This document provides an overview of governance, risk, and compliance in the cyber era presented by Prof. K. Subramanian. It includes:
- An agenda covering introduction, governance components, risk assurance and standards/compliance, assurance frameworks, and challenges.
- Quotes related to technology, privacy, and governance.
- Descriptions of governance components, principles of good governance, and cyber governance components.
- Discussions of corporate governance frameworks, assurance in public-private partnerships, and challenges in governing cyber space.
The presentation addresses key topics in digital governance and provides guidance on developing effective risk management and compliance programs.
Presentation given by Dr K Subramanian, Director and Professor, Advance Centre for Informatic and Innovative Learning IGNOU on August 3rd, 2011 at eWorld Forum (www.eworldforum.net) in the session Information Management and Security
Information Security Governance: Government Considerations for the Cloud Comp...Booz Allen Hamilton
How users can take advantage of the cloud computing environment’s benefits without experiencing excessive security risks or new legal or regulatory compliance challenges.
Omlis Data Breaches Report - An Inside Perspective Omlis
The rise in digital and mobile financial services has introduced an onset of increased data breaches over the last few years. The digital revolution has undermined the traditional framework used to regulate financial institutions, which has led to areas of vulnerability within their security systems.
In the report, Data Breaches: An Inside Perspective, Omlis conducted in-depth interviews with experienced cyber security professionals to understand why TFIs (traditional financial institutions) aren't adequately addressing security weaknesses.
In our research, the discussions centered on the types of security systems employed by TFIs, personal and industry-wide attitudes to security, and the types of security measures used to prevent breaches.
The findings indicate that TFIs current preference towards technology creates an increasingly complex system with associated vulnerabilities and ultimately it requires greater manual input for maintenance and updates.
There are also issues related to the attitudes of employees and difficulties implementing comprehensive and in-depth incident strategies.
Taking this into account, the report suggests a new direction for TFI's security systems to provide secure, innovative solutions.
Information Security Management Education Program - Concept Document Dinesh O Bareja
Information security training is incomplete which ever way one sees it - the techie lacks a lot of stuff and so does the non-techie. This is a concept to make changes and build an education program which will actually create professionals having good skills.
Presentation given by Dr K Subramanian, Director and Professor, Advance Centre for Informatic and Innovative Learning IGNOU on August 3rd, 2011 at eWorld Forum (www.eworldforum.net) in the session Information Management and Security
Information Security Governance: Government Considerations for the Cloud Comp...Booz Allen Hamilton
How users can take advantage of the cloud computing environment’s benefits without experiencing excessive security risks or new legal or regulatory compliance challenges.
Omlis Data Breaches Report - An Inside Perspective Omlis
The rise in digital and mobile financial services has introduced an onset of increased data breaches over the last few years. The digital revolution has undermined the traditional framework used to regulate financial institutions, which has led to areas of vulnerability within their security systems.
In the report, Data Breaches: An Inside Perspective, Omlis conducted in-depth interviews with experienced cyber security professionals to understand why TFIs (traditional financial institutions) aren't adequately addressing security weaknesses.
In our research, the discussions centered on the types of security systems employed by TFIs, personal and industry-wide attitudes to security, and the types of security measures used to prevent breaches.
The findings indicate that TFIs current preference towards technology creates an increasingly complex system with associated vulnerabilities and ultimately it requires greater manual input for maintenance and updates.
There are also issues related to the attitudes of employees and difficulties implementing comprehensive and in-depth incident strategies.
Taking this into account, the report suggests a new direction for TFI's security systems to provide secure, innovative solutions.
Information Security Management Education Program - Concept Document Dinesh O Bareja
Information security training is incomplete which ever way one sees it - the techie lacks a lot of stuff and so does the non-techie. This is a concept to make changes and build an education program which will actually create professionals having good skills.
