This document discusses cyber governance and business assurance challenges for corporations. It covers the following topics:
1. An introduction to cyber governance and its components, including IT governance, legal governance, security governance, and human governance.
2. Approaches to risk assurance, including risk modeling and standards and compliance.
3. The need for an assurance framework and public-private partnerships to address challenges.
4. The challenges that both technologists and businesses face in ensuring effective cyber governance and business assurance.
Information Systems Security Solutions, Inc. (IS3) provides information technology integration, services, and support. It was incorporated in 2002 and has a top secret facility clearance. IS3 employs qualified IT professionals, technicians, information assurance strategists, and engineers. It is certified as a Native American, service disabled veteran, small disadvantaged, and local disadvantaged business. IS3 aims to provide innovative, high quality solutions to help clients maintain a competitive edge through its technology services. It provides total turn-key solutions from start to finish for clients.
Iob gm's lecture 7th jan 2014 GRC and corporate governance in Financial serv...subramanian K
This document provides an overview of governance, risk, and compliance in the cyber era presented by Prof. K. Subramanian. It includes:
- An agenda covering introduction, governance components, risk assurance and standards/compliance, assurance frameworks, and challenges.
- Quotes related to technology, privacy, and governance.
- Descriptions of governance components, principles of good governance, and cyber governance components.
- Discussions of corporate governance frameworks, assurance in public-private partnerships, and challenges in governing cyber space.
The presentation addresses key topics in digital governance and provides guidance on developing effective risk management and compliance programs.
This document discusses IT risk management and compliance services from Akibia. It describes how Akibia takes a risk management approach to compliance by helping companies implement security best practices while also achieving regulatory compliance. Akibia offers services such as regulatory gap analyses, vulnerability assessments, security strategy development, and payment card industry compliance assessments. The goal is to help clients cost-effectively meet compliance requirements while optimizing security.
This Slideshare presentation is a partial preview of the full business document. To view and download the full document, please go here:
http://flevy.com/browse/business-document/it-security-and-governance-template-312
This Word Document provides a template for an IT Security & Governance Policy and is easily customisable. Areas cover are: Security, Data Back-Up, Virus Protection, Internet & Email usage, Remote & 3rd Party Network Access, User-Account Management, Procurement, Asset Management and IS Service Continuity Planning
Unlike the rational man, humans sometimes are irrational and predictably err. The document discusses several cognitive biases and errors in human intuition that cause irrational decision-making. It then explains how nudges can influence behavior by exploiting these predictable irrational tendencies, while preserving freedom of choice. Specific examples are provided of nudges that could be applied in IT service management to help practitioners make better decisions.
Oil and Gas iQ’s Cyber Security for Oil and Gas event will bring together relevant stakeholders to discuss the most pressing cyber security issues facing the oil and gas sector. Presentations will examine threat trends, identify immediate and long-term needs, and reveal up-and-coming technologies for use in evolving threat environments. Security managers, IT strategy implementers, and industry partners will gather in Houston, TX to network, share best practices and explore potential paths to mitigate the threat of energy-focused attacks from cyber adversaries. For more information visit http://bit.ly/1cwasCO
Information Systems Security Solutions, Inc. (IS3) provides information technology integration, services, and support. It was incorporated in 2002 and has a top secret facility clearance. IS3 employs qualified IT professionals, technicians, information assurance strategists, and engineers. It is certified as a Native American, service disabled veteran, small disadvantaged, and local disadvantaged business. IS3 aims to provide innovative, high quality solutions to help clients maintain a competitive edge through its technology services. It provides total turn-key solutions from start to finish for clients.
Iob gm's lecture 7th jan 2014 GRC and corporate governance in Financial serv...subramanian K
This document provides an overview of governance, risk, and compliance in the cyber era presented by Prof. K. Subramanian. It includes:
- An agenda covering introduction, governance components, risk assurance and standards/compliance, assurance frameworks, and challenges.
- Quotes related to technology, privacy, and governance.
- Descriptions of governance components, principles of good governance, and cyber governance components.
- Discussions of corporate governance frameworks, assurance in public-private partnerships, and challenges in governing cyber space.
The presentation addresses key topics in digital governance and provides guidance on developing effective risk management and compliance programs.
This document discusses IT risk management and compliance services from Akibia. It describes how Akibia takes a risk management approach to compliance by helping companies implement security best practices while also achieving regulatory compliance. Akibia offers services such as regulatory gap analyses, vulnerability assessments, security strategy development, and payment card industry compliance assessments. The goal is to help clients cost-effectively meet compliance requirements while optimizing security.
This Slideshare presentation is a partial preview of the full business document. To view and download the full document, please go here:
http://flevy.com/browse/business-document/it-security-and-governance-template-312
This Word Document provides a template for an IT Security & Governance Policy and is easily customisable. Areas cover are: Security, Data Back-Up, Virus Protection, Internet & Email usage, Remote & 3rd Party Network Access, User-Account Management, Procurement, Asset Management and IS Service Continuity Planning
Unlike the rational man, humans sometimes are irrational and predictably err. The document discusses several cognitive biases and errors in human intuition that cause irrational decision-making. It then explains how nudges can influence behavior by exploiting these predictable irrational tendencies, while preserving freedom of choice. Specific examples are provided of nudges that could be applied in IT service management to help practitioners make better decisions.
Oil and Gas iQ’s Cyber Security for Oil and Gas event will bring together relevant stakeholders to discuss the most pressing cyber security issues facing the oil and gas sector. Presentations will examine threat trends, identify immediate and long-term needs, and reveal up-and-coming technologies for use in evolving threat environments. Security managers, IT strategy implementers, and industry partners will gather in Houston, TX to network, share best practices and explore potential paths to mitigate the threat of energy-focused attacks from cyber adversaries. For more information visit http://bit.ly/1cwasCO
This document provides a company profile for DFLabs, an ISO-certified cybersecurity firm. DFLabs specializes in information security governance, risk, and compliance. The company provides IT risk management frameworks, incident response services, digital forensics, and security consulting. DFLabs operates globally from headquarters in Northern Italy and has Fortune 100 customers. The company focuses on closing the gap between growing security risks and organizations' capacity to respond through an integrated IT governance framework.
Hiring Guide to the Information Security Professionamiable_indian
The document provides an overview of the information security profession and guidance for hiring information security professionals. It discusses the expanding role and types of jobs in the field, ideal traits for professionals, typical career paths, how to craft job descriptions and the importance of certifications. The document is a hiring guide intended to help HR, recruiters and hiring managers better understand the scope of the information security profession and find qualified candidates.
Information Security Governance: Government Considerations for the Cloud Comp...Booz Allen Hamilton
How users can take advantage of the cloud computing environment’s benefits without experiencing excessive security risks or new legal or regulatory compliance challenges.
Information Security Management Education Program - Concept Document Dinesh O Bareja
The document proposes an information security management program to train future security managers. It notes shortcomings in existing education and certification programs. The proposed program would [1] provide practical skills training using real-world scenarios, [2] cover technical, business, audit and legal topics to prepare students for security leadership roles, and [3] include soft skills development and fieldwork opportunities. The program differentiators include an experiential learning lab, partnerships with industry, and mentoring to support career placement.
This document discusses the security challenges of outsourcing business operations to Asia and the responses from Asian companies. It covers the domains that are typically outsourced, initial security concerns, customer demands around information security, and how Asian governments and companies have adopted frameworks like ISO 27001 and handled security incidents. It provides a comparison of security approaches globally and identifies remaining challenges around standards compliance and privacy laws.
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
The document discusses information and communication technology (ICT) supply chain security risks, existing practices for managing these risks, and emerging standards and frameworks. It notes risks like intentional insertion of malware, use of counterfeit components, and poor security practices in supplier networks. Additionally, it outlines government and industry efforts to develop guidelines and best practices for ICT supply chain risk management.
The Value Of HISP Certification [Compatibility Mode]jdimaria
The document discusses the value and importance of information security certification, specifically the Holistic Information Security Practitioner (HISP) certification. It notes that companies are increasingly requiring security certifications for personnel and looking for professionals trained in building formal information security management systems. The HISP certification focuses on frameworks like ISO 27001/27002 and COBIT and enhances other certifications. Obtaining the HISP certification can help professionals verify skills, assist companies in hiring, and help organizations reduce compliance costs.
