IT Risk Management - the right posture
Upcoming SlideShare
Loading in...5
×
 

IT Risk Management - the right posture

on

  • 523 views

Keynote presentation at IBM seminar on IT Risk Management at Bangalore 27 July 2012

Keynote presentation at IBM seminar on IT Risk Management at Bangalore 27 July 2012

Statistics

Views

Total Views
523
Views on SlideShare
519
Embed Views
4

Actions

Likes
0
Downloads
9
Comments
0

1 Embed 4

http://www.linkedin.com 4

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    IT Risk Management - the right posture IT Risk Management - the right posture Presentation Transcript

    • ENTERPRISE IT RISK MANAGEMENT “EXPLORING THE RIGHT POSTURE” PARAG DEODHAR 27 J 2012 ‐ 27 JULY 2012 BANGALORE
    • EVOLUTION OF IT WITHIN THE ORGANISATION IT  TRANSFORMER ENABLER SUPPORT TEAM27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 2
    • ENTERPRISE RISK & IT & IT • IT is now CORE to Business• Top 3 areas which Audit  Committees want to spend more  time on  (Source: KPMG Survey)27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 3
    • IT RISK MANAGEMENT IS MUCH MORE THAN IT SECURITY• N li i d i f Not limited to information security. It covers all IT l d i i I ll IT‐related risks, including: • Late project delivery Late project delivery • Not achieving enough  value from IT • Compliance C li • Misalignment • Obsolete or inflexible IT architecture • IT service delivery p problems27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 4
    • IT RISK DOES NOT EMANATE FROM THE IT  DEPARTMENT ALONE• Mergers and Acquisitions• Purchasing software as a service• Investing in application enhancements• Outsourcing and offshoring Outsourcing and offshoring• Integrating diverse applications i S li k C – Business Partners, Suppliers, Banks, Customers…• End Users• Consultants and Auditors!!!27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 5
    • WHO OWNS IT RISK? IT R• IT Risk Management ‐ Organisation Structure &  Reporting line – IT team – Risk Management Team – External Vendors – Group Team WHO’S NECK IS ON THE LINE WHEN DISASTER STRIKES?27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 6
    • CIO  CIO REPORT TO THE AUDIT COMMITTEE(Source: KPMG Survey) 27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 7
    • IT R IT RISK UNIVERSE27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 8
    • EMERGING IT RISKS IN THE BORDERLESS ENTERPRISE27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 9
    • MANAGING IT RISKS IT R• N New threats are emerging every day h i d• Basic measures like – Anti‐Virus, Firewalls are no longer  enough• Tools like SIEM, IPS, DLP, DRM… are now standard  requirement  requirement• Only tools are not enough, continuous updates, 24x7  monitoring and response is required monitoring and response is required• Do you have the resources – money, time, human  resources???• What is your risk posture? What do you tell the Board? • How do you manage compliance? y g p27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 10
    • GUIDING PRINCIPLESSource: ISACA27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 11
    • IT R IT RISK MANAGEMENT FRAMEWORK Source: ISACA •Responsibility and  accountability for risk •Risk appetite and tolerance •Awareness and  communication Ri k lt •Risk culture• Key risk indicators (KRIs)•Risk response definition and prioritisation • Risk scenarios Risk scenarios •Business impact  descriptions 27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 12
    • IT R IT RISK – MATURITY MODEL TO ASSESS POSTURESource: ISACA27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 13
    • Its not a Goal – But a journey… Its not a Goal But a journey THANK YOU THANK YOU27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 14