SlideShare a Scribd company logo

Audit / Compliance Risk Governance Training

Tory Quinton
Tory Quinton
1 of 8
Download to read offline
Audit / Compliance & Risk Governance Business Development Training Tory S. Quinton
Identify your contact Identify your customers ERP Budget: 20K + Frequency of Audits Challenges Related To Segregation of Duties Challenges with Access Governance / Reviews Challenges with Change Tracking / Reporting How challenges impact you / your organization Challenges with Litigation Mitigation 12 – 18 months evaluation / implementation timeline Calendar Invite Opening: Know who you are speaking with, what their role is and how your solution can benefit them in a broad and general sense Solution Scoping: Questions designed to give insights into how the solution will benefit the organization. These questions should also be used to build interest on the part of the customer. Challenge Questions / Statements: How do he challenges identified in the Questioning and Solution Scoping phase impact the customer individually and organizationally? Closing: Determine timeframe for evaluation / implementation and submit calendar invite for Sales Engagement Lead Generation LIFECYCLE SCHEDULE Security Compliance Risk Management
Six Pillars of Control Monitoring Access Certification Risk Analysis Role Management Compliant User Provisioning Continuous Monitoring Emergency Access Management 1. 3. 2. 5. 4. 6. Categorize the underlying criticality & assess value of specific IT systems & data. Select baseline security controls & apply device policies as directly related to overall risk. Implement & validate effective controls that properly execute required security policies Assess continuously that all controls work in unison to maintain cross-infrastructure protection. Authorize requests to alter network access & record all changes and their specific parameters. Monitor all required security controls at all times to maintain overarching policy compliance.. Six Success Markers
Microsoft Acumatica Deltek Oracle Workday Concur Coupa Zuora Netsuite Intact Salesforce Common ERP’s
WHAT IS IT? A basic building block of sustainable risk management and internal controls for a business. The principle of SOD is based on shared responsibilities of a key process that disperses the critical functions of that process to more than one person or department. Without this separation in key processes, fraud and error risks are far less manageable. WHY IS IT IMPORTANT? Imagine what would happen if the keys, lock and code for a nuclear weapons system were all in the hands of one person! Emotions, coercion, blackmail, fraud, human error and disinformation could cause grave and expensive one- sided actions that can’t be corrected. Or, consider the software engineer who has the authority to move code into production without oversight, quality assurance or access rights’ authentication. Without SOD, either of these scenarios clearly shows the possibility of disastrous outcomes. As a result, the risk management goal of SOD controls is to prevent unilateral actions from occurring in key processes where irreversible affects are beyond an organization’s tolerance for error or fraud. Without SOD, either of these scenarios clearly shows the possibility of disastrous outcomes. As a result, the risk management goal of SOD controls is to prevent unilateral actions from occurring in key processes where irreversible affects are beyond an organization’s tolerance for error or fraud. Segregation of Duties
What is it? The foundation of any access risk management initiative should be adherence to the principle of least-privileged access, which ensures that legitimate users have only the minimum amount of access necessary to do their job. Access-related risks become unacceptable when the principle of least-privileged access is violated. It's critical that organizations avoid violations to minimize risks. Perhaps more importantly, organizations should understand how violations happen in order to avoid them. Typically, violations are a result of one of five access governance challenges: Common Challenges 1. Entitlement Inertia: The failure to remove previously issued access entitlements once they are no longer necessary or appropriate. 2. Orphaned Accounts: User access data is not only contained within centralized directories where it can be monitored, but also scattered throughout the organization's information resources and are often unmonitored, greatly increasing the possibility that "orphaned" accounts could remain after the off-boarding process that takes place when an employee leaves an organization. 3. Compliance Myopia: Compliance myopia results from the mistaken assumption that compliance with access-related regulatory guidelines ensures adequate access risk management. 4. Rubber Stamping: happens when business managers are asked to review and approve access entitlements that are communicated to them in a security syntax language that they cannot understand. 5. Accountability Loopholes: are open as long as full responsibility for access governance is limited to IT. IT security teams are operationalizing access on the request of the business, but they do not have the business context to understand what level of access is needed for a particular job function or business responsibility. Access Governance / Reviews
WHAT IS IT? Change Tracking gives your customers a clear history of your data including who accesses it and when as well any changes made to your data or how that data may have been off-ramped, including email, printing or transmission WHY IS IT IMPORTANT? Knowing the history of your data gives you three very important items. 1. Greater protection to your reputation, financial bottom line & the ability to keep your customer trust in the event of a security event. 2. Improved ability to stay compliant with ever changing regulations/ 3. Reduced risk of litigation and minimized financial penalty After a security event. How much is your peace of mind worth? Change Tracking
There are real consequences… A proactive Compliance policy that includes access controls, audit controls and change tracking is foundational to any security policy, BUT you can not protect yourself from all threats. What happens after a security event defines your organizations ability to bounce back, stay in good favor with customer and minimize financial penalties. To protect yourself it is imperative that you understand the risks associated wit… • Human Error • Document Handling / Mis-Handling • Recovering from Natural Disasters • Employee Turnover • Improperly configured networked devices • Malicious Internal Attack • Malicious External Attack • Data Tampering • Theft of Services The Importance of Security 1. There were 91,765,453 reported Security Events in 2015. 2. This equals 1,764,720 Security Events per week that IT professionals and Compliance Managers MUST deal with. 3. 54% of employees admit they don't always follow security policy. 4. 51% of those employees work with confidential information. 5. A minimum of 29% loss to your reputation! 6. 21 % loss in Employee Productivity! 7. 19 % in lost revenue!