This Slideshare presentation is a partial preview of the full business document. To view and download the full document, please go here:
http://flevy.com/browse/business-document/it-security-and-governance-template-312
This Word Document provides a template for an IT Security & Governance Policy and is easily customisable. Areas cover are: Security, Data Back-Up, Virus Protection, Internet & Email usage, Remote & 3rd Party Network Access, User-Account Management, Procurement, Asset Management and IS Service Continuity Planning
The Internet of Things: the 4 security dimensions of smart devicesWavestone
Like all major technological revolutions, digital transformation is spreading over many areas. The Internet of Things plays an important role in this trend, trough the emergence of numerous devices.
IET India cybersecurity advisory: security practices for remote workingIET India
We are living in a heightened time of cyber risk. Organisations are still operational by allowing their employees to work from home. Cybercriminals have started taking advantage of public fear to generate coronavirus themed phishing attacks. We should be aware of COVID-19 tagged emails with misleading links or attachments. The IET’s Cybersecurity working group has put together some best practices to be followed at this crucial time to safeguard employees and as well as organisations that are navigating the new order of remote working.
Read ahead to know steps that both organisations and individual employees can undertake to do their bit to secure their enterprise data.
The allure of incredibly powerful, easy-to-use handheld devices, constant global connectivity, and an app for everything have given rise to a stunning consumer-driven transformation of the IT landscape.
E-commerce is an important business transaction system in the network age. However, the network
intrusion, malicious users, virus attack and system security vulnerabilities have continued to threaten the
operation of the e-commerce, making e-commerce security encounter serious test. In order to avoid system
security flaw and defect caused user great loss, how to reduce e-commerce security risk has become a topic
worthy of further exploration. In this paper, the critical security requirement for the e-commerce system is
investigated and deduced the compliance, availability and manageability quality characteristics for ecommerce
software security requirement. Applying the quantified quality characteristics and proposes a
Security Requirement Quality Measurement (SRQM) model. Based on SRQM model, the paper develops a
Security Requirement Quality Improvement (SRQI) procedure to identify problem and defect of security
requirement quality. And assist in timely to adjust and revise the defects of security requirement quality,
enhance the e-commerce security effectively.
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
Major healthcare providers are tasked with protecting patient data and maintaining complex security compliance requirements enforced through rigorous audits. Mercy Health, a major Midwestern hospital system, became a Tripwire customer in 2013. Using Tripwire technology, they created a successful IT service by integrating their ITSM tool, streamlining their reporting process and more.
Mercy Health and Tripwire show you how to:
-Implement effective change management
-Strengthen security in Epic records systems
-Streamline the audit process
Yamana is our mobile device management service by which it gets easy to ensure that the Company’s employees use their mobile devices within the bounds of corporate policies.
This publication covers two important aspects of information security governance: determining the security strategy approach and the strategy development process.
This presentation was discussed in a Webinar with MetricStream in September 2016. It is applicable for small, medium and large businesses when considering information and cyber security risk.
This Slideshare presentation is a partial preview of the full business document. To view and download the full document, please go here:
http://flevy.com/browse/business-document/it-security-and-governance-template-312
This Word Document provides a template for an IT Security & Governance Policy and is easily customisable. Areas cover are: Security, Data Back-Up, Virus Protection, Internet & Email usage, Remote & 3rd Party Network Access, User-Account Management, Procurement, Asset Management and IS Service Continuity Planning
The Internet of Things: the 4 security dimensions of smart devicesWavestone
Like all major technological revolutions, digital transformation is spreading over many areas. The Internet of Things plays an important role in this trend, trough the emergence of numerous devices.
IET India cybersecurity advisory: security practices for remote workingIET India
We are living in a heightened time of cyber risk. Organisations are still operational by allowing their employees to work from home. Cybercriminals have started taking advantage of public fear to generate coronavirus themed phishing attacks. We should be aware of COVID-19 tagged emails with misleading links or attachments. The IET’s Cybersecurity working group has put together some best practices to be followed at this crucial time to safeguard employees and as well as organisations that are navigating the new order of remote working.
