SlideShare a Scribd company logo

A Major Revision of the CISRCP Program

G
GoogleNewsSubmit

The International Association of Risk and Compliance Professionals (IARCP) today announced a major revision of the Certified Information Systems Risk and Compliance Professional (CISRCP) certification program.

Business
1 of 11
Download to read offline
wireservice.co http://www.wireservice.co/2015/05/a-major-revision-of-the-cisrcp-program/ A Major Revision of the CISRCP Program WASHINGTON, DC / May 22, 2015 / The International Association of Risk and Compliance Professionals (IARCP) today announced a major revision of the Certified Information Systems Risk and Compliance Professional (CISRCP) certification program. “The CISRCP update is designed to keep pace with evolving job roles and new requirements for risk and compliance management after the financial crisis and the increasing shortage of cyber security, IT security and information security experts,” said George Lekatis, president of the IARCP. George continued: “According to President Obama, economic prosperity, national security, and individual liberties depend on our commitment to securing cyberspace and maintaining an open, interoperable, secure, and reliable Internet. Critical infrastructure continues to be at risk from threats in cyberspace, economies are harmed by the theft of intellectual property and organizations face challenges to protect their infrastructure. Janet Napolitano, the head of Homeland Security has also said that we need people who are experienced in intelligence as it relates to the cyber- universe.” The revised CISRCP program covers international standards, principles and best practices in IT risk management and IT security, including the critical infrastructure protection principles in the USA and the EU, the Executive Order 13587, the Executive Order 13636, the Presidential Policy Directive (PPD) 21 – Critical Infrastructure Security and Resilience, the NIST Cybersecurity Framework, the Cybersecurity Strategy of the European Union, the Directive 2008/114/EC on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection and much more. Objectives: The seminar has been designed to provide with the knowledge and skills needed to understand international standards and best practices in IT risk management and information security. Also, to provide with the knowledge and skills needed to pass the CISRCP exam and become a Certified Information Systems Risk and Compliance Professional (CISRCP). Target Audience: The CISRCP certification program is beneficial to: – IT managers, employees, auditors and consultants – Information security managers, employees, auditors and consultants – Risk and compliance managers, employees, auditors and consultants – Network, systems and security administrators – Incident handlers and incident response professionals – Threat analysts – Vulnerability assessment personnel – IT and information security operations engineers and analysts – IT and information security vendors, suppliers and service providers This course is intended for employers demanding qualified IT and Information Security professionals that meet the fit and proper requirements in risk and compliance management.
Course Synopsis: Part 1 – Information Technology and Information Security Information Technology: The engine that drives the economy Information security risk Managing information security risk The dark side of the threat landscape Types of threat information: Strategic (S), Tactical (T), Operational (O) Threat intelligence is becoming more important Malware (worms/trojans and Potentially Unwanted Programs – PUPs) Web-based attacks Web application attacks / Injection attacks Botnets Denial of Service Spam Phishing Exploit Kits Data Breaches Insider threat Information leakage Identity theft/fraud Cyber espionage Ransomware, Rogueware, Scareware Strategic web compromise (watering hole attack) Cyber-opportunity makes the thief Overview of Threat Agents Cybercriminals Online Social Hackers Hacktivists Nation States Corporations Employees (current, ex, internal and external) Cyber Fighters Cyber Terrorists Script Kiddies Emerging Threat Landscape (ETL) Explaining Information Security to employees and end users Information Security Awareness Part 2 – Critical infrastructure protection: International standards, principles and best practices In the USA Introduction Executive Order 13587 – Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information Executive Order 13636 – Improving Critical Infrastructure Cybersecurity Presidential Policy Directive (PPD) 21 – Critical Infrastructure Security and Resilience NIST Cybersecurity Framework
In the European Union EU Cybersecurity plan to protect open internet and online freedom and opportunity European Cybercrime Centre (EC3) Cybersecurity Strategy of the European Union 1. Achieving cyber resilience 2. Drastically reducing cybercrime 3. Developing cyberdefence policy and capabilities related to the Common Security and Defense Policy (CSDP) 4. Develop the industrial and technological resources for cybersecurity 5. Establish a coherent international cyberspace policy for the European Union and promote core EU values Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection Part 3 – Risk Management and Compliance Introduction Regulatory Compliance and Risk Management Definitions, roles and responsibilities The role of the board of directors, the supervisors, the internal and external auditors The new international landscape and the interaction among laws, regulations and standards The difference between a best practice and a regulatory obligation Basel Committee, corporate governance principles for banks (2014) Financial Stability Board, Thematic Review on Risk Governance OECD Principles of Corporate Governance Benefits of an enterprise wide compliance program Compliance culture: Why it is important, and how to communicate the obligations Policies, Workplace Ethics, Risk and Compliance Policies, procedures and the ethical code of conduct Privacy and information security Handling confidential information Conflicts of interest Use of organizational property Fair dealings with customers, vendors and competitors Reporting ethical concerns The definition of Governance, Risk and Compliance The need for Internal Controls Understand how to identify, mitigate and control risks effectively Approaches to risk assessment Qualitative, quantitative approach Integrating risk management into corporate governance and compliance IT, Information Security, business risk and compliance Case Study: IW-130, Security Measures of Information Warfare Australia/New Zealand Standard 4360 Risk Management Guide for Information Technology Systems, NIST Special Publication 800-30 Threats and Vulnerabilities Outsourcing and Risk Management Part 4 – The Frameworks: COSO, COSO ERM, COBIT Internal Controls – COSO, The Internal Control Integrated Framework by the COSO committee Using the COSO framework effectively The Control Environment
