managing risk enabling growth through … risk – enabling growth through compliance! alex sinvani...

Managing Risk – Enabling Growth Through Compliance! Alex Sinvani Copenhagen, 30.10.2012

Highlight text

Please mark which point you

has reached in the agenda

Use Orange to highlight the

Agenda point

Get the grey color back,

use the last light grey colorcell

Headline are written here in one line

Section title (Arial Regular, 24/26 pt) Second section title Third section title goes here Fourth section title to follow the third Fifth section Sixth section

Nu & fremtid

1. Threat levels will grow – and there will be more serious breaches.

2. Cloud computing will continue to grow – and require new security solutions.

3. Mobile devices will challenge traditional security solutions.

4. Security platforms will continue to converge.

5. Regulation of personally identifiable information (PII) will increase – including

expanding definitions of what PII means.

6. Organisations will increasingly pursue ‘business-centric compliance.’

Kilde: Security 360° Risks and Realities: Inside and Out, 2011

Compliance landskabet

PCI 2.0

ISO 27001

ARROW

BS 25999

SOX

MIFID

BASEL 2

SAS 70

COBIT

ITIL 3.0

nerc

CLERP 9

Rosh /wee

SOLVENCY 2

HIPAA

FERC

SEC

ERM

C49

ISO 14001

ISO 9001

ISO 38001

OMB 123A

HITECH

GLBA

RAC

ISO 27799

ISO 27009

NIST800 14

NIST800 18

NIST800 30

NIST800 33

NIST800 41

FIPS 200

NIST 800

FIPS 199

SAS 109

SAS 110

JSOX

CSOX

Patriot ACT

ESOX

PRIVACY LAW

COSO ISO

31000

PM BOK

SOX ITGC

17799

Tabaks- blat

ISO 27005

ISO 27002

ISO 27010

FFCRA

FDA

357

FCPA

FAA HACCP

257

AML

ICM

CAPA

Goshen

ICM

Stark III

Efterleve regulativer

På forkant med trusler

Fokus på top prioriteter

Bygge bæredygtig risk program

Forbindelse til forretningen

Fra Compliance til Forretning

Average enterprise explores 17

standards and frameworks

38% rely on spreadsheets

and manual documents

Kilde: Symantec 2011 State of the

Enterprise Security Report

Council, 2011







88% of data breaches are

related to poor IT and

Information security controls

Kilde: Internet Security Alliance,

2011 report

add picture or info

graphic







When everything is a priority,

nothing is a priority!

Kilde: Almen visdom







“It all starts by building and

maintaining your systems in a

secure state…only then will you

have the flexibility to adapt

quickly.”

Kilde: CISO Financial Organization










Byg bæredygtig risk program


Only 1 in 8 best performing

organizations feel Info Sec can

influence business decisions

Kilde: Information Risk Executive

Council, 2011


Audit deficiencies in IT

Spend on audit*

> 16

$0.60

9

$1.00

< 3

$0.30

Business downtime - IT disruptions

Associated financial loss

> 60 hours

10% of revenue

28 hours

1% of revenue

< 4 hours

0.1% of revenue

Theft or loss of sensitive information

Associated financial loss

> 16 losses

9.6% of revenue

9 losses

6.4% of revenue

< 3 losses

0.4% of revenue

Level 1

Level 2, 3 & 4

Level 5

Outcomes

* Spend on audit: Audit spend increases for average performing organizations because they start to assess controls more frequently but they still have not automated many of these assessments

Forretningsfordele

IT Policy Compliance Group

Hurtigere identifikation = lavere risiko/omkostninger

• Reducere risiko og omkostninger

dramatisk ved at reducere den tid

det tager for en effektiv respons!

Hvor lang tid tager det at handle fra det tidpunkt et problem opdages?

Ris

iko/om

kost

nin

g

Udbedringstid

Compliance modenhed

Compliance behov

COMPLIANCE

IT Tekniske

Kontroller

Manuelle

Processer og

rutiner

REGULATIVER

Business Risk

Eksterne Interne

IT Risk og Compliance udfordringer

Organisational

Risks

Information

Compliance Governance

Financial

Operational Human

Ressources

Integrity

Compliance ift. Risk

Tak for opmærksomheden

Alex Sinvani

[email protected]

managing risk enabling growth through … risk – enabling growth through compliance! alex sinvani...

Documents