Riskpro is an Indian risk management consulting firm with offices in several major cities. It provides a wide range of risk advisory services including Basel II/III compliance, corporate risk assessment, information security, and business continuity planning. The firm differentiates itself through its focus on risk management, experienced team with over 200 cumulative years of experience, hybrid delivery model, and ability to take on large complex projects. It aims to be a preferred provider of governance, risk, and compliance solutions to mid-large sized companies in India.
This document provides an overview of Riskpro, an organization that offers risk management consulting services. Riskpro has offices in three major Indian cities and alliances in other cities, and is managed by experienced professionals. It offers a wide range of risk management advisory services including Basel II/III advisory, corporate risks, information security, operational risk, governance, and other risks. Riskpro aims to provide integrated risk management solutions to mid-large sized companies in India. It differentiates itself through its focus on risk management, experience, hybrid delivery model, and ability to take on large complex projects.
Riskpro is an Indian risk management consulting firm with offices in major cities. It provides integrated risk management services including information security, business continuity planning, and ISO 27001 certification. It helps clients comply with regulations and mitigate risks to information assets from both internal and external threats. Some of its services include risk assessments, audits, training, and advisory services covering areas such as operational, credit, market, and other risks.
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
Presented by: Julie Soutuyo, Tennessee Valley Authority
Abstract: Over the past 40 years, the energy industry has evolved to a position of dependence upon information technology to accomplish its mission. Cyber attacks have become a “way of life”; as the Nation, industry, organizations, and individuals strive to operate safely and securely in cyberspace. Most rely on a compliance-based “whack-a-mole”; approach to cyber defense which presents multiple barriers to hackers, based on the last attack, with efforts to “hit” any that get inside the organization’s defenses. While still valid, this compliance-based approach has significant challenges: stopping intruders, mitigating the problems they create, and positioning an organization to achieve its mission under a cyber attack. Cyber experts across the Nation are increasingly turning to resiliency as a means for fighting through these attacks with the objective of meeting operational and mission requirements in spite of the attacks. This shift is driving organizations to rethink their organizational structures to achieve unity of effort and streamlined decision-making in the face of a fast paced set of operational demands. This presentation will highlight the strategies to promote a cyber resilient organization.
How to improve resilience and respond better to Cyber Attacks with ISO 22301?PECB
The document discusses how ISO 22301 certification can help organizations improve resilience and respond better to cyber attacks. It explains that ISO 22301 provides a standardized framework for establishing a business continuity management system (BCMS) that includes risk assessment, incident response planning, and continual improvement. Certification ensures an organization has effective continuity plans in place to address how cyber attacks can impact operations and disrupt business, and recover in a timely manner.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
This document provides an introduction to information security and ISO 27001. It discusses key concepts like what information security is, the importance of protecting information assets, common information security threats, and ISO 27001 which defines an Information Security Management System. The document is intended to raise awareness of information security and an individual's security responsibilities within an organization.
Does Anyone Remember Enterprise Security Architecture?rbrockway
The concept of Enterprise Security Architecture (ESA) is not new (Gartner 2006), yet the numbers from the past several years’ worth of breach data indicates that most organizations continue to approach security on a project by project basis or from a compliance perspective. This talk will refresh the ESA concept and communicate tangible and realistic steps any organization can take to align their security processes, architecture and management to their business strategies, reduce business risks and significantly improve their overarching security posture.
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
This document discusses building an information security architecture aligned with business objectives. It emphasizes establishing trust models and security domains to understand information flows and define appropriate controls at boundaries. This helps prioritize security efforts, automate baseline protections, and allow resources to focus on higher business risks. Defining controls based on trust and authority relationships can improve security posture while enabling productivity, innovation and business flexibility.
Fundamentals of Information Systems Security Chapter 14Dr. Ahmed Al Zaidy
The document discusses information security professional certifications. It describes the DoD Directive 8570.01 that requires security certifications for personnel working with DoD information systems. The directive is being replaced by DoDD 8140.01, which defines new cybersecurity roles. Popular vendor-neutral certifications from (ISC)2 like the CISSP and vendor-specific certifications from SANS GIAC are also outlined, covering various security disciplines.
Cyber Security IT GRC Management Model and Methodology.360factors
A discussion and presentation on cyber security trends in oil and gas, the benefits of an IT GRC Management System, and IT GRC Management Model and Methodology.
Security architecture rajagiri talk march 2011subramanian K
The document discusses several topics related to cybersecurity and governance including:
- The need for dynamic laws to keep pace with rapid technological advancements in cyberspace.
- The absence of a single governing body and immature cybersecurity practices in many countries.
- A five-tier architecture model for cybersecurity consisting of data, process, technology, data management, and management architectures.
- The importance of information assurance over just information security to ensure availability, integrity and reliability of information systems.
- Key stakeholders in information assurance including boards of directors, management, employees, customers, and regulatory authorities.
This document provides a company profile for DFLabs, an ISO-certified cybersecurity firm. DFLabs specializes in information security governance, risk, and compliance. The company provides IT risk management frameworks, incident response services, digital forensics, and security consulting. DFLabs operates globally from headquarters in Northern Italy and has Fortune 100 customers. The company focuses on closing the gap between growing security risks and organizations' capacity to respond through an integrated IT governance framework.
Hiring Guide to the Information Security Professionamiable_indian
The document provides an overview of the information security profession and guidance for hiring information security professionals. It discusses the expanding role and types of jobs in the field, ideal traits for professionals, typical career paths, how to craft job descriptions and the importance of certifications. The document is a hiring guide intended to help HR, recruiters and hiring managers better understand the scope of the information security profession and find qualified candidates.
Information Security Governance: Government Considerations for the Cloud Comp...Booz Allen Hamilton
How users can take advantage of the cloud computing environment’s benefits without experiencing excessive security risks or new legal or regulatory compliance challenges.
Information Security Management Education Program - Concept Document Dinesh O Bareja
The document proposes an information security management program to train future security managers. It notes shortcomings in existing education and certification programs. The proposed program would [1] provide practical skills training using real-world scenarios, [2] cover technical, business, audit and legal topics to prepare students for security leadership roles, and [3] include soft skills development and fieldwork opportunities. The program differentiators include an experiential learning lab, partnerships with industry, and mentoring to support career placement.
This document discusses the security challenges of outsourcing business operations to Asia and the responses from Asian companies. It covers the domains that are typically outsourced, initial security concerns, customer demands around information security, and how Asian governments and companies have adopted frameworks like ISO 27001 and handled security incidents. It provides a comparison of security approaches globally and identifies remaining challenges around standards compliance and privacy laws.
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
The document discusses information and communication technology (ICT) supply chain security risks, existing practices for managing these risks, and emerging standards and frameworks. It notes risks like intentional insertion of malware, use of counterfeit components, and poor security practices in supplier networks. Additionally, it outlines government and industry efforts to develop guidelines and best practices for ICT supply chain risk management.
The Value Of HISP Certification [Compatibility Mode]jdimaria
The document discusses the value and importance of information security certification, specifically the Holistic Information Security Practitioner (HISP) certification. It notes that companies are increasingly requiring security certifications for personnel and looking for professionals trained in building formal information security management systems. The HISP certification focuses on frameworks like ISO 27001/27002 and COBIT and enhances other certifications. Obtaining the HISP certification can help professionals verify skills, assist companies in hiring, and help organizations reduce compliance costs.
Riskpro is an Indian risk management consulting firm with offices in several major cities. It provides a wide range of risk advisory services including Basel II/III compliance, corporate risk assessment, information security, and business continuity planning. The firm differentiates itself through its focus on risk management, experienced team with over 200 cumulative years of experience, hybrid delivery model, and ability to take on large complex projects. It aims to be a preferred provider of governance, risk, and compliance solutions to mid-large sized companies in India.
This document provides an overview of Riskpro, an organization that offers risk management consulting services. Riskpro has offices in three major Indian cities and alliances in other cities, and is managed by experienced professionals. It offers a wide range of risk management advisory services including Basel II/III advisory, corporate risks, information security, operational risk, governance, and other risks. Riskpro aims to provide integrated risk management solutions to mid-large sized companies in India. It differentiates itself through its focus on risk management, experience, hybrid delivery model, and ability to take on large complex projects.
