© Huron Consulting Group. All rights reserved Confidential Information. Experience. Redefined. BOSTON CHARLOTTE CHICAGO HOUSTON LOS ANGELES NEW YORK SAN.

Slides:



Advertisements
Similar presentations
Agenda COBIT 5 Product Family Information Security COBIT 5 content
Advertisements

1 Risk Management at Progressive Insurance How we got started Getting corporate support Capital Management Examples of deliverables The value risk management.
E-Discovery LIMITS ON E-DISCOVERY. No New Preservation Rule When does duty to preserve attach? Reasonably anticipated litigation. Audio sanctions.
EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.
1 © Copyright 2008 EMC Corporation. All rights reserved. Litigation Response Planning: eDiscovery Best Practices Stephen O’Leary Sr. eDiscovery and Compliance.
The Australian/New Zealand Standard on Risk Management
Vendor Management Frequent regulatory findings:
Software Asset Management
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
How To Prepare To Sell Your Business: Steps To Take Now Susan Wissink Fennemore Craig.
Records, Archives, and Transparency in the Development Community Initiatives from the World Bank Group Archives Elisa Liberatori Prati, World Bank Group.
Consultancy.
Strategic Information Systems Planning
Global Capabilities Archiving – Designing from Top to Bottom Gary Brown Dimension Data.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October
Implementing and Auditing Ethics Programs
Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
HBCU National Workshop June 24, 2011 Disaster Recovery Reggie Brinson Assoc. VP/Chief Information Officer Clark Atlanta University.
INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.
Human Resource Management Lecture 27 MGT 350. Last Lecture What is change. why do we require change. You have to be comfortable with the change before.
Internal Control in a Financial Statement Audit
David N. Wozei Systems Administrator, IT Auditor.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Marco Nasca Senior Director, Client Solutions TRANSFORMING DISCOVERY THROUGH DATA MANAGEMENT.
How to evaluate ICT use for small organisations Session 2.
LOS ANGELES NEW ORLEANS NEW YORK SACRAMENTO SAN FRANCISCO WASHINGTON DC ATLANTA AUSTIN BOSTON CHICAGO DALLAS HOUSTON LONDON Associate Training April 30,
PROJECT MANAGEMENT. A project is one – having a specific objective to be completed within certain specifications – having defined start and end dates.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Unit 4 IT 484 Networking Security Course Name – IT Networking Security 1203C Term Instructor.
T UCKER A LAN I NC. …business and litigation consulting.
Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
ANDROID DATA CONFIDENTIALITY Tips and tools for keeping corporate confidential information confidential on Android Mobile Devices. Alex Mayer University.
Surviving eDiscovery: Technology Firm Perspective  Robert A. Cruz Sr. Director, eDiscovery Solutions, Proofpoint, Inc.
Conducting Clinical Risk Assessments And Implementing Compliance Practices Jane L. Stratton Chiron Corporation VP/Associate General Counsel Chief Compliance.
E-TechServices's IT Strategy Open. Virtualize. Rationalize. A Strategy for Optimal IT Deployment.
ILTA – Insight 2007 E-Disclosure --Preparing for Compliance-- Moderator: Sally Gonzalez, Director, Navigant Consulting, Inc. Panelists: Oz Benamram, Director.
TIJARA Provincial Economic Growth Program Business Continuity / Disaster Recovery Planning Introduction and Workshop Outline Prepared by Larry SanBoeuf.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.
E-Discovery – Practical Experience from an Agency Perspective Robert Wright Former Chief, Plans and Program Management Unit FBI.
Copyright ©2006 by South-Western, a division of Thomson Learning. All rights reserved 1 CHAPTER EIGHT CHAPTER EIGHT Organizational Strategy Prepared by.
Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.
Solvency II Andrew Mawdsley. Overview The challenges in preparing for Solvency II Adequate financial resources Supervisory Review Process Disclosure Timeline.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
Records Management and E- Discovery Nebraska Secretary of State – Records Management Division – November 8, 2007.
Chap 8: Administering Security.  Security is a combination Technical – covered in chap 1 Administrative Physical controls SE571 Security in Computing.
Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.
Accounting and Information Systems: a powerful combination.
Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.
Security Issues and Ethics in Education Chapter 8 Brooke Blanscet, Morgan Chatman, Lynsey Turner, Bryan Howerton.
Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
Disaster Recovery Planning (DRP) DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation.
CMMI Certification - By Global Certification Consultancy.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Records Coordinator Roles and Records Skills Kathryn Dan.
FINANCIAL MANAGEMENT.
Chapter 8 – Administering Security
The Demand for Audit and Other Assurance Services
6 October 2016 Social media: do you have the right social media strategy that will impact your business’ growth? - Legal and Regulatory Issues William.
Strategic Human Resource Management
Vision Facilitation Template
Deana Uhl Senior Director – Technology,
Neopay Practical Guides #2 PSD2 (Should I be worried?)
What is Cybersecurity Office of Information Technology
Presentation transcript:

© Huron Consulting Group. All rights reserved Confidential Information. Experience. Redefined. BOSTON CHARLOTTE CHICAGO HOUSTON LOS ANGELES NEW YORK SAN FRANCISCO WASHINGTON D.C. RIM Risk Assessment What is it? Why does it matter to you and your organization? What can you do about it? Presentation to ARMA Charlotte, NC Chapter May 15, 2008 Edward Nwachi, JD, CRM Manager, Legal Consulting (202)

© Huron Consulting Group. All rights reserved Confidential Information. 2 RIM Risk Assessment Defined Probability + Adverse event + Negative impact = Risk

© Huron Consulting Group. All rights reserved Confidential Information. 3 RIM Risk Assessment Defined A methodology for identifying risk factors present in an organization... evaluating probability and severity of potential loss,... and recommending actions required to control risks

© Huron Consulting Group. All rights reserved Confidential Information. 4 RIM Risks: What are we really assessing? Information Management Risks? –Information risk –Operational risk –Legal risk –Strategic risk

© Huron Consulting Group. All rights reserved Confidential Information. 5 RIM Risks: What are we really assessing? Consider corporate interests and priorities: –Productivity –Profitability –Aggressive growth –Downsizing –Fighting off competition –Community goodwill –Mergers & Acquisition preparation –Surviving adverse publicity –Advancing/Protecting legal rights –Protecting assets

© Huron Consulting Group. All rights reserved Confidential Information. 6 Why does it matter? Information risk assessment helps mitigate risks from poor RIM practices Awareness of corporate risks enables RIM professionals to: –Align with the interests and priorities of the organization –Understand corporate risks that drive the need for good RIM practices –Show how good RIM practices can help mitigate these risks

© Huron Consulting Group. All rights reserved Confidential Information. 7 Why does it matter to you? Position your RIM program as a strategic asset Lay a more solid foundation for your RIM initiative Be a more effective advocate

© Huron Consulting Group. All rights reserved Confidential Information. 8 What can you do? Know your organization Assess findings against “best practices” and corporate interests/priorities Ensure that recommendations are practical and reflect corporate priorities

© Huron Consulting Group. All rights reserved Confidential Information. 9 What can you do? Know your organization –10K filings (for publicly traded companies) –AMLaw 100/200 (for law firms) –Pacer, Lexis-Nexis, Westlaw and other legal research tools –Business/Trade journals –General internet research –Internal policies –Personnel interviews –Data/Systems inventory

© Huron Consulting Group. All rights reserved Confidential Information. 10 What can you do? Assess findings against “best practices” and corporate interests/priorities –“Best practice” is useful but relative –Leverage knowledge of corporate interests/priorities in your analysis

© Huron Consulting Group. All rights reserved Confidential Information. 11 What can you do? Ensure that recommendations: –Are practical –Leverage your knowledge of the organization –Reflect corporate priorities

© Huron Consulting Group. All rights reserved Confidential Information. 12 Use Cases FindingsRisksBest Practices / Recommendations? is retained on backup tapes indefinitely. Increasing costs. Increasing discovery risk for unrelated matters. (1) Implement backup procedures designed for business continuity and disaster recovery purposes only (2) Implement discovery mgt. software solution for targeted preservation that does not rely upon use of backup tapes (3) Rotate backup tapes every 30 days (4) Review legacy backup tapes

© Huron Consulting Group. All rights reserved Confidential Information. 13 Use Cases FindingsRisksBest Practices / Recommendations? No guidance for the storage and management of e-records, so users default to their own personal preferences. Information retrieval for business operations and eDiscovery are adversely impacted by the variety of ways in which information is managed. (1) Implement uniform document storage and management practices (2) What would you recommend? (3) What would you recommend?

© Huron Consulting Group. All rights reserved Confidential Information. 14 Questions?

© Huron Consulting Group. All rights reserved Confidential Information. 15

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.