Risk Assessment Control Activities Information and Communication Monitoring Effectiveness and Efficiency of Operations Reliability of Financial Reporting Compliance with applicable laws and regulations IT Controls Program Change Deterrent, Preventive, Detective, Corrective Controls Recovery, Compensating, Monitoring and Disclosure Controls Layers of overlapping controls COSO Enterprise Risk Management (ERM) Framework Is COSO ERM necessary for compliance? COSO and COSO ERM Internal Environment Objective Setting Event Identification Risk Assessment Risk Response Control Activities Information and Communication Monitoring The two cubes Objectives: Strategic, Operations, Reporting, Compliance ERM – Application Techniques Core team preparedness Implementation plan Likelihood Risk Ranking Impact Risk Ranking COSO 2013 Internal Control Integrated Framework What is different now? Components and Principles Significant changes to the original framework COBIT – the framework that focuses on IT Is COBIT needed for compliance? COSO or COBIT? Corporate governance, financial reporting COBIT, Executive Summary Management Guidelines The Framework The 34 high-level control objectives What to do with the 318 specific control objectives COBIT Cube Maturity Models Critical Success Factors (CSFs) Key Goal Indicators (KGIs) Key Performance Indicators (KPIs) How to use COBIT for compliance
The alignment of frameworks COSO and COBIT COSO ERM and COBIT ITIL and COBIT ISO/IEC 17799:2000 and COBIT ISO/IEC 15408 and COBIT Software and Spreadsheets Is software necessary for risk and compliance? Is software needed? When and why How large is your organization? Is it geographically dispersed? How many processes will you document? Are there enough persons for that? Selection process Spreadsheets Certain spreadsheets must be considered applications Development Lifecycle Controls Access Control (Create, Read, Update, Delete) Integrity Controls Change Control Version Control Documentation Controls Continuity Controls Segregation of Duties Controls Spreadsheets – Errors Spreadsheets and material weaknesses Third-party service providers and vendors| Redefining outsourcing Key risks of outsourcing What is needed from vendors and service providers SAS 70 Type I, II reports Advantages of SAS 70 Type II Disadvantages of SAS 70 Type II Part 5 – NIST Special Publication 800-39 Components of risk management Multitiered risk management Tier 1 – Organization view Tier 2 – Mission / business process view Tier 3 – Information systems view Trust and Trustworthiness Organizational Culture Relationship among key risk concepts Framing risk Assessing risk Responding to risk Monitoring risk Glossary
Governance models Trust models Part 6 – Assessing security and privacy controls Security and Privacy Control Assessment Assessments within the System Development Life Cycle Strategy for conducting control assessments Building an effective assurance case Assessment procedures Conducting effective security and privacy control assessments Preparing for security and privacy control assessments Developing security and privacy assessment plans Determine which security or privacy controls are to be assessed Tailor assessment procedures Assessment method and object-related considerations Depth and coverage-related considerations Common control-related considerations Reuse of assessment evidence-related considerations Changing conditions associated with security controls and privacy controls Amount of time that has transpired since previous assessments Degree of independence of previous assessments External information system-related considerations Optimize selected assessment procedures for maximum efficiency Finalize assessment plan and obtain approval to execute plan Analysing assessment report results Part 7 – CERTs (Computer Emergency Response Teams) and Security Incident Response Introduction Incident Handling Process Incident report Registration Triage Incident verification Incident initial classification Incident assignment Incident resolution Data analysis Resolution research Actions proposed Action performed Eradication and recovery Incident closure Final classification Archiving Post-analysis Processing actionable information Collection Sources of information: internal vs. external Level of automation
Recurrence Consumption model Granularity Evaluation of data sources Collection Preparation Parsing Normalization Aggregation Enrichment Automation Storage Retention time Scale Dataset management Technologies Triage and results Metrics Distribution Part 8 – The Sarbanes Oxley Act: New international standards The Need The Sarbanes-Oxley Act of 2002: Key Sections SEC, EDGAR, PCAOB, SAG The Act and its interpretation by SEC and PCAOB PCAOB Auditing Standards: What we need to know Management’s Testing Management’s Documentation Reports used to Validate SOX Compliant IT Infrastructure Documentation Issues Sections 302, 404, 906: The three certifications Sections 302, 404, 906: Examples and case studies Management’s Responsibilities Committees and Teams Project Team Steering Committee Disclosure Committee Certifying Officers Audit Committee Report to the Board of Directors Control Deficiency Deficiency in Design Deficiency in Operation Significant Deficiency Material Weakness Is it a Deficiency, or a Material Weakness? Reporting Weaknesses and Deficiencies Examples Case Studies Public Disclosure Requirements
