Agama Consulting aims to provide holistic enterprise risk and security management through a collaborative approach. Their mission is to create a dependable, integrated and stable risk model for clients. Their vision is to become a leader in holistic risk management by implementing people-friendly solutions. They offer advisory, compliance, technology and learning services to help clients develop consolidated risk programs aligned with business goals. The founders have extensive experience in risk management, compliance, security and consulting.
Improving Your Information Security ProgramSeccuris Inc.
Michael walks the audience through the key focus areas in the creation of information security dashboards and discuss topics such as: What about our Information Security Program is important?
How can I represent my Information Security Program in a dashboard? What elements of my program should I measure and report on? What must happen with the output?
Improving Your Information Security ProgramSeccuris Inc.
Michael walks the audience through the key focus areas in the creation of information security dashboards and discuss topics such as: What about our Information Security Program is important?
How can I represent my Information Security Program in a dashboard? What elements of my program should I measure and report on? What must happen with the output?
The presentations should help security professionals create security architecture that supports business objectives, covers all areas of security technology, and allows for effective measurement of security value.
The presentation was given at BrighTalk
Secure Islands provides IRM protection, and takes it to the next level by adding a simple and powerful management layer.
http://www.secureislands.com/irm/
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
Supervised Active Intelligence: an innovative approach to Automated Incident Response based on Machine Learning, leveraging orchestration, automated playbooks and integration with existing Security Ecosystem
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyAndris Soroka
Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.
what is information security? Information security focuses on protecting valuable information that will help businesses to succeed in their strategies. Confidentiality, integrity and availability are the three basic objectives of Information Security.
For more such innovative content on management studies, join WeSchool PGDM-DLP Program: http://bit.ly/ZEcPAc
Join us on Facebook: http://www.facebook.com/welearnindia
Follow us on Twitter: https://twitter.com/WeLearnIndia
Read our latest blog at: http://welearnindia.wordpress.com
Subscribe to our Slideshare Channel: http://www.slideshare.net/welingkarDLP
Information Rights Management is the set of techniques and methods which protect the highly sensitive information of the organization irrespective of the file location whether it resides "in" or "outside" the corporate boundaries. This happens as the permissions embedded inside the file don't allow unauthorized access, modification, copying or printing. This is typically done for protection of financial documents, intellectual property such as patents, design blueprints and executive communications.
The presentations should help security professionals create security architecture that supports business objectives, covers all areas of security technology, and allows for effective measurement of security value.
The presentation was given at BrighTalk
Secure Islands provides IRM protection, and takes it to the next level by adding a simple and powerful management layer.
http://www.secureislands.com/irm/
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
Supervised Active Intelligence: an innovative approach to Automated Incident Response based on Machine Learning, leveraging orchestration, automated playbooks and integration with existing Security Ecosystem
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyAndris Soroka
Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.
what is information security? Information security focuses on protecting valuable information that will help businesses to succeed in their strategies. Confidentiality, integrity and availability are the three basic objectives of Information Security.
For more such innovative content on management studies, join WeSchool PGDM-DLP Program: http://bit.ly/ZEcPAc
Join us on Facebook: http://www.facebook.com/welearnindia
Follow us on Twitter: https://twitter.com/WeLearnIndia
Read our latest blog at: http://welearnindia.wordpress.com
Subscribe to our Slideshare Channel: http://www.slideshare.net/welingkarDLP
Information Rights Management is the set of techniques and methods which protect the highly sensitive information of the organization irrespective of the file location whether it resides "in" or "outside" the corporate boundaries. This happens as the permissions embedded inside the file don't allow unauthorized access, modification, copying or printing. This is typically done for protection of financial documents, intellectual property such as patents, design blueprints and executive communications.
