SlideShare a Scribd company logo

Inv306 going social in a world of grc v.1.1

Arthur Fontaine
Arthur Fontaine

Lotusphere 2012 INV306 -- Going Social In A World of GRC

TechnologyBusinessEconomy & Finance
1 of 22
Download to read offline
INV306 Going Social in a world of Governance, Risk Management, and Compliance (GRC) Arthur Fontaine | Program Director | IBM Collaboration Solutions © 2012 IBM Corporation
IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. 2 | © 2012 IBM Corporation
Agenda ■ GRC – What is it, and why is it important? ■ Collaboration in a GRC world ■ Functional perspectives to GRC 3 | © 2012 IBM Corporation
Governance Setting policies for risk in the organization Focus ● Regulations ● Contractual Duties ● Business Strategy Risk Management Limiting actions to within risk tolerance Compliance Focus Confirming adherence ● Education/certification to policies ● Security and Defense ● Information Lifecycle Focus ● Audit ● Ediscovery ● Documentation | © 2012 IBM Corporation
A role-based approach to GRC Chief Chief Chief Chief Chief Information Chief Legal Risk Financial Information Security Compliance Role Officer Officer Officer Officer Officer Officer Goal Reduce legal Quantify and Manage Risk- Reduce IT expense Reduce IT risk Ensure regulatory exposure reduce risk adjusted exposure compliance exposure forecasting and allocation Concerns ● Identifying legal risks ● Integrated view of ● Financial risk ● Guarding against ● Anticipating and ● Adherence to policy ● Reducing exposure risk across financial, management intrusions and avoiding threats and and procedures from retention of operational and other ● Regulatory malware breaches ● Managing regulatory unnecessary domains requirements ● Reducing storage ● Managing records exams, audits and information ● Anticipating and ● Financial reporting and admin costs lifecycles in IT requests ● Anticipating and avoiding unexpected (e.g. SOX) ● Ensure business systems ● Reducing cost for managing discovery loss continuity ● Driving content compliance tasks policies management | © 2012 IBM Corporation
GRC Framework | © 2012 IBM Corporation
Information Lifecycle Governance Data Credit Risk Consolidated Risk Market Risk Trusted Risk Results Datamart Information Warehouse CRO ALM & Liquidity Risk KRI Mgmt Loss Event Data Operational Risk Applications Database IT Risk GRC – IBM Reference Architecture Network Endpoint IT Security Risk Access and IM CIO GRC Analytics* GRC Execution Industry Content Business GRC Management* Continuity Operational Systems Records Mgmt Training Vendor Risk Legal case Mgmt Policy & Whistle Blower CCO Compliance Asset Mgmt Financial AML Reporting CFO Fraud Monitoring Internal Audit Seg of Duties Cntll Monitoring Operations Lifecycle Management | ation GRC GRC Mgmt Change Services Services Strategic Consulting Implement- Operational GTS,GBS SWG-Lab GBS/BAO Services © 2012 IBM Corporation
Agenda ■ GRC – What is it, and why is it important? ■ Collaboration in a GRC world ■ Functional perspectives to GRC 8 | © 2012 IBM Corporation
IBM Social Business Capabilities Envision Enable Adopt Optimize Social Networking Social Content Social Analytics Owned social networks Engagement apps & svcs. Analytics Discover Engage Reach Identity systems Social network connectors Monitoring Communication channels Content services Optimization Process Management Information Management Governance and Lifecycle Integrate Social BPM Rules Information integration Info. lifecycle gov. Security Connectors ESB MDM Data warehousing Community gov. Mobile Open Standards Workload-Optimized Systems | © 2012 IBM Corporation
“Dynamic Tension” Social Business and GRC impacts Benefits of Social Impacts on Governance, Risk, and C-level roles Business Compliance impacted Instant access to professional ● Directly conflicts with regulatory “internal firewall” CFO, CRO, CCO, experts and networks requirements CISO ● Multiplies the channels, volume, and velocity that have to Multi-modal communications be monitored, logged, audited, discovered. CIO, CISO, CLO ● Complicates identity and access management ● Creates risk of releasing or procuring information Access to public data sources and CLO, CRO, CCO, improperly applications ● Adds threat exposures CIO Mobile access to enterprise 'big ● Places core enterprise IP in uncontrolled environments CIO, CISO data' Rich information about people and ● Allows better targeted threats CISO, CCO, CRO projects ● Updates can be studied to reveal patterns and clues Common customer request: “How can you help us deploy your social business solutions in a way that doesn't break the GRC regime we've constructed over the years?” 10 | © 2012 IBM Corporation
Enterprises understand unique GRC issues Issue Mitigation Representative IBM Customer statements Offerings ● Atlas Policy Federation Framework We lack an overall social business Develop an enterprise-wide social ● Atlas Global Retention Policy and policy for our enterprise business policy & governance model Schedule Management Expands the universe of things I need Expanded policy management and ●Actiance Vantage for Connections and enforce policy on (monitor, retain, enforcement tools to modify behaviors, Sametime ● IBM Content Collector, IBM eDiscovery discover, and dispose) raise risk awareness Manager ● Atlas Governance for IT Raises challenges of managing within Identity/access management tools need ●Atlas Governance for IT regulated industries to be extended to social applications ●Tivoli Identity Manager ● Tivoli Content Manager ● Qradar SIEM/Risk Manager Raises risk and velocity of content Content inspection solutions must ● Lotus Protector leaks prevent leaks, flag inappropriate ● InfoSphere Guardium db Security behaviors ● Infosphere Optim Data Masking Breaks existing security / compliance Tools must reuse and extend existing ● Atlas Policy Federation Framework regimes such as internal firewalls security/compliance regimes for social ● IBM Information Lifecycle Governance content ● Lotus Protector ICAPI Creates new vectors of attack and raises risk of social engineering Security systems must identify, and exploits protect against, social business attacks ● Tivoli Network Intrusion Prevention ● Tivoli Endpoint Manager and exploits | © 2012 IBM Corporation
IBM Information Lifecycle Governance (ILG) The ILG solution portfolio enables customers to: effectively retain and archive information efficiently meet eDiscovery obligations defensibly dispose of information to lower both cost and risk. | © 2012 IBM Corporation 12