Real Time Disclosures on a rapid and current basis? Whistleblower protection Rulemaking process Companies Affected International companies Foreign Private Issuers (FPIs) American Depository Receipts (ADRs) Employees Affected Effective Dates IT and Information Security Control Objectives and Control Framework Part 9 and 10 – Basel II and the Basel III amendment Realigning the regulation with the economic realities of the global banking markets New capital adequacy framework replaces the 1988 Accord Improving risk and asset management to avoid financial disasters “Sufficient assets” to offset risks The technical challenges for both banks and supervisors How much capital is necessary to serve as a sufficient buffer? The three-pillar regulatory structure Purposes of Basel Pillar 1: Minimum capital requirements Credit Risk – 3 approaches The standardized approach to credit risk Claims on sovereigns Claims on banks Claims on corporates The internal ratings-based (IRB) approaches to credit risk Some definitions: PD – The probability of default, LGD – The loss given default, EAD – Exposure at default, 5 classes of assets Pillar 2: Supervisory review Key principles Aspects and issues of the supervisory review process Pillar 3: Market discipline Disclosure requirements Qualitative and Quantitative disclosures Guiding principles Employees Affected Effective Dates Operational Risk Legal risk Information Technology operational risk Operational, operations and operating risk The evolving importance of operational risk Quantification of operational risk Loss categories and business lines Operational risk measurement methodologies Identification of operational risk
Operational Risk Approaches Basic Indicator Approach (BIA) Standardized Approach (SA) Alternative Standardized Approach (ASA) Advanced Measurement Approaches (AMA) Internal Measurement Approach (IMA) Loss Distribution (LD) Standard Normal Distribution “Fat Tails” in the normal distribution Expected loss (EL), Unexpected Loss (UL) Value-at Risk (VaR) Calculating Value-at Risk Stress Testing Stress testing and Basel (AMA) Advantages / Disadvantages Operational Risk Measurement Issues The game theory The prisoner’s dilemma – and the connection with operational risk management Operational risk management Operational Risk Management Office Key functions of Operational Risk Management Office Key functions of Operational Risk Managers Key functions of Department Heads Internal and external audit Operational risk sound practices Operational risk mitigation Insurance to mitigate operational risk IT and Information Security in the Basel framework and projects Basel II and other regulations Capital Requirements Directive (CRD) Aligning Basel II operational risk and Sarbanes-Oxley 404 projects Common elements and differences of compliance projects New standards Disclosure issues Multinational companies and compliance challenges Basel III: The New Risk Management and Corporate Governance Standards Introduction to the Basel III Amendments Sound corporate governance principles Financial Stress Testing Use of stress testing and integration in risk governance Part 11 – Designing and implementing an enterprise wide Risk and Compliance Program Designing an internal compliance system Compliance programs that withstand scrutiny How to optimize organizational structure for compliance Documentation Testing Training Ongoing compliance with laws and regulations Compliance Monitoring
The company and other stakeholders Managing change in regulations International and national regulatory requirements Regulatory compliance in Europe Regulatory compliance in the USA What is different The GCC countries The Caribbean The Pacific Rim Common elements and differences of compliance projects New standards Disclosure issues Multinational companies and compliance challenges Part 12 – Reference: Threat Landscape and Good Practice Guide for Smart Home and Converged Media Smart home infrastructure including converged media and television Valuable assets in smart homes and converged media Threats Smart home assets exposure to cyber threats Threat agents To learn more about the CISRCP program you may visit: http://www.risk-compliance-association.com/Certified_Risk_Compliance_Training.htm http://www.risk-compliance-association.com/CISRCP_Distance_Learning_and_Certification.htm Media Contact: George Lekatis President of the IARCP General Manager, Compliance LLC 1200 G Street NW Suite 800 Washington, DC 20005, USA Tel: (202) 449-9750 Email: lekatis@risk-compliance-association.com Web: www.risk-compliance-association.com HQ: 1220 N. Market Street Suite 804 Wilmington, DE 19801, USA Tel: (302) 342-8828 About The International Association of Risk and Compliance Professionals: The International Association of Risk and Compliance Professionals (IARCP) offers standard, premium and lifetime membership, weekly updates, training, certification, Authorized Certified Trainer (ACT) programs, advocacy and other services. SOURCE: The International Association of Risk and Compliance Professionals Posted In Business Tags About The Author
WireService.co WireService.co offers unlimited press release distribution on many of the countries most popular media destinations for $25 per month. Get residual, targeted Google traffic for $25 a month. You might also like Business Global Food Grade Lubricants Market 2015 Size, Share, Growth, Trends, Demand and Forecast Global Food Sugar Substitute Market 2015 Size, Share, Growth, Trends, Demand and Forecast Global Food Preservative Market 2015 Size, Share, Growth, Trends, Demand and Forecast Global Food Color Fixative Market 2015 Size, Share, Growth, Trends, Demand and Forecast Global Food Anti-Caking Agent Market 2015 Size, Share, Growth, Trends, Demand and Forecast Global Fluorescent Mineral Element Analyzer Market 2015 Size, Share, Growth, Trends, Demand and Forecast