Riskpro is an Indian risk management consulting firm with offices in major cities. It provides integrated risk management services including information security, business continuity planning, and ISO 27001 certification. It helps clients comply with regulations and mitigate risks to information assets from both internal and external threats. Some of its services include risk assessments, audits, training, and advisory services covering areas such as operational, credit, market, and other risks.
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
Presented by: Julie Soutuyo, Tennessee Valley Authority
Abstract: Over the past 40 years, the energy industry has evolved to a position of dependence upon information technology to accomplish its mission. Cyber attacks have become a “way of life”; as the Nation, industry, organizations, and individuals strive to operate safely and securely in cyberspace. Most rely on a compliance-based “whack-a-mole”; approach to cyber defense which presents multiple barriers to hackers, based on the last attack, with efforts to “hit” any that get inside the organization’s defenses. While still valid, this compliance-based approach has significant challenges: stopping intruders, mitigating the problems they create, and positioning an organization to achieve its mission under a cyber attack. Cyber experts across the Nation are increasingly turning to resiliency as a means for fighting through these attacks with the objective of meeting operational and mission requirements in spite of the attacks. This shift is driving organizations to rethink their organizational structures to achieve unity of effort and streamlined decision-making in the face of a fast paced set of operational demands. This presentation will highlight the strategies to promote a cyber resilient organization.
How to improve resilience and respond better to Cyber Attacks with ISO 22301?PECB
The document discusses how ISO 22301 certification can help organizations improve resilience and respond better to cyber attacks. It explains that ISO 22301 provides a standardized framework for establishing a business continuity management system (BCMS) that includes risk assessment, incident response planning, and continual improvement. Certification ensures an organization has effective continuity plans in place to address how cyber attacks can impact operations and disrupt business, and recover in a timely manner.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
This document provides an introduction to information security and ISO 27001. It discusses key concepts like what information security is, the importance of protecting information assets, common information security threats, and ISO 27001 which defines an Information Security Management System. The document is intended to raise awareness of information security and an individual's security responsibilities within an organization.
Does Anyone Remember Enterprise Security Architecture?rbrockway
The concept of Enterprise Security Architecture (ESA) is not new (Gartner 2006), yet the numbers from the past several years’ worth of breach data indicates that most organizations continue to approach security on a project by project basis or from a compliance perspective. This talk will refresh the ESA concept and communicate tangible and realistic steps any organization can take to align their security processes, architecture and management to their business strategies, reduce business risks and significantly improve their overarching security posture.
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
This document discusses building an information security architecture aligned with business objectives. It emphasizes establishing trust models and security domains to understand information flows and define appropriate controls at boundaries. This helps prioritize security efforts, automate baseline protections, and allow resources to focus on higher business risks. Defining controls based on trust and authority relationships can improve security posture while enabling productivity, innovation and business flexibility.
Fundamentals of Information Systems Security Chapter 14Dr. Ahmed Al Zaidy
The document discusses information security professional certifications. It describes the DoD Directive 8570.01 that requires security certifications for personnel working with DoD information systems. The directive is being replaced by DoDD 8140.01, which defines new cybersecurity roles. Popular vendor-neutral certifications from (ISC)2 like the CISSP and vendor-specific certifications from SANS GIAC are also outlined, covering various security disciplines.
Cyber Security IT GRC Management Model and Methodology.360factors
A discussion and presentation on cyber security trends in oil and gas, the benefits of an IT GRC Management System, and IT GRC Management Model and Methodology.
Security architecture rajagiri talk march 2011subramanian K
The document discusses several topics related to cybersecurity and governance including:
- The need for dynamic laws to keep pace with rapid technological advancements in cyberspace.
- The absence of a single governing body and immature cybersecurity practices in many countries.
- A five-tier architecture model for cybersecurity consisting of data, process, technology, data management, and management architectures.
- The importance of information assurance over just information security to ensure availability, integrity and reliability of information systems.
- Key stakeholders in information assurance including boards of directors, management, employees, customers, and regulatory authorities.
An IT security audit is an independent analysis of a company's IT system controls, policies, and procedures to evaluate their adequacy and ensure compliance. The document discusses the importance of governance, risk management, and compliance for IT security audits. It also outlines the audit process, future trends including a focus on risk and analytics, and regulatory issues concerning frameworks, cybersecurity, and auditing standards.
How to determine a proper scope selection based on ISO 27001?PECB
Meeting Clause 4 - Context of the Organization "generic" requirements of ISO 27001 in order to determine a proper Documented Scope statement that meets business requirements and gives value to products and/or services.
Main points that have been covered are:
• Interested Parties
• Interfaces & Dependencies
• Legal / Regulatory & Contractual Obligations (Risk of Non-Compliance)
• Documented Scope Statement (including locations within Scope)
Presenter:
Mr. David Anders has worked more than 20+ years in the risk management field managing a broad spectrum of consulting services and product solutions. David has worked in the consulting field for 16 years and is the founder / CEO of SecuraStar, LLC, a niche ISO 27001 consulting firm in the United States and founder / CEO of ISMS Manager Software, LLC.
Link of the recorded session published on YouTube: https://youtu.be/hSaAvKgAC2c
Mission Critical Global Technology Group (MCGlobalTech) provides information security and IT infrastructure management consulting services. They help organizations comply with industry standards and federal regulations to strengthen their security posture. MCGlobalTech assesses clients' security gaps and develops customized solutions involving governance, processes, and technology controls. Their full lifecycle of services includes assessment, planning, implementation, and continuous monitoring.
Presentation given by Dr K Subramanian, Director and Professor, Advance Centre for Informatic and Innovative Learning IGNOU on August 3rd, 2011 at eWorld Forum (www.eworldforum.net) in the session Information Management and Security
Brandon Consulting provides IT compliance and governance services for credit unions. They assess clients' IT infrastructure risks and help mitigate risks through independent audits and recommendations. Their services include penetration testing, cybersecurity training, infrastructure audits, and disaster recovery planning. They aim to help clients meet regulatory and data protection standards through a structured approach involving assessing needs, creating a technology roadmap, and providing ongoing support and reviews. Past clients praise Brandon Consulting for their professional, impartial services.
How many times have you been surprised, and frustrated, to learn your IT capabilities won’t support a new or key business objective? Given the rapidly changing healthcare industry and multitude of new initiatives, this scenario happens all the time.
So how can you help ensure your IT components will work together, and can be leveraged to drive business results?
You need a blueprint — a way to align IT to the business – an IT Enterprise Architecture.
A sound Enterprise Architecture ensures your business is supported by IT components working together to deliver both a return-on-investment and projected business results.
5 Steps to Securing Your Company's Crown JewelsIBM Security
Today's critical business data is under constant threat, which is why enterprises must apply adequate data protection for their data security measures. Companies that fail to make data protection an everyday priority run the risk of losing money, losing business and destroying their reputations.
S. Rod Simpson is an experienced IT security professional with over 25 years of experience managing information security risk, IT general controls, IT audit, and compliance at Caterpillar, Inc. He has held roles such as Enterprise Risk Acceptance Manager, IT General Controls Manager, Manager of Key Process Indicators, and Six Sigma Blackbelt. Simpson is skilled in all aspects of information security from policy to protection to audit. He is certified in CRISC, CISA, CISM, ITIL, and Six Sigma methodology.
This document summarizes a presentation given by the City of Atlanta's Chief Information Security Officer Taiye Lambo. The presentation discusses Atlanta's vision for cybersecurity, which includes ensuring the reliability, security, and availability of the city's IT infrastructure and information. It also outlines Atlanta's goals for achieving operational excellence, information security, and continual improvement of its cybersecurity program over the next few years. The presentation provides an overview of Atlanta's current IT assets, cybersecurity landscape and threats, as well as a proposed strategic roadmap to address gaps and strengthen controls across key security domains through 2017.
This resume summarizes the professional experience of an Information Security professional with over 13 years of experience implementing security standards like ISO27001, PCI-DSS, and SSAE 16. The candidate's current role involves automating security controls, managing audits, and leading a team as the IT-GRC Domain Area Lead Manager. Prior experience includes security roles at Bharti Airtel, Capco Technologies, and other companies managing security operations, audits, risk assessments, and projects.
