This document discusses why companies fail with compliance initiatives and provides recommendations. It notes that companies sometimes weaken controls to pass audits more easily instead of improving security. It recommends that security teams identify root causes and weaknesses to improve, use testing to find issues audits may miss, manage third-party risks through due diligence and auditing, and involve security in all auditing to map risks and controls. The role of security should be strategic in using audit results to strengthen security overall.
Explore the vision of one the key features of Resolver’s Core platform from a product perspective. You’ll get an inside look into the Assessments feature and the value it brings when evaluating the nature, quality and status of your business’ ability to Plan, Prepare, Respond, and Recover. The foundations are in place and currently enables point-in-time or continuous evaluations of data (delivered with the Release of v1.2).
Presentation by: Brad Filion, Senior Product Manager, Resolver Inc.
Reporting to the Board on Corporate ComplianceResolver Inc.
Boards of directors are expected to provide oversight and challenge for the compliance program. To assist them, compliance professionals need to provide more sophisticated reporting based on observable facts. Fortunately, this is one of the biggest payoffs of the Resolver regulatory compliance management tool. Learn how Resolver can facilitate your board reporting and align to the challenges of a modern regulatory environment.
On December 6th, 2018, Resolver and The Risk Management Society (RIMS) hosted a webinar titled, Proving the Value of Your ERM Program. 215 risk professionals attended and participated in a benchmarking survey. These are the results.
Resolver Ballot is a dynamic tool that assists organizations in facilitating risk evaluation workshops, quite often to determine key risks that need to be mitigated through an Enterprise Risk Management and/or Audit program. This anonymous voting tool, functioning via keypad, computer or cell phone, enables a group to evaluate a set of objectives, risks and/or controls collaboratively in order to generate consensus on key areas of risk or discover control deficiencies.
Ballot facilitates focused and collaborative discussions, more educated assessments of ideas (e.g. objectives, risks or controls), clearer understanding of the relationships and dependencies between risks, higher levels of consensus on the key areas of risk to the organization. Other popular applications of Ballot include strategic planning, priority setting, cause and effect analysis, employee surveys and town hall meetings.
Presentation by: Mark Jenkins, Account Executive, Resolver Inc.
Risk Management Case Study - Applied ConceptsResolver Inc.
An incident affecting your company has occurred. The CRO has been called to the Board to explain the response and it’s up to you to prepare him/her for this presentation. Explore the relationship between effective Enterprise Risk Management and organizing company-wide activities to support strategy through active participation and role-playing.
Presentation by: Kevin O’Keefe, Senior Solution Engineer, Resolver Inc.
Risk management is a strategic security activity and is a cornerstone of security governance. The management of risk not only requires that we effectively measure it but also understand what effect vulnerability has on the level of risk. Both risk and vulnerability constantly change and not only in response to threats but also business initiatives. Does your organization have a mature risk and vulnerability identification, measurement and management process? The discussion will identify how risk responds to changes in vulnerability and how we might maximize our risk management activities to enhance the resilience of the organization and its assets.
Presentation by: Philip Banks, P. Eng., CPP, Director, The Banks Group
Explore the vision of one the key features of Resolver’s Core platform from a product perspective. You’ll get an inside look into the Assessments feature and the value it brings when evaluating the nature, quality and status of your business’ ability to Plan, Prepare, Respond, and Recover. The foundations are in place and currently enables point-in-time or continuous evaluations of data (delivered with the Release of v1.2).
Presentation by: Brad Filion, Senior Product Manager, Resolver Inc.
Reporting to the Board on Corporate ComplianceResolver Inc.
Boards of directors are expected to provide oversight and challenge for the compliance program. To assist them, compliance professionals need to provide more sophisticated reporting based on observable facts. Fortunately, this is one of the biggest payoffs of the Resolver regulatory compliance management tool. Learn how Resolver can facilitate your board reporting and align to the challenges of a modern regulatory environment.
On December 6th, 2018, Resolver and The Risk Management Society (RIMS) hosted a webinar titled, Proving the Value of Your ERM Program. 215 risk professionals attended and participated in a benchmarking survey. These are the results.
Resolver Ballot is a dynamic tool that assists organizations in facilitating risk evaluation workshops, quite often to determine key risks that need to be mitigated through an Enterprise Risk Management and/or Audit program. This anonymous voting tool, functioning via keypad, computer or cell phone, enables a group to evaluate a set of objectives, risks and/or controls collaboratively in order to generate consensus on key areas of risk or discover control deficiencies.
