Information Security Governance

Size: px
Start display at page:

Download "Information Security Governance"

Transcription

1 Information Security Governance Aart Bitter Agenda Governance & Compliance Information Security Governance Aanpak om information security governance in organisaties in te voeren en te borgen Relaties tussen information security en service management Service Manager Dag

2 Governance & Compliance Doelstellingen Sturen Beheersen In accordance with legislation, guidelines, or specifications Governance Compliance Derived from Latin origins that suggest the notion of 'steering' Verantwoorden Toezicht houden Verantwoordelijkheden Service Manager Dag Agenda Governance, Compliance Information Security Governance Aanpak om information security governance in organisaties in te voeren en te borgen Relaties tussen information security en service management Service Manager Dag

3 Information Security Governance Verantwoordelijkheden Doelstellingen VERANTWOORDEN COMPLIACE BEHEERSEN Risico Risico management management Implementeren Implementeren STUREN GOVERNANCE TOEZICHT HOUDEN Service Manager Dag Agenda Governance, Compliance Information Security Governance Aanpak om information security governance in organisaties in te voeren en te borgen Relaties tussen information security en service management Service Manager Dag

4 Information Security Governance aanpak Beleid Wet- en regelgeving Alignment Act Plan Scorecards Assessments Audits Evaluation COMPLIANCE COMPLIANCE Risico management Risico management Invoeren Invoeren GOVERNANCE GOVERNANCE Planning Risk Mgt. Normen Performance- & Risk Indicators Check Implementation Maatregelen Processen Procedures Do Service Manager Dag Security Governance processen Business objectives Strategic Security strategy Alignment Tactical Risk Planning Policies Implementation Operational Measure Monitor Identification Manage Implementation Evaluation Service Manager Dag

5 Alignment - Beveiligingsbeleid Beleid Doelstellingen voor informatiebeveiliging Wettelijke eisen en regels Informatiebeveiliging en risicoanalyse Risicomanagement Beveiligingsorganisatie Service Manager Dag Planning - Risicomanagement Risicomanagement: Welke risico s accepteert u Welke maatregelen gaat u nemen Hoe gaat u meetregelen invoeren Hoe gaat u informatiebeveiliging meten Kans H M L Reduce Risico matrix Avoid accept Move L M H Impact Service Manager Dag

6 Implementation - Invoeren IT - processen Functieprofielen Planning & Control Kennis & Vaardigheden Kennis in de organisatie (zichtbaar) Houding Normen en Waarden Motieven Politiek Persoonlijke voorkeuren Cultuur in de organisatie (onzichtbaar) Drijfveren Energie Angst Gedrag Service Manager Dag Evaluation - Risico matrix Zeker Kans Mogelijk Organisatiestructuur Onwaarschijnlijk 5 Laag Middel Hoog Impact 100% Resultaten Security Scan 90% 80% 70% 60% Score 50% 40% 30% 20% 10% 0% Categorie uit de Code Service Manager Dag

7 Agenda Governance, Compliance Information Security Governance Aanpak om information security governance in organisaties in te voeren en te borgen Relaties tussen information security governance en service management Service Manager Dag Service & Security ITIL Klant definieert eisen op basis van bedrijfsprocessen Strategisch Rapportage SLA Managers Set Onderhoud Plan Tactisch Capacity Service Delivery Service Level Security Availability Business Continuity Mgt Financial Audit en evaluatie Sturing Implementatie Operationeel Helpdesk / Incident Mgt. Change Configuration Release Problem Service Support Service Manager Dag

8 NEW: ISO process model Capacity Service Continuity and Availability management Service Delivery Processes Service Level management Service Reporting Control Processess Configuration Change Information Security Budgeting and Accounting For IT Services Release Processes Release Resolution Processes Incident Problem Relationship Processes Business Relationship Supplier Service Manager Dag CobIT 4.0 Service Manager Dag

9 Corporate control COSO / ERM Risicomanagement Invoeren Committee of Sponsoring Organizations of the Treadway Commission Service Manager Dag Service en Security Establish the ISMS Plan Establish policies and processes Implement & Operate the ISMS Implement the defined and agreed processes Do Risico management Risico management Invoeren Invoeren Act Maintain & Improve ISMS Continually improve the operation of the ISMS Assess performance against defined policies Check Monitor & Review ISMS Information Security System IT Service System Service Manager Dag