This document summarizes a panel discussion on managing risks and security in the cloud environment. The panelists include professionals from accounting firms and cloud technology companies. They discuss assessing risks prior to moving to the cloud, such as legal and compliance considerations. After moving to the cloud, topics discussed include options for mitigating risks, ensuring risks are addressed, and best practices for resource monitoring and cost controls. The document provides biographies of the panelists and information on additional resources for cloud computing and the CITP certification.
This presentation was discussed in a Webinar with MetricStream in September 2016. It is applicable for small, medium and large businesses when considering information and cyber security risk.
The Business Of Identity, Access And Security V1.0theonassiokas
The document discusses identity management (IDM) and its convergence across physical and logical systems. It notes that IDM involves managing identity lifecycles and can be viewed from user access or service paradigms. Regulatory focus on know-your-customer drives IDM's role in compliance, risk management, and governance. Successfully aligning IDM projects to business objectives can increase funding approvals by demonstrating value beyond passing audits.
This document discusses information security governance and business continuity planning for organizations. It emphasizes that information security is a business issue that requires strategic management from the board and senior leadership. It outlines key roles and responsibilities for governance bodies like the board, executive management, information security team, and risk committees. It also discusses developing policies, procedures, risk management processes, information security audits, and testing business continuity plans to ensure effective governance. Regular reviews and updates are needed to account for a changing threat landscape and business environment.
OT Security Architecture & Resilience: Designing for Security Successaccenture
The document summarizes key discussions and takeaways from an OT cybersecurity summit. It includes quotes and summaries from various sessions on topics like the importance of prioritizing cybersecurity, achieving cyber resilience through architecture, innovations and trends in OT networks, applying standards like IEC 62443, common resilience myths, centralizing OT security management, and the role of automation. The document encourages readers to review the on-demand content from the summit and contact the author's team if they have any other questions.
10 Security Essentials Every CxO Should KnowIBM Security
View On Demand Webinar: http://event.on24.com/wcc/r/1060940/3EBB3C7D778564710E957F99AF1D7C1B
How comprehensive is your security program? Organizations today are reliant on technology more than ever to achieve competitive advantage. Whether it is growing your brand, automating a supply chain or moving to cloud and mobile, technology is the lifeblood of business. This shift in reliance also brings cyber threats that must be addressed.
Based on extensive experience, IBM has established 10 Essential Practices for a comprehensive security posture. Join Glen Holland, Global Practice Lead of SAP Security Services, to hear about the key imperatives can help you understand and address these threats and protect the business.
In this on demand webinar, you will learn:
- The 10 security essentials and best practices of today’s security leaders
- How to assess your security maturity
- Where your critical gaps lie and how to prioritize your actions
Innovation,knowledge management & productivity laxammal college,chennai jan 14subramanian K
This document provides a summary of a lecture given by Prof. K. Subramanian on January 3rd, 2014 in Chennai, India about the importance of innovation, knowledge management, and productivity in the context of big data and cloud computing. The lecture covered topics such as defining innovation, examples of historical Indian innovations, barriers to innovation in India, the importance of universities in driving innovation, and trends shaping the future of work and the knowledge workforce.
Innovations in ict for mitigating environmental challengessubramanian K
This document discusses how information and communication technologies (ICT) can help address major environmental challenges like climate change, resource depletion, and loss of biodiversity. It outlines how ICT facilitates knowledge sharing and empowers stakeholders to pursue sustainable practices. ICT is transforming sectors like power, transportation, agriculture, buildings, and manufacturing through "smart systems" that enable efficiency gains and emissions reductions. For example, smart grids and electric vehicles can reduce emissions from the transportation sector by 1.9 gigatonnes of carbon dioxide equivalent annually. Overall, ICT has the potential to reduce global greenhouse gas emissions by 16.5% through solutions that create jobs and economic savings worldwide.
Cyber forensics intro & requirement engineering cit dec 21,2013subramanian K
This document presents information on cyber forensics and fraud detection. It discusses the challenges of digital evidence collection and analysis. It also outlines the responsibilities of different parties in digital forensics like police, auditors, and technologists. Effective fraud detection requires highly trained personnel, appropriate tools, strong cyber laws, and certified fraud examiners. Common fraud types and detection methods using data mining techniques like decision trees and clustering are also summarized. The document emphasizes the importance of visualization and integrating multiple models to improve fraud prediction. Finally, it discusses challenges like imperfect data and the need for domain expertise in fraud detection.
This document summarizes a lecture given by Prof. K. Subramanian on cyber security and cyber assurance. It discusses how cyberspace is dynamic and undefined, requiring countries to have dynamic laws that keep pace with technological advancements. It also addresses issues like lack of trust in e-environments, absence of a single governing body, and the need for high skill inventories and legislation to reduce the fear of being caught for cybercrimes. Overall, the lecture argues that perfect cyber security is not achievable and the goal should be building adequate confidence and comfort levels through appropriate security measures and efforts.
Csi taramani lecture jan 14 quality assurance in educationsubramanian K
This document discusses assuring quality education for all through a techno-management framework using open source technology. It covers content development, faculty interaction, delivery, and governance. The author, Prof. K Subramanian, is introduced along with his credentials and experience in education, technology management, and government. Current issues in the Indian education system are then outlined, describing it as over-regulated and under-governed, with large government spending but insufficient and inefficient public education. The potential for technology to address this is discussed.
Ieee cs lecture sep 2013 digital economy and new generation workforcesubramanian K
1. The document discusses a lecture given by Prof. K. Subramanian to the 2013 IEEE CS in Delhi about the evolution of societies from the Industrial Age to the Digital/Information Age and future trends.
2. It covers topics like the changing work environment, connectivity in rural areas through initiatives like PURA, and the transition to a knowledge-based society and economy.
3. The role of ICT, skills development, infrastructure, enterprise and policy in enabling this transition are also discussed.
Renaissance of electronic engineering fuelling india’s growth ieee-te event k...subramanian K
The document discusses the renaissance of electronic engineering and its role in fueling India's economic growth. It outlines the paradigm shifts from agricultural to industrial to knowledge-based societies and the relationship between information technology and the economy. Electronic engineering is enabling many industry segments through developments in areas like internet of things, embedded systems, VLSI, and more. The government needs reforms and policies to facilitate investment, infrastructure, skills development, standards, and industry-academia collaboration to strengthen electronic engineering in India.
Skim lecture @national conference on technoly, innovation & chnge management ...subramanian K
The document discusses technology, innovation, and change management for good governance. It covers recent technological developments, knowledge management, standards and assurance, governance maturity models, and principles of good governance including leadership, selflessness, integrity, and accountability. It also addresses typical challenges with governance in cyberspace and the drivers of change in the digital age.
This document discusses predictions for cybersecurity threats in 2011 from M86 Security Labs. It predicts that (1) malware will increasingly use stolen digital certificates to bypass protections, (2) mobile malware targeting smartphones and tablets will rise as these devices grow in popularity, and (3) spam campaigns will more closely mimic messages from legitimate websites to appear more authentic and trick users.
This document summarizes a study conducted by the United States Secret Service and the CERT Coordination Center on incidents of insider sabotage in critical infrastructure sectors. The study analyzed insider threat incidents across different sectors and identified key findings related to the insider's motive, pre-attack behavior, advancing the attack, detecting the attack, and consequences for targeted organizations. The document provides implications for preventing insider sabotage based on these findings. It aims to help organizations address this threat by understanding insider behaviors and implementing appropriate security measures.
Iipa lecture km & good governance jan 12 2011subramanian K
The document discusses knowledge management, innovation, and productivity as integral parts of good governance. It covers recent developments in these areas, myths about knowledge management, and how innovation and productivity can be improved through standards and governance frameworks. Maturity models are presented as a way to evaluate knowledge management strategies and ensure good governance of cybersecurity and information technology.
Ict4 e india and south asia full reportsubramanian K
This document provides an extended summary of a report on the use of information and communication technologies (ICT) for education in India and South Asia. It finds that while ICT initiatives for education have increased across the region, there remain common constraints including lack of adequate infrastructure, resources, and teacher training. Key initiatives discussed include teacher training programs, developing ICT infrastructure in schools, using ICT for non-formal education, and implementing open and distance learning programs. The report provides snapshots of ICT for education programs and policies in 8 countries in South Asia and analyzes initiatives and constraints across the region.