Ballot facilitates focused and collaborative discussions, more educated assessments of ideas (e.g. objectives, risks or controls), clearer understanding of the relationships and dependencies between risks, higher levels of consensus on the key areas of risk to the organization. Other popular applications of Ballot include strategic planning, priority setting, cause and effect analysis, employee surveys and town hall meetings.
Presentation by: Mark Jenkins, Account Executive, Resolver Inc.
Risk Management Case Study - Applied ConceptsResolver Inc.
An incident affecting your company has occurred. The CRO has been called to the Board to explain the response and it’s up to you to prepare him/her for this presentation. Explore the relationship between effective Enterprise Risk Management and organizing company-wide activities to support strategy through active participation and role-playing.
Presentation by: Kevin O’Keefe, Senior Solution Engineer, Resolver Inc.
Risk management is a strategic security activity and is a cornerstone of security governance. The management of risk not only requires that we effectively measure it but also understand what effect vulnerability has on the level of risk. Both risk and vulnerability constantly change and not only in response to threats but also business initiatives. Does your organization have a mature risk and vulnerability identification, measurement and management process? The discussion will identify how risk responds to changes in vulnerability and how we might maximize our risk management activities to enhance the resilience of the organization and its assets.
Presentation by: Philip Banks, P. Eng., CPP, Director, The Banks Group
The Security Practitioner of the FutureResolver Inc.
In the face of changing business needs and threat environments, companies, organizations and individuals will continue to encounter increasingly diverse and sophisticated risks from an equally broad range of adversaries. These adversaries are equipped as never before supported by education, experience, publicly available critical information and the technology to bring their efforts to realization. Tomorrow’s security practitioner will need an array of integrated tools to effectively prepare for and counter tomorrow’s adversary. These “tools” will always include some traditional tried and proven practices; however, the need for practitioners to think critically, make risk-based decisions, implement leading practice solutions and define security optimization is required.
Presentation by:
Dennis Shepp, MBA, CPP, CFE, Consultant, Security Expert
Phillip Banks, P. Eng, CPP. Director, The Banks Group
Often, the best way to help your child grow up is to kick him/her out of the house. However, there’s always that anxiety – will they thrive, get hurt, fail? Many internal audit and/or risk functions became volunteer parents of their organization’s ERM programs, bringing enthusiasm and commitment to the role. However, ERM (and ESRM) works best when it’s owned and embedded into the fabric of the business. Unfortunately, most ERM programs fail within three years or less after leaving the nest. Why? Explore common challenges and proven strategies for coaxing ERM safely and successfully from the nest.
Presentation by: Brian Link, CIA, VP – GRC Strategy & Partnerships, Resolver Inc.
In this presentation, Joe and Brian contrast traditional risk assessment with some emerging techniques that use internal and market risk event (incident) data to drive a more accurate risk model.
Presentation by:
Joe Crampton, VP – Applications, Resolver Inc.
Brian Link, CIA, VP – GRC Strategy & Partnerships, Resolver Inc.
Does one size fit all in the complex world of Global regulation? Mary Moffett, Chief Compliance Officer from the Canadian and English Caribbean Operations of Swiss Re, a global reinsurer and commercial line writer, discusses the very real operational, system and execution considerations from both a global and local perspective.
Presentation by: Mary Moffett, VP & Compliance Officer, Swiss Re
Time Inc., the publisher of iconic magazines and related web platforms such as Time, Fortune, People, Sports Illustrated, and many others, spun out of Time Warner Inc. in 2014 to become a stand-alone publicly traded company. As part of that spin, Time Inc. established its own Internal Audit and Enterprise Risk Management (ERM) functions. This presentation covers first-hand information on the efforts, challenges, successes and pitfalls of Time Inc.’s ERM journey. You will take away valuable information including tools and templates that you can put to use in your own organization.
Presentation by: Russ Charlton, SVP – Internal Audit and Enterprise Risk Management, Time Inc.
Resolver’s new platform, Core, is something you’ll hear a lot about over the next few days. This presentation provides an introduction to the foundations of Core, the applications that sit on top of Core, and the various use cases they address.
Infographic - Critical Capabilities of a Good Risk Management SolutionCorporater
Organizations seeking a risk management solution may have trouble identifying a collaborative integrated platform that fits their needs. A good Risk Management Solution will scope potential risks and assess its impact on the enterprise goals and objectives. Here are the critical capabilities of a good risk management solution.
To learn more, visit: https://bit.ly/3vQ4DjC
What do we really need to protect a business from risk?
The COVID-19 pandemic has put risk management in a spotlight. Looking at leading risk indicators, incidences and reproduction figures have become commonplace among the general population.
