SlideShare a Scribd company logo

GRC– The Way Forward

Download as PPTX, PDF
Rochester Security Summit
Rochester Security Summit

Are you managing GRC in the most effective manner? Is it contributing to business governance or becoming a burden ? We will discuss the current state of GRC and recognized business drivers as well as supportive risk management infrastructures. Strategies for the alignment of business interests with enterprise GRC programs to establish a complete, auditable, less time consuming program which benefits from management visibility and compliance readiness will additionally be presented. Utilize GRC to manage your business, not to burden it. James P Finn, Modulo James has twenty five years experience in security and disaster recovery consulting, managing and delivering enterprise solutions to more than 200 worldwide commercial and government clients. He has held various management and consulting positions in the information security field including as a worldwide IBM Corporate Auditor for Information Security reporting to the Corporation’s Board of Directors and the as the founding Principal of both the IBM and Unisys Security Consulting Practices and as Vice President of Risk Management for Modulo. He has consulted in more than 38 countries (U.S., Asia, Europe, South America) on business, technical security and recovery solutions to assist clients to achieve and maintain effective goverance across the full spectrum of security and business recovery disciplines. James is a Microsoft MSRA trained assessor, a KPMG trained SOX auditor and also holds Business Continuity certifications. He is frequently requested as a speaker at international industry conferences, live webcasts and TV and radio news shows and is the author of over 50 media articles on computer security

Technology
1 of 33
GRC The Way Forward James Finn MODULO james.finn@modulo.com
Agenda • GRC Current State • Business Risk • Risk Management Evolution • GRC Maturity Goals • Your Risk Management • Business Challenges • GRC Automation Best Practices • Questions ?
GRC Current State • A reactive and siloed approach to GRC is a recipe for disaster and leads to . . . • Lack of visibility. A reactive approach to risk and compliance leads to siloed initiatives that never see the big picture. • Wasted and/or inefficient use of resources. Silos of risk and compliance lead to wasted resources. • Unnecessary complexity. Varying risk and compliance approaches introduce greater complexity to the business environment. • Lack of flexibility. Complexity drives inflexibility -the organization is not agile to the dynamic business environment it operates in. • Vulnerability and exposure. A reactive approach leads to greater exposure and vulnerability
Risk Management Challenges • Multiple standards to choose from • Technology focused, not business centric • Control identification required for each standard • Lack of skilled auditors across all platforms • No documented, thorough, consistent methodology • Proper, effective, repeatable analysis not in place • Detailed recommendations not complete • No definable return on investment • No knowledgebase for additional assessments • Management visibility not faciliatated • This can all be automated using GRC software
Risks • Your Brand • Stakeholders (e.g., board, management, employees) • Contractual Relationships (e.g., supply-chain, vendors, contractors) • Informal Relationships (e.g., NGOs, media) • Your business information security and privacy Are you trying to manage a problem or leverage business information ?
Risk Management Evolution Current State • Fragmented silos • Mostly reactionary • Individual projects • Separate from mainstream processes and decision-making • Spreadsheets, spreadsheets, spreadsheets • Limited and fragmented use of technology Future State • Integrated management & performance • Proactive planning & execution • Integrated capability • Embedded within mainstream processes and decision-making • Coordinated transactions & shared data • Architected solutions
GRC Maturity Goals • Achieve business objectives • Enhance organizational culture • Increase stakeholder confidence • Prepare & protect the organization • Prevent, detect & reduce adversity • Motivate /inspire desired conduct • Improve responsiveness & efficiency • Optimize economic & social value
• Automate the manual siloed approach to GRC management – Solution Required: Distributed database driven platform with common policy, asset, reporting and incident repository • Comply with multiple regulations – Solution Required : Effectively manage the policy lifecycle and map multiple policies to common controls • Lower IT and enterprise risk – Solution Required : Consistently measure and communicate risk posture across enterprise • Reduce cost of people resources and IT infrastructure overhead – Solution Required : Automate common tasks and leverage technology in place without adding the complexity of agents Customer Challenges
Business Risk • Where risk is understood and evaluated as part of corporate strategy and performance, it is set in a business context and mapped to corresponding KPI. • Risk management aligned to business strategy results in: – Risk aligned in the context of the business • Risk does not operate as an island unto itself, but is defined and managed in the context of where the business is heading –its goals and objectives • Executives and management should clearly be able to see how risk supports or hinders execution of business strategy – Risk managed within the context of business cycles. – Findings influence strategic planning and investments • Risk management supports and enables the business to execute a strategic plan and maximize return on investments
Effective GRC Solution Comprehensive GRC Solution • Enterprise and IT Risk Management • Compliance Management • Policy Management • Vendor Risk Management • Remediation/Incident/ Exception Management • Security Reporting & Remediation • Business Continuity Management • Audit Management Management Integrated GRC Platform • Multi-language web based platform • Integrated database driven distributed architecture • Extensive knowledge base of frameworks, regulations and best practices • Intelligent dashboard & reporting • Ready to implement with the flexibility to configure • Integration services API • Role based access control • Encrypted
Today's Fragmented Approach Inventory Evaluation Remediation Policies This requires an automated GRC Management approach that brings together silos of risk and compliance into a comprehensive management platform Analysis
Risk Management Process • Sound risk-based decision making is critical to the success of any risk management program • ..enterprises must move toward the formalization of risk management processes with appropriate accountability, transparency and measurability • Risk management must be undertaken as a new approach to addressing business threats Gartner, April 2009 • Business risk is more than operational and financial • Total enterprise risk management includes enterprise IT risk
Best Practices GRC Automation
GRC Tool Manager modules Basic Modules Service Modules GRC Portal Knowledge Management Organization Policy Management Governance Compliance Management Continuity Workflow Home Administration Dashboard Risk Management ERM
Risk Management Cycle • Inventory • People, Process, Technology. Environment • Relevance Levels Inventory • Knowledge Base • Automated Collectors • Web Interviews • In person Interviews Analyze • Reports • Indexes • Charts • Tables Evaluate • Recommendation follow-up • Workflow Manager Treat
SYSTEMS BUSINESS PROCESSES ASSETS Top-Down “Governance” Approach
Eliminate Compliance Silos Laws & Regulations SOX FISMA BASEL II NIST Frameworks 17799 COBIT Evidence DOC BKP PASSWORD Controls PEOPLE POLICY SERVER
GRC tools provides comprehensive support for the most commonly faced regulations, standards & frameworks, and more • A130 • Basel II • BS25999 • COBIT • DIACAP • DOD 8500.2 • FFIEC • FIPS 199 • FISAP • FISMA Sample Frameworks • GLBA • HIPAA • ISO27001 • ISO27002 • ITIL • NERC-CIP • NIST 800-53a • OSHA • PCI DSS • SOX
Comprehensive Knowledge Base, including…Technologies Cisco Router w/IOS 12 Oracle 8 and 9i Microsoft SQL Server 7.0, 2000, 2005. Unix Solaris 8 and 9 Microsoft Exchange 5.5, 2000, 2003 Microsoft IIS 4.0, 5.0, 6.0 SAP AG R/3 4.0B, 4.6D Apache 1.3.27 Windows XP, 2000, 2003, Vista Linux Access Point - WLAN Application System in Production Check Point VPN 1/Firewall 1 NG IBM Lotus Notes R5 Microsoft ISA Server 2000, 2004 PDA Firewalls People IT Technician Senior Manager Security Officers Area or Process Manager End User Processes Developed Application System (15408) Change Management Data and System Backup Systems Continuity Management Contracts with Vendors Business Process Information Flow IT Security Organization ISO 27001 ISO 17799:2005 CobiT 4.0 - IT Process Maturity FISMA PCI Data Security Standard HIPAA – NIST 800-66 BITs - FISAP – AUP and SIG Physical Controls Datacenter Office 350 Knowledge Bases 20,000 Controls 5000 Data Collectors
WebServer Windows Router Oracle Unix Access Control Change Management Physical Controls SOX GLBA HIPAA PCI Basel II The MetaFramework Cobit Automatic Collectors Web Interview or Off-line Collector  Regulations  Standards & Frameworks mapped into ISO 27001 FISAPPCI-DSS GRC METAFRAMEWORK  350 Checklists with 20,000+ Controls  5000 Automatic Evidence Collectors  1200 “Atomic” Control Objective Packets mapped
Contains Knowledge about Controls Why is the control important? How to implement? If NOT implemented to which threats am I susceptible? Where to learn more?
Why is the control important? How to implement? If NOT implemented to which threats am I susceptible? Where to learn more? Knowledge Base
Using Automatic Collectors
Risk Acceptance and Treatment People TechnologyProcessFacility ERP Order Entry Financial IT Department Sales Order Entry Financial IT Department Sales ERP Accept risk and communicate Unacceptable risk send to treatment
Final Results - Samples
Dashboard
Detailed Risk Report
Benefits in using GRC Automation • Saves up to 25% project time due to automatic collectors, evidence storage and automatic report generation • Evidence repository stores artifacts such as access permissions, cryptography and audit logs • Management based on progress indicators • Operational Risk Report that details each non-implemented control’s associated risk level • Role based access control • Ease of common implementation across all GRC responsibilities • Facilitates on-going compliance management • Auditable repository • Perpetual, Leased, Appliance or SaaS licenses
GRC Benefits
GRC SHOULD SERVE YOU YOU SHOULD NOT SERVE GRC
QUESTIONS ?
GRC The Way Forward James Finn MODULO james.finn@modulo.com Rochester 703 336 3058