Financial inclusion cbt presentation feb 2011subramanian K
The document discusses financial inclusion challenges and opportunities in India, focusing on the role of government, industry, and academia in promoting financial inclusion. It defines financial inclusion and exclusion, outlines reasons for exclusion. It proposes a public-private partnership model utilizing technology to expand access to banking and credit for rural and low-income populations.
Project Management To Project Governance , Knowledge Managementsubramanian K
The document discusses the importance of integrating project management, knowledge management, and productivity as key parts of IT governance. It notes that effective project governance requires well-defined structures, roles and responsibilities, policies, knowledge, and metrics to ensure project success and realize benefits. Challenges include integrating operations, professionals, culture, ICT and business. Good governance improves value by 10% and reduces risks by half. However, many executives lack skills in governance roles.
Itz Lecture Bi & Web Tech Standards Feb 2009subramanian K
The document discusses the evolution of web technologies from documents to data and services. It describes key aspects of the semantic web like using URIs to identify resources, RDF to express data and link it together, and OWL for ontologies. It outlines challenges in developing the semantic web further like creating and linking data at scale. The document advocates the semantic web as the next logical step in the evolution of a unified web of data and services that can be used by people and machines everywhere.
Empowering The Educators India R & D 2009 Jan 2009subramanian K
The document discusses the need for a national educational grid and portal to deliver educational resources through channels like IGNOU. It emphasizes using technology to make learning a lifelong social and economic activity by addressing the diverse needs of learners through flexible infrastructure. A multi-pronged approach is proposed using connectivity, content generation and a virtual university hub to provide quality education for all. Challenges around the digital divide and teacher training are also addressed.
Education ~Skill Development Assocham Conf Feb 2009subramanian K
1. India faces major challenges in providing quality education and skills training to its large population to support the growing knowledge economy.
2. Lifelong learning and ongoing skills development are becoming critical for individuals, employers and the economy.
3. National Skills Academies led by employers would help identify skills shortages, ensure training meets current and future needs, and deliver high-quality sector-specific education.
Architecting E Governance Space Npc Lecture Feb 2009subramanian K
This document discusses principles and ideas for architecting effective e-governance systems. It outlines foundational concepts like undertaking a structured e-governance strategy, ensuring the strategy has a sound underlying architecture, and creating a single high-level strategic body. It also discusses avoiding failure through ideas about project management, change management, and attuning projects to political cycles. The overall aim is to provide guidance for developing e-governance solutions that are well-planned, integrated, and responsive to stakeholder and environmental realities.
Securing & Asuring E Governance Servicessubramanian K
This document discusses securing and assuring eGovernance services. It provides an overview of relevant policy guidelines, standards, and frameworks. The key points are:
1. It outlines important NeGP policy guidelines related to identity and access management, information security, and baseline security requirements.
2. It discusses the need for an integrated security and cyber assurance framework to ensure requirements are specified, specifications are complied with, and users are satisfied.
3. Achieving quality in eGovernance requires ensuring best practices from international standards are followed in design and implementation of processes and services.
Introspection Of India Egov Npc Feb 2009subramanian K
The document discusses India's progress with e-governance and digital administration. It notes that while India has many assets like population and infrastructure, it lacks political will, project governance, collaboration, and integration of stakeholders. Lessons are discussed around people, process, technology, and resources. The future of e-governance requires leadership, standards, multi-sector participation, and moving up the evolution staircase from basic presence to outsourcing through transformation. Success requires assimilating lessons from experience and practicing them in real-life projects.
Storytelling is an incredibly valuable tool to share data and information. To get the most impact from stories there are a number of key ingredients. These are based on science and human nature. Using these elements in a story you can deliver information impactfully, ensure action and drive change.
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....Lacey Max
“After being the most listed dog breed in the United States for 31
years in a row, the Labrador Retriever has dropped to second place
in the American Kennel Club's annual survey of the country's most
popular canines. The French Bulldog is the new top dog in the
United States as of 2022. The stylish puppy has ascended the
rankings in rapid time despite having health concerns and limited
color choices.”
How to Implement a Real Estate CRM SoftwareSalesTown
To implement a CRM for real estate, set clear goals, choose a CRM with key real estate features, and customize it to your needs. Migrate your data, train your team, and use automation to save time. Monitor performance, ensure data security, and use the CRM to enhance marketing. Regularly check its effectiveness to improve your business.
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Tastemy Pandit
Know what your zodiac sign says about your taste in food! Explore how the 12 zodiac signs influence your culinary preferences with insights from MyPandit. Dive into astrology and flavors!
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfthesiliconleaders
In the recent edition, The 10 Most Influential Leaders Guiding Corporate Evolution, 2024, The Silicon Leaders magazine gladly features Dejan Štancer, President of the Global Chamber of Business Leaders (GCBL), along with other leaders.
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...APCO
The Radar reflects input from APCO’s teams located around the world. It distils a host of interconnected events and trends into insights to inform operational and strategic decisions. Issues covered in this edition include:
Top mailing list providers in the USA.pptxJeremyPeirce1
Discover the top mailing list providers in the USA, offering targeted lists, segmentation, and analytics to optimize your marketing campaigns and drive engagement.
Best practices for project execution and deliveryCLIVE MINCHIN
A select set of project management best practices to keep your project on-track, on-cost and aligned to scope. Many firms have don't have the necessary skills, diligence, methods and oversight of their projects; this leads to slippage, higher costs and longer timeframes. Often firms have a history of projects that simply failed to move the needle. These best practices will help your firm avoid these pitfalls but they require fortitude to apply.
The Genesis of BriansClub.cm Famous Dark WEb PlatformSabaaSudozai
BriansClub.cm, a famous platform on the dark web, has become one of the most infamous carding marketplaces, specializing in the sale of stolen credit card data.
Structural Design Process: Step-by-Step Guide for BuildingsChandresh Chudasama
The structural design process is explained: Follow our step-by-step guide to understand building design intricacies and ensure structural integrity. Learn how to build wonderful buildings with the help of our detailed information. Learn how to create structures with durability and reliability and also gain insights on ways of managing structures.
How MJ Global Leads the Packaging Industry.pdfMJ Global
MJ Global's success in staying ahead of the curve in the packaging industry is a testament to its dedication to innovation, sustainability, and customer-centricity. By embracing technological advancements, leading in eco-friendly solutions, collaborating with industry leaders, and adapting to evolving consumer preferences, MJ Global continues to set new standards in the packaging sector.
At Techbox Square, in Singapore, we're not just creative web designers and developers, we're the driving force behind your brand identity. Contact us today.
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...Aleksey Savkin
The Strategy Implementation System offers a structured approach to translating stakeholder needs into actionable strategies using high-level and low-level scorecards. It involves stakeholder analysis, strategy decomposition, adoption of strategic frameworks like Balanced Scorecard or OKR, and alignment of goals, initiatives, and KPIs.
Key Components:
- Stakeholder Analysis
- Strategy Decomposition
- Adoption of Business Frameworks
- Goal Setting
- Initiatives and Action Plans
- KPIs and Performance Metrics
- Learning and Adaptation
- Alignment and Cascading of Scorecards
Benefits:
- Systematic strategy formulation and execution.
- Framework flexibility and automation.
- Enhanced alignment and strategic focus across the organization.
Digital Marketing with a Focus on Sustainabilitysssourabhsharma
Digital Marketing best practices including influencer marketing, content creators, and omnichannel marketing for Sustainable Brands at the Sustainable Cosmetics Summit 2024 in New York
Building Your Employer Brand with Social MediaLuanWise
Presented at The Global HR Summit, 6th June 2024
In this keynote, Luan Wise will provide invaluable insights to elevate your employer brand on social media platforms including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok. You'll learn how compelling content can authentically showcase your company culture, values, and employee experiences to support your talent acquisition and retention objectives. Additionally, you'll understand the power of employee advocacy to amplify reach and engagement – helping to position your organization as an employer of choice in today's competitive talent landscape.