Recommended

Software industry financial_report_3_q15
Software industry financial_report_3_q15Software industry financial_report_3_q15
Software industry financial_report_3_q15Netreba
 
It's Not All About You
It's Not All About YouIt's Not All About You
It's Not All About YouLinkedIn
 
Predictive_Playbook___Improve_Trial_Conversion_with_Predictive_Marketing.pdf
Predictive_Playbook___Improve_Trial_Conversion_with_Predictive_Marketing.pdfPredictive_Playbook___Improve_Trial_Conversion_with_Predictive_Marketing.pdf
Predictive_Playbook___Improve_Trial_Conversion_with_Predictive_Marketing.pdfSean Zinsmeister
 
Big Data & Technology at Billabong
Big Data & Technology at BillabongBig Data & Technology at Billabong
Big Data & Technology at BillabongMark Lacey
 
Digital Strategy Framework
Digital Strategy FrameworkDigital Strategy Framework
Digital Strategy FrameworkJohn Fischbeck
 
Strategies And Technologies To Build And Measure Business Success By Paul Roe...
Strategies And Technologies To Build And Measure Business Success By Paul Roe...Strategies And Technologies To Build And Measure Business Success By Paul Roe...
Strategies And Technologies To Build And Measure Business Success By Paul Roe...MarTech Conference
 
5 Components of Digital Marketing Operations
5 Components of Digital Marketing Operations5 Components of Digital Marketing Operations
5 Components of Digital Marketing OperationsMcKinsey on Marketing & Sales
 
2017 SMB Cloud Summit: Scaling the Customer Acquisition Wall (Bredin)
2017 SMB Cloud Summit: Scaling the Customer Acquisition Wall (Bredin) 2017 SMB Cloud Summit: Scaling the Customer Acquisition Wall (Bredin)
2017 SMB Cloud Summit: Scaling the Customer Acquisition Wall (Bredin)Localogy
 

Recommended

Software industry financial_report_3_q15
Software industry financial_report_3_q15Software industry financial_report_3_q15
Software industry financial_report_3_q15Netreba
 
It's Not All About You
It's Not All About YouIt's Not All About You
It's Not All About YouLinkedIn
 
Predictive_Playbook___Improve_Trial_Conversion_with_Predictive_Marketing.pdf
Predictive_Playbook___Improve_Trial_Conversion_with_Predictive_Marketing.pdfPredictive_Playbook___Improve_Trial_Conversion_with_Predictive_Marketing.pdf
Predictive_Playbook___Improve_Trial_Conversion_with_Predictive_Marketing.pdfSean Zinsmeister
 
Big Data & Technology at Billabong
Big Data & Technology at BillabongBig Data & Technology at Billabong
Big Data & Technology at BillabongMark Lacey
 
Digital Strategy Framework
Digital Strategy FrameworkDigital Strategy Framework
Digital Strategy FrameworkJohn Fischbeck
 
Strategies And Technologies To Build And Measure Business Success By Paul Roe...
Strategies And Technologies To Build And Measure Business Success By Paul Roe...Strategies And Technologies To Build And Measure Business Success By Paul Roe...
Strategies And Technologies To Build And Measure Business Success By Paul Roe...MarTech Conference
 