Information Lifecycle – it is a process... Of all the information and content generated in any organization only the right information has to be retained. But which is the right one? Risk: Cost of storage Create Collect Analyze Archive Discover Dispose Risk: Cost of lost evidence Inability to comply with regulatory requirements | © 2012 IBM Corporation
Agenda ■ GRC – What is it, and why is it important? ■ Collaboration in a GRC world ■ Functional perspectives to GRC 14 | © 2012 IBM Corporation
Use Case: Chief Legal Officer Chief Legal Officer GOAL: REDUCE LEGAL EXPOSURE KEY OBJECTIVES ● Identifying legal risks ● Reducing exposure from retention of unnecessary information ● Anticipating and managing legal discovery tasks Impacts of Social Business ● Increased opportunities for legal risks, due to new communication modes and unlimited ad hoc interactions ● New data sources and types that constitute business records (must be discoverable per FRCP) ● Greater complexity of business records, including data hosted on external applications/platforms Strategies / Tools / Services from IBM ● Actiance Vantage for Connections and Sametime – Brings Connections/Sametime content into enterprise data corpus ● IBM Content Collector, IBM eDiscovery Manager – Enables cross-enterprise legal discovery of data and content ●Atlas Global Retention Policy and Schedule Management – Manages enterprise policies for retention and deletion, to reduce expense and exposure in legal cases ●Atlas Retention for Employees – Brings business knowledge into the retention process, to inform system of data that contains (or does not contain) business value or duty ● Atlas eDiscovery Process Management – Helps automate the workflows in legal discovery activities | © 2012 IBM Corporation
Use Case: Chief Risk Officer Chief Risk Officer GOAL: QUANTIFY AND REDUCE RISK EXPOSURE KEY OBJECTIVES ● Integrated view of risk across financial, operational and other domains ● Anticipating and avoiding unexpected loss Impacts of Social Business ● Increased opportunities for financial or IP disclosure ● New entry vectors for attacks, including social engineering exploits ● Frictionless collaboration with attendant information velocity Strategies / Tools / Services from IBM ● GBS Social Business GRC offering – Identify risks and apply mitigation strategies ●Atlas Policy Federation Framework and Connectors – Brings business knowledge into the retention process, to inform system of data that contains (or does not contain) business value or duty ● IBM Content Collector, IBM eDiscovery Manager – Enables cross-enterprise legal discovery of data and content ● IBM Content Analytics and Classification – Provides enhanced view of information and content, for improved risk awareness | © 2012 IBM Corporation
Use Case: Chief Financial Officer Chief Financial Officer GOAL: RISK-ADJUSTED FORECASTING AND ALLOCATION KEY OBJECTIVES ● Financial risk management ● Regulatory requirements ● Financial reporting (e.g. SOX) Impacts of Social Business ● Increased opportunities for financial disclosure (e.g., “ Quarter looks great!”) ● Rapid and unconstrained data growth may impact IT budget Strategies / Tools / Services from IBM ● GBS Social Business GRC offering – Design policies based on role or identity, content, and mode ● Actiance Vantage for Connections and Sametime – Brings Connections/Sametime content into enterprise data corpus for ● IBM Content Analytics, IBM Classification Module – Enables analysis ● Atlas Global Retention Policy and Schedule Management – Manages enterprise policies for retention and deletion, to reduce IT expense | © 2012 IBM Corporation
Use Case: Chief Information / Security Officer Chief Information / Security Officer GOAL: REDUCING IT EXPENSE AND RISK EXPOSURE KEY OBJECTIVES ● Ensuring regulatory compliance in IT systems ● Reducing storage and admin costs ● Business continuity risk ● Vendor risk Impacts of Social Business ● Increased opportunities for noncompliance in IT systems, with greater complexity of user/role access management ● Data growth that's difficult to apply lifecycle controls against, due to ad hoc/unstructured nature of data ● New vectors for attack, including social engineering and public social platform vulnerabilities Strategies / Tools / Services from IBM ● Actiance Vantage for Connections and Sametime – Brings Connections content into enterprise data corpus ●Atlas Global Retention Policy and Schedule Management – Manages enterprise policies for retention and deletion, to minimize IT expense ● Atlas Retention for Employees – Brings business knowledge into the retention process, to inform system of data that contains (or does not contain) business value or duty ● IBM Security Services components/controls (Tivoli, Q1) – Protects against intrusions and threats originating from social vectors | © 2012 IBM Corporation
Use Case: Chief Compliance Officer Chief Compliance Officer GOAL: ENSURING REGULATORY COMPLIANCE KEY OBJECTIVES ● Adherence to policy and procedures ● Managing regulatory exams, audits and requests ● Reducing cost for policy and control management Impacts of Social Business ● Increased opportunities for noncompliance, with new modalities and unlimited ad hoc interactions ● New data sources and types that constitute business records, applicable to regulatory activities ● Greater complexity of business records, including data hosted on external applications Strategies / Tools / Services from IBM ● Actiance Vantage for Connections and Sametime – Brings Connections content into enterprise data corpus ●Atlas Global Retention Policy and Schedule Management – Manages enterprise policies for retention and deletion, to minimize expense and exposure in compliance actions ● IBM Content Collector, IBM eDiscovery Manager – Enables cross-enterprise discovery of data and content for compliance actions ● Atlas eDiscovery Process Management – Helps automate the workflows in discovery activities for compliance actions ●Atlas Retention for Employees – Brings business knowledge into the retention process, to inform system of data that contains (or does not contain) business value or duty | © 2012 IBM Corporation
Summary ■ GRC is a cross-functional imperative that addresses risks through policy, active management, and audit ■ Social Business offers unique challenges to GRC, but ultimately must be addressed within the larger GRC framework ■ Roles-based GRC analysis is needed to design comprehensive, lasting GRC programs | © 2012 IBM Corporation
Arthur Fontaine afontaine@us.ibm.com Thank you! 720-395-5676 Please remember to fill out your evaluations | © 2012 IBM Corporation
Legal disclaimer © IBM Corporation 2012. All Rights Reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both. 22 | © 2012 IBM Corporation