Discover timeless style with the 2022 Vintage Roman Numerals Men's Ring. Crafted from premium stainless steel, this 6mm wide ring embodies elegance and durability. Perfect as a gift, it seamlessly blends classic Roman numeral detailing with modern sophistication, making it an ideal accessory for any occasion.
https://rb.gy/usj1a2
1. Cyber Governance & Business Assurance in Cyber Era-
Challenges Before the Corporates
Prof. K. Subramanian
SM(IEEE, USA), SMACM(USA), FIETE,SM(IEEE, USA), SMACM(USA), FIETE,
SMCSI,MAIMA,MAIS(USA),MCFE(USA)SMCSI,MAIMA,MAIS(USA),MCFE(USA)
Founder Director & Professor, Advanced Center for Informatics &
Innovative Learning (ACIIL), IGNOU
EX- IT Adviser to CAG of India
Ex-DDG(NIC), Ministry of Comm. & IT
Emeritus President, eInformation Systems, Security, Audit
Association
Former President, Cyber Society of India
3. 3
Notable Quotes
"The poor have sometimes objected to being governed
badly; the rich have always objected to being governed at
all." G. K. Chesterton
“Ever since men began to modify their lives by using technology
they have found themselves in a series of technological traps.”
Roger Revelle
“The law is the last interpretation of the law given by the last
judge.”- Anon.
“Privacy is where technology and the law collide.”
--Richard Smith
(who traced the ‘I Love You’ and ‘Melissa viruses’)
"Technology makes it possible for people to gain control
over everything, except over technology" John Tudor
4. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 44
MEDIATING FACTORS:MEDIATING FACTORS:
EnvironmentEnvironment
CultureCulture
StructureStructure
Standard ProceduresStandard Procedures
PoliticsPolitics
Management DecisionsManagement Decisions
ChanceChance
ORGANIZATIONSORGANIZATIONS INFORMATIONINFORMATION
TECHNOLOGYTECHNOLOGY
5. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 5
Principles of Good Governance
Leadership
Selflessness
Integrity
Objectivity
Accountability
Openness
Honesty
Humane Governance
Should be Creative
Uses Knowledge for
National Wealth and
Health creation
Understands the
economics of Knowledge
High Morality
8. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 8
Corporate Governance
Business Assurance Framework
Global Phenomena
Combines Code of UK
and SOX of USA
Basel II & III
Project Governance
IT Governance
Human & Humane
Governance
India Initiatives
1. Clause 49
2. Basel II & III -RBI
3.SEBI- Corporate
Governance
Implementation
directives
4.Risk management-RBI
& TRAI
5. MCA Initiatives
8
9. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 9
Global issues with Governance of
Cyber Space
Information Technology & Business: current status and
future
Does IT matter? IT--enabled Business
- Role of Information, Information Systems
- In business
- Role of information technology in enabling business
- IT dependence
Changing Role of the CIO
Web 2.0 and 3.0 and governing cyberspace
eBusiness, eHealth, eBanking, eGovernance
Current Challenges and Issues
9
10. Creating Trust in an Enterprise
Today's information explosion is creating challenges
for business and technology leaders at virtually every
organization. The lack of trusted information and
pressure to reduce costs is on the minds of CEOs and
senior executives around the world.
What's required to solve these challenges is a
paradigm shift - from generating and managing
silos - of information, of talent and skills, of
technologies and of projects to an environment
where information is a trusted, strategic asset
that is shared across the company.
10
12. Why Assurance?
Competitive Threats & Way Forward
Internal Competition from
Liberalization
World Competition from
Globalization
Entrenched Competition
Abroad
Asymmetry in Scale,
Technology, Brands
Industry Shakeouts and
Restructuring
Learn more about own
Businesses.
Reach out to all Business &
Function Heads.
Sharpen Internal Consultancy
Competences.
Proactively Seize the Repertoire
of MS & Partners
Foster two way flow of IS & Line
Talent.
10th september 2013 12Prof. KS@2013 Assocham conf GRC 2013
13. 13
Key Areas of AssuranceKey Areas of Assurance
• OrganizationalOrganizational
- Systems in place to identify & mitigate differing risk perceptions of- Systems in place to identify & mitigate differing risk perceptions of
stakeholders to meet business needsstakeholders to meet business needs
• SupplierSupplier
- Confidence that controls of third party suppliers adequate & meets- Confidence that controls of third party suppliers adequate & meets
organization’s benchmarksorganization’s benchmarks
• Business PartnersBusiness Partners
- Confirmation that security arrangements with partners assess & mitigate- Confirmation that security arrangements with partners assess & mitigate
business riskbusiness risk
• Services & IT SystemsServices & IT Systems
- Capability of developers, suppliers of IT services & systems to implement- Capability of developers, suppliers of IT services & systems to implement
effective systems to manage risks to the organization’s businesseffective systems to manage risks to the organization’s business
14. 14
What and Why of Business AssuranceWhat and Why of Business Assurance
• Manufacturing: Developing & implementing policies & procedures toManufacturing: Developing & implementing policies & procedures to
ensure operations are efficient, consistent, effective &ensure operations are efficient, consistent, effective &
compliant with lawcompliant with law
• ServicesServices : Process that establishes uninterrupted delivery of: Process that establishes uninterrupted delivery of
services to customer and protects interest &services to customer and protects interest &
informationinformation
• ProjectProject : Confirmation that business case viable and actual: Confirmation that business case viable and actual
costs and time lines in line with plan costs & schedulescosts and time lines in line with plan costs & schedules
• ObjectiveObjective : Delivers significant commercial value to the: Delivers significant commercial value to the
business while fully compliant with regulatorybusiness while fully compliant with regulatory
requirementsrequirements
: To avoid Enron type scandals and comply with: To avoid Enron type scandals and comply with
Sarbanes Oxley in US and Clause 49 in IndiaSarbanes Oxley in US and Clause 49 in India
15. 15
Assurance StakeholdersAssurance Stakeholders
Stakeholders
for business
assurance
Board of Directors
Management
Staff/Employees
Organisation
Customers
Public
Suppliers
Enforcement
& regulatory
authorities
Owner
Creditors
Shareholders
Insurers
Business partners
16. 16
Benefits of AssuranceBenefits of Assurance
• Contributes to effectiveness & efficiency of business operationsContributes to effectiveness & efficiency of business operations
• Ensures reliability & continuity of information systemsEnsures reliability & continuity of information systems
• Assists in compliance with laws & regulationsAssists in compliance with laws & regulations
• Assures that organizational risk exposure mitigatedAssures that organizational risk exposure mitigated
• Confirms that internal information accurate & reliableConfirms that internal information accurate & reliable
• Increases investor and lenders confidenceIncreases investor and lenders confidence
17. 17
Benefits of AssuranceBenefits of Assurance
• Supports informed decision making at management and Board levelSupports informed decision making at management and Board level
• Identifies and exploits areas of risk based advantageIdentifies and exploits areas of risk based advantage
• Ability to aggregate business unit risk in multiple jurisdictions & locationsAbility to aggregate business unit risk in multiple jurisdictions & locations
• Demonstrates proactive risk stewardshipDemonstrates proactive risk stewardship
• Establishes a process to stabilize results by protecting them fromEstablishes a process to stabilize results by protecting them from
disturbancedisturbance
• Enables independent directors to decide with comfort and confidenceEnables independent directors to decide with comfort and confidence
18. 1818
Business - technicalGovernment
regulatory
Government
developmental
Business–
financial
Civilsociety-
informational
Civil society - technical
ICT operations and
maintenance
ICT planning and
design
Investment in R & D
Marketing and
distributionProject management
and construction
Training
Borrowing capacity
Capital investment,
eg network
expansion
ICT technical
solutions
Revenue collection
ICT Risk/venture capital
Sales and promotions
Subsidies
Access to development
finance
ICT Regulatory powers
– price, quality,
interconnections,
competition)
ICT Transaction/
concession design
Investment promotion
Legal framework for
freedom of information
ICT Infrastructure
strategy
ICT skills development
Innovation (high risk), eg
community telecentres
Local customer
knowledge
Capacity to
network
A voice for the
socially excluded
Expertise in design of
‘relevant’ content
Knowledge of user
demand, eg
technology and
information gaps
Capacity to mobilise
civil society
Civilsociety-
informational
Design Parameters
19. 1919
Operational Integration
Professional Integration (HR)
Emotional/Cultural Integration
ICT & Government Business & Services Integration
Multi Technology coexistence and seamless integration
Information Assurance
Quality, Currency, Customization/Personalization
ICE is the sole integrator IT Governance is Important
21. 21
Towards Information
Assurance
Increasingly, the goal isn't about information
security but about information assurance, which
deals with issues such as data availability and
integrity.