10 Control Framework Part 1 ISMS Specification Part 2 Code of Practice Processes, ITIL, MOF, Procedures, work instructions, Technical standards & guidelines Service Manager Dag Certificeringen ISO Maintain and Improve the ISMS ISO Capacity Service Continuity and Availability management Risk Service Assessment Delivery and Processes Treatment Service Level management Control Security Environment Policy Security Organization HRM Security Release Processes Release Establish the ISMS Physical Security Service Reporting Operations Asset Information and Communication Access control Control Processess Configuration Change Risk Assessment Resolution Processes Incident IS Development Security Incident Problem Mgt. Business Continuity Monitoring Compliance Monitor and Review the ISMS Information Security Budgeting and Accounting For IT Services SoX: Relationship Processes Business Relationship CobIT ITGC COSO SAS70 Supplier Implement and Operate the ISMS Service Manager Dag

11 Information Security Governance & Service Process - & Risk Based Aantoonbaar Opzet, bestaan en werking Sign-offs and audits Interne procesverbeteringen Continue assessments Leveren en bewaren van evidence Service Manager Dag Information Security Governance & de Service Manager (1) Voldoen aan interne controle en risicobeheersing Change-, Autorisatie- en Identity procedures, Logging & Monitoring, Bewijsplicht en Bewaarplicht Maatregelen, review/monitor, evidence, document Service Manager Dag

12 Information Security Governance & de Service Manager (2) SLA en contracten dienen (wederzijdse) rechten en plichten te omvatten op het gebied van: Informatiebeveiliging Wet- en regelgeving Rapportages en audits Service Manager Dag Conclusie Compliance en Governance eisen kunnen vergaande gevolgen hebben voor de ICT organisatie, processen en infrastructuur en dus voor de Service Manager. Trust me Tell me Show me Prove me Service Manager Dag

13 Thank you Service Manager Dag

Platform voor Informatiebeveiliging IB Governance en management dashboards

Platform voor Informatiebeveiliging IB Governance en management dashboards Platform voor Informatiebeveiliging IB Governance en management dashboards Johan Bakker MSc CISSP ISSAP Principal Policy Advisor KPN Corporate Center Information Security Governance Agenda Drivers voor

More information

Het Secure Datacenter

Het Secure Datacenter Het Secure Datacenter If trust and reliability matters Michiel Steltman CTO Siennax Drivers voor IT Security Financiële aansprakelijkheid Sox, Basel II Persoonlijke aansprakelijkheid van managers Operationele

More information

UvA college Governance and Portfolio Management

UvA college Governance and Portfolio Management UvA college Han Verniers Principal Consultant Han.Verniers@LogicaCMG.com Programma Governance IT Governance, wat is dat? Governance: structuren, processen, instrumenten Portfolio Management Portfolio Management,

More information

Van risico analyse naar security plan

Van risico analyse naar security plan Van risico analyse naar security plan. Small step (for man) or Giant leap (for mankind) Aart Bitter 9 september 2009 Aart.Bitter@planet.nl About me Technische Informatica & Computerkunde 1991 ITIL Service

More information

Gepersonaliseerd leren op de ipad Kees Versteeg

Gepersonaliseerd leren op de ipad Kees Versteeg Gepersonaliseerd leren op de ipad Kees Versteeg Keynote: http://content.hondsrugcollege.nl/kees/learntoo-3-2015.key Een museum bezocht met fototoestel en video tas om de schouder? Een reis boekte bij een

More information

Risks are Key, Processes Follow. Michiel Schuijt Chief Risk Officer, Mn Services

Risks are Key, Processes Follow. Michiel Schuijt Chief Risk Officer, Mn Services Risks are Key, Processes Follow Michiel Schuijt Chief Risk Officer, Mn Services Mn Services & Our Risk Management Philosophy 8 June 2011 ProcessWorld 2011 2 Pension Companies in the Netherlands APG Groep

More information

Logging en Monitoring - privacy, beveiliging en compliance Enkele praktijkvoorbeelden