Recommended

Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnelDhani Ahmad
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15shed59
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 

Recommended

Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnelDhani Ahmad
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15shed59
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
Information security management (bel g. ragad)
Information security management (bel g. ragad)Information security management (bel g. ragad)
Information security management (bel g. ragad)Rois Solihin
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsRd. R. Agung Trimanda
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsOxfordCambridge
 
Afcea it security course 2015 flyer
Afcea it security course 2015 flyerAfcea it security course 2015 flyer
Afcea it security course 2015 flyerClaude Gelinas
 
Information Security
Information SecurityInformation Security
Information SecurityWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Professional designations in it governance
Professional designations in it governanceProfessional designations in it governance
Professional designations in it governancejkllee
 
Security as a Strategy
Security as a Strategy Security as a Strategy
Security as a Strategy James Deiotte
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practiceparves kamal
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITShivamSharma909
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec trainInfosecTrain
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...PECB
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsCertification Europe
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smkiSarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
Secure
SecureSecure
SecureDhani Ahmad
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...360 BSI
 
Visió holística de la gestio de riscos de les TIC
Visió holística de la gestio de riscos de les TICVisió holística de la gestio de riscos de les TIC
Visió holística de la gestio de riscos de les TICCSUC - Consorci de Serveis Universitaris de Catalunya
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...Taiye Lambo
 

More Related Content

What's hot

Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
Information security management (bel g. ragad)
Information security management (bel g. ragad)Information security management (bel g. ragad)
Information security management (bel g. ragad)Rois Solihin
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsRd. R. Agung Trimanda
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsOxfordCambridge
 
Afcea it security course 2015 flyer
Afcea it security course 2015 flyerAfcea it security course 2015 flyer
Afcea it security course 2015 flyerClaude Gelinas
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Professional designations in it governance
Professional designations in it governanceProfessional designations in it governance
Professional designations in it governancejkllee
 
Security as a Strategy
Security as a Strategy Security as a Strategy
Security as a Strategy James Deiotte
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practiceparves kamal
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITShivamSharma909
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec trainInfosecTrain
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...PECB
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsCertification Europe
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...360 BSI
 

What's hot (20)

Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
Information security management (bel g. ragad)
Information security management (bel g. ragad)Information security management (bel g. ragad)
Information security management (bel g. ragad)
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & Metrics
 
Afcea it security course 2015 flyer
Afcea it security course 2015 flyerAfcea it security course 2015 flyer
Afcea it security course 2015 flyer
 
Information Security
Information SecurityInformation Security
Information Security
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
 
Professional designations in it governance
Professional designations in it governanceProfessional designations in it governance
Professional designations in it governance
 
Security as a Strategy
Security as a Strategy Security as a Strategy
Security as a Strategy
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practice
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of IT
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec train
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
 
Secure
SecureSecure
Secure
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
 

Similar to A Major Revision of the CISRCP Program

{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...Taiye Lambo
 
S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_bangloreIPPAI
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
Professional Designations in IT Governance
Professional Designations in IT GovernanceProfessional Designations in IT Governance
Professional Designations in IT Governancejkllee
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
 
Cybersecurity-Course.9643104.powerpoint.pptx
Cybersecurity-Course.9643104.powerpoint.pptxCybersecurity-Course.9643104.powerpoint.pptx
Cybersecurity-Course.9643104.powerpoint.pptxAfsanaMumal2
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceChristian F. Nissen
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE360 BSI
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPScott Baron
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan MMohan M
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 

Similar to A Major Revision of the CISRCP Program (20)

Visió holística de la gestio de riscos de les TIC
Visió holística de la gestio de riscos de les TICVisió holística de la gestio de riscos de les TIC
Visió holística de la gestio de riscos de les TIC
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
 
GRCAlert Capabilities Deck - 2018
GRCAlert Capabilities Deck - 2018GRCAlert Capabilities Deck - 2018
GRCAlert Capabilities Deck - 2018
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
Professional Designations in IT Governance
Professional Designations in IT GovernanceProfessional Designations in IT Governance
Professional Designations in IT Governance
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
Cybersecurity-Course.9643104.powerpoint.pptx
Cybersecurity-Course.9643104.powerpoint.pptxCybersecurity-Course.9643104.powerpoint.pptx
Cybersecurity-Course.9643104.powerpoint.pptx
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course Preview
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan M
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 

Recently uploaded

Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchirictsugar
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...lizamodels9
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportMintel Group
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadAyesha Khan
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 

Recently uploaded (20)

Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchir
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample Report
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Time
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 