Recommended

Reform Infographic
Reform InfographicReform Infographic
Reform InfographicBooz Allen Hamilton
 
Cyber Job Fair Job Seeker Handbook Oct 29, 2014, Baltimore, MD
Cyber Job Fair Job Seeker Handbook Oct 29, 2014, Baltimore, MDCyber Job Fair Job Seeker Handbook Oct 29, 2014, Baltimore, MD
Cyber Job Fair Job Seeker Handbook Oct 29, 2014, Baltimore, MDClearedJobs.Net
 
3-D Program Management
3-D Program Management3-D Program Management
3-D Program ManagementBooz Allen Hamilton
 
What's Ahead for EHRs: Experts Weigh In
What's Ahead for EHRs: Experts Weigh InWhat's Ahead for EHRs: Experts Weigh In
What's Ahead for EHRs: Experts Weigh InBooz Allen Hamilton
 
e-commerce - lead generation case study
e-commerce - lead generation case study e-commerce - lead generation case study
e-commerce - lead generation case study movingDneedle
 
Analysis
AnalysisAnalysis
Analysismissstevenson01
 
Hivos Seminar - Dar es Salaam 2010
Hivos Seminar - Dar es Salaam 2010Hivos Seminar - Dar es Salaam 2010
Hivos Seminar - Dar es Salaam 2010Shujaa Solutions Ltd
 
Predicting Mission Success through Improved Data Collection, Reuse and Analysis
Predicting Mission Success through Improved Data Collection, Reuse and AnalysisPredicting Mission Success through Improved Data Collection, Reuse and Analysis
Predicting Mission Success through Improved Data Collection, Reuse and AnalysisBooz Allen Hamilton
 