Logging en Monitoring - privacy, beveiliging en compliance Enkele praktijkvoorbeelden Logging en Monitoring - privacy, beveiliging en compliance Enkele praktijkvoorbeelden Pascal Oetiker Security Management Solutions Novell EMEA poetiker@novell.com Privacy- en compliance-druk PCI-DSS NEN

More information

ISACA Roundtable. Cobit and Grab@Pizza 7 september 2015

ISACA Roundtable. Cobit and Grab@Pizza 7 september 2015 1 ISACA Roundtable 7 september 2015 ISACA Roundtable Cobit and Grab@Pizza 7 september 2015 2015 KPN Corporate Market B.V. ISACA, is a registered trademark of the Information Systems Audit and Control Association

More information

Police and gendarmerie reform in Belgium: from force to service

Police and gendarmerie reform in Belgium: from force to service Police and gendarmerie reform in Belgium: from force to service 1 RIJKSWACHT Summary part 1 : the concept failure of the traditional methods the answer : community policing part 2 : the conditions for

More information

Information technology specialist (systems integration) Informatietechnologie specialist (systeemintegratie) Professional activities/tasks

Information technology specialist (systems integration) Informatietechnologie specialist (systeemintegratie) Professional activities/tasks Information technology specialist (systems integration) Informatietechnologie specialist (systeemintegratie) Professional activities/tasks Design and produce complex ICT systems by integrating hardware

More information

Oversight Management: een zinvolle aanvulling!

Oversight Management: een zinvolle aanvulling! Oversight Management: een zinvolle aanvulling! Houfhoff Pension Fund Academy Christiaan Tromp info@fiduciaryservices.eu April 2012 1 Agenda The Fiduciary Management promise The evolution of Pension Fund

More information

Integraal Risicomanagement De zin en onzin ervan... Harold Malaihollo Pelle van Vlijmen

Integraal Risicomanagement De zin en onzin ervan... Harold Malaihollo Pelle van Vlijmen Integraal Risicomanagement De zin en onzin ervan... Harold Malaihollo Pelle van Vlijmen Amsterdam, 20 september 2011 Uw Sprekers Harold Malaihollo Director Deloitte Financial Risk Management hmalaihollo@deloitte.nl

More information

HR Transformation and Future of HR Brussel, 25 april 2013 Material part 1/2

HR Transformation and Future of HR Brussel, 25 april 2013 Material part 1/2 HR Transformation and Future of HR Brussel, 25 april 2013 Material part 1/2 Doelstellingen Ideeën uitwisselen over hoe een HR transformatie te starten Ervaringen delen over hoe HR toegevoegde waarde kan

More information

Assuring the Cloud. Hans Bootsma Deloitte Risk Services hbootsma@deloitte.nl +31 (0)6 1098 0182

Assuring the Cloud. Hans Bootsma Deloitte Risk Services hbootsma@deloitte.nl +31 (0)6 1098 0182 Assuring the Cloud Hans Bootsma Deloitte Risk Services hbootsma@deloitte.nl +31 (0)6 1098 0182 Need for Assurance in Cloud Computing Demand Fast go to market Support innovation Lower costs Access everywhere

More information

Supervisory framework for assessing conduct and culture in the financial sector

Supervisory framework for assessing conduct and culture in the financial sector Supervisory framework for assessing conduct and culture in the financial sector Femke de Vries De Nederlandsche Bank June 17th, 2014 The Asch Experiment 2 Pre-crisis supervision 3 Post-crisis supervision

More information

Cloud. Regie. Cases.

Cloud. Regie. Cases. Cloud. Regie. Cases. Agile SIAM Dave van Herpen Consultant Cloud Cases Regie 2 Grip op de cloud Hoe word ik een wendbare service broker? Cloud Cases Regie 3 Waarom cloud? innovation maintenance Private?