Recommended

Analisis de Riesgos O-ISM3
Analisis de Riesgos O-ISM3Analisis de Riesgos O-ISM3
Analisis de Riesgos O-ISM3Conferencias FIST
 
TripleTree eDiscovery
TripleTree eDiscoveryTripleTree eDiscovery
TripleTree eDiscoveryChris Hoffmann
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber securitynsheel
 
A brief overview of operational risk
A brief overview of operational riskA brief overview of operational risk
A brief overview of operational riskDiane Christina
 
DSS ITSEC Conference 2012 - RISK & COMPLIANCE
DSS ITSEC Conference 2012 - RISK & COMPLIANCEDSS ITSEC Conference 2012 - RISK & COMPLIANCE
DSS ITSEC Conference 2012 - RISK & COMPLIANCEAndris Soroka
 
Riskpro Insurance Advisory Services
Riskpro Insurance Advisory ServicesRiskpro Insurance Advisory Services
Riskpro Insurance Advisory ServicesRahul Bhan (CA, CIA, MBA)
 
2012 ReEnergize the Americas 3B: Gene Rodriguez
2012 ReEnergize the Americas 3B: Gene Rodriguez2012 ReEnergize the Americas 3B: Gene Rodriguez
2012 ReEnergize the Americas 3B: Gene RodriguezReenergize
 
About Acumin
About AcuminAbout Acumin
About AcuminGemmaPaterson
 

Recommended

Analisis de Riesgos O-ISM3
Analisis de Riesgos O-ISM3Analisis de Riesgos O-ISM3
Analisis de Riesgos O-ISM3Conferencias FIST
 
TripleTree eDiscovery
TripleTree eDiscoveryTripleTree eDiscovery
TripleTree eDiscoveryChris Hoffmann
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber securitynsheel
 
