Www.adira.org Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.

Slides:

Advertisements

Similar presentations

Environmental Management System Implementation

Advertisements

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

Environmental Management System (EMS)

SL21 Information Security Board Mission, Goals and Guiding Principles.

ISO 9001 : 2000.

Agenda COBIT 5 Product Family Information Security COBIT 5 content

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:

Environmental Management Systems An Overview With Practical Applications.

Developing a Records & Information Retention & Disposition Program:

Quality evaluation and improvement for Internal Audit

Office of Inspector General (OIG) Internal Audit

First Practice - Information Security Management System Implementation and ISO Certification.

Session 3 – Information Security Policies

1 IT Security Awareness, Training and Education Trends Dan Costello Policy Analyst OMB.

Information Systems Controls for System Reliability -Information Security-

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Internal Auditing and Outsourcing

Peer Information Security Policies: A Sampling Summer 2015.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

Continual Service Improvement Process

Equity Housing Group Risk Management. 05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The.

Fraud & Internal Control Frank M. Klaus, CPA. Fraud Definition  Fraud is the misappropriation of assets for the benefit of an individual.  “Willful.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Occupational Health and Safety

Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

COBIT - IT Governance.

STORAGE MANAGEMENT/ EXECUTIVE: Managing a Compliant Infrastructure Processes and Procedures Mike Casey Principal Analyst Contoural Inc.

Roles and Responsibilities

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Instructional & Information Technology Services Fall, Activities and Updates Teresa Macklin Information Security Officer Information Security.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Practice Management Quality Control

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

QUALITY MANAGEMENT STATEMENT

Information Security 14 October 2005 IT Security Unit Ministry of IT & Telecommunications.

DATA IT Senate Data Governance Membership IT Senate Data Governance Committee Membership Annie Burgad, Senior Programmer, Central IT Julie Cannon, Director.

A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,

ISO/IEC 27001:2013 Annex A.8 Asset management

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

TMS - Cooperation partner of TÜV SÜD EFFECTIVE SERVICE MANAGEMENT based on ISO/IEC & ISO/IEC

IT Summit November 4th, 2009 Presented by: IT Internal Audit Team Leroy Amos Sue Ann Lipinski Suzanne Lopez Janice Shelton.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.

H UMAN R ESOURCES M ANAGEMENT August 18, O UTLINE Key Results Ensure all stakeholders are well informed of cybersecurity and its financial impact.

BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.

Veterans Integrated Service Network GEMS Coordinator Roles and Responsibilities.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Information Security Policy Development for Management By Peter McCarthy.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

Managed IT Services JND Consulting Group LLC

EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.

SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.

Data Minimization Framework

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Information Security Board

UConn NIST Compliance Project

RECORDS AND INFORMATION

Presentation transcript:

Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management and Governance)  IS governance consultant, certified by ISACA, (CGEIT)  Teacher at ……..  IS Auditor trained at IAE of Paris  Operational experience based on more than 20 years as CIO in international environment

Governance & management rules 1/4  BYOD policy must be approved by executive management  Executive management receives regularly scheduled status reports on BYOD usage  Executive management receives on risk management status report on regular basis Governance structure Goal : BYOD is subject to oversight and monitoring by management Governance structure Goal : BYOD is subject to oversight and monitoring by management Policies Goal : Policies supporting BYOD initiatives have been defined, documented, approved, implemented and maintained Policies Goal : Policies supporting BYOD initiatives have been defined, documented, approved, implemented and maintained  Employee BYOD Agreement / Mobile Acceptable Use Policy (MAUP)  BYOD processes are integrated into HR services, policies, and compliance.  Limited access for third parties when connecting to the enterprise networks and IT systems  Exemptions from BYOD policies

 Impact analysis must be carried out to identify potential impacts and risk on BYOD approach  BYOD procedures must be updated according to the legal requirements Legal Goal : BYOD procedures comply with legal requirements and minimize the organization’s exposure to legal actions Legal Goal : BYOD procedures comply with legal requirements and minimize the organization’s exposure to legal actions  Identifying skills and competences needed for the BYOD environment  Setting up the process to support BYOD usage within the enterprise Technical and users support Goal : A support function, dedicated to BYOD area must be established to process technical and user issues Technical and users support Goal : A support function, dedicated to BYOD area must be established to process technical and user issues Governance & management rules 2/4

Governance & management rules 3/4  BYOD Initial Risk Assessment (prior to implementing the BYOD program) (data confidentiality, juridical, human, technical,..)  BYOD Ongoing Risk Assessment Risk management Goal : BYOD is subject to routine risk assessment processes Risk management Goal : BYOD is subject to routine risk assessment processes  Initial Training : BYOD users are required to attend initial training on BYOD policy and procedures  Security and Awareness Training : Security awareness, at least annually Training Goal : BYOD users attend initial orientation training and regular follow-up training Training Goal : BYOD users attend initial orientation training and regular follow-up training

Governance & management rules 4/4  Device Access Restrictions: BYOD users are required to restrict access to their devices.  Data Access / Encryption / Data Protection  Malware Protection: BYOD mobile devices are required to have standard anti-malware defenses.  ……. Mobile device layer security Goal : BYOD users are required to maintain basic security procedures for the device Mobile device layer security Goal : BYOD users are required to maintain basic security procedures for the device  Central management of BYOD devices characteristics, configuration, owner,....  Central management of IT procedures / Monitoring of BYOD usage  Remote management  Mobile device management Goal : Enterprises has to use an Identification and Maintenance of Configuration Items Mobile device management Goal : Enterprises has to use an Identification and Maintenance of Configuration Items

Maturity assessment, example and tools This spider graph is an example of the assessment results and maturity target for a BYOD management assessment Link to COBIT process

Going Further …Conclusion  Operational sales force tools  Attract talents  E-reputation  Users satisfaction / productivity  …….. BYOD phenomenon is a risk but could be a value creation opportunity Data governance encourages behavior in the valuation, creation, storage, use, archival and deletion of data and information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of data and information in enabling an organization to achieve its goals.  Data policies  Data classification and valuation  Data quality (accuracy, accessibility, consistency, completeness,…..)  Data compliance  Data security  Data management and ownership  ……….. BYOD reinforces the enterprise data management and governance needs

Questions Thanks for your attention