More information

Requirements Lifecycle Management succes in de breedte. Plenaire sessie SPIder 25 april 2006 Tinus Vellekoop

Requirements Lifecycle Management succes in de breedte. Plenaire sessie SPIder 25 april 2006 Tinus Vellekoop Requirements Lifecycle Management succes in de breedte Plenaire sessie SPIder 25 april 2006 Tinus Vellekoop Focus op de breedte Samenwerking business en IT Deelnemers development RLcM en het voortbrengingsproces

More information

Netherlands National Contact Point OECD Guidelines for Multinational Enterprises. Lodewijk de Waal 23 October 2015

Netherlands National Contact Point OECD Guidelines for Multinational Enterprises. Lodewijk de Waal 23 October 2015 Netherlands National Contact Point OECD Guidelines for Multinational Enterprises Lodewijk de Waal 23 October 2015 De ondernemingsraad en MVO MVO moet geintegreerd onderdeel zijn van bedrijfsbeleid, het

More information

Managing Monopolies and Single Source Suppliers

Managing Monopolies and Single Source Suppliers Managing Monopolies and Single Source Suppliers Associate Trainer Anil Joshi Director NEVI Purspective www.purspective.com ITIDA International www.itida.nl aniljoshi@itida.nl 0651150293 Ok, who is NEVI

More information

SITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre

SITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre SITA Service Management Strategy Implementation Presented by: SITA Service Management Centre Contents What is a Service? What is Service Management? SITA Service Management Strategy Methodology Service

More information

Wat te doen met het diabetes guidance document anno 2015 in de praktijk? : Samen Sterk & Samen SNEL.

Wat te doen met het diabetes guidance document anno 2015 in de praktijk? : Samen Sterk & Samen SNEL. Wat te doen met het diabetes guidance document anno 2015 in de praktijk? : Samen Sterk & Samen SNEL. Dr. Kristien Van Acker, diabetoloog Chimay, Voorzitter IWGDF & IDF Consultative Section on the Diabetic

More information

Informatiebeveiliging volgens ISO/IEC 27001:2013

Informatiebeveiliging volgens ISO/IEC 27001:2013 Informatiebeveiliging volgens ISO/IEC 27001:2013 Dave Hagenaars, directeur BSI Group Nederland Copyright 2012 BSI. All rights reserved. Inhoud Wie zijn wij? Waarom informatiebeveiliging? Wat is de relevantie

More information

What can Office 365 do for your organization? Cor Kroon

What can Office 365 do for your organization? Cor Kroon What can Office 365 do for your organization? Cor Kroon Ciber Knowledge Carrousel 2013 What can Office 365 do for your Organization? Cor Kroon Business Analyst / Senior Microsoft Professional cor.kroon@ciber.nl

More information

Optimalisatie van Bedrijfsprocessen

Optimalisatie van Bedrijfsprocessen De Brauwweg 38-40 3125 AE Schiedam The Netherlands Tel.: +31(0)10 4379089 Fax : +31(0)10 4154966 Mob: +31(0)6 51203449 E-mail:dikschaap@hetnet.nl Internet: www.orbin.nl Optimalisatie van Bedrijfsprocessen

More information

Succevolle testautomatisering? Geen kwestie van geluk maar van wijsheid!

Succevolle testautomatisering? Geen kwestie van geluk maar van wijsheid! Succevolle testautomatisering? Geen kwestie van geluk maar van wijsheid! TestNet Voorjaarsevent 2013 Ruud Teunissen Polteq Testautomatisering Testautomatisering is het gebruik van speciale software (naast

More information

Network Assessment Client Risk Report Demo

Network Assessment Client Risk Report Demo Network Assessment Client Risk Report Demo Prepared by: Henry Knoop Opmerking: Alle informatie in dit rapport is uitsluitend bestemd voor gebruik bij bovenvermelde client. Het kan vertrouwelijke en persoonlijke

More information

3PM²: an integrated approach to enable the execution of organisational strategy. 3PM² - 16 november 2012 Stanwick Management Consultants

3PM²: an integrated approach to enable the execution of organisational strategy. 3PM² - 16 november 2012 Stanwick Management Consultants 3PM²: an integrated approach to enable the execution of organisational strategy 3PM² - 16 november 2012 1 13u30 Welkom Agenda Afspraken 13u40 3PM²: Kader 14u15 Parallelle workshops 15u00 Break 15u15 Parallelle

More information

Veilige software. Wie voelt zich verantwoordelijk?