Even though the success of the selected risk strategies can only be assessed in a few years, it has already become clear that risk management must take a holistic approach.
To effectively manage risk, companies need to be able to not only monitor risks but also respond.
To learn more, visit: https://bit.ly/3ypENF0
Cryptoasset Investor's Seeking Exposure to Governance: Should Consider DecredSteve Miller, CFA
An outstanding cryptoasset project with minor concerns regarding distribution and risk management. Uniquely combining proof of work and proof of stake to secure its network.
Experimenting with decentralized governance in the Politeia.
Resulting in a token score of 45 out of 50.
Risk Management Software - An essential guide on why enterprise risk needs to be identified, monitored and managed.
Download the Risk Management PPT to understand:
1. What is risk?
2. How to manage risk?
3. Why you should automate the risk management process using a software?
4. What do you get by integrating risk management to business performance management?
You can also learn the key functions of a Risk Management Software and the benefits you gain from adopting a risk management software into your organization. Also, learn about the Corporater Risk Management Software. The PPT also contains demo screenshots of a sample risk profile.
The Journey to Integrated Risk Management: Lessons from the Field Resolver Inc.
In a rapidly changing world, companies struggle to keep up with constantly shifting compliance and risk exposure, both external and internal. Regulatory pressure and increasing executive demand for risk insight present evolving challenges for risk, audit, and compliance professionals who are being asked to do more with less. Governance, Risk, and Compliance (GRC) tools help organizations integrate their assurance activities across the three lines of defense, enable more efficient and effective assurance programs, and ultimately sustain the programs. Companies at the beginning of the GRC technology implementation lifecycle often fail to think through all of the components and key activities necessary to ensure a successful initiative. Those that forge ahead without analysis and planning may find that they missed opportunities to converge their risk and compliance programs, their business processes were not ready for automation, the new technology doesn’t work as anticipated, and timelines for completion can’t be met. In fact, without proper planning, companies may not be using GRC tools to their full potential and realizing the value promised to management and key stakeholders.
How to Prove the Value of Security InvestmentsResolver Inc.
The role of a corporate security professional is complicated. You know that your job has been done when no one knows that you’ve done your job, you give people the confidence to take risks knowing that there is someone to protect them, and you act as the backstop in the case of a once in a lifetime catastrophic event like a terrorist attack or natural disaster. While all these things are true, they are very hard to qualify and quantify.
The good news? You don’t need these variables to make your case, but you can definitely make a case based on the more mundane incidents that happen all the time.
This presentation walks you through the exercise of qualifying and quantifying what you do every day to keep your organization protected from security risks. It will help you clearly communicate the source and magnitude of the value of security investments to your leadership, giving them the confidence that you will get that return!
Content was created by Resolver and presented by Security Management, an ASIS publication, on April 4th as a live webinar.
The velocity and volume of regulatory changes suggests that the environment is continuously becoming more complex. As new laws are enacted, organizations must adapt the way they conduct business. In this presentation, learn how a software tool can help reduce their compliance exposure by tracking regulatory changes, managing internal and external risks, and identifying process gaps.
Presentation by: Amanda Cohen, Application Manager, Resolver Inc.
The Security Practitioner of the FutureResolver Inc.
In the face of changing business needs and threat environments, companies, organizations and individuals will continue to encounter increasingly diverse and sophisticated risks from an equally broad range of adversaries. These adversaries are equipped as never before supported by education, experience, publicly available critical information and the technology to bring their efforts to realization. Tomorrow’s security practitioner will need an array of integrated tools to effectively prepare for and counter tomorrow’s adversary. These “tools” will always include some traditional tried and proven practices; however, the need for practitioners to think critically, make risk-based decisions, implement leading practice solutions and define security optimization is required.
Presentation by:
Dennis Shepp, MBA, CPP, CFE, Consultant, Security Expert
Phillip Banks, P. Eng, CPP. Director, The Banks Group
Often, the best way to help your child grow up is to kick him/her out of the house. However, there’s always that anxiety – will they thrive, get hurt, fail? Many internal audit and/or risk functions became volunteer parents of their organization’s ERM programs, bringing enthusiasm and commitment to the role. However, ERM (and ESRM) works best when it’s owned and embedded into the fabric of the business. Unfortunately, most ERM programs fail within three years or less after leaving the nest. Why? Explore common challenges and proven strategies for coaxing ERM safely and successfully from the nest.
Presentation by: Brian Link, CIA, VP – GRC Strategy & Partnerships, Resolver Inc.