A Major Revision of the CISRCP Program

  • 1. wireservice.co http://www.wireservice.co/2015/05/a-major-revision-of-the-cisrcp-program/ A Major Revision of the CISRCP Program WASHINGTON, DC / May 22, 2015 / The International Association of Risk and Compliance Professionals (IARCP) today announced a major revision of the Certified Information Systems Risk and Compliance Professional (CISRCP) certification program. “The CISRCP update is designed to keep pace with evolving job roles and new requirements for risk and compliance management after the financial crisis and the increasing shortage of cyber security, IT security and information security experts,” said George Lekatis, president of the IARCP. George continued: “According to President Obama, economic prosperity, national security, and individual liberties depend on our commitment to securing cyberspace and maintaining an open, interoperable, secure, and reliable Internet. Critical infrastructure continues to be at risk from threats in cyberspace, economies are harmed by the theft of intellectual property and organizations face challenges to protect their infrastructure. Janet Napolitano, the head of Homeland Security has also said that we need people who are experienced in intelligence as it relates to the cyber- universe.” The revised CISRCP program covers international standards, principles and best practices in IT risk management and IT security, including the critical infrastructure protection principles in the USA and the EU, the Executive Order 13587, the Executive Order 13636, the Presidential Policy Directive (PPD) 21 – Critical Infrastructure Security and Resilience, the NIST Cybersecurity Framework, the Cybersecurity Strategy of the European Union, the Directive 2008/114/EC on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection and much more. Objectives: The seminar has been designed to provide with the knowledge and skills needed to understand international standards and best practices in IT risk management and information security. Also, to provide with the knowledge and skills needed to pass the CISRCP exam and become a Certified Information Systems Risk and Compliance Professional (CISRCP). Target Audience: The CISRCP certification program is beneficial to: – IT managers, employees, auditors and consultants – Information security managers, employees, auditors and consultants – Risk and compliance managers, employees, auditors and consultants – Network, systems and security administrators – Incident handlers and incident response professionals – Threat analysts – Vulnerability assessment personnel – IT and information security operations engineers and analysts – IT and information security vendors, suppliers and service providers This course is intended for employers demanding qualified IT and Information Security professionals that meet the fit and proper requirements in risk and compliance management.
  • 2. Course Synopsis: Part 1 – Information Technology and Information Security Information Technology: The engine that drives the economy Information security risk Managing information security risk The dark side of the threat landscape Types of threat information: Strategic (S), Tactical (T), Operational (O) Threat intelligence is becoming more important Malware (worms/trojans and Potentially Unwanted Programs – PUPs) Web-based attacks Web application attacks / Injection attacks Botnets Denial of Service Spam Phishing Exploit Kits Data Breaches Insider threat Information leakage Identity theft/fraud Cyber espionage Ransomware, Rogueware, Scareware Strategic web compromise (watering hole attack) Cyber-opportunity makes the thief Overview of Threat Agents Cybercriminals Online Social Hackers Hacktivists Nation States Corporations Employees (current, ex, internal and external) Cyber Fighters Cyber Terrorists Script Kiddies Emerging Threat Landscape (ETL) Explaining Information Security to employees and end users Information Security Awareness Part 2 – Critical infrastructure protection: International standards, principles and best practices In the USA Introduction Executive Order 13587 – Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information Executive Order 13636 – Improving Critical Infrastructure Cybersecurity Presidential Policy Directive (PPD) 21 – Critical Infrastructure Security and Resilience NIST Cybersecurity Framework
  • 3. In the European Union EU Cybersecurity plan to protect open internet and online freedom and opportunity European Cybercrime Centre (EC3) Cybersecurity Strategy of the European Union 1. Achieving cyber resilience 2. Drastically reducing cybercrime 3. Developing cyberdefence policy and capabilities related to the Common Security and Defense Policy (CSDP) 4. Develop the industrial and technological resources for cybersecurity 5. Establish a coherent international cyberspace policy for the European Union and promote core EU values Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection Part 3 – Risk Management and Compliance Introduction Regulatory Compliance and Risk Management Definitions, roles and responsibilities The role of the board of directors, the supervisors, the internal and external auditors The new international landscape and the interaction among laws, regulations and standards The difference between a best practice and a regulatory obligation Basel Committee, corporate governance principles for banks (2014) Financial Stability Board, Thematic Review on Risk Governance OECD Principles of Corporate Governance Benefits of an enterprise wide compliance program Compliance culture: Why it is important, and how to communicate the obligations Policies, Workplace Ethics, Risk and Compliance Policies, procedures and the ethical code of conduct Privacy and information security Handling confidential information Conflicts of interest Use of organizational property Fair dealings with customers, vendors and competitors Reporting ethical concerns The definition of Governance, Risk and Compliance The need for Internal Controls Understand how to identify, mitigate and control risks effectively Approaches to risk assessment Qualitative, quantitative approach Integrating risk management into corporate governance and compliance IT, Information Security, business risk and compliance Case Study: IW-130, Security Measures of Information Warfare Australia/New Zealand Standard 4360 Risk Management Guide for Information Technology Systems, NIST Special Publication 800-30 Threats and Vulnerabilities Outsourcing and Risk Management Part 4 – The Frameworks: COSO, COSO ERM, COBIT Internal Controls – COSO, The Internal Control Integrated Framework by the COSO committee Using the COSO framework effectively The Control Environment