Recommended

Reform Infographic
Reform InfographicReform Infographic
Reform InfographicBooz Allen Hamilton
 
Cyber Job Fair Job Seeker Handbook Oct 29, 2014, Baltimore, MD
Cyber Job Fair Job Seeker Handbook Oct 29, 2014, Baltimore, MDCyber Job Fair Job Seeker Handbook Oct 29, 2014, Baltimore, MD
Cyber Job Fair Job Seeker Handbook Oct 29, 2014, Baltimore, MDClearedJobs.Net
 
3-D Program Management
3-D Program Management3-D Program Management
3-D Program ManagementBooz Allen Hamilton
 
What's Ahead for EHRs: Experts Weigh In
What's Ahead for EHRs: Experts Weigh InWhat's Ahead for EHRs: Experts Weigh In
What's Ahead for EHRs: Experts Weigh InBooz Allen Hamilton
 
e-commerce - lead generation case study
e-commerce - lead generation case study e-commerce - lead generation case study
e-commerce - lead generation case study movingDneedle
 
Analysis
AnalysisAnalysis
Analysismissstevenson01
 
Hivos Seminar - Dar es Salaam 2010
Hivos Seminar - Dar es Salaam 2010Hivos Seminar - Dar es Salaam 2010
Hivos Seminar - Dar es Salaam 2010Shujaa Solutions Ltd
 
Predicting Mission Success through Improved Data Collection, Reuse and Analysis
Predicting Mission Success through Improved Data Collection, Reuse and AnalysisPredicting Mission Success through Improved Data Collection, Reuse and Analysis
Predicting Mission Success through Improved Data Collection, Reuse and AnalysisBooz Allen Hamilton
 
Infrastructure that can stand the test of time | Accenture
Infrastructure that can stand the test of time | AccentureInfrastructure that can stand the test of time | Accenture
Infrastructure that can stand the test of time | Accentureaccenture
 
2019 Intelligent Technology Index
2019 Intelligent Technology Index 2019 Intelligent Technology Index
2019 Intelligent Technology Index Insight
 
The Impact of COVID-19 on Public Sector IT
The Impact of COVID-19 on Public Sector ITThe Impact of COVID-19 on Public Sector IT
The Impact of COVID-19 on Public Sector ITInsight
 
2018 Insight Intelligent Technology Pulse Survey
2018 Insight Intelligent Technology Pulse Survey2018 Insight Intelligent Technology Pulse Survey
2018 Insight Intelligent Technology Pulse SurveyInsight
 
The Impacts of COVID-19 on Enterprise IT
The Impacts of COVID-19 on Enterprise ITThe Impacts of COVID-19 on Enterprise IT
The Impacts of COVID-19 on Enterprise ITInsight
 
Modernizing IT Operations for Digital Economy
Modernizing IT Operations for Digital EconomyModernizing IT Operations for Digital Economy
Modernizing IT Operations for Digital EconomyBojan Simic
 
The Roadmap to Becoming a Top Performing Organization in Managing IT Operations
The Roadmap to Becoming a Top Performing Organization in Managing IT OperationsThe Roadmap to Becoming a Top Performing Organization in Managing IT Operations
The Roadmap to Becoming a Top Performing Organization in Managing IT OperationsDigital Enterprise Journal
 
Solving Your Top IT Challenges
Solving Your Top IT Challenges Solving Your Top IT Challenges
Solving Your Top IT Challenges Insight
 
Accenture Banking Security Index
Accenture Banking Security IndexAccenture Banking Security Index
Accenture Banking Security Indexaccenture
 
CHIME LIVE Webinar: Digital Maturity in Health Systems – The DigiM Framework ...
CHIME LIVE Webinar: Digital Maturity in Health Systems – The DigiM Framework ...CHIME LIVE Webinar: Digital Maturity in Health Systems – The DigiM Framework ...
CHIME LIVE Webinar: Digital Maturity in Health Systems – The DigiM Framework ...Damo Consulting Inc.
 
Intuition Engineered
Intuition EngineeredIntuition Engineered
Intuition EngineeredCognizant
 
How witch companies are actively acquiring to expand their digital and emergi...
How witch companies are actively acquiring to expand their digital and emergi...How witch companies are actively acquiring to expand their digital and emergi...
How witch companies are actively acquiring to expand their digital and emergi...Damo Consulting Inc.
 
Smart Move: Emergent Technologies Make Their Mark on Public Service
Smart Move: Emergent Technologies Make Their Mark on Public ServiceSmart Move: Emergent Technologies Make Their Mark on Public Service
Smart Move: Emergent Technologies Make Their Mark on Public Serviceaccenture
 
Accelerating enterprise innovation and transformation with 5G and Wi-Fi 6
Accelerating enterprise innovation and transformation with 5G and Wi-Fi 6Accelerating enterprise innovation and transformation with 5G and Wi-Fi 6
Accelerating enterprise innovation and transformation with 5G and Wi-Fi 6aakash malhotra
 
2013 State of the CIO Exec Summary
2013 State of the CIO Exec Summary2013 State of the CIO Exec Summary
2013 State of the CIO Exec SummaryNorman Mayes
 
Platforms for Growth: Technology Innovations in the Insurance Industry
Platforms for Growth: Technology Innovations in the Insurance IndustryPlatforms for Growth: Technology Innovations in the Insurance Industry
Platforms for Growth: Technology Innovations in the Insurance IndustryState Street
 