5 Components of Digital Marketing Operations
5 Components of Digital Marketing Operations5 Components of Digital Marketing Operations
5 Components of Digital Marketing OperationsMcKinsey on Marketing & Sales
 
2017 SMB Cloud Summit: Scaling the Customer Acquisition Wall (Bredin)
2017 SMB Cloud Summit: Scaling the Customer Acquisition Wall (Bredin) 2017 SMB Cloud Summit: Scaling the Customer Acquisition Wall (Bredin)
2017 SMB Cloud Summit: Scaling the Customer Acquisition Wall (Bredin)Localogy
 
Marketing Automation
Marketing AutomationMarketing Automation
Marketing AutomationFluid
 
Megatrends for sales organizations
Megatrends for sales organizationsMegatrends for sales organizations
Megatrends for sales organizationsMcKinsey on Marketing & Sales
 
2017 SMB Cloud Summit: The SMB Cloud Shift – Why & So What? (LSA)
2017 SMB Cloud Summit: The SMB Cloud Shift – Why & So What? (LSA)2017 SMB Cloud Summit: The SMB Cloud Shift – Why & So What? (LSA)
2017 SMB Cloud Summit: The SMB Cloud Shift – Why & So What? (LSA)Localogy
 
Martech in 2019: The New, New Rules of Marketing
Martech in 2019: The New, New Rules of MarketingMartech in 2019: The New, New Rules of Marketing
Martech in 2019: The New, New Rules of MarketingMartech Alliance
 
How to Effectively Build a Martech Stack & Integrate Your Marketing Tools
How to Effectively Build a Martech Stack & Integrate Your Marketing ToolsHow to Effectively Build a Martech Stack & Integrate Your Marketing Tools
How to Effectively Build a Martech Stack & Integrate Your Marketing ToolsPinpointe On-Demand
 
Digital Strategy Framework 101
Digital Strategy Framework 101Digital Strategy Framework 101
Digital Strategy Framework 101Elevar
 
What Is Digital Quality Management?
What Is Digital Quality Management?What Is Digital Quality Management?
What Is Digital Quality Management?Crownpeak
 
Connecting Your Inbox and Payments with Salesforce to Boost Adoption
Connecting Your Inbox and Payments with Salesforce to Boost AdoptionConnecting Your Inbox and Payments with Salesforce to Boost Adoption
Connecting Your Inbox and Payments with Salesforce to Boost AdoptionColin Carson
 
Digital Transformation in Asset Management
Digital Transformation in Asset ManagementDigital Transformation in Asset Management
Digital Transformation in Asset ManagementKurtosys Systems
 
Rise of the Marketing Technologist
Rise of the Marketing TechnologistRise of the Marketing Technologist
Rise of the Marketing TechnologistScott Brinker
 
The Definitive ABM Success Guide from the Account-Based Marketing Consortium
The Definitive ABM Success Guide from the Account-Based Marketing ConsortiumThe Definitive ABM Success Guide from the Account-Based Marketing Consortium
The Definitive ABM Success Guide from the Account-Based Marketing ConsortiumDemandbase
 
Engaging IT Decision Makers with Content
Engaging IT Decision Makers with ContentEngaging IT Decision Makers with Content
Engaging IT Decision Makers with ContentPaul Writer
 
Building a Business Case for Localized Marketing Automation
Building a Business Case for Localized Marketing AutomationBuilding a Business Case for Localized Marketing Automation
Building a Business Case for Localized Marketing AutomationIan Michiels
 
Customer Relationship Management Tools
Customer Relationship Management ToolsCustomer Relationship Management Tools
Customer Relationship Management ToolsDawn Yankeelov
 
Three Ways Benchmarking Data Can Save the Day for Publishers (Infographic)
Three Ways Benchmarking Data Can Save the Day for Publishers (Infographic)Three Ways Benchmarking Data Can Save the Day for Publishers (Infographic)
Three Ways Benchmarking Data Can Save the Day for Publishers (Infographic)PubMatic
 
MTech14: Creating A Marketing Technology Strategy - Scott Brinker
MTech14: Creating A Marketing Technology Strategy - Scott BrinkerMTech14: Creating A Marketing Technology Strategy - Scott Brinker
MTech14: Creating A Marketing Technology Strategy - Scott BrinkerNew England Direct Marketing Association
 