That means organizations should focus not only
on risk avoidance but also on risk management,
she said. "You have to be able to evaluate risks and
articulate them in business terms“
--Jane Scott-Norris, CISO at the U.S. State
Department
23. Enabling to rapidly move up the
Governance Evolution Staircase
Strategy/Policy
People
Process
Technology
3. Transaction
Competition
Confidentiality/privacy
Fee for transaction
E-authentication
Self-services
Skill set changes
Portfolio mgmt.
Sourcing
Inc. business staff
BPR
Relationship mgmt.
Online interfaces
Channel mgmt.
Legacy sys. links
Security
Information access
24x7 infrastructure
Sourcing
Funding stream allocations
Agency identity
“Big Browser”
Job structures
Relocation/telecommuting
Organization
Performance accountability
Multiple-programs skills
Privacy reduces
Integrated services
Change value chain
New processes/services
Change relationships
(G2G, G2B, G2C, G2E)
New applications
New data structures
Time
2. Interaction
Searchable
Database
Public response/
email
Content mgmt.
Increased
support staff
Governance
Knowledge mgmt.
E-mail best prac.
Content mgmt.
Metadata
Data synch.
Search engine
E-mail
1. Presence
Publish
Existing
Streamline
processes
Web site
Markup
Trigger
4. Transformation
Cost/
Complexity
Define policy and
outsource execution
Retain monitoring and control
Outsource service delivery staff
Outsource process execution staff
Outsource customer
facing processes
Outsource backend processes
Applications
Infrastructure
Value
5. Outsourcing
Constituent
Evolve PPP model
23
24. Why information security
Governance is important
With security incidents and data breaches having a
huge impact on corporations, security governance or
oversight by the board and executive management,
has assumed importance.
Security governance refers to the strategic direction
given by the board and executive management for
managing information security risks to achieve
corporate objectives by reducing losses and liabilities
arising from security incidents
24
25. Towards Security Governance
Security governance would
lead to development of an
information security strategy
and an action plan for
implementation through a well
defined information security
program. Governance would
lead to establishment of
organizational structures and
processes and monitoring
schemes
For the past few years, IT and security
professionals have talked about
information technology – and particularly
information security – as a "business
enabler." Today, it might also be called a
"compliance enabler." IT and security
organizations have both been on the front
lines for compliance efforts and are now
being asked to play two pivotal roles:
first, to provide a secure, well-controlled IT
environment to improve business
performance
and second, to assist the organization in
strategically and tactically addressing its
governance, risk and compliance
requirements
2510th september 2013 Prof. KS@2013 Assocham conf GRC 2013
26. Threat & Vulnerability Management
Authenticating user identities with a range of
mechanisms, such as tokens, biometrics and
Public Key Infrastructure
Developing user access policies and
procedures, rules and responsibilities and a
standardized role structure that helps
organizations meet and enforce security
standards
Centralizing user data stores in a single
enterprise directory that enables increased
efficiencies in user administration, access
control and authentication
Reducing IT operating costs and increasing
efficiency by implementing effective user
management to support self-service and
automate workflow, and by provisioning and
instituting flexible user administration
You need an integrated threat and
vulnerability management solution to better
monitor, report on and respond to complex
security threats and vulnerabilities, as well as
meet regulatory requirements.
You need to protect both your own
information assets and those you are
custodian of, such as sensitive customer data.
You want a real-time, integrated snapshot of
your security posture.
You want to correlate events from data
emerging from multiple security touch points.
You need support from a comprehensive
inventory of known threat exposures.
You need to reduce the cost of ownership of
your threat and vulnerability management
system
2610th september 2013 Prof. KS@2013 Assocham conf GRC 2013
27. Risk Identification
Assess current security capabilities, including threat management, vulnerability
management, compliance management, reporting and intelligence analysis.
Define c
Identify technology requirements for bridging security gaps
Integrated Security Information Management
Develop processes to evaluate and prioritize security intelligence information received
from external sources, allowing organizations to minimize risks before an attack
Implement processes that support the ongoing maintenance, evolution and
administration of security standards and policies
Determine asset attributes, such as direct and indirect associations, sensitivity and asset
criticality, to help organizations allocate resources strategically
Assist in aggregating security data from multiple sources in a central repository or
"dashboard" for user-friendly presentation to managers and auditors
Help design and implement a comprehensive security reporting system that provides a
periodic, holistic view of all IT risk and compliance systems and outputs
Assist in developing governance programs to enforce policies and
accountability
27
28. 28
9 Rules of Risk Management There is no return without risk
Rewards to go to those who take risks.
Be Transparent
Risk is measured, and managed by people,
not mathematical models.
Know what you Don’t know
Question the assumptions you make
Communicate
Risk should be discussed openly
Diversify
Multiple risk will produce more consistent
rewards
Sow Discipline
A consistent and rigorous approach will
beat a constantly changing strategy
Use common sense
It is better to be approximately right, than
to be precisely wrong.
Return is only half the question
Decisions to be made only by considering
the risk and return of the possibilities.
RiskMetrics Group
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013
29. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 29
The Insider – Who are They?
Who is an insider?
Those who work for the target organization or those having relationships with the firm
with some level of access
Employees, contractors, business partners, customers etc.
CSI/FBI Survey key findings (2007-2013)
average annual losses $billion in the past year, up sharply from the $350,000 reported
previous year
Insider attacks have now surpassed viruses as the most common cause of security incidents
in the enterprise
63 percent of respondents said that losses due to insider-related events accounted for 20
percent of their losses
(prevalence of insider criminals may be overblown by vendors of insider threat tools!)
30. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 30
Solutions Based on Study
Recommendations
Prevention by
Pre-hire screening of employees
Training and education
Early detection and treat the symptoms
Attack precursors exist, some non-cyber events
Establish good audit procedures
Disable access at appropriate times
Develop Best practices for the prevention and detection
Separation of duties and least privilege
Strict password and account management policies
31. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 31
Threat Modeling
Threat modeling is critical to address security
Prevention, detection, mitigation
There is no universal model yet
Mostly case-by-case
Efforts are under way
Microsoft threat modeling tool
Allows one to uncover security flaws using STRIDE (Spoofing,
Tampering, Repudiation, Information Disclosure, Denial of
Service, and Elevation of Privilege)
Decompose, analyze and mitigate
Insider threat modeling essential
32. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 32
Insider Threat Modeling
How modeling can help you?
An alternative to live vulnerability testing (which is not feasible)
Modeling and analysis will reveal possible attack strategies of an
insider
Modeling and risk analysis can help answer the following
questions statically:
How secure is the existing setup?
Which points are most vulnerable?
What are likely attack strategies?
Where must security systems be placed?
What you cannot model
Non-cyber events – disclosures, memory dumps, etc.
33. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 33
Information-Centric Modeling
University at Buffalo- CEISARE
Developed the concept of a Capability Acquisition Graph for
insider threat assessment
Part of a DARPA initiative
Built a tool called ICMAP (Information-Centric Modeler and
Auditor Program)
Publications in ACSAC 2004, IEEE DSN 2005, JCO 2005, IEEE ICC
2006, IFIP 11.9 Digital Forensics Conference 2007
CURRICULUM: Computing, mathematical, legal, managerial and
informatics
Various CAEs (certified by NSA, DHS), USMA, Syracuse, Buffalo,
Stony Brook, Polytechnic, Pace, RIT
34. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 34
How is a model instance generated?
Define the scope of the threat
A step-by-step bottom up approach starting with potential
targets
Who constructs the model instance?
A knowledgeable security analyst
How are costs defined?