Who is the Most Influential Tech Purchase Decision Maker - ITDM or BDM
Who is the Most Influential Tech Purchase Decision Maker - ITDM or BDMWho is the Most Influential Tech Purchase Decision Maker - ITDM or BDM
Who is the Most Influential Tech Purchase Decision Maker - ITDM or BDMRobert Eakin
 
Gartner eBook on Big Data
Gartner eBook on Big DataGartner eBook on Big Data
Gartner eBook on Big DataJyrki Määttä
 
Shared Service Centers: Risks & Rewards in the Time of Coronavirus
Shared Service Centers: Risks & Rewards in the Time of CoronavirusShared Service Centers: Risks & Rewards in the Time of Coronavirus
Shared Service Centers: Risks & Rewards in the Time of CoronavirusCognizant
 
The Connected Workforce: Maximizing Productivity, Creativity and Profitability
The Connected Workforce: Maximizing Productivity, Creativity and ProfitabilityThe Connected Workforce: Maximizing Productivity, Creativity and Profitability
The Connected Workforce: Maximizing Productivity, Creativity and ProfitabilityInsight
 
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkAchieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkKevin Fealey
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for SecurityRaffael Marty
 

More Related Content

What's hot

Infrastructure that can stand the test of time | Accenture
Infrastructure that can stand the test of time | AccentureInfrastructure that can stand the test of time | Accenture
Infrastructure that can stand the test of time | Accentureaccenture
 
2019 Intelligent Technology Index
2019 Intelligent Technology Index 2019 Intelligent Technology Index
2019 Intelligent Technology Index Insight
 
The Impact of COVID-19 on Public Sector IT
The Impact of COVID-19 on Public Sector ITThe Impact of COVID-19 on Public Sector IT
The Impact of COVID-19 on Public Sector ITInsight
 
2018 Insight Intelligent Technology Pulse Survey
2018 Insight Intelligent Technology Pulse Survey2018 Insight Intelligent Technology Pulse Survey
2018 Insight Intelligent Technology Pulse SurveyInsight
 
The Impacts of COVID-19 on Enterprise IT
The Impacts of COVID-19 on Enterprise ITThe Impacts of COVID-19 on Enterprise IT
The Impacts of COVID-19 on Enterprise ITInsight
 
Modernizing IT Operations for Digital Economy
Modernizing IT Operations for Digital EconomyModernizing IT Operations for Digital Economy
Modernizing IT Operations for Digital EconomyBojan Simic
 
The Roadmap to Becoming a Top Performing Organization in Managing IT Operations
The Roadmap to Becoming a Top Performing Organization in Managing IT OperationsThe Roadmap to Becoming a Top Performing Organization in Managing IT Operations
The Roadmap to Becoming a Top Performing Organization in Managing IT OperationsDigital Enterprise Journal
 
Solving Your Top IT Challenges
Solving Your Top IT Challenges Solving Your Top IT Challenges
Solving Your Top IT Challenges Insight
 
Accenture Banking Security Index
Accenture Banking Security IndexAccenture Banking Security Index
Accenture Banking Security Indexaccenture
 
CHIME LIVE Webinar: Digital Maturity in Health Systems – The DigiM Framework ...
CHIME LIVE Webinar: Digital Maturity in Health Systems – The DigiM Framework ...CHIME LIVE Webinar: Digital Maturity in Health Systems – The DigiM Framework ...
CHIME LIVE Webinar: Digital Maturity in Health Systems – The DigiM Framework ...Damo Consulting Inc.
 
Intuition Engineered
Intuition EngineeredIntuition Engineered
Intuition EngineeredCognizant
 
How witch companies are actively acquiring to expand their digital and emergi...
How witch companies are actively acquiring to expand their digital and emergi...How witch companies are actively acquiring to expand their digital and emergi...
How witch companies are actively acquiring to expand their digital and emergi...Damo Consulting Inc.
 
Smart Move: Emergent Technologies Make Their Mark on Public Service
Smart Move: Emergent Technologies Make Their Mark on Public ServiceSmart Move: Emergent Technologies Make Their Mark on Public Service
Smart Move: Emergent Technologies Make Their Mark on Public Serviceaccenture
 
Accelerating enterprise innovation and transformation with 5G and Wi-Fi 6
Accelerating enterprise innovation and transformation with 5G and Wi-Fi 6Accelerating enterprise innovation and transformation with 5G and Wi-Fi 6
Accelerating enterprise innovation and transformation with 5G and Wi-Fi 6aakash malhotra
 
2013 State of the CIO Exec Summary
2013 State of the CIO Exec Summary2013 State of the CIO Exec Summary
2013 State of the CIO Exec SummaryNorman Mayes
 
Platforms for Growth: Technology Innovations in the Insurance Industry
Platforms for Growth: Technology Innovations in the Insurance IndustryPlatforms for Growth: Technology Innovations in the Insurance Industry
Platforms for Growth: Technology Innovations in the Insurance IndustryState Street
 
Who is the Most Influential Tech Purchase Decision Maker - ITDM or BDM
Who is the Most Influential Tech Purchase Decision Maker - ITDM or BDMWho is the Most Influential Tech Purchase Decision Maker - ITDM or BDM
Who is the Most Influential Tech Purchase Decision Maker - ITDM or BDMRobert Eakin
 
Gartner eBook on Big Data
Gartner eBook on Big DataGartner eBook on Big Data
Gartner eBook on Big DataJyrki Määttä
 