Read ahead to know steps that both organisations and individual employees can undertake to do their bit to secure their enterprise data.
The allure of incredibly powerful, easy-to-use handheld devices, constant global connectivity, and an app for everything have given rise to a stunning consumer-driven transformation of the IT landscape.
E-commerce is an important business transaction system in the network age. However, the network
intrusion, malicious users, virus attack and system security vulnerabilities have continued to threaten the
operation of the e-commerce, making e-commerce security encounter serious test. In order to avoid system
security flaw and defect caused user great loss, how to reduce e-commerce security risk has become a topic
worthy of further exploration. In this paper, the critical security requirement for the e-commerce system is
investigated and deduced the compliance, availability and manageability quality characteristics for ecommerce
software security requirement. Applying the quantified quality characteristics and proposes a
Security Requirement Quality Measurement (SRQM) model. Based on SRQM model, the paper develops a
Security Requirement Quality Improvement (SRQI) procedure to identify problem and defect of security
requirement quality. And assist in timely to adjust and revise the defects of security requirement quality,
enhance the e-commerce security effectively.
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
Major healthcare providers are tasked with protecting patient data and maintaining complex security compliance requirements enforced through rigorous audits. Mercy Health, a major Midwestern hospital system, became a Tripwire customer in 2013. Using Tripwire technology, they created a successful IT service by integrating their ITSM tool, streamlining their reporting process and more.
Mercy Health and Tripwire show you how to:
-Implement effective change management
-Strengthen security in Epic records systems
-Streamline the audit process
Yamana is our mobile device management service by which it gets easy to ensure that the Company’s employees use their mobile devices within the bounds of corporate policies.
This publication covers two important aspects of information security governance: determining the security strategy approach and the strategy development process.
This presentation was discussed in a Webinar with MetricStream in September 2016. It is applicable for small, medium and large businesses when considering information and cyber security risk.
The International Association of Risk and Compliance Professionals (IARCP) today announced a major revision of the Certified Information Systems Risk and Compliance Professional (CISRCP) certification program.
B. Lee Jones was a recipient of the prestigious CIO 100 Award for Enterprise Application Integration. Lee is a widely published and quoted authority on Enterprise Application architecture/integration, computer and network security, international information technology (IT) management, Regulatory standards(ISO CoBit, ITIL, ITSM, HIPAA and Sarbanes-Oxley), Machine Learning and Blockchain Technology.
Lee is an Elite Expert for IMS Expert Services and a GLG Scholar-Technology, Media and Telecom Councils and Expert Witness for Gerson Lehrman Group and serves as an IT adviser and contributor to Information Week, CIO Magazine, CIO Insight and several other leading industry publications. Lee and his COB/CEO were featured in State of the CIO. Lee has been a featured CIO speaker at the Stanford GSB High Technology Conference, featured CIO speaker at the UCLA Anderson School of Management BIT Conference, featured speaker on CIO Talk Radio, featured in the debut of myglobalcareer.com and featured panelist at the CIO Breakfast Briefing at NGDC and featured CIO speaker at the IT Management Conference in NYC. Lee was the Keynote Speaker at Interop Information Week Leadership Summit, Blockchain for Business Track Chairman for Blockchain Expo North America 2019 and Keynote Speaker at the Edge Computing World 2020.
Cybersecurity is difficult. It is a serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk continue to mature and expand on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the emerging challenges as it analyzes the cause-and-effect relationships of factors driving the future of cybersecurity.
Often when organizations are expanding rapidly, they do not give sufficient and necessary focus on information security aspects and guidelines, specifically IP protection.
Walls of Steel, Doors of Wood - Relevance of Application SecurityAbdul Jaleel
The maturity on securing network and system infrastructures has been the key focus and application security was mostly overlooked. In the slides I try to give a quick and crisp brief on why application security practices are important and how to embark on application security assurance programs
The 2014 IT Summit is a program for Executives and professionals in IT. Once a year the Connecticut Tech Council and Mohegan Sun Convention Center host the IT Summit.