The Cloud Analytics Reference Architecture: Harnessing Big Data to Solve Comp...
The Cloud Analytics Reference Architecture: Harnessing Big Data to Solve Comp...The Cloud Analytics Reference Architecture: Harnessing Big Data to Solve Comp...
The Cloud Analytics Reference Architecture: Harnessing Big Data to Solve Comp...Booz Allen Hamilton
 
The Asset Management Digital Marketing Survey 2018
The Asset Management Digital Marketing Survey 2018The Asset Management Digital Marketing Survey 2018
The Asset Management Digital Marketing Survey 2018Kurtosys Systems
 
WTF is a Data Strategy? - WTF Programmatic UK, 11/11/14
WTF is a Data Strategy? - WTF Programmatic UK, 11/11/14WTF is a Data Strategy? - WTF Programmatic UK, 11/11/14
WTF is a Data Strategy? - WTF Programmatic UK, 11/11/14Digiday
 
Accelerate Revenue with LEAN Digital Strategy | Webmarketing123 & Aberdeen
Accelerate Revenue with LEAN Digital Strategy | Webmarketing123 & AberdeenAccelerate Revenue with LEAN Digital Strategy | Webmarketing123 & Aberdeen
Accelerate Revenue with LEAN Digital Strategy | Webmarketing123 & AberdeenDemandWave
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber SecurityStacy Willis
 
2016 Risk Management Workshop
2016 Risk Management Workshop2016 Risk Management Workshop
2016 Risk Management WorkshopStacy Willis
 

More Related Content

What's hot

Marketing Automation
Marketing AutomationMarketing Automation
Marketing AutomationFluid
 
2017 SMB Cloud Summit: The SMB Cloud Shift – Why & So What? (LSA)
2017 SMB Cloud Summit: The SMB Cloud Shift – Why & So What? (LSA)2017 SMB Cloud Summit: The SMB Cloud Shift – Why & So What? (LSA)
2017 SMB Cloud Summit: The SMB Cloud Shift – Why & So What? (LSA)Localogy
 
Martech in 2019: The New, New Rules of Marketing
Martech in 2019: The New, New Rules of MarketingMartech in 2019: The New, New Rules of Marketing
Martech in 2019: The New, New Rules of MarketingMartech Alliance
 
How to Effectively Build a Martech Stack & Integrate Your Marketing Tools
How to Effectively Build a Martech Stack & Integrate Your Marketing ToolsHow to Effectively Build a Martech Stack & Integrate Your Marketing Tools
How to Effectively Build a Martech Stack & Integrate Your Marketing ToolsPinpointe On-Demand
 
Digital Strategy Framework 101
Digital Strategy Framework 101Digital Strategy Framework 101
Digital Strategy Framework 101Elevar
 
What Is Digital Quality Management?
What Is Digital Quality Management?What Is Digital Quality Management?
What Is Digital Quality Management?Crownpeak
 
Connecting Your Inbox and Payments with Salesforce to Boost Adoption
Connecting Your Inbox and Payments with Salesforce to Boost AdoptionConnecting Your Inbox and Payments with Salesforce to Boost Adoption
Connecting Your Inbox and Payments with Salesforce to Boost AdoptionColin Carson
 
Digital Transformation in Asset Management
Digital Transformation in Asset ManagementDigital Transformation in Asset Management
Digital Transformation in Asset ManagementKurtosys Systems
 
Rise of the Marketing Technologist
Rise of the Marketing TechnologistRise of the Marketing Technologist
Rise of the Marketing TechnologistScott Brinker
 
The Definitive ABM Success Guide from the Account-Based Marketing Consortium
The Definitive ABM Success Guide from the Account-Based Marketing ConsortiumThe Definitive ABM Success Guide from the Account-Based Marketing Consortium
The Definitive ABM Success Guide from the Account-Based Marketing ConsortiumDemandbase
 
Engaging IT Decision Makers with Content
Engaging IT Decision Makers with ContentEngaging IT Decision Makers with Content
Engaging IT Decision Makers with ContentPaul Writer
 
Building a Business Case for Localized Marketing Automation
Building a Business Case for Localized Marketing AutomationBuilding a Business Case for Localized Marketing Automation
Building a Business Case for Localized Marketing AutomationIan Michiels
 
Customer Relationship Management Tools
Customer Relationship Management ToolsCustomer Relationship Management Tools
Customer Relationship Management ToolsDawn Yankeelov
 