Shared Service Centers: Risks & Rewards in the Time of Coronavirus
Shared Service Centers: Risks & Rewards in the Time of CoronavirusShared Service Centers: Risks & Rewards in the Time of Coronavirus
Shared Service Centers: Risks & Rewards in the Time of CoronavirusCognizant
 
The Connected Workforce: Maximizing Productivity, Creativity and Profitability
The Connected Workforce: Maximizing Productivity, Creativity and ProfitabilityThe Connected Workforce: Maximizing Productivity, Creativity and Profitability
The Connected Workforce: Maximizing Productivity, Creativity and ProfitabilityInsight
 

What's hot (20)

Infrastructure that can stand the test of time | Accenture
Infrastructure that can stand the test of time | AccentureInfrastructure that can stand the test of time | Accenture
Infrastructure that can stand the test of time | Accenture
 
2019 Intelligent Technology Index
2019 Intelligent Technology Index 2019 Intelligent Technology Index
2019 Intelligent Technology Index
 
The Impact of COVID-19 on Public Sector IT
The Impact of COVID-19 on Public Sector ITThe Impact of COVID-19 on Public Sector IT
The Impact of COVID-19 on Public Sector IT
 
2018 Insight Intelligent Technology Pulse Survey
2018 Insight Intelligent Technology Pulse Survey2018 Insight Intelligent Technology Pulse Survey
2018 Insight Intelligent Technology Pulse Survey
 
The Impacts of COVID-19 on Enterprise IT
The Impacts of COVID-19 on Enterprise ITThe Impacts of COVID-19 on Enterprise IT
The Impacts of COVID-19 on Enterprise IT
 
Modernizing IT Operations for Digital Economy
Modernizing IT Operations for Digital EconomyModernizing IT Operations for Digital Economy
Modernizing IT Operations for Digital Economy
 
The Roadmap to Becoming a Top Performing Organization in Managing IT Operations
The Roadmap to Becoming a Top Performing Organization in Managing IT OperationsThe Roadmap to Becoming a Top Performing Organization in Managing IT Operations
The Roadmap to Becoming a Top Performing Organization in Managing IT Operations
 
Solving Your Top IT Challenges
Solving Your Top IT Challenges Solving Your Top IT Challenges
Solving Your Top IT Challenges
 
Accenture Banking Security Index
Accenture Banking Security IndexAccenture Banking Security Index
Accenture Banking Security Index
 
CHIME LIVE Webinar: Digital Maturity in Health Systems – The DigiM Framework ...
CHIME LIVE Webinar: Digital Maturity in Health Systems – The DigiM Framework ...CHIME LIVE Webinar: Digital Maturity in Health Systems – The DigiM Framework ...
CHIME LIVE Webinar: Digital Maturity in Health Systems – The DigiM Framework ...
 
Intuition Engineered
Intuition EngineeredIntuition Engineered
Intuition Engineered
 
How witch companies are actively acquiring to expand their digital and emergi...
How witch companies are actively acquiring to expand their digital and emergi...How witch companies are actively acquiring to expand their digital and emergi...
How witch companies are actively acquiring to expand their digital and emergi...
 
Smart Move: Emergent Technologies Make Their Mark on Public Service
Smart Move: Emergent Technologies Make Their Mark on Public ServiceSmart Move: Emergent Technologies Make Their Mark on Public Service
Smart Move: Emergent Technologies Make Their Mark on Public Service
 
Accelerating enterprise innovation and transformation with 5G and Wi-Fi 6
Accelerating enterprise innovation and transformation with 5G and Wi-Fi 6Accelerating enterprise innovation and transformation with 5G and Wi-Fi 6
Accelerating enterprise innovation and transformation with 5G and Wi-Fi 6
 
2013 State of the CIO Exec Summary
2013 State of the CIO Exec Summary2013 State of the CIO Exec Summary
2013 State of the CIO Exec Summary
 
Platforms for Growth: Technology Innovations in the Insurance Industry
Platforms for Growth: Technology Innovations in the Insurance IndustryPlatforms for Growth: Technology Innovations in the Insurance Industry
Platforms for Growth: Technology Innovations in the Insurance Industry
 
Who is the Most Influential Tech Purchase Decision Maker - ITDM or BDM
Who is the Most Influential Tech Purchase Decision Maker - ITDM or BDMWho is the Most Influential Tech Purchase Decision Maker - ITDM or BDM
Who is the Most Influential Tech Purchase Decision Maker - ITDM or BDM
 
Gartner eBook on Big Data
Gartner eBook on Big DataGartner eBook on Big Data
Gartner eBook on Big Data
 
Shared Service Centers: Risks & Rewards in the Time of Coronavirus
Shared Service Centers: Risks & Rewards in the Time of CoronavirusShared Service Centers: Risks & Rewards in the Time of Coronavirus
Shared Service Centers: Risks & Rewards in the Time of Coronavirus
 
The Connected Workforce: Maximizing Productivity, Creativity and Profitability
The Connected Workforce: Maximizing Productivity, Creativity and ProfitabilityThe Connected Workforce: Maximizing Productivity, Creativity and Profitability
The Connected Workforce: Maximizing Productivity, Creativity and Profitability
 

Viewers also liked

Achieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkAchieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkKevin Fealey
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for SecurityRaffael Marty
 
Cybersecurity and Internet Governance
Cybersecurity and Internet GovernanceCybersecurity and Internet Governance
Cybersecurity and Internet GovernanceKenny Huang Ph.D.
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapWAJAHAT IQBAL
 
Effective Dashboard Design
Effective Dashboard DesignEffective Dashboard Design
Effective Dashboard DesignAaron Hursman
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 

Viewers also liked (6)

Achieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkAchieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for Security
 
Cybersecurity and Internet Governance
Cybersecurity and Internet GovernanceCybersecurity and Internet Governance
Cybersecurity and Internet Governance
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - Mindmap
 
Effective Dashboard Design
Effective Dashboard DesignEffective Dashboard Design
Effective Dashboard Design
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 

Similar to GRC– The Way Forward

GRCPerfect - Enterprise Project Governance, Risk and Compliance Management Sy...
GRCPerfect - Enterprise Project Governance, Risk and Compliance Management Sy...GRCPerfect - Enterprise Project Governance, Risk and Compliance Management Sy...
GRCPerfect - Enterprise Project Governance, Risk and Compliance Management Sy...LN Mishra CBAP
 
iGrafx | Business Process Management Solution Provider | ProServ UAE
iGrafx | Business Process Management Solution Provider | ProServ UAEiGrafx | Business Process Management Solution Provider | ProServ UAE
iGrafx | Business Process Management Solution Provider | ProServ UAEProServ
 
GRC Africa The Paradigm Shift (Technology and GRC)
GRC Africa The Paradigm Shift (Technology and GRC)GRC Africa The Paradigm Shift (Technology and GRC)
GRC Africa The Paradigm Shift (Technology and GRC)Maganathin Veeraragaloo
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear LLC
 
Mann-India_SAP_Service-Offering_GRC
Mann-India_SAP_Service-Offering_GRCMann-India_SAP_Service-Offering_GRC
Mann-India_SAP_Service-Offering_GRCMann-India
 
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practiceJohn Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practiceitSMF UK
 
It risk advisory brochure 2013
It risk advisory brochure 2013It risk advisory brochure 2013
It risk advisory brochure 2013Nidhi Gupta
 
It risk advisory brochure 2013
It risk advisory brochure 2013It risk advisory brochure 2013
It risk advisory brochure 2013Nidhi Gupta
 
Leveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeployLeveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeploySerena Software
 
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.Microsoft Décideurs IT
 
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.Microsoft Technet France
 
Maximize ROI of Insurance Digital Transformation Initiatives with Proven Data...
Maximize ROI of Insurance Digital Transformation Initiatives with Proven Data...Maximize ROI of Insurance Digital Transformation Initiatives with Proven Data...
Maximize ROI of Insurance Digital Transformation Initiatives with Proven Data...Precisely
 
J. LaCagnina CV 5-2016
J. LaCagnina CV 5-2016J. LaCagnina CV 5-2016
J. LaCagnina CV 5-2016John LaCagnina
 
Journey to world class FP&A processes
Journey to world class FP&A processesJourney to world class FP&A processes
Journey to world class FP&A processesGenpact Ltd
 
Alexander Rhea Resume
Alexander Rhea ResumeAlexander Rhea Resume
Alexander Rhea ResumeAlex Rhea
 
Enterprise Risk Management Solutions
Enterprise Risk Management SolutionsEnterprise Risk Management Solutions
Enterprise Risk Management SolutionsLexComply
 
Rega solutions ppt [compatibility mode]
Rega solutions ppt [compatibility mode]Rega solutions ppt [compatibility mode]
Rega solutions ppt [compatibility mode]rickkhosla
 

Similar to GRC– The Way Forward (20)

GRCPerfect - Enterprise Project Governance, Risk and Compliance Management Sy...
GRCPerfect - Enterprise Project Governance, Risk and Compliance Management Sy...GRCPerfect - Enterprise Project Governance, Risk and Compliance Management Sy...
GRCPerfect - Enterprise Project Governance, Risk and Compliance Management Sy...
 
iGrafx | Business Process Management Solution Provider | ProServ UAE
iGrafx | Business Process Management Solution Provider | ProServ UAEiGrafx | Business Process Management Solution Provider | ProServ UAE
iGrafx | Business Process Management Solution Provider | ProServ UAE
 
GRC Africa The Paradigm Shift (Technology and GRC)
GRC Africa The Paradigm Shift (Technology and GRC)GRC Africa The Paradigm Shift (Technology and GRC)
GRC Africa The Paradigm Shift (Technology and GRC)
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
 
Mann-India_SAP_Service-Offering_GRC
Mann-India_SAP_Service-Offering_GRCMann-India_SAP_Service-Offering_GRC
Mann-India_SAP_Service-Offering_GRC
 
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practiceJohn Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
 
GRC
GRCGRC
GRC
 
It risk advisory brochure 2013
It risk advisory brochure 2013It risk advisory brochure 2013
It risk advisory brochure 2013
 
It risk advisory brochure 2013
It risk advisory brochure 2013It risk advisory brochure 2013
It risk advisory brochure 2013
 
It risk advisory brochure 2013
It risk advisory brochure 2013It risk advisory brochure 2013
It risk advisory brochure 2013
 
It risk advisory brochure 2013
It risk advisory brochure 2013It risk advisory brochure 2013
It risk advisory brochure 2013
 
Leveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeployLeveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and Deploy
 
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
 
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
 
Maximize ROI of Insurance Digital Transformation Initiatives with Proven Data...
Maximize ROI of Insurance Digital Transformation Initiatives with Proven Data...Maximize ROI of Insurance Digital Transformation Initiatives with Proven Data...
Maximize ROI of Insurance Digital Transformation Initiatives with Proven Data...
 