A brief overview of operational risk
A brief overview of operational riskA brief overview of operational risk
A brief overview of operational riskDiane Christina
 
DSS ITSEC Conference 2012 - RISK & COMPLIANCE
DSS ITSEC Conference 2012 - RISK & COMPLIANCEDSS ITSEC Conference 2012 - RISK & COMPLIANCE
DSS ITSEC Conference 2012 - RISK & COMPLIANCEAndris Soroka
 
Riskpro Insurance Advisory Services
Riskpro Insurance Advisory ServicesRiskpro Insurance Advisory Services
Riskpro Insurance Advisory ServicesRahul Bhan (CA, CIA, MBA)
 
2012 ReEnergize the Americas 3B: Gene Rodriguez
2012 ReEnergize the Americas 3B: Gene Rodriguez2012 ReEnergize the Americas 3B: Gene Rodriguez
2012 ReEnergize the Americas 3B: Gene RodriguezReenergize
 
About Acumin
About AcuminAbout Acumin
About AcuminGemmaPaterson
 
Basel II Risk Compliance Solution(Tasso ): Lera technologies
Basel II Risk Compliance Solution(Tasso ): Lera technologiesBasel II Risk Compliance Solution(Tasso ): Lera technologies
Basel II Risk Compliance Solution(Tasso ): Lera technologiesLera Technologies
 
Feb2008 Monthly Slides 1
Feb2008 Monthly Slides 1Feb2008 Monthly Slides 1
Feb2008 Monthly Slides 1Nadir Hussain
 
Presentation crafting your active security management strategy 3 keys and 4...
Presentation crafting your active security management strategy 3 keys and 4...Presentation crafting your active security management strategy 3 keys and 4...
Presentation crafting your active security management strategy 3 keys and 4...xKinAnx
 
Dynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetDynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetClear Technologies
 
Information Governance-a programmatic perspective on driving value through RI...
Information Governance-a programmatic perspective on driving value through RI...Information Governance-a programmatic perspective on driving value through RI...
Information Governance-a programmatic perspective on driving value through RI...Ledjit
 
ITFM Business Brief
ITFM Business BriefITFM Business Brief
ITFM Business Briefwdjohnson1
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity ModelConferencias FIST
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS UK
 
Is3 Capabilities Brief
Is3 Capabilities BriefIs3 Capabilities Brief
Is3 Capabilities Briefmageeb
 
iCode Security Architecture Framework
iCode Security Architecture FrameworkiCode Security Architecture Framework
iCode Security Architecture FrameworkMohamed Ridha CHEBBI, CISSP
 
IBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeKrisValerio
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity ModelCSCJournals
 
Fs isac fico and core presentation10222012
Fs isac fico and core presentation10222012Fs isac fico and core presentation10222012
Fs isac fico and core presentation10222012Seema Sheth-Voss
 
Simon Foley
Simon FoleySimon Foley
Simon Foleyguest34c834
 
Return on Security Investment
Return on Security InvestmentReturn on Security Investment
Return on Security InvestmentConferencias FIST
 
CRI-Exec-Cyber-Briefings (1)
CRI-Exec-Cyber-Briefings (1)CRI-Exec-Cyber-Briefings (1)
CRI-Exec-Cyber-Briefings (1)OCTF Industry Engagement
 
Business oriented risk management approach luís martins
Business oriented risk management approach luís martinsBusiness oriented risk management approach luís martins
Business oriented risk management approach luís martinsLuis Martins
 
Riskpro Introduction
Riskpro IntroductionRiskpro Introduction
Riskpro IntroductionManoj Jain
 
Riskpro brief introduction
Riskpro brief introductionRiskpro brief introduction
Riskpro brief introductionRahul Bhan (CA, CIA, MBA)
 
BRIDGEi2i Risk Management Solutions
BRIDGEi2i Risk Management SolutionsBRIDGEi2i Risk Management Solutions
BRIDGEi2i Risk Management SolutionsBRIDGEi2i Analytics Solutions
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk ManagementRahul Bhan (CA, CIA, MBA)
 

More Related Content

What's hot

Basel II Risk Compliance Solution(Tasso ): Lera technologies
Basel II Risk Compliance Solution(Tasso ): Lera technologiesBasel II Risk Compliance Solution(Tasso ): Lera technologies
Basel II Risk Compliance Solution(Tasso ): Lera technologiesLera Technologies
 
Feb2008 Monthly Slides 1
Feb2008 Monthly Slides 1Feb2008 Monthly Slides 1
Feb2008 Monthly Slides 1Nadir Hussain
 