10 Security Essentials Every CxO Should KnowIBM Security
View On Demand Webinar: http://event.on24.com/wcc/r/1060940/3EBB3C7D778564710E957F99AF1D7C1B
How comprehensive is your security program? Organizations today are reliant on technology more than ever to achieve competitive advantage. Whether it is growing your brand, automating a supply chain or moving to cloud and mobile, technology is the lifeblood of business. This shift in reliance also brings cyber threats that must be addressed.
Based on extensive experience, IBM has established 10 Essential Practices for a comprehensive security posture. Join Glen Holland, Global Practice Lead of SAP Security Services, to hear about the key imperatives can help you understand and address these threats and protect the business.
In this on demand webinar, you will learn:
- The 10 security essentials and best practices of today’s security leaders
- How to assess your security maturity
- Where your critical gaps lie and how to prioritize your actions
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
View on-demand recording: http://securityintelligence.com/events/bridging-the-gap-between-your-security-defenses-and-critical-data/
Many organizations are struggling with the growing gap between the vulnerability of critical data and security defenses. You need visibility at all times to prevent external and internal database breaches. Your organization can't lose sight of the importance of the integrity of your data, including unauthorized changes and suspicious activity.
You will learn how combining the industry-leading security intelligence capabilities of IBM QRadar Security Intelligence Platform with the robust data security capabilities of IBM Security Guardium data activity monitor, organizations can gain actionable insights to reduce security risks at all layers and boost compliance across the enterprise.
In this live webinar, Sally Fabian, IBM Data Security Technical Specialist, will discuss:
- Architecture and integration points
- Real-time alerts and reporting
- Vulnerability assessments according to your risk score
- Security intelligence event log collection and analytics
- Actionable insights from security events
Information security focuses on protecting valuable information that will help businesses to succeed in their strategies. Confidentiality, integrity and availability are the three basic objectives of Information Security.
For more such innovative content on management studies, join WeSchool PGDM-DLP Program: http://bit.ly/ZEcPAc
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...TrustArc
Artificial Intelligence (AI) has emerged as a transformative force in various industries, from healthcare to finance and beyond. While AI offers incredible opportunities, it also raises ethical, legal, and social challenges that must be addressed. To navigate this complex landscape in the world of privacy, it is crucial to conduct comprehensive Privacy Impact Assessments (PIAs).
Conducting PIAs in this dynamic and evolving world of AI has brought new challenges to the privacy world. With AI increasingly being integrated into different areas of our lives, understanding the intersection between AI and PIAs is essential for any organization to ensure they are privacy forward.
Take advantage of this opportunity to gain a comprehensive understanding of AI impact assessments and their role in shaping the future of AI. In this insightful webinar, our experts will explore the power of Privacy Impact Assessments (PIAs) in ensuring responsible AI development and deployment.
In this webinar, some key topics that will be covered include:
- Introduction to AI PIAs
- PIAs demystified (why they are essential in the context of AI)
- Explore the evolving legal and regulatory landscape governing AI and privacy, including GDPR, CCPA, and other international standards
- Best practices for conducting effective PIAs in AI projects
- Future outlooks for AI and PIAs
Challenges & Opportunities the Data Privacy Act BringsRobert 'Bob' Reyes
My slide deck used in People Management Association of the Philippines' (PMAP) Data Privacy Act Forum held last 18 SEP 2017 at Ace Hotel & Suites, Pasig City.
This Special Report from the Security for Business Innovation Council identifies four technology trends -- cloud computing, social media, big data, and mobile devices -- as game-changers for 2013 and offers concrete guidance on how security teams can meet these requirements.
How to Address GDPR, Phishing and Shadow IT with a Robust IAM Strategy
The move towards cloud applications and remote working has shifted enterprise identities outside the traditional corporate infrastructure. Weak, stolen and re-used passwords are now the cause of two-thirds of all data breaches.