IT Governance and Compliance: Its Importance and the Best Practices to Follow...GrapesTech Solutions
With new technology coming in every day, the need for IT governance and compliance is essential. IT governance and compliance are not only necessary for consumers but also for businesses. A strong IT governance plan can help add immense value to your business.
Many businesses are not aware of the importance of IT governance and Its Compliance. Hence it is important first to understand IT Governance and the Compliance Standards.
Explore the Significance of IT Governance and Compliance in 2024. Explore best practices for effective management, ensuring security, and meeting regulatory standards in the dynamic IT landscape.
Company Valuation webinar series - Tuesday, 4 June 2024FelixPerez547899
This session provided an update as to the latest valuation data in the UK and then delved into a discussion on the upcoming election and the impacts on valuation. We finished, as always with a Q&A
Digital Transformation and IT Strategy Toolkit and TemplatesAurelien Domont, MBA
This Digital Transformation and IT Strategy Toolkit was created by ex-McKinsey, Deloitte and BCG Management Consultants, after more than 5,000 hours of work. It is considered the world's best & most comprehensive Digital Transformation and IT Strategy Toolkit. It includes all the Frameworks, Best Practices & Templates required to successfully undertake the Digital Transformation of your organization and define a robust IT Strategy.
Editable Toolkit to help you reuse our content: 700 Powerpoint slides | 35 Excel sheets | 84 minutes of Video training
This PowerPoint presentation is only a small preview of our Toolkits. For more details, visit www.domontconsulting.com
An introduction to the cryptocurrency investment platform Binance Savings.Any kyc Account
Learn how to use Binance Savings to expand your bitcoin holdings. Discover how to maximize your earnings on one of the most reliable cryptocurrency exchange platforms, as well as how to earn interest on your cryptocurrency holdings and the various savings choices available.
The world of search engine optimization (SEO) is buzzing with discussions after Google confirmed that around 2,500 leaked internal documents related to its Search feature are indeed authentic. The revelation has sparked significant concerns within the SEO community. The leaked documents were initially reported by SEO experts Rand Fishkin and Mike King, igniting widespread analysis and discourse. For More Info:- https://news.arihantwebtech.com/search-disrupted-googles-leaked-documents-rock-the-seo-world/
LA HUG - Video Testimonials with Chynna Morgan - June 2024Lital Barkan
Have you ever heard that user-generated content or video testimonials can take your brand to the next level? We will explore how you can effectively use video testimonials to leverage and boost your sales, content strategy, and increase your CRM data.🤯
We will dig deeper into:
1. How to capture video testimonials that convert from your audience 🎥
2. How to leverage your testimonials to boost your sales 💲
3. How you can capture more CRM data to understand your audience better through video testimonials. 📊
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
Building Your Employer Brand with Social MediaLuanWise
Presented at The Global HR Summit, 6th June 2024
In this keynote, Luan Wise will provide invaluable insights to elevate your employer brand on social media platforms including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok. You'll learn how compelling content can authentically showcase your company culture, values, and employee experiences to support your talent acquisition and retention objectives. Additionally, you'll understand the power of employee advocacy to amplify reach and engagement – helping to position your organization as an employer of choice in today's competitive talent landscape.
Premium MEAN Stack Development Solutions for Modern BusinessesSynapseIndia
Stay ahead of the curve with our premium MEAN Stack Development Solutions. Our expert developers utilize MongoDB, Express.js, AngularJS, and Node.js to create modern and responsive web applications. Trust us for cutting-edge solutions that drive your business growth and success.
Know more: https://www.synapseindia.com/technology/mean-stack-development-company.html
"𝑩𝑬𝑮𝑼𝑵 𝑾𝑰𝑻𝑯 𝑻𝑱 𝑰𝑺 𝑯𝑨𝑳𝑭 𝑫𝑶𝑵𝑬"
𝐓𝐉 𝐂𝐨𝐦𝐬 (𝐓𝐉 𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬) is a professional event agency that includes experts in the event-organizing market in Vietnam, Korea, and ASEAN countries. We provide unlimited types of events from Music concerts, Fan meetings, and Culture festivals to Corporate events, Internal company events, Golf tournaments, MICE events, and Exhibitions.
