Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

FERMA Webinar: At the Junction of Corporate Governance and Cyber Security

733 views

Published on

The recommendation for a cyber risk governance model came in a report published 29 June 2018 by the Federation of European Risk Management Associations (FERMA) and the European Confederation of Institutes of Internal Auditing (ECIIA).

FERMA and ECIIA presented their report at a high-level event at the European Parliament with representatives of the EU institutions, the World Economic Forum, risk and audit practitioners from European businesses, and other European stakeholders.

The report, At the junction of corporate governance and cybersecurity, aims primarily at supporting European organisations in meeting their obligations under the EU General Data Protection Regulation and Network Information Security Directive. Recent cyber attacks, however, increased concerns on what the risk experts see as a wider lack of focus on risk governance in cyber security.

More information here:
https://www.ferma.eu/ferma-webinar-junction-corporate-governance-and-cyber-security?type=events

What will you learn from this presentation?

- Compare and assess your own governance of cyber risks against the proposed cyber risk governance model
- Know where you stand in the evolutionary journey towards cyber resilience: reactive, proactive, predictive...
- Define the key stakeholders for cyber security and conditions for success
- Find mechanisms that help leadership determine effective and efficient resource allocation
- Plan for the next move to improve your cyber risk governance

Published in: Business
  • DOWNLOAD FULL BOOKS INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

FERMA Webinar: At the Junction of Corporate Governance and Cyber Security

  1. 1. www.ferma.eu LIVE WEBINAR – FOLLOW US @FERMARISK #FERMAWEBINAR FERMA Risk Leadership at the heart of Europe Suscribe to our newsletter: www.ferma.eu Contact us: enquiries@ferma.eu
  2. 2. www.ferma.eu AT THE JUNCTION OF CORPORATE GOVERNANCE AND CYBER SECURITY LIVE WEBINAR @FERMARISK #FERMAWEBINAR
  3. 3. www.ferma.eu
  4. 4. www.ferma.eu Polling question #1
  5. 5. www.ferma.eu Why corporate governance and cybersecurity are now linked? • A business need – Help organisations to increase their resilience to cyber event while creating value with digitalization opportunities • A new global legal context – European cyber laws (NIS, GDPR, ePrivacy for telecommunications), a strict new cyber law in China; evolving US cyber laws (state enacted: MA, NY; Federal: CISA, more pending), amongst others, are introducing new IT security and legal requirements for organisations but all remain silent on the governance aspect of cybersecurity • Beyond IT, a corporate issue – Risk management readiness can only be achieved within a strong governance framework, and through a highly coordinated approach across all departments of an organization
  6. 6. www.ferma.eu What do we mean by governance of cyber risk? 1. Similar to corporate governance: it is a set of processes, practices and policies put in place to direct and control the cyber security 2. It’s a framework whose objective is to increase cyber resilience 3. It’s important to identify the most important stakeholders who can influence and affect the governance of cyber risk (role of the Board, IT, legal, finance…)
  7. 7. www.ferma.eu Polling question #2
  8. 8. www.ferma.eu Two strong pillars to support the proposal • The eight principles set out in the OECD recommendation on Digital Security Risk Management (2015) • The Three Lines of Defence model, recognised as a standard of Enterprise Risk Management (ERM)
  9. 9. www.ferma.eu Main proposal: a cyber risk governance group – A cross-function team headed by the risk manager • Composed of operational functions from the 1st line of defence and key functions from the 2nd line of defence • To determine cyber risk exposures in financial terms and design possible mitigation plans – Why cross-disciplinary? • Expertise, by being cross-disciplinary, the group has the subject and organisational knowledge to identify the most harmful cyber risks for the organisation and list the suitable responses
  10. 10. www.ferma.eu Risk Management – Internal Audit relationship • “Auditability by design” – Right from the beginning, cooperation between the cyber risk governance group and Internal Audit is needed to ensure continuous measurement and improvement of mitigation plans – Unique capacity for Internal Audit to independently review the efficiency of the cyber controls, risks and governance processes implemented • A Risk Committee – as a board committee, it might be responsible for enterprise risks and reviews the cyber risk assessments performed by the Group • The Audit Committee – It independently reviews the audit of the cyber risk governance system performed by the Internal Audit function
  11. 11. www.ferma.eu Polling question #3
  12. 12. www.ferma.eu Case Study • Educational Testing Service (ETS) – Our Mission: To advance quality and equity in education by providing fair and valid assessments, research and related services. Our products and services measure knowledge and skills, promote learning and performance, and support education and professional development for all people worldwide. • Global • Data intensive • Complex IT Systems • Real time • Heavily partnered • Complex global legal/regulatory environments • Cyber threats to confidentiality, integrity, availability • Transformative change on many fronts
  13. 13. www.ferma.eu • ETS maintains dedicated organizations and staff with responsibility for information security, physical security and test security, as well as disaster recovery/business continuity, privacy and internal audit. • These organizations communicate and collaborate via a corporate-level Security Steering Committee, lead by our Chief Information Security Officer and comprised of the leaders responsible for each function. ETS Security Ecosystem Audit BC/DR Privacy Legal Compliance Test Security Physical Security Information Security Security Steering Committee
  14. 14. www.ferma.eu CAPA/Risk Management and Quality Policies Security Steering Committee: • Determines risk exposures and mitigating controls • Oversight of significant security initiatives and capital investments • Also defines policy and responds to complex incidents ETS Cyber Risk Governance Structure
  15. 15. www.ferma.eu CAPA/Risk Management and Quality Policies • Risk Committee = Enterprise Risk Executive Committee • Cyber Risk Governance Group = Security Steering Committee • Security Steering Committee made up of representatives from 1st, 2nd, and 3rd lines of defense Remember the proposal?
  16. 16. www.ferma.eu CAPA/Risk Management and Quality Policies • Evolving as predictive • Decision support for top leadership • Guardrails • What needs to be true? How did we come up with this approach? • Initially reactive • From the ground up over several years • Firefighting – incident management – joint projects • Gradually more proactive • Risk identification – mitigating controls • Task Force
  17. 17. www.ferma.eu Polling question #4
  18. 18. www.ferma.eu Polling question #5
  19. 19. www.ferma.eu www.ferma.eu
  20. 20. www.ferma.eu Q&A
  21. 21. www.ferma.eu SUBJECT: Applying Enterprise Risk Management to Environmental, Social and Governance-related Risks with WHEN: end of April HOW: email invitation and/or register on www.ferma.eu THANK YOU & JOIN OUR NEXT WEBINAR RECORD YOUR 2 CPD POINTS CONTACT US: enquiries@ferma.eu

×