Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

ciso-platform-annual-summit-2013-Key pillars of an effective risk management program


Published on

Presented by K S Narayanan at CISO Platform Annual Summit, 2013. Narayanan is the Head Information Risk Management at ING Vysya Bank responsible for strategy, policy, risk management and information security program management implementation for ING Vysya Bank.

Published in: Business, Economy & Finance
  • Be the first to comment

  • Be the first to like this

ciso-platform-annual-summit-2013-Key pillars of an effective risk management program

  1. 1. Key pillars of an effective Risk Management Program Prepared by: K.S.Narayanan Head – Information Risk Management - ING Vysya Bank Date: 15th Nov 2013
  2. 2. Information Security & Risk Information Security is • More focused on technology • Compliance driven • Identify threats • Defines controls • Monitor controls Information Risk Management defines • The areas which should be secured • Business value & Business Impact • Compliance and strategy • Structured Approach • Provides information to decision makers • Does not make decisions for business
  3. 3. Current IT Security Scenario
  4. 4. “Volvo Bus Security Syndrome” • Is there a Governance Issue ? • Are Risks & Controls not aligned ? • Weak architecture and control design for fire safety ? • Who assessed the risk appetite ? Is this an outcome of only technology driven and compliance focused assurance ! 14th Nov 13 :- 7 dead after Mumbai-Bangalore Volvo bus catches fire 30th Oct 13 :- 45 charred to death in Volvo bus blaze near Hyderabad Disclaimer :- This analysis is not intended to question Volvo technical and safety controls. Only used here for the purpose of a case study for an effective risk management.
  5. 5. Effective Risk Management - Critical Factors • Suitable Governance Model • Common Risk Language & Risk footprints • Risk Assessments – Standard based + Scenario based • Risk Appetite for business/risk decision making • Reference Architecture based – Security controls implementation • Data centric approach
  6. 6. ERM Framework – IT Risk • • • • • • Aligning risk appetite and strategy Enhancing risk response decisions Reducing operational surprises and losses Identifying and managing multiple and cross-enterprise risks Seizing opportunities Improving deployment of capital
  7. 7. THANK YOU 7