𝐓𝐉 𝐂𝐨𝐦𝐬 provides unlimited package services including such as Event organizing, Event planning, Event production, Manpower, PR marketing, Design 2D/3D, VIP protocols, Interpreter agency, etc.
Sports events - Golf competitions/billiards competitions/company sports events: dynamic and challenging
⭐ 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐝 𝐩𝐫𝐨𝐣𝐞𝐜𝐭𝐬:
➢ 2024 BAEKHYUN [Lonsdaleite] IN HO CHI MINH
➢ SUPER JUNIOR-L.S.S. THE SHOW : Th3ee Guys in HO CHI MINH
➢FreenBecky 1st Fan Meeting in Vietnam
➢CHILDREN ART EXHIBITION 2024: BEYOND BARRIERS
➢ WOW K-Music Festival 2023
➢ Winner [CROSS] Tour in HCM
➢ Super Show 9 in HCM with Super Junior
➢ HCMC - Gyeongsangbuk-do Culture and Tourism Festival
➢ Korean Vietnam Partnership - Fair with LG
➢ Korean President visits Samsung Electronics R&D Center
➢ Vietnam Food Expo with Lotte Wellfood
"𝐄𝐯𝐞𝐫𝐲 𝐞𝐯𝐞𝐧𝐭 𝐢𝐬 𝐚 𝐬𝐭𝐨𝐫𝐲, 𝐚 𝐬𝐩𝐞𝐜𝐢𝐚𝐥 𝐣𝐨𝐮𝐫𝐧𝐞𝐲. 𝐖𝐞 𝐚𝐥𝐰𝐚𝐲𝐬 𝐛𝐞𝐥𝐢𝐞𝐯𝐞 𝐭𝐡𝐚𝐭 𝐬𝐡𝐨𝐫𝐭𝐥𝐲 𝐲𝐨𝐮 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐚 𝐩𝐚𝐫𝐭 𝐨𝐟 𝐨𝐮𝐫 𝐬𝐭𝐨𝐫𝐢𝐞𝐬."
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Iob gm's lecture 7th jan 2014 GRC and corporate governance in Financial services
1. Wishing You All A Very Happy
&
Prosperous New Year 2014
Your Professional Well-wisher
Prof. K. Subramanian
2. Governance, Risk & Compliance in Cyber Era
Business Services Assurance in Cyber EraChallenges Before the Financial Services sector
Prof. K. Subramanian
SM(IEEE, USA), SMACM(USA), FIETE,
SMCSI,MAIMA,MAIS(USA),MCFE(USA)
Founder Director & Professor, Advanced Center for Informatics &
Innovative Learning (ACIIL), IGNOU
EX- IT Adviser to CAG of India
Ex-Sr. DDG(NIC), Ministry of Comm. & IT
Emeritus President, eInformation Systems, Security, Audit Association
Former President, Cyber Society of India
01/15/14
Prof.KS@2014 IOB GM's presentation Jan 14
2
4. Notable Quotes
"The poor have sometimes objected to being governed
badly; the rich have always objected to being governed at
all." G. K. Chesterton
“Ever since men began to modify their lives by using technology
they have found themselves in a series of technological traps.”
Roger Revelle
“The law is the last interpretation of the law given by the last
judge.”- Anon.
“Privacy is where technology and the law collide.”