J. LaCagnina CV 5-2016
J. LaCagnina CV 5-2016J. LaCagnina CV 5-2016
J. LaCagnina CV 5-2016
 
Journey to world class FP&A processes
Journey to world class FP&A processesJourney to world class FP&A processes
Journey to world class FP&A processes
 
Alexander Rhea Resume
Alexander Rhea ResumeAlexander Rhea Resume
Alexander Rhea Resume
 
Enterprise Risk Management Solutions
Enterprise Risk Management SolutionsEnterprise Risk Management Solutions
Enterprise Risk Management Solutions
 
Rega solutions ppt [compatibility mode]
Rega solutions ppt [compatibility mode]Rega solutions ppt [compatibility mode]
Rega solutions ppt [compatibility mode]
 

More from Rochester Security Summit

Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleRochester Security Summit
 
Maximizing ROI through Security Training (for Developers)
Maximizing ROI through Security Training (for Developers)Maximizing ROI through Security Training (for Developers)
Maximizing ROI through Security Training (for Developers)Rochester Security Summit
 
A Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public CloudA Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public CloudRochester Security Summit
 
State Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork QuiltState Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork QuiltRochester Security Summit
 
You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…Rochester Security Summit
 
A Security Testing Methodology that Fits Every IT Budget
A Security Testing Methodology that Fits Every IT BudgetA Security Testing Methodology that Fits Every IT Budget
A Security Testing Methodology that Fits Every IT BudgetRochester Security Summit
 
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...Rochester Security Summit
 

More from Rochester Security Summit (16)

IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
 
Radio Reconnaissance in Penetration Testing
Radio Reconnaissance in Penetration TestingRadio Reconnaissance in Penetration Testing
Radio Reconnaissance in Penetration Testing
 
Real Business Threats!
Real Business Threats!Real Business Threats!
Real Business Threats!
 
Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation Style
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Maximizing ROI through Security Training (for Developers)
Maximizing ROI through Security Training (for Developers)Maximizing ROI through Security Training (for Developers)
Maximizing ROI through Security Training (for Developers)
 
Dissecting the Hack: Malware Analysis 101
Dissecting the Hack: Malware Analysis 101 Dissecting the Hack: Malware Analysis 101
Dissecting the Hack: Malware Analysis 101
 
A Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public CloudA Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public Cloud
 
Finding Patterns in Data Breaches
Finding Patterns in Data BreachesFinding Patterns in Data Breaches
Finding Patterns in Data Breaches
 
State Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork QuiltState Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork Quilt
 
It's All About the Data!
It's All About the Data!It's All About the Data!
It's All About the Data!
 
You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…
 
A Security Testing Methodology that Fits Every IT Budget
A Security Testing Methodology that Fits Every IT BudgetA Security Testing Methodology that Fits Every IT Budget
A Security Testing Methodology that Fits Every IT Budget
 
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
 
Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the Cloud
 
Firewall Defense against Covert Channels
Firewall Defense against Covert Channels Firewall Defense against Covert Channels
Firewall Defense against Covert Channels
 

Recently uploaded

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Recently uploaded (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

