Proactive Risk Management and Compliance in a World of Digital Disruption
•Download as PPTX, PDF•
0 likes•167 views
Is the CISO the new CEO. Proactive Risk Management and Compliance in a World of Digital Disruption presentation at annual Information Technology Security and Audit (CACS) event in Chicago...as GDPR becomes a reality!
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Proactive Risk Management and Compliance in a World of Digital Disruption
Similar to Proactive Risk Management and Compliance in a World of Digital Disruption (20)
More from Mike Wons
More from Mike Wons (8)
Recently uploaded
Recently uploaded (20)
Proactive Risk Management and Compliance in a World of Digital Disruption
- 1. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. Michael Wons CTO & Global Product Officer SAI Global Proactive Risk Management and Compliance in a World of Digital Disruption
- 2. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. Presenter Mike Wons joined the SAI Global, Inc. senior leadership team at the beginning of 2018 as the CTO and Global Product Officer for the leading provider of Integrated Risk Management (IRM) solutions. In this role, Mike leads all aspects of strategic technological execution including: product management, platform strategy, content management strategy, software development, delivery and dev ops in the visioning, creation, development and deployment of a global integrated risk management and compliance platform for the industry. Most recently prior to joining SAI Global, Mike served as an appointed member of Illinois Governor Rauner’s senior staff as the first State-wide Chief Technology Officer (CTO). There Mike was focused on establishing and implementing the Illinois “FIRST” strategy for shaping the future of Technology and Innovation across Illinois. Mike is a noted industry expert on Technology, Security and Industry Platforms.
- 3. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. Connecting the World of Risk Connecting Two Worlds of Risk: Business Operations and IT Business Operations Risk Acceptance Driven By Business Need IT Standard Delivery Influenced By Technology Driven Business Need Operations-Centric Risk Analysis Connecting Both Needs *Source Gartner
- 4. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. Strategic Risk Solutions Market Snapshot from the CISO, CCO, CRO, GC and Finance
- 5. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. In an Age of Customer Risk Issues are Amplified TRUST MEANS TREATING CUSTOMERSFAIRLY AND BEHAVING ETHICALLY. 83% HOW CAN ACOMPANY WIN BACKTRUST? PUBLICLY ACKNOWLEDGE RESPONSIBILITY FOR PROBLEMS AND ADEQUATELY CORRECTTHEM. 47% IMAGINE LOSING 2OUT OF EVERY 5 CUSTOMERS BECAUSEYOU WERE ASLOPPY RECORD KEEPER! 43%
- 6. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. Risk Needs to move from Conformance to Performance RESULT: Better visibility for strategic risk objectives Leadership determines appetite for risk Connect risk appetite to behavior and process Embed into business
- 7. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. Current Methods do not keep up Unclear roles and responsibilities Decisions made in silos Ad-hoc tools, processes, spreadsheets & office based products Risk managed at the business unit level
- 8. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. Corporate Failures elevate the need to take an integrated approach to risk management
- 9. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. Connecting the World of Risk *Source Gartner
- 10. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. But Wait…
- 11. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. State of Technology – Digital Transformation Digital Disruption at a Rapid Pace Internet of Things Mobility, Virtual Reality, Wearables Blockchain, Distributed Ledger Bots, Virtual Assistants Enterprise Cybersecure Environment Data Facilities Devices People
- 12. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. State of Technology – Digital Transformation Digital Disruption at a Rapid Pace - IoT PC BYOD IoT 1990 2015 2020 0 5 Billion 30 BillionThe Internet of Things is the network of dedicated physical objects (things) that contain embedded technology to sense or interact with their internal state or external environment. * Forescout 2018 – The World of Connected Things Presentation
- 13. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. State of Technology – Digital Transformation Digital Disruption at a Rapid Pace – Mobility, Wearables Piwek L, Ellis DA, Andrews S, Joinson A (2016) The Rise of Consumer Health Wearables: Promises and Barriers. PLoS Med 13(2): e1001953. doi:10.1371/journal.pmed.1001953 http://journals.plos.org/plosmedicine/article?id=info:doi/10.1371/journal.pmed.1001 953
- 14. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. State of Technology – Digital Transformation Digital Disruption at a Rapid Pace – Bots and Virtual Assistants
- 15. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. State of Technology – Digital Transformation Digital Disruption at a Rapid Pace – Blockchain/Distributed Ledger Technology
- 16. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. This is a challenge that can be solved…
- 17. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. Establish an Integrated Risk Management approach Platform Characteristics IRM Platform Industry Leaders Architecture Open, Integrated • Containerized development and deployment • Micro-services Based Open Architecture • REST Based API’s Content Risk-focused • Integrated pre-bundled standards, policies and learning content Design Business workflow oriented • Integrated workflow engine for policies, incidents, vendors and supply-chains, people Features / Functions Flexible • Configurable to customers needs Use Ecosystem—driven, cross business unit, partners/suppliers • Open industry platform • Pre-integrated partner solutions • Works with your internal systems Differentiators Platform, Implementation Methodology, Industry Experts • Global footprint • Best Practices Based Implementation Methodology • Suitable for any sized organization Above adopted from GRC vs. IRM Solutions – What’s the Difference by John A. Wheeler of Gartner | February 13, 2018
- 18. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. Proactive Risk Management Begins with Enterprise Visibility ASSESS DISCOVER CLASSIFY Continuous, Real- Time Visibility, Discovery Classification and Assessment
- 19. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. Proactive Risk Management Begins with Enterprise Visibility
- 20. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. Cybersecure is the Key • Information Security – Protect information from unauthorized disclosure – Ensure information is trustworthy – Guarantee reliable access to mission critical information • Cyber-Resiliency – Ability to anticipate, withstand and recover from adverse cyber-events – Evolve and improve in pace with the ever-changing cyber landscape
- 21. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. Proactive Risk Management and Compliance in a World of Digital Disruption Think… • Proactive = Visibility • Cybersecure at the Core • Is the CISO the next CEO • SOC is a must ...to accelerate the transformation journey to Proactive Risk Management in a Digital World!
- 22. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. Proactive Risk Management and Compliance in a World of Digital Disruption
- 23. Copyright © 2018 Information Systems Audit and Control Association, Inc. All rights reserved. Questions? Michael.Wons@saiglobal.com Come visit us at the show
Editor's Notes
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.
- Replaces Data Protection Directive 95/46/EC Harmonize Data Privacy Laws across Europe Protect and Empower all EU citizens data privacy Approved by the EU Parliament on April 14th, 2016 Enforcement date: May 25th, 2018 How it affects organizations in America If their organization has any employees, contractors, customers, or third-party partners in the EU then they need to understand their GDPR risk exposure. Any company GLOBALLY that does business with companies in the EU or that holds EU citizen data is required to comply or they will incur significant fines. It’s retroactive to find and identify the types of data, where it is, where it isn’t and it’s a big task that involves a lot of people in various roles Companies have to prove, demonstrate and attest to compliance to supervising authorities.