  • 4. Risk Assessment Control Activities Information and Communication Monitoring Effectiveness and Efficiency of Operations Reliability of Financial Reporting Compliance with applicable laws and regulations IT Controls Program Change Deterrent, Preventive, Detective, Corrective Controls Recovery, Compensating, Monitoring and Disclosure Controls Layers of overlapping controls COSO Enterprise Risk Management (ERM) Framework Is COSO ERM necessary for compliance? COSO and COSO ERM Internal Environment Objective Setting Event Identification Risk Assessment Risk Response Control Activities Information and Communication Monitoring The two cubes Objectives: Strategic, Operations, Reporting, Compliance ERM – Application Techniques Core team preparedness Implementation plan Likelihood Risk Ranking Impact Risk Ranking COSO 2013 Internal Control Integrated Framework What is different now? Components and Principles Significant changes to the original framework COBIT – the framework that focuses on IT Is COBIT needed for compliance? COSO or COBIT? Corporate governance, financial reporting COBIT, Executive Summary Management Guidelines The Framework The 34 high-level control objectives What to do with the 318 specific control objectives COBIT Cube Maturity Models Critical Success Factors (CSFs) Key Goal Indicators (KGIs) Key Performance Indicators (KPIs) How to use COBIT for compliance
  • 5. The alignment of frameworks COSO and COBIT COSO ERM and COBIT ITIL and COBIT ISO/IEC 17799:2000 and COBIT ISO/IEC 15408 and COBIT Software and Spreadsheets Is software necessary for risk and compliance? Is software needed? When and why How large is your organization? Is it geographically dispersed? How many processes will you document? Are there enough persons for that? Selection process Spreadsheets Certain spreadsheets must be considered applications Development Lifecycle Controls Access Control (Create, Read, Update, Delete) Integrity Controls Change Control Version Control Documentation Controls Continuity Controls Segregation of Duties Controls Spreadsheets – Errors Spreadsheets and material weaknesses Third-party service providers and vendors| Redefining outsourcing Key risks of outsourcing What is needed from vendors and service providers SAS 70 Type I, II reports Advantages of SAS 70 Type II Disadvantages of SAS 70 Type II Part 5 – NIST Special Publication 800-39 Components of risk management Multitiered risk management Tier 1 – Organization view Tier 2 – Mission / business process view Tier 3 – Information systems view Trust and Trustworthiness Organizational Culture Relationship among key risk concepts Framing risk Assessing risk Responding to risk Monitoring risk Glossary
  • 6. Governance models Trust models Part 6 – Assessing security and privacy controls Security and Privacy Control Assessment Assessments within the System Development Life Cycle Strategy for conducting control assessments Building an effective assurance case Assessment procedures Conducting effective security and privacy control assessments Preparing for security and privacy control assessments Developing security and privacy assessment plans Determine which security or privacy controls are to be assessed Tailor assessment procedures Assessment method and object-related considerations Depth and coverage-related considerations Common control-related considerations Reuse of assessment evidence-related considerations Changing conditions associated with security controls and privacy controls Amount of time that has transpired since previous assessments Degree of independence of previous assessments External information system-related considerations Optimize selected assessment procedures for maximum efficiency Finalize assessment plan and obtain approval to execute plan Analysing assessment report results Part 7 – CERTs (Computer Emergency Response Teams) and Security Incident Response Introduction Incident Handling Process Incident report Registration Triage Incident verification Incident initial classification Incident assignment Incident resolution Data analysis Resolution research Actions proposed Action performed Eradication and recovery Incident closure Final classification Archiving Post-analysis Processing actionable information Collection Sources of information: internal vs. external Level of automation
  • 7. Recurrence Consumption model Granularity Evaluation of data sources Collection Preparation Parsing Normalization Aggregation Enrichment Automation Storage Retention time Scale Dataset management Technologies Triage and results Metrics Distribution Part 8 – The Sarbanes Oxley Act: New international standards The Need The Sarbanes-Oxley Act of 2002: Key Sections SEC, EDGAR, PCAOB, SAG The Act and its interpretation by SEC and PCAOB PCAOB Auditing Standards: What we need to know Management’s Testing Management’s Documentation Reports used to Validate SOX Compliant IT Infrastructure Documentation Issues Sections 302, 404, 906: The three certifications Sections 302, 404, 906: Examples and case studies Management’s Responsibilities Committees and Teams Project Team Steering Committee Disclosure Committee Certifying Officers Audit Committee Report to the Board of Directors Control Deficiency Deficiency in Design Deficiency in Operation Significant Deficiency Material Weakness Is it a Deficiency, or a Material Weakness? Reporting Weaknesses and Deficiencies Examples Case Studies Public Disclosure Requirements