Veilige software. Wie voelt zich verantwoordelijk? Veilige software Wie voelt zich verantwoordelijk? Praktijkvoorbeeld (1/3) Een willekeurige Directeur ICT Zijn er incidenten? Wat is de omvang? De beheerorganisatie spreekt over een web application firewall?

More information

Het Dynamisch Datacenter uitgelicht. Arne Peleman

Het Dynamisch Datacenter uitgelicht. Arne Peleman Het Dynamisch Datacenter uitgelicht Arne Peleman Wie ben ik? Name: Work: Arne Peleman Solution Team Lead Ferranti Computer Systems Twitter: Blog: @arnepeleman http://scug.be/blogs/arne Email: arne.peleman@ferranti.be

More information

ISO 31000 de internationale richtlijn voor risicomanagement

ISO 31000 de internationale richtlijn voor risicomanagement ISO 31000 de internationale richtlijn voor risicomanagement Dick Hortensius NEN-Managementsystemen Agenda Achtergrond en ontwikkeling ISO Guide 73 en ISO 31000 De betekenis voor risicomanagers 1 overheid

More information

12/17/2012. Business Information Systems. Portbase. Critical Factors for ICT Success. Master Business Information Systems (BIS)

12/17/2012. Business Information Systems. Portbase. Critical Factors for ICT Success. Master Business Information Systems (BIS) Master (BIS) Remco Dijkman Joris Penders 1 Portbase Information Office Rotterdam Harbor Passes on all information Additional services: brokering advanced planning macro-economic prediction 2 Copyright

More information

Hoorcollege marketing 5 de uitgebreide marketingmix. Sunday, December 9, 12

Hoorcollege marketing 5 de uitgebreide marketingmix. Sunday, December 9, 12 Hoorcollege marketing 5 de uitgebreide marketingmix Sunday, December 9, 12 De traditionele marketing mix Sunday, December 9, 12 Waarom was dat niet genoeg dan? Sunday, December 9, 12 Omdat er vooruitgang

More information

Hierarchical Security Management

Hierarchical Security Management Hierarchical Security Management 2nd Security Workshop: Future Security January 16-17, 2007 Sophia Antipolis, France Johan D. Bakker MSc CISSP ISSAP Royal Dutch Telecom (KPN) Agenda ISO 27001 Organizing

More information

Somewhere Today, A Project is Failing

Somewhere Today, A Project is Failing Aligning CobiT and ITIL - The Business Benefit 2007 ISACA All rights reserved www.isaca.org Page - 1 Somewhere Today, A Project is Failing Chapter 1, Peopleware 2nd edition Tom DeMarco 2007 ISACA All rights

More information

Engineering Natural Lighting Experiences

Engineering Natural Lighting Experiences Engineering Natural Lighting Experiences Elke den Ouden & Emile Aarts Earth from outer space is beautiful Andre Kuipers during his ISS Expedition 31/32, 2011-2012 Earth in a sun eclipse Nothern polar region

More information

Making, Moving and Shaking a Community of Young Global Citizens Resultaten Nulmeting GET IT DONE

Making, Moving and Shaking a Community of Young Global Citizens Resultaten Nulmeting GET IT DONE Making, Moving and Shaking a Community of Young Global Citizens Resultaten Nulmeting GET IT DONE Rianne Verwijs Freek Hermens Inhoud Summary 5 1 Introductie en leeswijzer 7 2 Achtergrond en onderzoeksopzet

More information

Benefits to the Quality Management System in implementing an IT Service Management Standard ISO/IEC 20000-1

Benefits to the Quality Management System in implementing an IT Service Management Standard ISO/IEC 20000-1 Benefits to the Quality System in implementing an IT Standard ISO/IEC 20000-1 Presentation to: ASQ North Jersey September 15, 2010 Subrata Guha Director IT s UL DQS Inc. A New Global Alliance for Systems

More information

ICAAP of SNS Bank. Arno van Eekelen Senior Consultant SNS Bank Global Association of Risk Professionals. June 2014

ICAAP of SNS Bank. Arno van Eekelen Senior Consultant SNS Bank Global Association of Risk Professionals. June 2014 ICAAP of SNS Bank Arno van Eekelen Senior Consultant SNS Bank Global Association of Risk Professionals June 2014 Table of contents 1. SNS REAAL 2. ICAAP a) Basic elements and environment b) ICAAP stages