--Richard Smith
(who traced the ‘I Love You’ and ‘Melissa viruses’)
"Technology makes it possible for people to gain control
over everything, except over technology" John Tudor
4
6. Principles of Good Governance
Leadership
Selflessness
Integrity
Objectivity
Accountability
Openness
Honesty
01/15/14 2013
10th september
Humane Governance
Should be Creative
Uses Knowledge for
National Wealth and
Health creation
Understands the
economics of Knowledge
High Morality
Prof.KS@2014 IOB GM's
presentation Jan 14
6
6
9. Corporate Governance
Business Assurance Framework
Global Phenomena
Combined Code of UK
and SOX of USA
Basel II & III
Project Governance
IT Governance
Human & Humane
Governance
01/15/14
India Initiatives
1. Clause 49
2. Basel II & III -RBI
3.SEBI- Corporate
Governance
Implementation
directives
4.Risk management-RBI
(Basel 2/3)& TRAI
5. MCA Initiatives 2013
Prof.KS@2014 IOB GM's
presentation Jan 14
9
9
10. Global issues with Governance of
Cyber Space
Information Technology & Business: current status and
future
Does IT matter? IT--enabled Business
- Role of Information, Information Systems
- In business
- Role of information technology in enabling business
- IT dependence
Changing Role of the CIO
Web 2.0 and 3.0 and governing cyberspace
eBusiness, eHealth, eBanking, eGovernance
Current Challenges and Issues
01/15/14
Prof.KS@2014 IOB GM's
presentation Jan 14
10
10
11. Creating Trust in an Enterprise
Today's information explosion is creating challenges
for business and technology leaders at virtually every
organization. The lack of trusted information and
pressure to reduce costs is on the minds of CEOs and
senior executives around the world.
What's required to solve these challenges is a
paradigm shift - from generating and managing
silos - of information, of talent and skills, of
technologies and of projects to an environment
where information is a trusted, strategic asset
that is shared across the company.
11
13. ICT operations and
maintenance
Project management
and construction
ICT Transaction/
concession design
ICT planning and
design
ICT technical
solutions
Marketing and
distribution
Training
Borrowing capacity
Capital investment,
eg network
expansion
Business - technical
Investment in R & D
regulatory
developmental
Civil society
-
Investment promotion
Legal framework for
freedom of information
Sales and promotions
ICT Risk/venture capital
informational
Government
financial
Business
–
Access to development
finance
Civil society
-
ICT Infrastructure
strategy
Revenue collection
Design Parameters
informational
ICT Regulatory powers
– price, quality,
interconnections,
competition)
Government
Subsidies
Innovation (high risk), eg
community telecentres
Local customer
knowledge
Capacity to
network
Knowledge of user
demand, eg
technology and
information gaps
Civil society - technical
ICT skills development
Expertise in design of
‘relevant’ content
A voice for the
socially excluded
Capacity to mobilise
civil society
13
13
14. Operational Integration
Professional Integration (HR)
Emotional/Cultural Integration
ICT & Government Business & Services Integration
Multi Technology coexistence and seamless integration
Information Assurance
Quality, Currency, Customization/Personalization
ICE is the sole integrator IT Governance is Important
14
14
17. Enabling to rapidly move up the
Governance Evolution Staircase
4. Transformation
Strategy/Policy
People
Process
Technology
2. Interaction
Cost/
Complexity
1.
Searchable
Database
Public response/
email
Content mgmt.
Increased
Presence support staff
Governance
Publish
Knowledge mgmt.
E-mail best prac.
Existing
Content mgmt.
Metadata
Streamline
Data synch.
processes
Web site
Markup
Search engine
E-mail
3. Transaction
Competition
Confidentiality/privacy
Fee for transaction
E-authentication
Self-services
Skill set changes
Portfolio mgmt.
Sourcing
Inc. business staff
BPR
Relationship mgmt.
Online interfaces
Channel mgmt.
