IT Acquisitions from the Risk Manager’s Perspective Jeffrey Posluns, CRMP,CGEIT, CISM, CISSP-ISSMP Chairman Governance Risk Compliance Security International.

Slides:



Advertisements
Similar presentations
Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.
Advertisements

Chapter 1 Business Driven Technology
© Prentice Hall CHAPTER 15 Managing the IS Function.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Software Quality Assurance Plan
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
SAJAYA ® PARTNERSHIP… PARTNERING FOR SUCCESS. SAJAYA ® APPLICATIONS... SAJAYA ® is a new era in the world of software applications targeted for the Middle.
NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
Security and Personnel
International MIS The International Dimension. INT_DIM-2 Study Questions Copyright © 2015 Pearson Education, Inc. Q1: How does the global economy affect.
MSIA Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Security Controls – What Works
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
Designing new systems or modifying existing ones should always be aimed at helping an organization achieve its goals State the purpose of systems design.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Managing the Information Technology Resource Jerry N. Luftman
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
1 Chapter 7 IT Infrastructures Business-Driven Technology
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Creation of Policies, Part.
Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.
THE PROJECT TEAM TYPICAL REQUIREMENTS AND RESPONSIBILITIES OF THE PROJECT TEAM TRADITIONAL TEAM ORGANIZATION AND VARIATIONS THE OWNER’S TEAM THE DESIGN.
TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Computer Security: Principles and Practice
© Copyright 2003, Binomial International Inc. Phoenix Business Continuity and Disaster Recovery Planning Software Recovery Planning Software Tools Recovery.
Lead Black Slide. © 2001 Business & Information Systems 2/e2 Chapter 14 Managing Information Systems and Technology.
Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005
SEC835 Database and Web application security Information Security Architecture.
Information Security Training for Management Complying with the HIPAA Security Law.
Securing the System A K-12 Case Study. Background Rural School District 93% Free and Reduced Lunch 1100 students 3 Schools 1 Systems Administrator.
Product Quality, Testing, Reviews and Standards
Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
David N. Wozei Systems Administrator, IT Auditor.
Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.
16 1 Installation  After development and testing, system must be put into operation  Important planning considerations Costs of operating both systems.
Enterprise Resource Planning ERP Systems
Database Administration
7-1 Management Information Systems for the Information Age Copyright 2004 The McGraw-Hill Companies, Inc. All rights reserved Chapter 7 IT Infrastructures.
Eliza de Guzman HTM 520 Health Information Exchange.
Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.
Alaa Mubaied Risk Management Alaa Mubaied
Principles of Information Systems, Sixth Edition 1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
#watitis2015 CAN I DO THAT IN THE CLOUD? Jason Testart.
Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Information Security tools for records managers Frank Rankin.
Disaster Recovery Planning (DRP) DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation.
Plan for Application Consolidation. Successful application consolidation relies on assessment of the application portfolio to determine the best candidates.
Information Security Crisis Management Daryl Goodwin.
Principles of Information Security, Fourth Edition Chapter 1 Introduction to Information Security Part II.
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-I)
CAN I DO THAT IN THE CLOUD? Jason Testart, BMath, CISSP Director, Information Security Services May 2016.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.
Principles of Information Systems Eighth Edition
Utilizing Your Business Continuity Plan.
CompTIA Security+ Study Guide (SY0-401)
Discovering Computers 2010: Living in a Digital World Chapter 14
Introduction to the Federal Defense Acquisition Regulation
Consolidate IT Asset Management
Software Life Cycle Risk Management
Chief, ARSTAF Cyberspace Task Force
Why Implement a Software Asset Management Plan?
Presentation transcript:

IT Acquisitions from the Risk Manager’s Perspective Jeffrey Posluns, CRMP,CGEIT, CISM, CISSP-ISSMP Chairman Governance Risk Compliance Security International tel: +1 (514) Moderator: Eric Green, Program Director, SC World Congress

Mergers & Acquisitions Whether an organization is integrating another into the fold or simply acquiring something new, there are a series of considerations to be made throughout the process in order to assure that its assets are protected appropriately.

Risk Management In order for a risk to exist, there must be a threat with an impact, and a likelihood of occurrence. There are multiple perspectives that can apply to any situation: Management IT personnel Security personnel Risk managers Users

Risks: People The greatest risks to information assets are related to the people that are involved. Lack of skills or knowledge Entrenched personnel Overlapping responsibilities Job insecurity Culture integration Power struggles & sabotage Training requirements (budget / time)

Risks: Process & Procedure Methodology Documentation Support process Service Level Agreements (SLAs) Change control Backups Disaster recovery

Risks: Suppliers Purchase agreements Cancellation clauses & penalties Support agreements Overlapping service levels Consolidating equipment Incompatible products Sales personnel territorial dispute

Risks: Administration Management suites and tools Version and patch management Change control Chain of command Organization chart incompatibility Who does IT report to?

Risks: Hardware & Software Incompatible proprietary applications Incompatible versions of similar software Lifecycle management Development Quality Assurance Pre-Production Production Decisions on which products to keep

Risks: Security Security tools Management suits Reporting Event management Incident response Controls and measures

Risks: Security Security tools Management suits Reporting Event management Incident response Controls and measures

Summary Acquiring a new product, service, or integrating an entire IT department though a merger or acquisition requires more time, effort and money than is commonly expected. A risk based approach will assist in the decision making process and reduce the likelihood that challenges will arise throughout.

IT Acquisitions from the Risk Manager’s Perspective Jeffrey Posluns, CRMP,CGEIT, CISM, CISSP-ISSMP Chairman Governance Risk Compliance Security International tel: +1 (514) Moderator: Eric Green

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.