Three Ways Benchmarking Data Can Save the Day for Publishers (Infographic)
Three Ways Benchmarking Data Can Save the Day for Publishers (Infographic)Three Ways Benchmarking Data Can Save the Day for Publishers (Infographic)
Three Ways Benchmarking Data Can Save the Day for Publishers (Infographic)PubMatic
 
The Cloud Analytics Reference Architecture: Harnessing Big Data to Solve Comp...
The Cloud Analytics Reference Architecture: Harnessing Big Data to Solve Comp...The Cloud Analytics Reference Architecture: Harnessing Big Data to Solve Comp...
The Cloud Analytics Reference Architecture: Harnessing Big Data to Solve Comp...Booz Allen Hamilton
 
The Asset Management Digital Marketing Survey 2018
The Asset Management Digital Marketing Survey 2018The Asset Management Digital Marketing Survey 2018
The Asset Management Digital Marketing Survey 2018Kurtosys Systems
 
WTF is a Data Strategy? - WTF Programmatic UK, 11/11/14
WTF is a Data Strategy? - WTF Programmatic UK, 11/11/14WTF is a Data Strategy? - WTF Programmatic UK, 11/11/14
WTF is a Data Strategy? - WTF Programmatic UK, 11/11/14Digiday
 
Accelerate Revenue with LEAN Digital Strategy | Webmarketing123 & Aberdeen
Accelerate Revenue with LEAN Digital Strategy | Webmarketing123 & AberdeenAccelerate Revenue with LEAN Digital Strategy | Webmarketing123 & Aberdeen
Accelerate Revenue with LEAN Digital Strategy | Webmarketing123 & AberdeenDemandWave
 

What's hot (20)

Marketing Automation
Marketing AutomationMarketing Automation
Marketing Automation
 
Megatrends for sales organizations
Megatrends for sales organizationsMegatrends for sales organizations
Megatrends for sales organizations
 
2017 SMB Cloud Summit: The SMB Cloud Shift – Why & So What? (LSA)
2017 SMB Cloud Summit: The SMB Cloud Shift – Why & So What? (LSA)2017 SMB Cloud Summit: The SMB Cloud Shift – Why & So What? (LSA)
2017 SMB Cloud Summit: The SMB Cloud Shift – Why & So What? (LSA)
 
Martech in 2019: The New, New Rules of Marketing
Martech in 2019: The New, New Rules of MarketingMartech in 2019: The New, New Rules of Marketing
Martech in 2019: The New, New Rules of Marketing
 
How to Effectively Build a Martech Stack & Integrate Your Marketing Tools
How to Effectively Build a Martech Stack & Integrate Your Marketing ToolsHow to Effectively Build a Martech Stack & Integrate Your Marketing Tools
How to Effectively Build a Martech Stack & Integrate Your Marketing Tools
 
Digital Strategy Framework 101
Digital Strategy Framework 101Digital Strategy Framework 101
Digital Strategy Framework 101
 
What Is Digital Quality Management?
What Is Digital Quality Management?What Is Digital Quality Management?
What Is Digital Quality Management?
 
Connecting Your Inbox and Payments with Salesforce to Boost Adoption
Connecting Your Inbox and Payments with Salesforce to Boost AdoptionConnecting Your Inbox and Payments with Salesforce to Boost Adoption
Connecting Your Inbox and Payments with Salesforce to Boost Adoption
 
Digital Transformation in Asset Management
Digital Transformation in Asset ManagementDigital Transformation in Asset Management
Digital Transformation in Asset Management
 
Rise of the Marketing Technologist
Rise of the Marketing TechnologistRise of the Marketing Technologist
Rise of the Marketing Technologist
 
The Definitive ABM Success Guide from the Account-Based Marketing Consortium
The Definitive ABM Success Guide from the Account-Based Marketing ConsortiumThe Definitive ABM Success Guide from the Account-Based Marketing Consortium
The Definitive ABM Success Guide from the Account-Based Marketing Consortium
 
Engaging IT Decision Makers with Content
Engaging IT Decision Makers with ContentEngaging IT Decision Makers with Content
Engaging IT Decision Makers with Content
 
Building a Business Case for Localized Marketing Automation
Building a Business Case for Localized Marketing AutomationBuilding a Business Case for Localized Marketing Automation
Building a Business Case for Localized Marketing Automation
 
