IT GRC Best Practices deck used in the "7 Myths of GRC Initiatives" webinar featuring SecureAware

1. The 7 Myths of GRC Initiatives

2. Today’s Agenda - 35 minutes About Lightwave Security Why GRC GRC Myths Countering the Myths Our Solution 2

4. Established in 2006 and comprised of industry veterans

5. Servicing Global Enterprise, Commercial and Government

6. Located in Atlanta, GA with multi-location presence in USA

7. Focused on Automated IT GRC Solutions and Services

8. Exclusive distributor of SecureAware® in North America Learn more at www.lightwavesecurity.com 3

9. SecureAware® SecureAware®, an all-in-one platform for compliance, best practices and security awareness that incorporates an automated compliance workflow system built in accordance with ISO international standards. It currently supports ISO 2700x, PCI DSS, and CoBIT 4.1 frameworks out-of-the box 4

12. Risk exposures

13. Security practices

14. Compliance requirements

15. Satisfy the Auditors

16. Communicate with Regulators6

17. Aberdeen Group Report 7 Effective GRC Management Positioning Your Company for Growth December 2010 In-depth and comprehensive look into process, procedure, methodologies, and technologies with best practice identification and actionable recommendations. Download from http://www.lightwavesecurity.com/grc_report.html

19. Review of capabilities and enabling technologies that help improve financial and operational control

20. Identify best practices and current initiatives in enterprise GRC management8

22. Parent companies continue to be concerned about management standards across their constituent companies, operational risks, and the ability to comply in a dynamic regulatory environment9

24. Organizations must closely track and manage their processes against regulations that vary widelyThe global economy necessitates expediting key processes and mitigating risks 10

26. Provide clear visibility of management directives to the staff

27. Ensure initiatives are properly executed in a timely manner

28. Maintain top priorities on the executive's agenda11

31. Performing an accurate risk assessment to formulate mitigation strategies

32. Work effectively with government and regulatory bodies to ensure business compliance13

35. Address problems associated with financial and operational controlThis traditional approach relegates GRC to a Cost Center, not a business enabler 15

37. Attracting new customers through liability-reductionBest-in-class companies view GRC solutions and services as key elements to their growth strategy 16

39. GRC prevents executives from being able to understand the impact of risk on overall corporate performancein a timely manner17

41. In these organizations, executives are able to understand the impact of risk on overall corporate performance18

43. GRC is too generic and can’t generate enough data to identify the sources of issues in my complex organization

44. We need both Quantitative and Qualitative data and GRC can't supply both19

46. Both qualitative and quantitative feedback can be collected from various departments, at various levels, to validate the success of the strategy

47. GRC scales to large, complex organization20

49. Management can’t get easily get mission-critical risk data that impacts corporate objectives21

51. Best-in-Class companies leverage this centralized repository to maintain GRC information to provide visibility into to management directives, risk elements, and regulatory changes22

53. Getting real-time data out of a GRC program is nearly impossible, so I can’t get actionable information23

55. Best-in-Class companies are therefore better at measuring how well their staff is following management directives

56. Timely tracking of corporate governance effectiveness enables executives to ensure the alignment of staff execution to enterprise objectives24

58. Our data is created by people, and they understand it best

59. Our executives are tired of technology solutions25

61. Effective GRC provides an infrastructure that allows executives to concurrently access GRC data / information

62. GRC tears down silos of information, allowing decisions to be made in a quick and informed manner26

63. Myth #7 – GRC is just another “Me Too” project Everyone has tried it, and the benefits don’t exceed the costs The ROI for GRC just isn’t there 27

64. Myth #7 – Busted GRC Differentiates Implementing a GRC program will help to differentiate a company from its competitors GRC provides a quantifiable ROI due to increased agility and growth GRC = Governance, Risk and Compliance OR “Guard Assets, Revenue Enhancement, Cost Reduction” 28

66. Is a competitive differentiator

67. Protects innovation

68. Attract new customers in new markets

69. Facilitates stakeholder action

70. Designed for Executive involvement29

72. Understanding risks in terms of dollar-value impact and corporate brand equity

73. Prioritizing organizational initiatives based on risk level

74. Creating additional revenue opportunities by meeting compliance requirements for selling into new markets / regions30

76. making sure that objectives, risk, regulatory information, and accountability information are made visible to stakeholders ahead of time to enable informed decisions31

78. Align staff accountability to corporate objectives

79. Establish platforms to promote visibility and collaboration on strategic, financial and operational plans32

81. Mapped to policies and procedures

82. Certificate of completion

83. Policies, rules, and procedures

84. PCI, ISO, and COBIT templates

85. Import existing policies

86. Create new policies

87. Rapidly deploy SAT training

88. Compliance gap analysis

89. Internal audit

90. Self assessments

91. Tasks linked to policies

92. Workflow for review & approval

93. Recurring tasks

94. Documents performed activities

95. Gap analysis

96. Business continuity plans

97. BCP structures

98. BCP templates

100. Risk assessment

101. Vulnerability assessment

102. Business impact assessment

103. Business process map with IT systems33

104. Contact Information Thank you for attending our webinar! For a copy of this presentation please send an email to: Erik Rolf Vice President Enterprise GRC Lightwave Security erolf@lightwavesecurity.com 34