More information

Bedrijfszekerheid in ketens

Bedrijfszekerheid in ketens Datum 27-11-2011 1 Bedrijfszekerheid in ketens Risk Towards Trustworthy ICT Service Chains Control Assurance Integrated Assurance framework for ICT enabled service chains Drs Y.W. (Ype) van Wijk RE RA

More information

Advanced Metering Infrastructure

Advanced Metering Infrastructure Advanced Metering Infrastructure Research Project 2 Vic Ding SNE, UvA February 8th 2012 Agenda Background Research motivation and questions Research methods Research findings Stakeholders Legislation Smart

More information

IPW Smart Delivery Management

IPW Smart Delivery Management IPW Smart Delivery SPIder 10 juni 2003 Mark van der Velden +31 6 54 68 21 22, m.van.der.velden@quintgroup.com Outline! Introduction! The model! Examples! Other models! Final words Software Engineering

More information

Practical implementation of ISO 27001 / 27002

Practical implementation of ISO 27001 / 27002 Practical implementation of ISO 27001 / 27002 Lecture #2 Security in Organizations 2011 Eric Verheul 1 Main literature for this lecture: 1. ISO 27001 and ISO 27002 Literature 2. How to Achieve 27001 Certification,

More information

IT-waardeketen management op basis van eeuwenoude supply chain kennis

IT-waardeketen management op basis van eeuwenoude supply chain kennis IT-waardeketen management op basis van eeuwenoude supply chain kennis Hans van Aken / November 28, 2012 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject

More information

Citrix Access Gateway: Implementing Enterprise Edition Feature 9.0

Citrix Access Gateway: Implementing Enterprise Edition Feature 9.0 coursemonstercom/uk Citrix Access Gateway: Implementing Enterprise Edition Feature 90 View training dates» Overview Nederlands Deze cursus behandelt informatie die beheerders en andere IT-professionals

More information

Duurzaam Supply Management

Duurzaam Supply Management Duurzaam Supply Management Risico s en kansen NEVI Inkoopdag 24 juni 2014 Programma FIRA: De 3 minuten van de sponsor Opwarmen, wat is MVO/MVI eigenlijk? ING: De uitdaging van transparantie Vragen en discussie

More information

Edward van der Kust Business Process Management Case management Enterprise Architecture

Edward van der Kust Business Process Management Case management Enterprise Architecture Edward van der Kust Business Process Management Case management Enterprise Architecture Embrace Complexity ICT will change rapidly filmpje!" What are you Thinking? About Creetion! Creetion was founded

More information

Data Driven Strategy. BlinkLane Consul.ng Amsterdam, 10 december 2013. Ralph Hofman Arent van t Spijker

Data Driven Strategy. BlinkLane Consul.ng Amsterdam, 10 december 2013. Ralph Hofman Arent van t Spijker Data Driven Strategy BlinkLane Consul.ng Amsterdam, 10 december 2013 Ralph Hofman Arent van t Spijker 1 Data Driven Strategy 08.00 08.05 Welkom 08:05 08.20 Data Driven Strategy 08.20 08.30 Het Business

More information

BEING A TUNNEL SYSTEM ASSET MANAGER

BEING A TUNNEL SYSTEM ASSET MANAGER BEING A TUNNEL SYSTEM ASSET MANAGER Presentation Versie 1.0 Jonas Kramer, Delft, Assetmanagement symposium, CME Dispuut 25-09- 15 1 Program Introduction NedMobiel Our perspective on Assetmanagement and

More information

IC Rating NPSP Composieten BV. 9 juni 2010 Variopool

IC Rating NPSP Composieten BV. 9 juni 2010 Variopool IC Rating NPSP Composieten BV 9 juni 2010 Variopool AGENDA: The future of NPSP Future IC Rating TM NPSP Composieten BV 2 Bottom line 3 Bottom line 4 Definition of Intangibles The factors not shown in the

More information

The future HR roles of Shared Service Centres

The future HR roles of Shared Service Centres The future HR roles of Shared Service Centres Author: Ward Uijlenberg University of Twente P.O. Box 217, 7500AE Enschede The Netherlands ABSTRACT Human Resource Shared Service Centres (HR SSC s) are becoming

More information

Hoe haalt u het maximale uit uw (IT) organisatie?

