Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing IT Risk in a digital Transformation AGE

Published byLars-Erik Simensen Modified over 5 years ago

Similar presentations

Presentation on theme: "Managing IT Risk in a digital Transformation AGE"— Presentation transcript:

1 Managing IT Risk in a digital Transformation AGE
Looking Around the Corner Khalid Majed Sr. Systems Engineer @RSAsecurity

2 Digital transformation

3 Digital Business MODERNIZATION Social Media IoT Cloud Robotics

4 MALICE Digital Business Hackers & Malware IoT Cloud Phishing
Social Media IoT Phishing MODERNIZATION Cloud Vulnerabilities Robotics

5 MANDATES Digital Business Hackers & Malware IoT Cloud
Corporate Governance GDPR Hackers & Malware MANDATES Social Media IoT Privacy Phishing MODERNIZATION MALICE Cloud Regulatory Change Vulnerabilities Robotics

6 MALICE MODERNIZATION MANDATES SPEED OF CHANGE & IMPACT

7 COMPLEXITY OF BUSINESS & THREATS

8 AMPLIFICATION OF OPPORTUNITY & RISKS

9 TRADITIONAL BUSINESS RISK
DIGITAL RISK is the greatest facet of risk that businesses face… TRADITIONAL BUSINESS RISK DIGITAL RISK DIGITAL ADOPTION RISK LOW HIGH MEDIUM

10 NEW PERSPECTIVE …that requires a RISK DIGITAL ADOPTION RISK RISK IT
SECURITY RISK MANAGEMENT

11 DIGITAL RISK MANAGEMENT
ASSESSING, MONITORING AND RESPONDING TO NEW RISKS RESULTING FROM DIGITAL TRANSFORMATION AND CONTINUED ADOPTION OF DISRUPTIVE TECHNOLOGY DIGITAL RISK MANAGEMENT

12 CEO / BOARD ? ? ? DIGITAL RISK VISIBILITY INSIGHTS ACTIONS IT SECURITY
MANAGEMENT

13 RISK MGT / COMPLIANCE OFFICE
Digital risk maturity Optimized Sharing and Collaborating Across Silos Integrated business & risk context Priorities and resources aligned with risk and business objectives Managed Platform Approach Pervasive Visibility Leverage Technology Integrate Silos MATURITY INFORMATION TECHNOLOGY SECURITY OFFICE RISK MGT / COMPLIANCE OFFICE BOD / EXECS Siloed Ad Hoc, Reactive Trigger Events Tactical POV

14 BUSINESS CONTINUITY RISK
RSA Risk Frameworks: Building Maturity in Four Key Areas Ability to identify sophisticated attacks & breaches, lateral movement, initial impact and effectively respond with a cross functional response Risk is considered from perspective of loss events, opportunity costs and enhancing likelihood of achieving objectives and executing strategy. Risk taking decisions are proactive Business context is completely infused into compliance processes and technology. Monitoring capabilities alert stakeholders to impactful regulatory changes Integrated information governance into corporate infrastructure and business processes to such an extent that compliance with program requirements and legal, regulatory, and other responsibilities are routine Ability to identify commodity malware, some breaches, some lateral movement, basic initial impact and respond with a somewhat coordinated cross functional response Management has information needed to understand complete context of risk. More informed decisions made and accountability established but decision process is still manual System of record in place to manage full lifecycle of compliance activities. Stakeholders collaboratively define processes and policies; remediation activities are consistently monitored and reported Established proactive information governance program with continuous improvement. Information governance issues and considerations routinely integrated into business decisions Limited ability to identify commodity malware, some breaches, some lateral movement, basic initial impact and limited ability to respond Agreement on risk management terminology, rating scales and assessment approach is established. Little business context is available and responsibility for each risk and control is not always clear Operational standards and a comprehensive compliance catalog are developed. Some activity focused on improving effectiveness and stabilize processes with limited scope Developing recognition that information governance has impact on organization and benefits from more defined program. Still vulnerable to scrutiny of legal or business requirements No ability to detect threats against the organization and no ability to respond when attacked Baseline activities are in place to manage risk but are isolated and fragmented. Beginning to obtain visibility into assessed level of inherent and residual risk but accountability is ad hoc Organization understands broad compliance obligations but each area manages separately. Control performance is assessed ad hoc or as part of external audit Information governance and recordkeeping concerns are not addressed at all, minimally or ad hoc. Will not meet legal or regulatory scrutiny or effectively server the business MATURITY CYBER INCIDENT RISK 3RD PARTY RISK DATA PRIVACY RISK BUSINESS CONTINUITY RISK

15 OPTIMIZE YOUR BUSINESS
MANAGE RISK & OPTIMIZE YOUR BUSINESS IDENTIFY RISK ASSESS TREAT MANAGE DYNAMIC WORKFORCE RISK MANAGE PROCESS AUTOMATION RISK SECURE YOUR CLOUD TRANSFORMATION MITIGATE CYBER ATTACK RISK MODERNIZE YOUR COMPLIANCE PROGRAM COORDINATE BUSINESS RESILIENCY MANAGE THIRD PARTY RISK EVOLVE DATA GOVERNANCE & PRIVACY DIGITAL RISK INTEGRATED RISK MANAGEMENT VISIBILITY EVOLVED SIEM / ADVANCED THREAT DETECTION & RESPONSE INSIGHTS SECURE, RISK-BASED ACCESS & AUTHENTICATION ACTIONS OMNI-CHANNEL FRAUD PREVENTION ADVANCED RISK AND CYBERSECURITY SERVICES IT SECURITY RISK MANAGEMENT

16 BREADTH ACROSS ALL DIMESNIONS OF RISK

17

Download ppt "Managing IT Risk in a digital Transformation AGE"

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC

1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.

“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
PAINTING THE FULL PICTURE

PAINTING THE FULL PICTURE
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.

1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
Information Technology Audit

Information Technology Audit
Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM 817.352.4929 or

Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or
A Balancing Act Between Risk Appetite and Risk Tolerance Federal Information Systems Security Educators’ Association Conference March 2005 Ezra Cornell.

A Balancing Act Between Risk Appetite and Risk Tolerance Federal Information Systems Security Educators’ Association Conference March 2005 Ezra Cornell.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Compliance Presented by: Marty McNulty, ARMA Board Member.

Compliance Presented by: Marty McNulty, ARMA Board Member.
Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.

Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.
September 14, 2015. 2 David A. Reed Attorney at Law Reed & Jolly, PLLC (703) 675-9578.

September 14, David A. Reed Attorney at Law Reed & Jolly, PLLC (703)

Similar presentations

Ads by Google