Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise risk management

Published byJoseph Francis Modified over 6 years ago

Similar presentations

Presentation on theme: "Enterprise risk management"— Presentation transcript:

1 Enterprise risk management
INFO 312 AUTUMN 2015 UNIVERSITY OF WASHINGTON INFORMATION SCHOOL WEEK #6B NOVEMBER 4, 2015

2 Your papers All are graded. Pleasantly surprised.
Several are publishable. Advice you get from me on papers will stand you in good stead in other classes where you have to write. Make reference to the course readings as well as to other research you have done. Figure out how you know something and then give credit in citations. Don’t just summarize the reading that you have done – come up with your own set of recommendations as well. If you are writing on a topic you have no reason to believe that your teacher knows much about, take the time to explain the company or issue.

3 Managing risk and information security
Malcolm Harkins, Intel

4 Harkins article: risk and information security
First example in article highlights third party risk, which is our theme this week. How much risk is involved in outsourcing payroll? What questions/guarantees should be extracted from the proposed vendor? Article points out that information security team is often required, not just by HR, but by other parts of the firm as well where information risk is concerned. Next example is the technology group where partnership is also important. Information risk governance processes focuses on enabling (not hindering) the business while protecting confidentiality, integrity and availability of the information, corporate or personal, whether about employees or customers.

5 How bureaucratic is governance?
MIT Center for Information Systems Research (MIT CISR): “Good governance is enabling and reduces bureaucracy and dysfunctional politics by formalizing organizational learning and thus avoiding the trap of making the same mistakes over and over again.” MIT research shows that firms with good IT governance have profits that are 20% higher than the competition IT policies provide a good framework but should allow latitude in how the work is carried out. If too preoccupied with rules and procedures, we may fail and not get desired outcome

6 RACI model for IT and risk governance

7 Another view of the RACI

8 RACI Example: Going to court

9 Intel internal information risk focus (2012)

10 Important Partnerships at Intel
Legal Privacy Litigation Intellectual Property and Data Classification Contracts Financial Compliance (SEC) Employees Via security policies Via training, awareness and corporate information Internal Audit Corporate Security

11 A fair approach to managing information risk
Jack Freund and Jack Jones

12 What is FAIR approach? “Factor Analysis of Information Risk (FAIR) is the only international standard Value at Risk (VaR) model for cyber security and operational risk. Provides a model for understanding, analyzing and quantifying information risk in financial terms Unlike risk assessment frameworks that focus their output on qualitative color charts or numerical weighted scales  Builds a foundation for developing a scientific approach to information risk management Benefits: Speak in one language concerning your risk Consistently study and apply risk to any object or asset View organizational risk in totality Challenge and defend risk decisions using an advanced risk model Understand how time and money will impact your security profile” From

13 FAIR = An enterprise scalable risk model
Risk Model Components An ontology and standard nomenclature for information and operational risk A framework for establishing data collection criteria Measurement scales for risk factors Integrates into a computational engine for calculating risk A modeling construct for analyzing complex risk scenarios -- From

14 Questions?

Download ppt "Enterprise risk management"

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
OEMBA Information Systems Course James R. Coakley PhD, Accounting Information Systems Minor in Statistics and Computer Science MBA BS, Math/Computer Science.

OEMBA Information Systems Course James R. Coakley PhD, Accounting Information Systems Minor in Statistics and Computer Science MBA BS, Math/Computer Science.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
Chapter 29 Ethics in Accounting

Chapter 29 Ethics in Accounting
Accountability in Human Resource Management Dr. Jack J. Phillips.

Accountability in Human Resource Management Dr. Jack J. Phillips.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
Implementing and Auditing Ethics Programs

Implementing and Auditing Ethics Programs
An Approach to Case Analysis

An Approach to Case Analysis
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
MGT-555 PERFORMANCE AND CAREER MANAGEMENT

MGT-555 PERFORMANCE AND CAREER MANAGEMENT
© Copyright 2012 Pearson Education. All Rights Reserved. Chapter 10 Fraud & Internal Control ACCOUNTING INFORMATION SYSTEMS The Crossroads of Accounting.

© Copyright 2012 Pearson Education. All Rights Reserved. Chapter 10 Fraud & Internal Control ACCOUNTING INFORMATION SYSTEMS The Crossroads of Accounting.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
1 Talal Abu Ghazaleh Information Technology International (TAG-ITI)

1 Talal Abu Ghazaleh Information Technology International (TAG-ITI)
© 2014 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.

© 2014 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
Implementing and Auditing Ethics Programs

Implementing and Auditing Ethics Programs
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.

Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
Home. Copyright © by The McGraw-Hill Companies, Inc. All rights reserved.Glencoe Accounting The accounting profession requires its members to follow a.

Home. Copyright © by The McGraw-Hill Companies, Inc. All rights reserved.Glencoe Accounting The accounting profession requires its members to follow a.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit

Similar presentations

Ads by Google