Hoe haalt u het maximale uit uw (IT) organisatie? Hoe haalt u het maximale uit uw (IT) organisatie? De rol van Architectuur in de alignment en optimalisatie van business en IT Jaap Schekkerman, B.Sc. Opinion Leader, Verdonck, Klooster & Associates President

More information

A view on governance. SharePoint Kennisdelingsdag. Nick Stuifbergen, consultant Nickstu@microsoft.com. 28 January 2011

A view on governance. SharePoint Kennisdelingsdag. Nick Stuifbergen, consultant Nickstu@microsoft.com. 28 January 2011 A view on governance SharePoint Kennisdelingsdag Nick Stuifbergen, consultant Nickstu@microsoft.com 28 January 2011 Agenda Waar zie je de risico s A view on governance SharePoint landscape SharePoint life

More information

Certified Software Quality Assurance Professional VS-1085

Certified Software Quality Assurance Professional VS-1085 Certified Software Quality Assurance Professional VS-1085 Certified Software Quality Assurance Professional Certified Software Quality Assurance Professional Certification Code VS-1085 Vskills certification

More information

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI Gobierno de TI Enfrentando al Reto IT Facing the Challenge Everett C. Johnson, CPA International President ISACA and ITGI 1 Add titles Agenda Agenda IT governance keys IT governance focus areas: theory

More information

Offshore outsourcing:

Offshore outsourcing: Offshore outsourcing: Managing IT-outsourcing dr. Erik Beulen, Accenture / Tilburg University / TIAS Business School 1 Agenda Definition Market developments Impact on the Netherlands Structuring offshore

More information

Duurzaam Supply Management

Duurzaam Supply Management Duurzaam Supply Management Risico s en kansen NEVI Inkoopdag 24 juni 2014 Programma FIRA: De 3 minuten van de sponsor Opwarmen, wat is MVO/MVI eigenlijk? ING: De uitdaging van transparantie Vragen en discussie

More information

CobiT and IT Governance Elements for building in security. from the top, down and the bottom, up

CobiT and IT Governance Elements for building in security. from the top, down and the bottom, up CobiT and IT Governance Elements for building in security from the top, down and the bottom, up David Kohrell, PMP, CISA, MA, MCRP david.kohrell@tapuniversity.com This presentation was developed using

More information

Business to Business Marketing, an Entrepreneurial Process!?

Business to Business Marketing, an Entrepreneurial Process!? Business to Business Marketing, an Entrepreneurial Process!? A research on constructing and applying a framework for Business-to-Business marketing as an entrepreneurial process in the North West European

More information

IBM Storwize V7000. IBM Systems Storage. Enterprise functionaliteit voor Midrange prijs. Produkt Manager Disk Storage voor IBM IMT-Benelux

IBM Storwize V7000. IBM Systems Storage. Enterprise functionaliteit voor Midrange prijs. Produkt Manager Disk Storage voor IBM IMT-Benelux IBM Systems Storage IBM Storwize V7000 Enterprise functionaliteit voor Midrange prijs Emile Knebel Produkt Manager Disk Storage voor IBM IMT-Benelux 2010 IBM Corporation Agenda: Storage Market NL Klantproblemen

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

GMP-Z Annex 15: Kwalificatie en validatie

GMP-Z Annex 15: Kwalificatie en validatie -Z Annex 15: Kwalificatie en validatie item Gewijzigd richtsnoer -Z Toelichting Principle 1. This Annex describes the principles of qualification and validation which are applicable to the manufacture

More information

Do we need the ISO 55000? The added value of the ISO 55000 standard series for road infrastructure asset management

Do we need the ISO 55000? The added value of the ISO 55000 standard series for road infrastructure asset management Do we need the ISO 55000? The added value of the ISO 55000 standard series for road infrastructure asset management MSc Thesis Robert Ruiter 13/04/2015 Master Thesis 13-April-2015 R.J. Ruiter University