Customer Relationship Management Tools
Customer Relationship Management ToolsCustomer Relationship Management Tools
Customer Relationship Management Tools
 
Three Ways Benchmarking Data Can Save the Day for Publishers (Infographic)
Three Ways Benchmarking Data Can Save the Day for Publishers (Infographic)Three Ways Benchmarking Data Can Save the Day for Publishers (Infographic)
Three Ways Benchmarking Data Can Save the Day for Publishers (Infographic)
 
MTech14: Creating A Marketing Technology Strategy - Scott Brinker
MTech14: Creating A Marketing Technology Strategy - Scott BrinkerMTech14: Creating A Marketing Technology Strategy - Scott Brinker
MTech14: Creating A Marketing Technology Strategy - Scott Brinker
 
The Cloud Analytics Reference Architecture: Harnessing Big Data to Solve Comp...
The Cloud Analytics Reference Architecture: Harnessing Big Data to Solve Comp...The Cloud Analytics Reference Architecture: Harnessing Big Data to Solve Comp...
The Cloud Analytics Reference Architecture: Harnessing Big Data to Solve Comp...
 
The Asset Management Digital Marketing Survey 2018
The Asset Management Digital Marketing Survey 2018The Asset Management Digital Marketing Survey 2018
The Asset Management Digital Marketing Survey 2018
 
WTF is a Data Strategy? - WTF Programmatic UK, 11/11/14
WTF is a Data Strategy? - WTF Programmatic UK, 11/11/14WTF is a Data Strategy? - WTF Programmatic UK, 11/11/14
WTF is a Data Strategy? - WTF Programmatic UK, 11/11/14
 
Accelerate Revenue with LEAN Digital Strategy | Webmarketing123 & Aberdeen
Accelerate Revenue with LEAN Digital Strategy | Webmarketing123 & AberdeenAccelerate Revenue with LEAN Digital Strategy | Webmarketing123 & Aberdeen
Accelerate Revenue with LEAN Digital Strategy | Webmarketing123 & Aberdeen
 

Similar to Audit / Compliance Risk Governance Training

Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber SecurityStacy Willis
 
2016 Risk Management Workshop
2016 Risk Management Workshop2016 Risk Management Workshop
2016 Risk Management WorkshopStacy Willis
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientAccenture Operations
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
 
Risk monitoring and response
Risk monitoring and responseRisk monitoring and response
Risk monitoring and responseZyrellLalaguna
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 
Metrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in CommunicationMetrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in CommunicationChris Ross
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
security-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfsecurity-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfgokuforhelp
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehAnne Starr
 
Course Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemCourse Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemTheodore Le
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015CBIZ, Inc.
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee StudyHiten Sethi
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 

Similar to Audit / Compliance Risk Governance Training (20)

Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber Security
 
2016 Risk Management Workshop
2016 Risk Management Workshop2016 Risk Management Workshop
2016 Risk Management Workshop
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber Resilient
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
 
Intro To Secure Identity Management
Intro To Secure Identity ManagementIntro To Secure Identity Management
Intro To Secure Identity Management
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
Risk monitoring and response
Risk monitoring and responseRisk monitoring and response
Risk monitoring and response
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor upload
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chain
 
Metrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in CommunicationMetrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in Communication
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
security-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfsecurity-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdf
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
 
Course Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemCourse Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information System
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee Study
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 

