IT Risk Management - the right posture

2,125 views

Published on

Keynote presentation at IBM seminar on IT Risk Management at Bangalore 27 July 2012

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,125
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
92
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

IT Risk Management - the right posture

  1. 1. ENTERPRISE IT RISK MANAGEMENT “EXPLORING THE RIGHT POSTURE” PARAG DEODHAR 27 J 2012 ‐ 27 JULY 2012 BANGALORE
  2. 2. EVOLUTION OF IT WITHIN THE ORGANISATION IT  TRANSFORMER ENABLER SUPPORT TEAM27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 2
  3. 3. ENTERPRISE RISK & IT & IT • IT is now CORE to Business• Top 3 areas which Audit  Committees want to spend more  time on  (Source: KPMG Survey)27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 3
  4. 4. IT RISK MANAGEMENT IS MUCH MORE THAN IT SECURITY• N li i d i f Not limited to information security. It covers all IT l d i i I ll IT‐related risks, including: • Late project delivery Late project delivery • Not achieving enough  value from IT • Compliance C li • Misalignment • Obsolete or inflexible IT architecture • IT service delivery p problems27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 4
  5. 5. IT RISK DOES NOT EMANATE FROM THE IT  DEPARTMENT ALONE• Mergers and Acquisitions• Purchasing software as a service• Investing in application enhancements• Outsourcing and offshoring Outsourcing and offshoring• Integrating diverse applications i S li k C – Business Partners, Suppliers, Banks, Customers…• End Users• Consultants and Auditors!!!27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 5
  6. 6. WHO OWNS IT RISK? IT R• IT Risk Management ‐ Organisation Structure &  Reporting line – IT team – Risk Management Team – External Vendors – Group Team WHO’S NECK IS ON THE LINE WHEN DISASTER STRIKES?27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 6
  7. 7. CIO  CIO REPORT TO THE AUDIT COMMITTEE(Source: KPMG Survey) 27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 7
  8. 8. IT R IT RISK UNIVERSE27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 8
  9. 9. EMERGING IT RISKS IN THE BORDERLESS ENTERPRISE27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 9
  10. 10. MANAGING IT RISKS IT R• N New threats are emerging every day h i d• Basic measures like – Anti‐Virus, Firewalls are no longer  enough• Tools like SIEM, IPS, DLP, DRM… are now standard  requirement  requirement• Only tools are not enough, continuous updates, 24x7  monitoring and response is required monitoring and response is required• Do you have the resources – money, time, human  resources???• What is your risk posture? What do you tell the Board? • How do you manage compliance? y g p27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 10
  11. 11. GUIDING PRINCIPLESSource: ISACA27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 11
  12. 12. IT R IT RISK MANAGEMENT FRAMEWORK Source: ISACA •Responsibility and  accountability for risk •Risk appetite and tolerance •Awareness and  communication Ri k lt •Risk culture• Key risk indicators (KRIs)•Risk response definition and prioritisation • Risk scenarios Risk scenarios •Business impact  descriptions 27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 12
  13. 13. IT R IT RISK – MATURITY MODEL TO ASSESS POSTURESource: ISACA27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 13
  14. 14. Its not a Goal – But a journey… Its not a Goal But a journey THANK YOU THANK YOU27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 14

×