Presentation crafting your active security management strategy 3 keys and 4...
Presentation crafting your active security management strategy 3 keys and 4...Presentation crafting your active security management strategy 3 keys and 4...
Presentation crafting your active security management strategy 3 keys and 4...xKinAnx
 
Dynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetDynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetClear Technologies
 
Information Governance-a programmatic perspective on driving value through RI...
Information Governance-a programmatic perspective on driving value through RI...Information Governance-a programmatic perspective on driving value through RI...
Information Governance-a programmatic perspective on driving value through RI...Ledjit
 
ITFM Business Brief
ITFM Business BriefITFM Business Brief
ITFM Business Briefwdjohnson1
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS UK
 
Is3 Capabilities Brief
Is3 Capabilities BriefIs3 Capabilities Brief
Is3 Capabilities Briefmageeb
 
IBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeKrisValerio
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity ModelCSCJournals
 
Fs isac fico and core presentation10222012
Fs isac fico and core presentation10222012Fs isac fico and core presentation10222012
Fs isac fico and core presentation10222012Seema Sheth-Voss
 
Return on Security Investment
Return on Security InvestmentReturn on Security Investment
Return on Security InvestmentConferencias FIST
 
Business oriented risk management approach luís martins
Business oriented risk management approach luís martinsBusiness oriented risk management approach luís martins
Business oriented risk management approach luís martinsLuis Martins
 

What's hot (18)

Basel II Risk Compliance Solution(Tasso ): Lera technologies
Basel II Risk Compliance Solution(Tasso ): Lera technologiesBasel II Risk Compliance Solution(Tasso ): Lera technologies
Basel II Risk Compliance Solution(Tasso ): Lera technologies
 
Feb2008 Monthly Slides 1
Feb2008 Monthly Slides 1Feb2008 Monthly Slides 1
Feb2008 Monthly Slides 1
 
Presentation crafting your active security management strategy 3 keys and 4...
Presentation crafting your active security management strategy 3 keys and 4...Presentation crafting your active security management strategy 3 keys and 4...
Presentation crafting your active security management strategy 3 keys and 4...
 
Dynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetDynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value Sheet
 
Information Governance-a programmatic perspective on driving value through RI...
Information Governance-a programmatic perspective on driving value through RI...Information Governance-a programmatic perspective on driving value through RI...
Information Governance-a programmatic perspective on driving value through RI...
 
ITFM Business Brief
ITFM Business BriefITFM Business Brief
ITFM Business Brief
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
 
Is3 Capabilities Brief
Is3 Capabilities BriefIs3 Capabilities Brief
Is3 Capabilities Brief
 
iCode Security Architecture Framework
iCode Security Architecture FrameworkiCode Security Architecture Framework
iCode Security Architecture Framework
 
IBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance Requirements
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff Crume
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity Model
 
Fs isac fico and core presentation10222012
Fs isac fico and core presentation10222012Fs isac fico and core presentation10222012
Fs isac fico and core presentation10222012
 
Simon Foley
Simon FoleySimon Foley
Simon Foley
 
Return on Security Investment
Return on Security InvestmentReturn on Security Investment
Return on Security Investment
 
CRI-Exec-Cyber-Briefings (1)
CRI-Exec-Cyber-Briefings (1)CRI-Exec-Cyber-Briefings (1)
CRI-Exec-Cyber-Briefings (1)
 
Business oriented risk management approach luís martins
Business oriented risk management approach luís martinsBusiness oriented risk management approach luís martins
Business oriented risk management approach luís martins
 

Similar to Inv306 going social in a world of grc v.1.1

Riskpro Introduction
Riskpro IntroductionRiskpro Introduction
Riskpro IntroductionManoj Jain
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk ManagementManoj Jain
 
Cybersecurity It Audit Services Gt April2012
Cybersecurity It Audit Services Gt April2012Cybersecurity It Audit Services Gt April2012
Cybersecurity It Audit Services Gt April2012Danny Miller
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right postureParag Deodhar
 

Similar to Inv306 going social in a world of grc v.1.1 (20)

Riskpro Introduction
Riskpro IntroductionRiskpro Introduction
Riskpro Introduction
 
Riskpro brief introduction
Riskpro brief introductionRiskpro brief introduction
Riskpro brief introduction
 
BRIDGEi2i Risk Management Solutions
BRIDGEi2i Risk Management SolutionsBRIDGEi2i Risk Management Solutions
BRIDGEi2i Risk Management Solutions
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk Management
 
Riskpro information risk management
Riskpro information risk managementRiskpro information risk management
Riskpro information risk management
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk Management
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk Management
 
Interest rate risk modeling day sun_gard_ambit banking
Interest rate risk modeling day sun_gard_ambit bankingInterest rate risk modeling day sun_gard_ambit banking
Interest rate risk modeling day sun_gard_ambit banking
 