In this presentation, Joe and Brian contrast traditional risk assessment with some emerging techniques that use internal and market risk event (incident) data to drive a more accurate risk model.
Presentation by:
Joe Crampton, VP – Applications, Resolver Inc.
Brian Link, CIA, VP – GRC Strategy & Partnerships, Resolver Inc.
Does one size fit all in the complex world of Global regulation? Mary Moffett, Chief Compliance Officer from the Canadian and English Caribbean Operations of Swiss Re, a global reinsurer and commercial line writer, discusses the very real operational, system and execution considerations from both a global and local perspective.
Presentation by: Mary Moffett, VP & Compliance Officer, Swiss Re
Time Inc., the publisher of iconic magazines and related web platforms such as Time, Fortune, People, Sports Illustrated, and many others, spun out of Time Warner Inc. in 2014 to become a stand-alone publicly traded company. As part of that spin, Time Inc. established its own Internal Audit and Enterprise Risk Management (ERM) functions. This presentation covers first-hand information on the efforts, challenges, successes and pitfalls of Time Inc.’s ERM journey. You will take away valuable information including tools and templates that you can put to use in your own organization.
Presentation by: Russ Charlton, SVP – Internal Audit and Enterprise Risk Management, Time Inc.
Resolver’s new platform, Core, is something you’ll hear a lot about over the next few days. This presentation provides an introduction to the foundations of Core, the applications that sit on top of Core, and the various use cases they address.
Infographic - Critical Capabilities of a Good Risk Management SolutionCorporater
Organizations seeking a risk management solution may have trouble identifying a collaborative integrated platform that fits their needs. A good Risk Management Solution will scope potential risks and assess its impact on the enterprise goals and objectives. Here are the critical capabilities of a good risk management solution.
To learn more, visit: https://bit.ly/3vQ4DjC
What do we really need to protect a business from risk?
The COVID-19 pandemic has put risk management in a spotlight. Looking at leading risk indicators, incidences and reproduction figures have become commonplace among the general population.
Even though the success of the selected risk strategies can only be assessed in a few years, it has already become clear that risk management must take a holistic approach.
To effectively manage risk, companies need to be able to not only monitor risks but also respond.
To learn more, visit: https://bit.ly/3ypENF0
Cryptoasset Investor's Seeking Exposure to Governance: Should Consider DecredSteve Miller, CFA
An outstanding cryptoasset project with minor concerns regarding distribution and risk management. Uniquely combining proof of work and proof of stake to secure its network.
Experimenting with decentralized governance in the Politeia.
Resulting in a token score of 45 out of 50.
Risk Management Software - An essential guide on why enterprise risk needs to be identified, monitored and managed.
Download the Risk Management PPT to understand:
1. What is risk?
2. How to manage risk?
3. Why you should automate the risk management process using a software?
4. What do you get by integrating risk management to business performance management?
You can also learn the key functions of a Risk Management Software and the benefits you gain from adopting a risk management software into your organization. Also, learn about the Corporater Risk Management Software. The PPT also contains demo screenshots of a sample risk profile.
The Journey to Integrated Risk Management: Lessons from the Field Resolver Inc.
In a rapidly changing world, companies struggle to keep up with constantly shifting compliance and risk exposure, both external and internal. Regulatory pressure and increasing executive demand for risk insight present evolving challenges for risk, audit, and compliance professionals who are being asked to do more with less. Governance, Risk, and Compliance (GRC) tools help organizations integrate their assurance activities across the three lines of defense, enable more efficient and effective assurance programs, and ultimately sustain the programs. Companies at the beginning of the GRC technology implementation lifecycle often fail to think through all of the components and key activities necessary to ensure a successful initiative. Those that forge ahead without analysis and planning may find that they missed opportunities to converge their risk and compliance programs, their business processes were not ready for automation, the new technology doesn’t work as anticipated, and timelines for completion can’t be met. In fact, without proper planning, companies may not be using GRC tools to their full potential and realizing the value promised to management and key stakeholders.
How to Prove the Value of Security InvestmentsResolver Inc.
The role of a corporate security professional is complicated. You know that your job has been done when no one knows that you’ve done your job, you give people the confidence to take risks knowing that there is someone to protect them, and you act as the backstop in the case of a once in a lifetime catastrophic event like a terrorist attack or natural disaster. While all these things are true, they are very hard to qualify and quantify.
The good news? You don’t need these variables to make your case, but you can definitely make a case based on the more mundane incidents that happen all the time.
This presentation walks you through the exercise of qualifying and quantifying what you do every day to keep your organization protected from security risks. It will help you clearly communicate the source and magnitude of the value of security investments to your leadership, giving them the confidence that you will get that return!
