Enterprise risk management

Slides:



Advertisements
Similar presentations
IT Security Policy Framework
Advertisements

OEMBA Information Systems Course James R. Coakley PhD, Accounting Information Systems Minor in Statistics and Computer Science MBA BS, Math/Computer Science.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
Chapter 29 Ethics in Accounting
Accountability in Human Resource Management Dr. Jack J. Phillips.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
First Practice - Information Security Management System Implementation and ISO Certification.
Implementing and Auditing Ethics Programs
An Approach to Case Analysis
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Information Systems Controls for System Reliability -Information Security-
MGT-555 PERFORMANCE AND CAREER MANAGEMENT
© Copyright 2012 Pearson Education. All Rights Reserved. Chapter 10 Fraud & Internal Control ACCOUNTING INFORMATION SYSTEMS The Crossroads of Accounting.
Internal Auditing and Outsourcing
1 Talal Abu Ghazaleh Information Technology International (TAG-ITI)
© 2014 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
Implementing and Auditing Ethics Programs
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
Home. Copyright © by The McGraw-Hill Companies, Inc. All rights reserved.Glencoe Accounting The accounting profession requires its members to follow a.
Internal Control in a Financial Statement Audit
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:
Is Vendor Management The New Risk Management? Douglas DeGrote.
INFORMATION SECURITY MANAGEMENT L ECTURE 8: R ISK M ANAGEMENT C ONTROLLING R ISK You got to be careful if you don’t know where you’re going, because you.
WESTERN PA CHAPTER OF THE AMERICAN PAYROLL ASSOCIATION – NOVEMBER 4, 2015 Risk Management for Payroll.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder Section 404 Audits of Internal Control and Control Risk Chapter 10.
Dolly Dhamodiwala CEO, Business Beacon Management Consultants
Enterprise Security Program Overview Presenter: Braulio J. Cabral NCI-CBIIT/caBIG Enterprise Security Program Coordinator.
Quantifying Cyber Security Risk in Dollars and Cents to Optimize Budgets CRM008 Speakers: Chris Cooper, VP, Operational Risk Officer; RGA Reinsurance Company.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Learning Objective Chapter 12 Using Reports and Proposals Copyright © 2001 South-Western College Publishing Co. Objectives O U T L I N E Types of Reports.
Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.
HUMAN RESOURCE MANAGEMENT
Unit 4: Impact of the Use of IT on Business Systems
Dr. Yeffry Handoko Putra, M.T
Information Security Policy
Information Security Program
The accounting profession requires its members to follow a code of ethics.
MGMT 452 Corporate Social Responsibility
MGMT 452 Corporate Social Responsibility
6th Asian Roundtable on Corporate Governance Theme II, Session 2 Ensuring Capacity, Integrity and Accountability of Regulators and Supervisors Jaweria.
BUS 650 paper peer educator/bus650paperdotcom
Implementing and Auditing Ethics Programs
DEPARTMENT OF MANAGEMENT STUDIES
Board Concerns About Cyber Security
GDPR Awareness and Training Workshop
Service Organization Control (SOC)
CMGT 431 Competitive Success/snaptutorial.com
BUS 401 Possible Is Everything/snaptutorial.com
CIS 558Competitive Success/tutorialrank.com
BUS 650 Lessons in Excellence-- bus650.com. BUS 650 Entire Course For more course tutorials visit BUS 650 Week 1 DQ 1 The Role of Financial.
BUS 511 Education on your terms/tutorialrank.com.
CIS 558 Education for Service-- tutorialrank.com.
BUS 511 Become Exceptional/ newtonhelp.com. BUS 511 Week 1 Creating Business Strategies and Goals For more course tutorials visit BUS.
BUS 650 Education for Service-- tutorialrank.com
Welcome Back Glencoe Accounting.
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Chapter 8 Developing an Effective Ethics Program
Cyber security Policy development and implementation
BIS 221 Great Wisdom/tutorialrank.com. BIS 221 All Assignments For more course tutorials visit BIS 221 Week 2 Assignment Business.
Exchange and Sharing of Economic Data
IS Risk Management Framework Overview
Key Value Indicators (KVIs)
Third-party risk management (TPRM)
The General Data Protection Regulations 2016
Presentation transcript:

Enterprise risk management INFO 312 AUTUMN 2015 UNIVERSITY OF WASHINGTON INFORMATION SCHOOL WEEK #6B NOVEMBER 4, 2015

Your papers All are graded. Pleasantly surprised. Several are publishable. Advice you get from me on papers will stand you in good stead in other classes where you have to write. Make reference to the course readings as well as to other research you have done. Figure out how you know something and then give credit in citations. Don’t just summarize the reading that you have done – come up with your own set of recommendations as well. If you are writing on a topic you have no reason to believe that your teacher knows much about, take the time to explain the company or issue.

Managing risk and information security Malcolm Harkins, Intel

Harkins article: risk and information security First example in article highlights third party risk, which is our theme this week. How much risk is involved in outsourcing payroll? What questions/guarantees should be extracted from the proposed vendor? Article points out that information security team is often required, not just by HR, but by other parts of the firm as well where information risk is concerned. Next example is the technology group where partnership is also important. Information risk governance processes focuses on enabling (not hindering) the business while protecting confidentiality, integrity and availability of the information, corporate or personal, whether about employees or customers.

How bureaucratic is governance? MIT Center for Information Systems Research (MIT CISR): “Good governance is enabling and reduces bureaucracy and dysfunctional politics by formalizing organizational learning and thus avoiding the trap of making the same mistakes over and over again.” MIT research shows that firms with good IT governance have profits that are 20% higher than the competition IT policies provide a good framework but should allow latitude in how the work is carried out. If too preoccupied with rules and procedures, we may fail and not get desired outcome

RACI model for IT and risk governance

Another view of the RACI

RACI Example: Going to court

Intel internal information risk focus (2012)

Important Partnerships at Intel Legal Privacy Litigation Intellectual Property and Data Classification Contracts Financial Compliance (SEC) Employees Via security policies Via training, awareness and corporate information Internal Audit Corporate Security

A fair approach to managing information risk Jack Freund and Jack Jones

What is FAIR approach? “Factor Analysis of Information Risk (FAIR) is the only international standard Value at Risk (VaR) model for cyber security and operational risk. Provides a model for understanding, analyzing and quantifying information risk in financial terms Unlike risk assessment frameworks that focus their output on qualitative color charts or numerical weighted scales  Builds a foundation for developing a scientific approach to information risk management Benefits: Speak in one language concerning your risk Consistently study and apply risk to any object or asset View organizational risk in totality Challenge and defend risk decisions using an advanced risk model Understand how time and money will impact your security profile” From http://www.risklens.com/what-is-fair

FAIR = An enterprise scalable risk model Risk Model Components An ontology and standard nomenclature for information and operational risk A framework for establishing data collection criteria Measurement scales for risk factors Integrates into a computational engine for calculating risk A modeling construct for analyzing complex risk scenarios -- From http://www.risklens.com/what-is-fair

Questions? asearle@uw.edu abbast@uw.edu

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.