Legacy sys. links
Security
Information access
24x7 infrastructure
Sourcing
Funding stream allocations
Agency identity
“Big Browser”
Job structures
Relocation/telecommuting
Organization
Performance accountability
Multiple-programs skills
Privacy reduces
Integrated services
Trigger
Change value chain
New processes/services
Change relationships
(G2G, G2B, G2C, G2E)
New applications
New data structures
5. Outsourcing
Define policy and
outsource execution
Retain monitoring and control
Evolve PPP model
Outsource service delivery staff
Outsource process execution staff
Outsource customer
facing processes
Outsource backend processes
Constituent
Applications
Infrastructure
Value
Time
17
18. Threat & Vulnerability Management
Authenticating user identities with a range of
mechanisms, such as tokens, biometrics and
Public Key Infrastructure
Developing user access policies and
procedures, rules and responsibilities and a
standardized role structure that helps
organizations meet and enforce security
standards
Centralizing user data stores in a single
enterprise directory that enables increased
efficiencies in user administration, access
control and authentication
Reducing IT operating costs and increasing
efficiency by implementing effective user
management to support self-service and
automate workflow, and by provisioning and
instituting flexible user administration
01/15/14
You need an integrated threat and
vulnerability management solution to better
monitor, report on and respond to complex
security threats and vulnerabilities, as well as
meet regulatory requirements.
You need to protect both your own
information assets and those you are
custodian of, such as sensitive customer data.
You want a real-time, integrated snapshot of
your security posture.
You want to correlate events from data
emerging from multiple security touch points.
You need support from a comprehensive
inventory of known threat exposures.
You need to reduce the cost of ownership of
your threat and vulnerability management
system
Prof.KS@2014 IOB GM's presentation Jan 14
18
19. Risk Identification
Assess current security capabilities, including threat management, vulnerability
management, compliance management, reporting and intelligence analysis.
Define identify technology requirements for bridging security gaps
Integrated Security Information Management
Develop processes to evaluate and prioritize security intelligence information received
from external sources, allowing organizations to minimize risks before an attack
Implement processes that support the ongoing maintenance, evolution and
administration of security standards and policies
Determine asset attributes, such as direct and indirect associations, sensitivity and asset
criticality, to help organizations allocate resources strategically
Assist in aggregating security data from multiple sources in a central repository or
"dashboard" for user-friendly presentation to managers and auditors
Help design and implement a comprehensive security reporting system that provides a
periodic, holistic view of all IT risk and compliance systems and outputs
Assist in developing governance programs to enforce policies and
accountability
19
20. 9 Rules of Risk Management
There is no return without risk
Rewards to go to those who take risks.
Be Transparent
Risk is measured, and managed by people,
not mathematical models.
Know what you Don’t know
Question the assumptions you make
Communicate
Risk should be discussed openly
Diversify
Multiple risk will produce more consistent
rewards
Sow Discipline
A consistent and rigorous approach will
beat a constantly changing strategy
Use common sense
It is better to be approximately right, than
to be precisely wrong.
Return is only half the question
Decisions to be made only by considering
the risk and return of the possibilities.
RiskMetrics Group
01/15/14
Prof.KS@2014 IOB GM's presentation Jan 14
20
21. Threat Modeling
Threat modeling is critical to address security
Prevention, detection, mitigation
There is no universal model yet
Mostly case-by-case
Efforts are under way
Microsoft threat modeling tool
Allows one to uncover security flaws using STRIDE
(Spoofing, Tampering, Repudiation, Information Disclosure,
Denial of Service, and Elevation of Privilege)
Decompose, analyze and mitigate
Insider threat modeling essential
01/15/14
Prof.KS@2014 IOB GM's presentation Jan 14
21
22. Insider Threat Modeling
How modeling can help you?
An alternative to live vulnerability testing (which is not feasible)
Modeling and analysis will reveal possible attack strategies of an
insider
Modeling and risk analysis can help answer the following
questions statically:
How secure is the existing setup?
Which points are most vulnerable?
What are likely attack strategies?
Where must security systems be placed?
What you cannot model
Non-cyber events – disclosures, memory dumps, etc.