Content was created by Resolver and presented by Security Management, an ASIS publication, on April 4th as a live webinar.
The velocity and volume of regulatory changes suggests that the environment is continuously becoming more complex. As new laws are enacted, organizations must adapt the way they conduct business. In this presentation, learn how a software tool can help reduce their compliance exposure by tracking regulatory changes, managing internal and external risks, and identifying process gaps.
Presentation by: Amanda Cohen, Application Manager, Resolver Inc.
Особенности использования современных СЗИ НСД для обеспечения информационной ...SelectedPresentations
VII Уральский форум
Информационная безопасность банков
ТЕМАТИЧЕСКОЕ ЗАСЕДАНИЕ № 2
Электронное взаимодействие на финансовых рынках
Кузнецов Сергей Павлович, коммерческий директор ЦЗИ ООО «Конфидент»
Источник: http://ural.ib-bank.ru/materials_2015
Managing Enterprise Risk: Why U No Haz Metrics?John D. Johnson
A panel with Alex Hutton, Jack Jones, Caroline Wong and David Mortman discussing measuring risk and the SMART use of metrics to quantify enterprise risk. RSA Conference 2013
The role of internal auditors in fraud risk management and the skill sets required in the current scenario...
The focus of audit has to change from transaction audit to value addition..
Achieve Excellence through Customer ExperienceNaveen Agarwal
Consistently providing excellent customer experience is critical to business success. In this presentation, I share a systematic approach to build a sustainable process for excellence in customer experience.
Discussion of reputation risk and how to incorporation reputation management into a business in order to build resiliency and growth. Presented at the 3rd International Reputation Management Conference in Istanbul, Turkey, in November 2014
Mastering Information Technology Risk ManagementGoutama Bachtiar
This is the presentation slide as part of the courseware utilized when delivering Information Technology Risk Management training - workshop on May 2013.
Risk & Advisory Services: Quarterly Risk Advisor Feb. 2016CBIZ, Inc.
In this issue: 1) Invest in Specialty Skills and Other Tips for Internal Audit Planning
2) Cyber Risk - Now It IS the Daily News 3) How to Build an Actionable Incident Response Strategy.
Projects are expected to address a business need and help an organization attain its goals. Business Analysts are expected to ensure that a project fits into the business context.
Business Analysts must know how to carry out Enterprise Analysis including:
- Conduct root cause analysis to determine business needs.
- Identify goals and define objectives.
-Identify capability gaps using Business Architectures.
- Justify projects through feasibility analysis.
- Establish the business case for a project.
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
Об угрозах информационной безопасности, актуальных для разработчика СЗИSelectedPresentations
Качалин Алексей Игоревич, эксперт МОО «АЗИ»
IV Форум АЗИ
«Актуальные вопросы информационной безопасности России»
г. Москва, Конгресс-Центр МТУСИ, 14 апреля 2015 года
4. CONTROLS
► Companies want to drive down the cost of
audits by removing controls or making
them non-key to improve audit “efficiency”
► Controls are re-designed to pass audits
easier
9. USE YOUR AUDIT RESULTS
► Areas where Security / IA Audit must play
a key role:
► Identify root cause.
► Identify areas for improvement.
► Partner with affected business area(s) for a
solution (advanced technique).
10. CONTROLS PASS AUDIT != SAFE
► Disprove the hypothesis
► Use your breakers to attack and pen test.
► Find weaknesses that audits will miss.
► Use outside vendors to help.
11. THINK OUTSIDE THE COMPANY
► 2011 Crowe Horwath LLP Survey:
► 75% reported that their organizations experienced
harm from the action or inaction of a third party.
► Only 21% reported that their companies are very
effective at identifying and managing third-party
risks.
12. 3RD PARTY MANAGEMENT
► Develop a rubric to evaluate how critical the
3rd party is to the organization
► Will they handle confidential information,
PII, NPCI?
► If they are breached or shut down, how
screwed are we?
► Work with your legal team to include
security elements in the SA
► Include a right to audit.
13. Planning and Risk Assessments
► Identify assets, threats and analyze risks:
14. Planning and Risk Assessments
► Security should be involved in the planning
phases for any audit:
► Map risks to controls that affect
information security.
► You are likely doing something already
that you can take credit for!
15. #RECAP
► Role of Security must be strategic:
► Use your audit findings as a lever to
improve information security.
► Disprove the hypothesis.
► Do not forget about your 3rd parties.
► Risk assessment process adopted
across all audits.