SYMCAnnual
SYMCAnnualSYMCAnnual
SYMCAnnual
 
Riskpro information risk management 2013
Riskpro information risk management 2013Riskpro information risk management 2013
Riskpro information risk management 2013
 
Riskpro information risk management 2013
Riskpro information risk management 2013Riskpro information risk management 2013
Riskpro information risk management 2013
 
Riskpro Brief Introduction
Riskpro Brief IntroductionRiskpro Brief Introduction
Riskpro Brief Introduction
 
Riskpro insurance advisory services 2013
Riskpro insurance advisory services 2013Riskpro insurance advisory services 2013
Riskpro insurance advisory services 2013
 
Cybersecurity It Audit Services Gt April2012
Cybersecurity It Audit Services Gt April2012Cybersecurity It Audit Services Gt April2012
Cybersecurity It Audit Services Gt April2012
 
Riskpro Insurance Advisory Services
Riskpro Insurance Advisory ServicesRiskpro Insurance Advisory Services
Riskpro Insurance Advisory Services
 
Agama Profile
Agama ProfileAgama Profile
Agama Profile
 
Agam Profile
Agam ProfileAgam Profile
Agam Profile
 
Riskpro Insurance Services Ver5
Riskpro Insurance Services Ver5Riskpro Insurance Services Ver5
Riskpro Insurance Services Ver5
 
Riskpro Insurance Services Ver5
Riskpro Insurance Services Ver5Riskpro Insurance Services Ver5
Riskpro Insurance Services Ver5
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right posture
 

Recently uploaded

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Recently uploaded (20)

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Inv306 going social in a world of grc v.1.1