Cryptographic access control mechanisms have well-defined
costs
Use attack templates, vulnerability reports, attacker’s privilege
and the resources that need to be protected
Low, Medium and High – relative cost assignment
Practical Considerations
35. 35
Three Key Issues and 5 Major IT
Decisions
1.The need to reduce IT
Confusion and Chaos
2. Environment demands
Accountability
3. Only most Productive
organisations will thrive
36. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 36
Calder- Moir IT Governance Framework
37. 3737
CIO & CEOCIO & CEO Business Led Info. strategyBusiness Led Info. strategy
CIO & CMOCIO & CMO Competitive Edge & CVPCompetitive Edge & CVP
CIO & CTOCIO & CTO Cost-Benefit OptimizationCost-Benefit Optimization
CIO & CFO Shareholder Value MaximizationCIO & CFO Shareholder Value Maximization
CIO & CHRO Employee Performance and RewardsCIO & CHRO Employee Performance and Rewards
CIO & Business Partners Virtual Extended EnterpriseCIO & Business Partners Virtual Extended Enterprise
CXO Internal Strategic AlliancesCXO Internal Strategic Alliances
38. 3838
Capital Productivity (ROI, EVA, MVA)
Material Productivity (60% of Cost)
Managerial Productivity (Information Worker)
Labour Productivity (Enabled by IW)
Company Productivity Micro
Factor Productivity Macro
The Productivity Promise
39. 39
CEO-CTO-CIO-CSO
Responsibility
"These systems should
ensure that both business
and technology managers are
properly engaged in
identifying compliance
requirements and planning
compliance initiatives which
typically involve
complementary adjustments
in systems, practices, training
and organization"
CXO & IT Governance
the roles and responsibilities
for IT governance,
highlighting the parts played
by the CEO, business
executives, CIO, IT steering
committee, technology
council, and IT architecture
review board
41. 41
For Visioning and Strategic Planning -For Visioning and Strategic Planning -
Scenarios & Simulations.Scenarios & Simulations.
World Class Project Management -World Class Project Management -
Hard and Soft.Hard and Soft.
Implementation andImplementation and
Operational ExcellenceOperational Excellence
DSS, EIS, CRM etc. forDSS, EIS, CRM etc. for
Optimization and Control.Optimization and Control.
Information As Competitive AdvantageInformation As Competitive Advantage
42. 42
Learn more about own Businesses.Learn more about own Businesses.
Reach out to all Business & Function Heads.Reach out to all Business & Function Heads.
Sharpen Internal Consultancy Competences.Sharpen Internal Consultancy Competences.
Proactively Seize the Repertoire of MS &Proactively Seize the Repertoire of MS &
PartnersPartners
Foster two way flow of IS & Line Talent.Foster two way flow of IS & Line Talent.
Way ForwardWay Forward
43. 43
Process Governance
1. Develop an Aligned Strategic IT
Plan:
The step-by-step format
of this methodology will
walk you through our
proven process for
creating a strategic IT
plan that is aligned with
your organization's business
objectives
2. Create a Collaborative Decision-
Making Process
As IT impacts more
business procedures, more
stakeholders will become
involved in the decision
making process. This
methodology helps you
develop a structured and
efficient decision-making
forum.
44. 44
44
Process Governance
3. Raise the Profile of IT:
By aligning IT planning with
organizational goals, IT will
become a key player in
evaluating the business
issues that factor into
enterprise-wide decision
making
4. Get the Green Light:
Keep going
45. 45
Measurement of IT Projects Value and
Effectiveness
IT Assessment
1.Validity or Relevance
2.Protectibility
3.Quantifiability
4.Informativeness
5.Generality
6.Transferability
7. Reliability to other parts of
organization
Effectiveness
Utility
Efficiency
Economy
Control
Security
Assessment of IT
Functions
Strategy
Delivery
Technology
People
Systems
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013
47. 47
Importance of Group Standards -no one standard meets all requirements
ISO 27001/BS7799 Vs COBIT Vs CMM & PCMM Vs ITIL
MissionMission
Business ObjectivesBusiness Objectives
Business RisksBusiness Risks
Applicable RisksApplicable Risks
Internal ControlsInternal Controls
ReviewReview
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013
48. 48
“IT Regulations and Policies-Compliance &
Management”
Pre-requisites physical infrastructure and mind-set
PAST: We have inherited a past, for which we cannot be held responsible ;
PRESENT: have fashioned the present on the basis of development models, which
have undergone many mid-course corrections
FUTURE: The path to the future -- a future in which India and Indians will play a
dominant role in world affairs -- is replete with opportunities and challenges.
In a number of key areas, it is necessary Break from the past in order to achieve our
Vision.
We have within ourselves the capacity to succeed
We have to embrace ICE for Innovation, Creativity,
Management, Productivity & Governance
49. 49
“IT Regulations and Policies-Compliance & Management”
CREATIVITY VS COMMAND CONTROL
Too much Creativity
results in anarchy
Too much command & control
Kills Creativity
We Need a Balancing Act
In IT Regulations and Policies-Compliance & Management
51. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 51
Assurance in the PPP Environment
52. 52
Governance - Final Message
“In Governance matters
Past is no guarantee;
Present is imperfect
&
Future is uncertain“
“Failure is not when we fall down, but when we fail to get up”
53. 53
Learning From Experience
========================1. The only source of knowledge is experience.
-- Einstein
2. One must learn by doing the thing; for though you think you know it, you
have no certainty, until you try.
-- Sophocles
3. Experience is a hard teacher because she gives the test first, and the lesson
afterwards.
-- Vernon Sanders Law
4. Nothing is a waste of time if you use the experience wisely.
-- Rodin
54. 54
“To determine how much is too much, so that we can implement
appropriate security measures to build adequate confidence and
trust”
“To derive a powerful logic for implementing or not
implementing a security measure”
Security/Risk Assurance -
Expectations
55. THANK YOU
For Interaction:
Prof. K. Subramanian
ksdir@nic.in
ksmanian48@gmail.com
Tele: 011-22723557
Let us Assure Good Cyber Governance & Business Assurance in Cyber Era
Editor's Notes
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 IT-Governanc e--> Corporate Governance 29th November 2005 Prof. K. Subramanian @2005
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 eGOV Project Governance Panel 06/10/13 Prof. KS@ sept 2007 ICISA New delhi
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Government is by the people, for the people, and of the people
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Corporate Goverance & Assurance 29th November 2007 Prof. K. Subramanian @October 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Corporate Governance & Assurance 29th November 2007 Prof. K. Subramanian @October 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 IT-Governanc e--> Corporate Governance 29th November 2005 Prof. K. Subramanian @2005 06/29/06 Prof. KS@may 2006--NPC Sikkim Program eGOV Project Management
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 IT-Governanc e--> Corporate Governance 29th November 2005 Prof. K. Subramanian @2005 06/29/06 Prof. KS@may 2006--NPC Sikkim Program eGOV Project Management
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Corporate Goverance & Assurance 29th November 2007 Prof. K. Subramanian @October 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 IT-Governanc e--> Corporate Governance 29th November 2005 Prof. K. Subramanian @2005
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 IT-Governanc e--> Corporate Governance 29th November 2005 Prof. K. Subramanian @2005
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 eGOV Project Governance Panel 06/10/13 Prof. KS@ sept 2007 ICISA New delhi
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 IT-Governanc e--> Corporate Governance 29th November 2005 Prof. K. Subramanian @2005
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 How do you handle, where do you start? Part of the SWOT analysis – strength, weakness, opportunity and threat analysis. Threat modeling just like any systems such as reliability is a good starting point Decompose your system, analyze component for susceptibility to the threats, and mitigate the threats.
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 By defining the scope of the threat one can identify the various attacks that can happen such as vulnerability exploitation, privilege abuse, social engineering, reaching for a jewel, etc.
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Corporate Goverance & Assurance 29th November 2007 Prof. K. Subramanian @October 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007 The development was guided by the Software Engineering Institute’s efforts in the late 80’s in building maturity models for software development. By using such a scale, an organization can determine where it is, define where it wants to go and, if it identifies a gap, it can do an analysis to translate the findings into projects. Reference points can be added to the scale. Comparisons can be performed with what others are doing, if that data is available, and the organization can determine where emerging international standards and industry best practices are pointing for the effective management of security and control.
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Corporate Goverance & Assurance 29th November 2007 Prof. K. Subramanian @October 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007