GRC– The Way Forward

  • 1. GRC The Way Forward James Finn MODULO james.finn@modulo.com
  • 2. Agenda • GRC Current State • Business Risk • Risk Management Evolution • GRC Maturity Goals • Your Risk Management • Business Challenges • GRC Automation Best Practices • Questions ?
  • 3. GRC Current State • A reactive and siloed approach to GRC is a recipe for disaster and leads to . . . • Lack of visibility. A reactive approach to risk and compliance leads to siloed initiatives that never see the big picture. • Wasted and/or inefficient use of resources. Silos of risk and compliance lead to wasted resources. • Unnecessary complexity. Varying risk and compliance approaches introduce greater complexity to the business environment. • Lack of flexibility. Complexity drives inflexibility -the organization is not agile to the dynamic business environment it operates in. • Vulnerability and exposure. A reactive approach leads to greater exposure and vulnerability
  • 4. Risk Management Challenges • Multiple standards to choose from • Technology focused, not business centric • Control identification required for each standard • Lack of skilled auditors across all platforms • No documented, thorough, consistent methodology • Proper, effective, repeatable analysis not in place • Detailed recommendations not complete • No definable return on investment • No knowledgebase for additional assessments • Management visibility not faciliatated • This can all be automated using GRC software
  • 5. Risks • Your Brand • Stakeholders (e.g., board, management, employees) • Contractual Relationships (e.g., supply-chain, vendors, contractors) • Informal Relationships (e.g., NGOs, media) • Your business information security and privacy Are you trying to manage a problem or leverage business information ?
  • 6. Risk Management Evolution Current State • Fragmented silos • Mostly reactionary • Individual projects • Separate from mainstream processes and decision-making • Spreadsheets, spreadsheets, spreadsheets • Limited and fragmented use of technology Future State • Integrated management & performance • Proactive planning & execution • Integrated capability • Embedded within mainstream processes and decision-making • Coordinated transactions & shared data • Architected solutions
  • 7. GRC Maturity Goals • Achieve business objectives • Enhance organizational culture • Increase stakeholder confidence • Prepare & protect the organization • Prevent, detect & reduce adversity • Motivate /inspire desired conduct • Improve responsiveness & efficiency • Optimize economic & social value
  • 8. • Automate the manual siloed approach to GRC management – Solution Required: Distributed database driven platform with common policy, asset, reporting and incident repository • Comply with multiple regulations – Solution Required : Effectively manage the policy lifecycle and map multiple policies to common controls • Lower IT and enterprise risk – Solution Required : Consistently measure and communicate risk posture across enterprise • Reduce cost of people resources and IT infrastructure overhead – Solution Required : Automate common tasks and leverage technology in place without adding the complexity of agents Customer Challenges
  • 9. Business Risk • Where risk is understood and evaluated as part of corporate strategy and performance, it is set in a business context and mapped to corresponding KPI. • Risk management aligned to business strategy results in: – Risk aligned in the context of the business • Risk does not operate as an island unto itself, but is defined and managed in the context of where the business is heading –its goals and objectives • Executives and management should clearly be able to see how risk supports or hinders execution of business strategy – Risk managed within the context of business cycles. – Findings influence strategic planning and investments • Risk management supports and enables the business to execute a strategic plan and maximize return on investments
  • 10. Effective GRC Solution Comprehensive GRC Solution • Enterprise and IT Risk Management • Compliance Management • Policy Management • Vendor Risk Management • Remediation/Incident/ Exception Management • Security Reporting & Remediation • Business Continuity Management • Audit Management Management Integrated GRC Platform • Multi-language web based platform • Integrated database driven distributed architecture • Extensive knowledge base of frameworks, regulations and best practices • Intelligent dashboard & reporting • Ready to implement with the flexibility to configure • Integration services API • Role based access control • Encrypted
  • 11. Today's Fragmented Approach Inventory Evaluation Remediation Policies This requires an automated GRC Management approach that brings together silos of risk and compliance into a comprehensive management platform Analysis
  • 12. Risk Management Process • Sound risk-based decision making is critical to the success of any risk management program • ..enterprises must move toward the formalization of risk management processes with appropriate accountability, transparency and measurability • Risk management must be undertaken as a new approach to addressing business threats Gartner, April 2009 • Business risk is more than operational and financial • Total enterprise risk management includes enterprise IT risk
  • 14. GRC Tool Manager modules Basic Modules Service Modules GRC Portal Knowledge Management Organization Policy Management Governance Compliance Management Continuity Workflow Home Administration Dashboard Risk Management ERM
  • 15. Risk Management Cycle • Inventory • People, Process, Technology. Environment • Relevance Levels Inventory • Knowledge Base • Automated Collectors • Web Interviews • In person Interviews Analyze • Reports • Indexes • Charts • Tables Evaluate • Recommendation follow-up • Workflow Manager Treat
  • 17.
  • 18. Eliminate Compliance Silos Laws & Regulations SOX FISMA BASEL II NIST Frameworks 17799 COBIT Evidence DOC BKP PASSWORD Controls PEOPLE POLICY SERVER
  • 19. GRC tools provides comprehensive support for the most commonly faced regulations, standards & frameworks, and more • A130 • Basel II • BS25999 • COBIT • DIACAP • DOD 8500.2 • FFIEC • FIPS 199 • FISAP • FISMA Sample Frameworks • GLBA • HIPAA • ISO27001 • ISO27002 • ITIL • NERC-CIP • NIST 800-53a • OSHA • PCI DSS • SOX
  • 20. Comprehensive Knowledge Base, including…Technologies Cisco Router w/IOS 12 Oracle 8 and 9i Microsoft SQL Server 7.0, 2000, 2005. Unix Solaris 8 and 9 Microsoft Exchange 5.5, 2000, 2003 Microsoft IIS 4.0, 5.0, 6.0 SAP AG R/3 4.0B, 4.6D Apache 1.3.27 Windows XP, 2000, 2003, Vista Linux Access Point - WLAN Application System in Production Check Point VPN 1/Firewall 1 NG IBM Lotus Notes R5 Microsoft ISA Server 2000, 2004 PDA Firewalls People IT Technician Senior Manager Security Officers Area or Process Manager End User Processes Developed Application System (15408) Change Management Data and System Backup Systems Continuity Management Contracts with Vendors Business Process Information Flow IT Security Organization ISO 27001 ISO 17799:2005 CobiT 4.0 - IT Process Maturity FISMA PCI Data Security Standard HIPAA – NIST 800-66 BITs - FISAP – AUP and SIG Physical Controls Datacenter Office 350 Knowledge Bases 20,000 Controls 5000 Data Collectors
  • 21. WebServer Windows Router Oracle Unix Access Control Change Management Physical Controls SOX GLBA HIPAA PCI Basel II The MetaFramework Cobit Automatic Collectors Web Interview or Off-line Collector  Regulations  Standards & Frameworks mapped into ISO 27001 FISAPPCI-DSS GRC METAFRAMEWORK  350 Checklists with 20,000+ Controls  5000 Automatic Evidence Collectors  1200 “Atomic” Control Objective Packets mapped
  • 22. Contains Knowledge about Controls Why is the control important? How to implement? If NOT implemented to which threats am I susceptible? Where to learn more?
  • 23. Why is the control important? How to implement? If NOT implemented to which threats am I susceptible? Where to learn more? Knowledge Base
  • 25. Risk Acceptance and Treatment People TechnologyProcessFacility ERP Order Entry Financial IT Department Sales Order Entry Financial IT Department Sales ERP Accept risk and communicate Unacceptable risk send to treatment
  • 29. Benefits in using GRC Automation • Saves up to 25% project time due to automatic collectors, evidence storage and automatic report generation • Evidence repository stores artifacts such as access permissions, cryptography and audit logs • Management based on progress indicators • Operational Risk Report that details each non-implemented control’s associated risk level • Role based access control • Ease of common implementation across all GRC responsibilities • Facilitates on-going compliance management • Auditable repository • Perpetual, Leased, Appliance or SaaS licenses
  • 31. GRC SHOULD SERVE YOU YOU SHOULD NOT SERVE GRC
  • 33. GRC The Way Forward James Finn MODULO james.finn@modulo.com Rochester 703 336 3058

Editor's Notes

  1. will to be changed!