  • 8. Real Time Disclosures on a rapid and current basis? Whistleblower protection Rulemaking process Companies Affected International companies Foreign Private Issuers (FPIs) American Depository Receipts (ADRs) Employees Affected Effective Dates IT and Information Security Control Objectives and Control Framework Part 9 and 10 – Basel II and the Basel III amendment Realigning the regulation with the economic realities of the global banking markets New capital adequacy framework replaces the 1988 Accord Improving risk and asset management to avoid financial disasters “Sufficient assets” to offset risks The technical challenges for both banks and supervisors How much capital is necessary to serve as a sufficient buffer? The three-pillar regulatory structure Purposes of Basel Pillar 1: Minimum capital requirements Credit Risk – 3 approaches The standardized approach to credit risk Claims on sovereigns Claims on banks Claims on corporates The internal ratings-based (IRB) approaches to credit risk Some definitions: PD – The probability of default, LGD – The loss given default, EAD – Exposure at default, 5 classes of assets Pillar 2: Supervisory review Key principles Aspects and issues of the supervisory review process Pillar 3: Market discipline Disclosure requirements Qualitative and Quantitative disclosures Guiding principles Employees Affected Effective Dates Operational Risk Legal risk Information Technology operational risk Operational, operations and operating risk The evolving importance of operational risk Quantification of operational risk Loss categories and business lines Operational risk measurement methodologies Identification of operational risk
  • 9. Operational Risk Approaches Basic Indicator Approach (BIA) Standardized Approach (SA) Alternative Standardized Approach (ASA) Advanced Measurement Approaches (AMA) Internal Measurement Approach (IMA) Loss Distribution (LD) Standard Normal Distribution “Fat Tails” in the normal distribution Expected loss (EL), Unexpected Loss (UL) Value-at Risk (VaR) Calculating Value-at Risk Stress Testing Stress testing and Basel (AMA) Advantages / Disadvantages Operational Risk Measurement Issues The game theory The prisoner’s dilemma – and the connection with operational risk management Operational risk management Operational Risk Management Office Key functions of Operational Risk Management Office Key functions of Operational Risk Managers Key functions of Department Heads Internal and external audit Operational risk sound practices Operational risk mitigation Insurance to mitigate operational risk IT and Information Security in the Basel framework and projects Basel II and other regulations Capital Requirements Directive (CRD) Aligning Basel II operational risk and Sarbanes-Oxley 404 projects Common elements and differences of compliance projects New standards Disclosure issues Multinational companies and compliance challenges Basel III: The New Risk Management and Corporate Governance Standards Introduction to the Basel III Amendments Sound corporate governance principles Financial Stress Testing Use of stress testing and integration in risk governance Part 11 – Designing and implementing an enterprise wide Risk and Compliance Program Designing an internal compliance system Compliance programs that withstand scrutiny How to optimize organizational structure for compliance Documentation Testing Training Ongoing compliance with laws and regulations Compliance Monitoring
  • 10. The company and other stakeholders Managing change in regulations International and national regulatory requirements Regulatory compliance in Europe Regulatory compliance in the USA What is different The GCC countries The Caribbean The Pacific Rim Common elements and differences of compliance projects New standards Disclosure issues Multinational companies and compliance challenges Part 12 – Reference: Threat Landscape and Good Practice Guide for Smart Home and Converged Media Smart home infrastructure including converged media and television Valuable assets in smart homes and converged media Threats Smart home assets exposure to cyber threats Threat agents To learn more about the CISRCP program you may visit: http://www.risk-compliance-association.com/Certified_Risk_Compliance_Training.htm http://www.risk-compliance-association.com/CISRCP_Distance_Learning_and_Certification.htm Media Contact: George Lekatis President of the IARCP General Manager, Compliance LLC 1200 G Street NW Suite 800 Washington, DC 20005, USA Tel: (202) 449-9750 Email: lekatis@risk-compliance-association.com Web: www.risk-compliance-association.com HQ: 1220 N. Market Street Suite 804 Wilmington, DE 19801, USA Tel: (302) 342-8828 About The International Association of Risk and Compliance Professionals: The International Association of Risk and Compliance Professionals (IARCP) offers standard, premium and lifetime membership, weekly updates, training, certification, Authorized Certified Trainer (ACT) programs, advocacy and other services. SOURCE: The International Association of Risk and Compliance Professionals Posted In Business Tags About The Author
  • 11. WireService.co WireService.co offers unlimited press release distribution on many of the countries most popular media destinations for $25 per month. Get residual, targeted Google traffic for $25 a month. You might also like Business Global Food Grade Lubricants Market 2015 Size, Share, Growth, Trends, Demand and Forecast Global Food Sugar Substitute Market 2015 Size, Share, Growth, Trends, Demand and Forecast Global Food Preservative Market 2015 Size, Share, Growth, Trends, Demand and Forecast Global Food Color Fixative Market 2015 Size, Share, Growth, Trends, Demand and Forecast Global Food Anti-Caking Agent Market 2015 Size, Share, Growth, Trends, Demand and Forecast Global Fluorescent Mineral Element Analyzer Market 2015 Size, Share, Growth, Trends, Demand and Forecast