01/15/14
Prof.KS@2014 IOB GM's presentation Jan 14
22
23. Calder- Moir IT Governance Framework
10th september 2013
Prof. KS@2013 Assocham conf GRC 2013
23
24. CXO Internal Strategic Alliances
CIO & CEO
Business Led Info. strategy
CIO & CMO
Competitive Edge & CVP
CIO & CTO
Cost-Benefit Optimization
CIO & CFO
Shareholder Value Maximization
CIO & CHRO
Employee Performance and Rewards
CIO & Business Partners Virtual Extended Enterprise
24
25. The Productivity Promise
Capital Productivity
(ROI, EVA, MVA)
Material Productivity
(60% of Cost)
Managerial Productivity
(Information Worker)
Labour Productivity
(Enabled by IW)
Company Productivity
Micro
Factor Productivity
Macro
25
26. CEO-CTO-CIO-CSO
CXO & IT Governance
Responsibility
the roles and responsibilities
"These systems should
for IT governance, highlighting
ensure that both business
the parts played by the CEO,
and technology managers are
business executives, CIO, IT
properly engaged in
steering committee,
identifying compliance
technology council, and IT
requirements and planning
architecture review board
compliance initiatives which
typically involve
complementary adjustments
in systems, practices,
training and organization"
26
28. Way Forward
Learn more about own Businesses.
Reach out to all Business & Function Heads.
Sharpen Internal Consultancy Competences.
Proactively Seize the Repertoire of Partners
Foster two way flow of IS & Line Talent.
28
30. Importance of Group Standards -no one standard meets all requirements
ISO 27001/BS7799 Vs COBIT Vs CMM & PCMM Vs ITIL
Mission
Mission
Business Objectives
Business Objectives
Business Risks
Business Risks
Applicable Risks
Applicable Risks
Internal Controls
Internal Controls
Review
Review
01/15/14
Prof.KS@2014 IOB GM's presentation Jan 14
30
31. “IT Regulations and Policies-Compliance & Management”
CREATIVITY VS COMMAND CONTROL
Too much Creativity
results in anarchy
Too much command & control
Kills Creativity
We Need a Balancing Act
In IT Regulations and Policies-Compliance & Management
31
33. Assurance in the PPP Environment
10th september 2013
Prof. KS@2013 Assocham conf GRC 2013
33
34. Governance - Final Message
“In Governance matters
Past is no guarantee;
Present is imperfect
&
Future is uncertain“
“Failure is not when we fall down, but when we fail to get up”
34
35. Learning From Experience
========================
1. The only source of knowledge is experience.
-- Einstein
2. One must learn by doing the thing; for though you think you know it, you
have no certainty, until you try.
-- Sophocles
3. Experience is a hard teacher because she gives the test first, and the lesson
afterwards.
-- Vernon Sanders Law
4. Nothing is a waste of time if you use the experience wisely.
-- Rodin
35
36. Security/Risk Assurance Expectations
“To determine how much is too much, so that we can implement
appropriate security measures to build adequate confidence and
trust”
“To derive a powerful logic for implementing or not
implementing a security measure”
36
37. Let us Assure Good Governance & Business Assurance in Cyber Era
THANK YOU
For Interaction:
Prof. K. Subramanian
ksdir@nic.in
ksmanian48@gmail.com
Tele: 011-22723557
01/15/14
Prof.KS@2014 IOB GM's presentation Jan 14
37
Editor's Notes
Government is by the people, for the people, and of the people
How do you handle, where do you start?
Part of the SWOT analysis – strength, weakness, opportunity and threat analysis.
Threat modeling just like any systems such as reliability is a good starting point
Decompose your system, analyze component for susceptibility to the threats, and mitigate the threats.
The development was guided by the Software Engineering Institute’s efforts in the late 80’s in building maturity models for software development.
By using such a scale, an organization can determine where it is, define where it wants to go and, if it identifies a gap, it can do an analysis to translate the findings into projects. Reference points can be added to the scale. Comparisons can be performed with what others are doing, if that data is available, and the organization can determine where emerging international standards and industry best practices are pointing for the effective management of security and control.