is risk management
TRANSCRIPT
-
8/7/2019 IS Risk Management
1/10
Takata Information Security
IS Risk Management
Ryan SpencerVice President and Chief Information Officer
Information Services Department 1
-
8/7/2019 IS Risk Management
2/10
Traditional Risk Assessment
identifies the entire ITinfrastructure and assigns a
in terms of importance.
Risk Analysis is conducted on ISassets to determine theassociated risk. Since the
considered, the true riskexposure to a companys
Information Services Department 2
opera ons s no e erm ne .
-
8/7/2019 IS Risk Management
3/10
ra ona s ocus
Intrusion Detection
Encryption
Physical Security Review
Information Services Department 3
-
8/7/2019 IS Risk Management
4/10
n us r a cc en In 2005 a si nificant industrial event
caused damage to one of our datacenters and the IS infrastructure at a
.
Traditional safeguards were in place -
tape backups, fireproof safe, firesuppression, environmental controls.
Results of the accident loss of data
. This event caused a major paradigm
shift with Takatas view of Risk
Information Services Department 4
Management
-
8/7/2019 IS Risk Management
5/10
The failure of the disaster recovery plan
most critical business requirements.
Information Services Department 5
-
8/7/2019 IS Risk Management
6/10
Risk Management ProcessBusiness Process
IS Systems
Technologies
Ph sical
IS AssPeople
Environments
Processes
Information Services Department 6
-
8/7/2019 IS Risk Management
7/10
us ness r ven ssessmen Delivers accurate risk scores to indicate where business
risk exists with regard to supporting IS infrastructure. Asset valuation is based on importance in relation to
cr ca us ness processes.
Understand the impact of proposed safeguards acrossbusiness rocesses.
Risk mitigation strategy can be determined based onbusiness requirements:
Cost Avoidance Pure Risk
Information Services Department 7
a y
-
8/7/2019 IS Risk Management
8/10
Remediation Impact on Risk
Risk Index
31%Risk Index59%
Information Services Department 8
-
8/7/2019 IS Risk Management
9/10
us ness ev ew Review Results of the Risk Assessment
Develop risk mitigation strategy Determine acceptable risk all risk cannot be mitigated
Determine Business Area actions
Manual procedures
Determine IS Mitigation Activities
Technical solutions
New processes
Information Services Department 9
-
8/7/2019 IS Risk Management
10/10
1
Assessment
Template Defined
Global Template
TrackTrack the Progress of
the Implementation atEach Location2
6
Agreement andExecutive Approval
Risk Assessment
AuditTest all Policies and
Procedures to Ensure
Compliance3
7
Locations
High Risk Areas
Identified Policies
Adapt
Modify Policies andProcedures to Adapt to
Changes in the GlobalEnvironment
4
8
an roce ures
Created
Policies andProcedures
Im lemented at all
Report
CommunicateImplementation Status,
Compliance Metrics,
and Audit Results
5
9
Information Services Department 10
Locations