health and safety controls Environmental controls Risk measures Service Continuity
Proteus® Real Time Risk OperationsSENSORS/AGENTS IN THE MIX
No Delays Reporting Status
Assets control Central Panel, Dashboard Overview cover losses Chart threats Risk Analysis and Evaluation Operational impact Financial Impact State regulatory Extensions Real time interface
12
Proteus® Real Time Risk Operations REPORTS STATUS NOW
13
Proteus® Real Time Risk Operations FIRST TO MARKET WITH PATENT
14
Proteus® Real Time Risk Operations WIDEST POSSIBLE INTEGRATION SCOPE
Normal Operations
anomaly detection, anti-virus, data security, enterprise security, federated identity, intrusion detection and prevention, malware and malware removal, messaging security, multifactor authentication, patch management, PC security, secure remote administration, security policy management, threat management, transaction monitoring, user authentication, web security, log management and analysis (SIEM), configuration assessment / vulnerability detection
Cards (present and not present)
anomaly detection, federated identity, messaging security, multifactor authentication, security policy management, threat management, transaction monitoring, user authentication, web security, log management and analysis (SIEM), configuration assessment / vulnerability detection
Internet, Mobile channels, and POS Channels
anti-virus, collaboration security, data security, enterprise security, federated identity, malware and malware removal, messaging security, multifactor authentication, patch management, PC security, secure remote administration, security policy management, threat management, transaction monitoring, user authentication, web security, log management and analysis (SIEM), configuration assessment / vulnerability detection
Detection systems deployed in Proteus® iGRC (Banking Example)
15
Real Time Risk Management Demonstration
Click Heresee
“Geoff Ibbett and Team” 2nd down on right
Increased complexity due to cyber and terrorist threats
Physical Controls Management Environmental Controls Management Information Security Controls Management Health and Safety Controls Management Action Plans and On-Line Audits Business Impact Assessments Business Continuity Assessments
Proteus® Real Time Risk Operations VIEW THE DEMONSTRATOR
16
Proteus® Real Time Risk Operations CONTACT THE TEAM
Mr. Mike Popham MBA FRSAPartner
Syndicus IS [email protected]
+44 797 650 4897
Syndicus Information Security LLP, Suite 36, 88-90 Hatton Garden, Holborn,
London, EC1N 8PG, UK +44 (0)845 260 2465
[email protected] www.syndicusis.com
Workshops
• Cyber protection technologies• Governance, risk and compliance • Real Time Risk management• Review of latest cyber sensors and agents:• Their benefits and effects• Current gaps in protective capability• Cyber risk management techniques:• Cyber protection best practice• Extension of best practice into managed reality• Business impact analysis • Governance in era of advanced GRC technology• Transformational for cyber protection