  • 1. INV306 Going Social in a world of Governance, Risk Management, and Compliance (GRC) Arthur Fontaine | Program Director | IBM Collaboration Solutions © 2012 IBM Corporation
  • 2. IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. 2 | © 2012 IBM Corporation
  • 3. Agenda ■ GRC – What is it, and why is it important? ■ Collaboration in a GRC world ■ Functional perspectives to GRC 3 | © 2012 IBM Corporation
  • 4. Governance Setting policies for risk in the organization Focus ● Regulations ● Contractual Duties ● Business Strategy Risk Management Limiting actions to within risk tolerance Compliance Focus Confirming adherence ● Education/certification to policies ● Security and Defense ● Information Lifecycle Focus ● Audit ● Ediscovery ● Documentation | © 2012 IBM Corporation
  • 5. A role-based approach to GRC Chief Chief Chief Chief Chief Information Chief Legal Risk Financial Information Security Compliance Role Officer Officer Officer Officer Officer Officer Goal Reduce legal Quantify and Manage Risk- Reduce IT expense Reduce IT risk Ensure regulatory exposure reduce risk adjusted exposure compliance exposure forecasting and allocation Concerns ● Identifying legal risks ● Integrated view of ● Financial risk ● Guarding against ● Anticipating and ● Adherence to policy ● Reducing exposure risk across financial, management intrusions and avoiding threats and and procedures from retention of operational and other ● Regulatory malware breaches ● Managing regulatory unnecessary domains requirements ● Reducing storage ● Managing records exams, audits and information ● Anticipating and ● Financial reporting and admin costs lifecycles in IT requests ● Anticipating and avoiding unexpected (e.g. SOX) ● Ensure business systems ● Reducing cost for managing discovery loss continuity ● Driving content compliance tasks policies management | © 2012 IBM Corporation
  • 6. GRC Framework | © 2012 IBM Corporation
  • 7. Information Lifecycle Governance Data Credit Risk Consolidated Risk Market Risk Trusted Risk Results Datamart Information Warehouse CRO ALM & Liquidity Risk KRI Mgmt Loss Event Data Operational Risk Applications Database IT Risk GRC – IBM Reference Architecture Network Endpoint IT Security Risk Access and IM CIO GRC Analytics* GRC Execution Industry Content Business GRC Management* Continuity Operational Systems Records Mgmt Training Vendor Risk Legal case Mgmt Policy & Whistle Blower CCO Compliance Asset Mgmt Financial AML Reporting CFO Fraud Monitoring Internal Audit Seg of Duties Cntll Monitoring Operations Lifecycle Management | ation GRC GRC Mgmt Change Services Services Strategic Consulting Implement- Operational GTS,GBS SWG-Lab GBS/BAO Services © 2012 IBM Corporation
  • 8. Agenda ■ GRC – What is it, and why is it important? ■ Collaboration in a GRC world ■ Functional perspectives to GRC 8 | © 2012 IBM Corporation
  • 9. IBM Social Business Capabilities Envision Enable Adopt Optimize Social Networking Social Content Social Analytics Owned social networks Engagement apps & svcs. Analytics Discover Engage Reach Identity systems Social network connectors Monitoring Communication channels Content services Optimization Process Management Information Management Governance and Lifecycle Integrate Social BPM Rules Information integration Info. lifecycle gov. Security Connectors ESB MDM Data warehousing Community gov. Mobile Open Standards Workload-Optimized Systems | © 2012 IBM Corporation
  • 10. “Dynamic Tension” Social Business and GRC impacts Benefits of Social Impacts on Governance, Risk, and C-level roles Business Compliance impacted Instant access to professional ● Directly conflicts with regulatory “internal firewall” CFO, CRO, CCO, experts and networks requirements CISO ● Multiplies the channels, volume, and velocity that have to Multi-modal communications be monitored, logged, audited, discovered. CIO, CISO, CLO ● Complicates identity and access management ● Creates risk of releasing or procuring information Access to public data sources and CLO, CRO, CCO, improperly applications ● Adds threat exposures CIO Mobile access to enterprise 'big ● Places core enterprise IP in uncontrolled environments CIO, CISO data' Rich information about people and ● Allows better targeted threats CISO, CCO, CRO projects ● Updates can be studied to reveal patterns and clues Common customer request: “How can you help us deploy your social business solutions in a way that doesn't break the GRC regime we've constructed over the years?” 10 | © 2012 IBM Corporation
  • 11. Enterprises understand unique GRC issues Issue Mitigation Representative IBM Customer statements Offerings ● Atlas Policy Federation Framework We lack an overall social business Develop an enterprise-wide social ● Atlas Global Retention Policy and policy for our enterprise business policy & governance model Schedule Management Expands the universe of things I need Expanded policy management and ●Actiance Vantage for Connections and enforce policy on (monitor, retain, enforcement tools to modify behaviors, Sametime ● IBM Content Collector, IBM eDiscovery discover, and dispose) raise risk awareness Manager ● Atlas Governance for IT Raises challenges of managing within Identity/access management tools need ●Atlas Governance for IT regulated industries to be extended to social applications ●Tivoli Identity Manager ● Tivoli Content Manager ● Qradar SIEM/Risk Manager Raises risk and velocity of content Content inspection solutions must ● Lotus Protector leaks prevent leaks, flag inappropriate ● InfoSphere Guardium db Security behaviors ● Infosphere Optim Data Masking Breaks existing security / compliance Tools must reuse and extend existing ● Atlas Policy Federation Framework regimes such as internal firewalls security/compliance regimes for social ● IBM Information Lifecycle Governance content ● Lotus Protector ICAPI Creates new vectors of attack and raises risk of social engineering Security systems must identify, and exploits protect against, social business attacks ● Tivoli Network Intrusion Prevention ● Tivoli Endpoint Manager and exploits | © 2012 IBM Corporation
  • 12. IBM Information Lifecycle Governance (ILG) The ILG solution portfolio enables customers to: effectively retain and archive information efficiently meet eDiscovery obligations defensibly dispose of information to lower both cost and risk. | © 2012 IBM Corporation 12
  • 13. Information Lifecycle – it is a process... Of all the information and content generated in any organization only the right information has to be retained. But which is the right one? Risk: Cost of storage Create Collect Analyze Archive Discover Dispose Risk: Cost of lost evidence Inability to comply with regulatory requirements | © 2012 IBM Corporation