My1Login CEO, Mike Newman, presents on how a robust IAM strategy can address key GDPR obligations, eliminate phishing for critical applications and eradicate shadow IT. Mike’s presentation includes a case study of the security challenges faced by a 2000-user, highly-regulated, enterprise organisation and how they “locked down” access management by putting the business back in control of passwords rather than the users, whilst ensuring a positive, seamless user experience.
Explore top 8 cloud security challenges & IT solutions in Dubai. Safeguard data, mitigate risks & ensure compliance for seamless digital transformation.
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
SIEM technology has been around for years and continues to enjoy broad market adoption. Companies continue to rely on SIEM capabilities to handle proactive security monitoring, detection and response, and regulatory compliance. However, with today’s staggering volume of cyber-security threats and the number of security devices, network infrastructures and system logs, IT security staff can become quickly overwhelmed.
Gartner projects that by 2020:
-- 50% of new SIEM implementations will be delivered via SIEM as a service.
-- 60% of all advanced security analytics will be delivered from the cloud as part of SIEM-as-a-service offerings.
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Agama Profile
1. rd th rd
Regd. Address:2004, Oakwood Apartment, 3 Cross, 8 Main, 3 Block,Koramangala,Bangalore-560034.
T:+919845166115, E:runa@agamaconsulting.in
MISSION FOR AGAMA
To have a collaborative effort from the management ,people, processes and technology to create a
holistic and comprehensive enterprise risk and security model (ERSM) that would ensure the client’s
dependability, integrity and stability for themselves and their customers thereof.
VISION FOR AGAMA
To carve a niche in the Enterprise Risk and Security consulting space, by pioneering in holistic RM, so
as to implement people friendly solutions that unlock hidden opportunities.
SOLUTION AGAMA IS PROVIDING
We believe that it is important now more than ever, for companies to develop and maintain a
consolidated and a holistic risk management program that coordinates the silos( operating within
the risk management framework of an organisation), because they all have the same overall goal –
to protect the company and its assets. Therefore, we understand that companies today do not
necessarily, have the bandwidth to uproot their existing IS and RM structure, hence we have
prepared a modular roster of services which can be executed as per the organisation’s readiness.
2. SERVICES BY AGAMA
Based on the above pointers, we have drawn out a service portfolio that reflects our intentions.
Through our solutions we hope to look at the future outlook of the IS and RM industry.
Figure 1: Agama Services
No. Service Portfolio Advisory Compliance Technology Learning
1 IT Risk Organisation • • •
1.a Risk and Security • •
State Assessment
1.b Return on Security • •
Investment
1.c Balanced Scorecard • • •
Approach
1.d Unified Compliance
Framework
2 Enterprise Risk • • • •
Management
2.a Information Risk • • •
Management
2.b ISO31000 framework • • •
establishment
2.c Business Continuity • • • •
Management and
Disaster Recovery
Planning
2.d Information • • •
Sensitivity Policy
2.e Application • • • •
Security/BSIMM
2.g Security in Cloud • • •
Computing
3.a Data Security • • • •
Framework
For Internal Use only Page 2
3. 3.b Data Privacy • • • •
Framework
3.c Utilisation and Cost • • •
Optimisation for
IS&RM
THE APPROACH
The most important issue concerning Information Security is to manage all risks relevant to your
organization. Managing all risks is virtually impossible, and is usually to the detriment of business
operations. Therefore, in order to be in control, risk management is essential. This means that as an
organization you are security aware: secure what, why and how. In this process you may even decide
to leave a certain risk unchecked, as long as you are doing so consciously and based on a valid
assessment.
Agama believes in creating value out of IS &RM and that is the philosophy that we would like our
prospective clients to adopt. In order to drive home this point, we would consider the client’s
information needs vis-a-vis his information security needs. Implementable consulting is what Agama
hopes to provide its clients, where in the client can be rest assured that the solution provided would
be a tangible enough for its employees to execute.