Audit / Compliance Risk Governance Training

  • 1. Audit / Compliance & Risk Governance Business Development Training Tory S. Quinton
  • 2. Identify your contact Identify your customers ERP Budget: 20K + Frequency of Audits Challenges Related To Segregation of Duties Challenges with Access Governance / Reviews Challenges with Change Tracking / Reporting How challenges impact you / your organization Challenges with Litigation Mitigation 12 – 18 months evaluation / implementation timeline Calendar Invite Opening: Know who you are speaking with, what their role is and how your solution can benefit them in a broad and general sense Solution Scoping: Questions designed to give insights into how the solution will benefit the organization. These questions should also be used to build interest on the part of the customer. Challenge Questions / Statements: How do he challenges identified in the Questioning and Solution Scoping phase impact the customer individually and organizationally? Closing: Determine timeframe for evaluation / implementation and submit calendar invite for Sales Engagement Lead Generation LIFECYCLE SCHEDULE Security Compliance Risk Management
  • 3. Six Pillars of Control Monitoring Access Certification Risk Analysis Role Management Compliant User Provisioning Continuous Monitoring Emergency Access Management 1. 3. 2. 5. 4. 6. Categorize the underlying criticality & assess value of specific IT systems & data. Select baseline security controls & apply device policies as directly related to overall risk. Implement & validate effective controls that properly execute required security policies Assess continuously that all controls work in unison to maintain cross-infrastructure protection. Authorize requests to alter network access & record all changes and their specific parameters. Monitor all required security controls at all times to maintain overarching policy compliance.. Six Success Markers
  • 5. WHAT IS IT? A basic building block of sustainable risk management and internal controls for a business. The principle of SOD is based on shared responsibilities of a key process that disperses the critical functions of that process to more than one person or department. Without this separation in key processes, fraud and error risks are far less manageable. WHY IS IT IMPORTANT? Imagine what would happen if the keys, lock and code for a nuclear weapons system were all in the hands of one person! Emotions, coercion, blackmail, fraud, human error and disinformation could cause grave and expensive one- sided actions that can’t be corrected. Or, consider the software engineer who has the authority to move code into production without oversight, quality assurance or access rights’ authentication. Without SOD, either of these scenarios clearly shows the possibility of disastrous outcomes. As a result, the risk management goal of SOD controls is to prevent unilateral actions from occurring in key processes where irreversible affects are beyond an organization’s tolerance for error or fraud. Without SOD, either of these scenarios clearly shows the possibility of disastrous outcomes. As a result, the risk management goal of SOD controls is to prevent unilateral actions from occurring in key processes where irreversible affects are beyond an organization’s tolerance for error or fraud. Segregation of Duties
  • 6. What is it? The foundation of any access risk management initiative should be adherence to the principle of least-privileged access, which ensures that legitimate users have only the minimum amount of access necessary to do their job. Access-related risks become unacceptable when the principle of least-privileged access is violated. It's critical that organizations avoid violations to minimize risks. Perhaps more importantly, organizations should understand how violations happen in order to avoid them. Typically, violations are a result of one of five access governance challenges: Common Challenges 1. Entitlement Inertia: The failure to remove previously issued access entitlements once they are no longer necessary or appropriate. 2. Orphaned Accounts: User access data is not only contained within centralized directories where it can be monitored, but also scattered throughout the organization's information resources and are often unmonitored, greatly increasing the possibility that "orphaned" accounts could remain after the off-boarding process that takes place when an employee leaves an organization. 3. Compliance Myopia: Compliance myopia results from the mistaken assumption that compliance with access-related regulatory guidelines ensures adequate access risk management. 4. Rubber Stamping: happens when business managers are asked to review and approve access entitlements that are communicated to them in a security syntax language that they cannot understand. 5. Accountability Loopholes: are open as long as full responsibility for access governance is limited to IT. IT security teams are operationalizing access on the request of the business, but they do not have the business context to understand what level of access is needed for a particular job function or business responsibility. Access Governance / Reviews
  • 7. WHAT IS IT? Change Tracking gives your customers a clear history of your data including who accesses it and when as well any changes made to your data or how that data may have been off-ramped, including email, printing or transmission WHY IS IT IMPORTANT? Knowing the history of your data gives you three very important items. 1. Greater protection to your reputation, financial bottom line & the ability to keep your customer trust in the event of a security event. 2. Improved ability to stay compliant with ever changing regulations/ 3. Reduced risk of litigation and minimized financial penalty After a security event. How much is your peace of mind worth? Change Tracking
  • 8. There are real consequences… A proactive Compliance policy that includes access controls, audit controls and change tracking is foundational to any security policy, BUT you can not protect yourself from all threats. What happens after a security event defines your organizations ability to bounce back, stay in good favor with customer and minimize financial penalties. To protect yourself it is imperative that you understand the risks associated wit… • Human Error • Document Handling / Mis-Handling • Recovering from Natural Disasters • Employee Turnover • Improperly configured networked devices • Malicious Internal Attack • Malicious External Attack • Data Tampering • Theft of Services The Importance of Security 1. There were 91,765,453 reported Security Events in 2015. 2. This equals 1,764,720 Security Events per week that IT professionals and Compliance Managers MUST deal with. 3. 54% of employees admit they don't always follow security policy. 4. 51% of those employees work with confidential information. 5. A minimum of 29% loss to your reputation! 6. 21 % loss in Employee Productivity! 7. 19 % in lost revenue!