  • 14. Agenda ■ GRC – What is it, and why is it important? ■ Collaboration in a GRC world ■ Functional perspectives to GRC 14 | © 2012 IBM Corporation
  • 15. Use Case: Chief Legal Officer Chief Legal Officer GOAL: REDUCE LEGAL EXPOSURE KEY OBJECTIVES ● Identifying legal risks ● Reducing exposure from retention of unnecessary information ● Anticipating and managing legal discovery tasks Impacts of Social Business ● Increased opportunities for legal risks, due to new communication modes and unlimited ad hoc interactions ● New data sources and types that constitute business records (must be discoverable per FRCP) ● Greater complexity of business records, including data hosted on external applications/platforms Strategies / Tools / Services from IBM ● Actiance Vantage for Connections and Sametime – Brings Connections/Sametime content into enterprise data corpus ● IBM Content Collector, IBM eDiscovery Manager – Enables cross-enterprise legal discovery of data and content ●Atlas Global Retention Policy and Schedule Management – Manages enterprise policies for retention and deletion, to reduce expense and exposure in legal cases ●Atlas Retention for Employees – Brings business knowledge into the retention process, to inform system of data that contains (or does not contain) business value or duty ● Atlas eDiscovery Process Management – Helps automate the workflows in legal discovery activities | © 2012 IBM Corporation
  • 16. Use Case: Chief Risk Officer Chief Risk Officer GOAL: QUANTIFY AND REDUCE RISK EXPOSURE KEY OBJECTIVES ● Integrated view of risk across financial, operational and other domains ● Anticipating and avoiding unexpected loss Impacts of Social Business ● Increased opportunities for financial or IP disclosure ● New entry vectors for attacks, including social engineering exploits ● Frictionless collaboration with attendant information velocity Strategies / Tools / Services from IBM ● GBS Social Business GRC offering – Identify risks and apply mitigation strategies ●Atlas Policy Federation Framework and Connectors – Brings business knowledge into the retention process, to inform system of data that contains (or does not contain) business value or duty ● IBM Content Collector, IBM eDiscovery Manager – Enables cross-enterprise legal discovery of data and content ● IBM Content Analytics and Classification – Provides enhanced view of information and content, for improved risk awareness | © 2012 IBM Corporation
  • 17. Use Case: Chief Financial Officer Chief Financial Officer GOAL: RISK-ADJUSTED FORECASTING AND ALLOCATION KEY OBJECTIVES ● Financial risk management ● Regulatory requirements ● Financial reporting (e.g. SOX) Impacts of Social Business ● Increased opportunities for financial disclosure (e.g., “ Quarter looks great!”) ● Rapid and unconstrained data growth may impact IT budget Strategies / Tools / Services from IBM ● GBS Social Business GRC offering – Design policies based on role or identity, content, and mode ● Actiance Vantage for Connections and Sametime – Brings Connections/Sametime content into enterprise data corpus for ● IBM Content Analytics, IBM Classification Module – Enables analysis ● Atlas Global Retention Policy and Schedule Management – Manages enterprise policies for retention and deletion, to reduce IT expense | © 2012 IBM Corporation
  • 18. Use Case: Chief Information / Security Officer Chief Information / Security Officer GOAL: REDUCING IT EXPENSE AND RISK EXPOSURE KEY OBJECTIVES ● Ensuring regulatory compliance in IT systems ● Reducing storage and admin costs ● Business continuity risk ● Vendor risk Impacts of Social Business ● Increased opportunities for noncompliance in IT systems, with greater complexity of user/role access management ● Data growth that's difficult to apply lifecycle controls against, due to ad hoc/unstructured nature of data ● New vectors for attack, including social engineering and public social platform vulnerabilities Strategies / Tools / Services from IBM ● Actiance Vantage for Connections and Sametime – Brings Connections content into enterprise data corpus ●Atlas Global Retention Policy and Schedule Management – Manages enterprise policies for retention and deletion, to minimize IT expense ● Atlas Retention for Employees – Brings business knowledge into the retention process, to inform system of data that contains (or does not contain) business value or duty ● IBM Security Services components/controls (Tivoli, Q1) – Protects against intrusions and threats originating from social vectors | © 2012 IBM Corporation
  • 19. Use Case: Chief Compliance Officer Chief Compliance Officer GOAL: ENSURING REGULATORY COMPLIANCE KEY OBJECTIVES ● Adherence to policy and procedures ● Managing regulatory exams, audits and requests ● Reducing cost for policy and control management Impacts of Social Business ● Increased opportunities for noncompliance, with new modalities and unlimited ad hoc interactions ● New data sources and types that constitute business records, applicable to regulatory activities ● Greater complexity of business records, including data hosted on external applications Strategies / Tools / Services from IBM ● Actiance Vantage for Connections and Sametime – Brings Connections content into enterprise data corpus ●Atlas Global Retention Policy and Schedule Management – Manages enterprise policies for retention and deletion, to minimize expense and exposure in compliance actions ● IBM Content Collector, IBM eDiscovery Manager – Enables cross-enterprise discovery of data and content for compliance actions ● Atlas eDiscovery Process Management – Helps automate the workflows in discovery activities for compliance actions ●Atlas Retention for Employees – Brings business knowledge into the retention process, to inform system of data that contains (or does not contain) business value or duty | © 2012 IBM Corporation
  • 20. Summary ■ GRC is a cross-functional imperative that addresses risks through policy, active management, and audit ■ Social Business offers unique challenges to GRC, but ultimately must be addressed within the larger GRC framework ■ Roles-based GRC analysis is needed to design comprehensive, lasting GRC programs | © 2012 IBM Corporation
  • 21. Arthur Fontaine afontaine@us.ibm.com Thank you! 720-395-5676 Please remember to fill out your evaluations | © 2012 IBM Corporation
  • 22. Legal disclaimer © IBM Corporation 2012. All Rights Reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both. 22 | © 2012 IBM Corporation