We have seen all this while that any technology initiative is based on the classic three-legged
approach –People, Process and Technology, with the business or top management mostly playing a
hawk-like role of monitoring and dictating terms. However, at Agama, our view is that this will
hamper a company’s growth in the long term. It is important for business-side of the company to be
intricately involved the organisation’s information security and risk management projects. For this
reason we call our approach as the Enterprise Security Program (ESP). This is demonstrated in our
approach model given below. To have a holistic and consolidated security policy, it is important to
have considered the growth plans, the business strategies, human factors and the organisation
culture. A policy that does not scale and support the organisation’s potential of expansion, is
redundant and needs an immediate overhaul.
We also demonstrate the fact that these factors work towards making a holistic ESP through our
proprietary methodologies. While they are derived from the standard implementation frameworks,
we have added our beliefs to enhance the level of execution, such that the ESP will be current and in
line with the business objectives.
For Internal Use only Page 3
5. WHY AGAMA
It is an obvious question, considering the well-established players in the IS and RM consulting space.
For starters, we address our initiative as an Enterprise Security Program. Hence, at the risk of
sounding repetitive, we would like to emphasise the importance of a holistic and consolidated risk
management program through our approach and methodologies.
Secondly, we can proudly present an industry vertical based learning repository. This repository is
our reference point for various issues like information needs of an industry vertical, versus its
compliance-based information needs. It also gives us insight into the risk management initiatives of
leading organisations each sector.
At Agama, we have developed a unique consolidation model, which works on the basis of the
organisation’s security maturity levels. While assisting in creating the ESP, this will also give the
organisation’s current security state assessment.
We believe the above factors put us in a niche, which separates us from the other players in the
security and risk assessment segment. We also go by the adage-we let our work do the talking,
therefore once we get an opportunity to work with you, we would like to build a long-standing
relation that is just not limited to the scope of the project assigned to us.
Our Value Proposition in a nutshell-
UNIQUE SERVICES:
1. Creation of a consolidated Enterprise Security Model
2. Cost Optimisation of the existing Enterprise Security Program
3. Data Security and Data Privacy framework specific to industry sectors
4. Current State Maturity Assessment
VALUE ADDED APPROACH:
1. Creation of Enterprise Security strategies and programs aligned to the business goals and
strategies
2. Modular approach that is time-saving and easy to implement
For Internal Use only Page 5
6. SERVICE NEED AND APPLICABILITY
Based on a preliminary research and study of the Information Security Market, we have made a few
observations on the potential issues that few popular sectors can face.
Figure 3: Industry Sector and Issue Mapping
Sector Potential Information Risk and Enterprise Security Issues
E&U Stock Pilferage Breakdown of Data Privacy
machinery/Pla
nt shutdown
BFSI Fraud Data Physical Security System Compliance
Security/Data and Logical Shutdown
Privacy Security breach
Tech. Fraud Data Physical security Facility Compliance
&ITES Loss/Data and Logical Shutdown
Privacy security breach
Telecom Billing Fraud Physical and Marketing Data loss/Data Compliance
Logical information security
Security pilferage
Breach
Media and Data Loss/Data Facility
Comm. Privacy Shutdown
Retail Stock Pilferage Facility Data Privacy Physical and Governance
Shutdown and Data Logical Security
Security Breach
Mfg. Stock Pilferage Facility Data Privacy Physical and Governance
Shutdown and Data Logical Security
Security Breach
Govt. Data Security Facility Physical and
and Data Shutdown Logical Security
Privacy Breach
Hospitality Data Security Facility Governance Compliance
and Data Shutdown
Privacy
For Internal Use only Page 6
7. Based on the observations in figure 3, we have mapped our services with the sectors mentioned in
the above research.
Figure 4: Applicability of our services across various sectors*
No. Service Portfolio E&U BFSI Tech. Telecom Media Retail Mfg. Govt. Hospital
&ITES and ity
Comm.
1 ITRO • • • • • • • • •
1.a Risk and • • • • • • • • •
security state
assessment
1.b ROSI • • • • • • • • •
1.c BSC
1.d UCF • • • • • •
2 ERM • • • • • • • • •
2.a IRM/GRC • • • • • • • • •
2.b ISO31000 • • • • • • • • •
2.c BC/DR • • • • • • • • •
2.d Information • • • • •
Sensitivity Policy
2.e Application • • •
Security/BISMM
2.g Cloud Security • • • • • • • • •
3.a Data Security • • • • • • • • •
Framework
3.b Data Privacy • • • • • • • • •
Framework
3.c Utilisation and • • • • • • • • •
Cost
Optimisation for
IS and RM
*-The sectors covered here are indicative and the popular ones in general.
For Internal Use only Page 7
8. PROFILES OF THE FOUNDERS
RUNA DESAI DALAL
I have been a risk advisory consultant at Ernst and Young Pvt.Ltd within their banking and technology
practices.
I have done various projects in Risk advisory practice that range from Core Banking implementation,
Project Risk Management, Internal Audit, SOX process implementation review and Business
Continuity Management implementation.
I have been part of the core team that developed the Business Continuity management practice
which has grown from a team of 4 to 50 and stands as an independent service line across all industry
specialisations.
The main projects executed during my career span include:
• I have led a team that implemented the business continuity management processes and
reviewed the existing Disaster Recovery Plans, at the largest private sector bank.
• I have led a team that conducted Internal Audit for the operations of another private sector
bank.
• I have been part of implementation team of core banking solutions at two of the largest
public sector banks in the country.
• I have been part of a team that has done the implementation and review of SOX processes
at the largest private sector bank.
I have been the subject matter expert in Business Continuity Management and Operational Risk
Management.
Prior to this assignment, I have worked in HDFC Bank as a Business Analyst and with Ways India Ltd.
(a start-up organisation in the Dotcom era) as a Senior Tester.
My educational qualifications include M.M.S (Systems) and B.E (Electronics and
Telecommunications). Additionally I have a professional certification in BS25999.
For Internal Use only Page 8
9. SUDARSHAN RAJAGOPAL
I am a Principal Consultant executing the role of Senior Manager for Governance, Risk and
Compliance at Wipro Consulting Services heading the delivery organization of 200 plus people. I also
handle Wipro’s Center of Excellence for Technical Risk Assessment which includes Penetration
Testing / Vulnerability Assessment, Forensics etc.
Governance, Risk and Compliance, addresses not only the areas of ICT but the entire lifecycle of
information security which is important to ensure effective proactive Identification, Management &
Monitoring of Risks so as to ensure and maintain an effective Security Posture. The practices offer
comprehensive assurance and advisory services to its clients to enable core changes within their
organizations.
I drove the competency development, technology roadmap and innovation for the organization to
establish the technology leadership that GRC has retained in last few years. I manage P/L, sales and
delivery of consulting services, solution development, and ensuring execution of multiple programs
globally. I have directly led and managed diverse, multi-cultural global teams, set up strategic
consulting hubs and offshore delivery centers.
I have depth of Business Strategy & Technology for Information Security. My areas of specialization
are IT Security Strategy, IT Risk Management and Governance, and Infrastructure/Application
Security Design & Reengineering, Attack Synthesis and Countermeasure Tactics, Reverse Engineering
and Enterprise Audits. I have strong expertise in Hacking Counter measures, Enterprise Defense
Strategies and Social Engineering.
Prior to Wipro I have worked in companies like Vitage, HP in various leadership positions.
I have professional certification of CISSP, ITIL / ITSM (F), ISO 27001 LI, BS25999 LI, CEH, COBIT
foundation and Managing Successful Programs
I have been an invited speaker for various national conferences by CII, ISACA, CIO and CSO meets
etc.
For Further details please contact:
runa@agamaconsulting.in
Ph.no:+919845166115
For Internal Use only Page 9