More information

Anglo-saksisch en Rijnlands

Anglo-saksisch en Rijnlands CMMI en Agile Anglo-saksisch en Rijnlands Agenda Inleiding CMMI versus Agile Rijnlands versus Angelsaksisch denken Conclusies Agenda Inleiding CMMI versus Agile Rijnlands versus Angelsaksisch denken Conclusies

More information

EA E S A A S Eerste uitbreiding

EA E S A A S Eerste uitbreiding EASA Eerste uitbreiding EASA wetgevingsstructuur - Essential requirements Implementing rules Basic Regulation Part s AMC s Acceptable means of compliance Basic Regulation Grondwet voor de luchtvaart in

More information

BADM 590 IT Governance, Information Trust, and Risk Management

BADM 590 IT Governance, Information Trust, and Risk Management BADM 590 IT Governance, Information Trust, and Risk Management Information Technology Infrastructure Library (ITIL) Spring 2007 By Po-Kun (Dennis), Tseng Abstract: This report is focusing on ITIL framework,

More information

De Nieuwe Code voor Informatiebeveiliging

De Nieuwe Code voor Informatiebeveiliging De Nieuwe Code voor Informatiebeveiliging Piet Donga, ING Voorzitter NEN NC 27 - IT Security 1 Agenda Standardisation of Information security The new Code of Practice for Information Security The Code

More information

Risk-Based Monitoring

Risk-Based Monitoring Risk-Based Monitoring Evolutions in monitoring approaches Voorkomen is beter dan genezen! Roelf Zondag 1 wat is Risk-Based Monitoring? en waarom doen we het? en doen we het al? en wat is lastig hieraan?

More information

ICT in home health care in Japan. Kansendossier Japan

ICT in home health care in Japan. Kansendossier Japan ICT in home health care in Japan Kansendossier Japan Colofon Kansendossier ICT in home health care in Japan Datum 2 5 2013 Agentschap NL is een agentschap van het Ministerie van Economische Zaken. Agentschap

More information

The use of Performance Measurement systems to realize strategic alignment within the business architecture.

The use of Performance Measurement systems to realize strategic alignment within the business architecture. GHENT UNIVERSITY FACULTY OF ECONOMICS AND BUSINESS ADMINISTRATION ACADEMIC YEAR 2013 2014 The use of Performance Measurement systems to realize strategic alignment within the business architecture. Thesis

More information

Netezza S's. Robert Hartevelt 31 October 2012. 2012 IBM Corporation. 2012 IBM Corporation. 2012 IBM Corporation

Netezza S's. Robert Hartevelt 31 October 2012. 2012 IBM Corporation. 2012 IBM Corporation. 2012 IBM Corporation Netezza S's Robert Hartevelt 31 October 2012 Netezza S's Introduction to Netezza 10 minutes Q&A Speed & Smart 30 minutes NL Customer experiences Simplicity & Scalable Netezza S's Introduction to Netezza

More information

Personal Information Security Assistant (PISA)

Personal Information Security Assistant (PISA) Personal Information Security Assistant (PISA) Prof. Dr. Roel Wieringa Universiteit Twente 3 Juli 2013 Cybersecurity Veldraadpleging 1 Project goal To develop and field-test a tool that performs IT risk

More information

SALES KIT. Richtlijnen verkooptools en accreditatieproces Voyages-sncf.eu. Vertrouwelijk document. Eigendom van de VSC Groep

SALES KIT. Richtlijnen verkooptools en accreditatieproces Voyages-sncf.eu. Vertrouwelijk document. Eigendom van de VSC Groep SALES KIT NL Richtlijnen verkooptools en accreditatieproces Voyages-sncf.eu Vertrouwelijk document. Eigendom van de VSC Groep INHOUD WEBSERVICES: WAT IS EEN WEBSERVICE? WEBSERVICES: EURONET PROCEDURE KLANTEN

More information

Is het nodig risico s te beheersen op basis van een aanname..

Is het nodig risico s te beheersen op basis van een aanname.. Is het nodig risico s te beheersen op basis van een aanname.. De mens en IT in de Zorg Ngi 19 april 2011 René van Koppen Agenda Er zijn geen feiten, slechts interpretaties. Nietzsche Geen enkele interpretatie

More information

Security Assessment Report

Security Assessment Report Security Assessment Report Prepared by: Opmerking: Alle informatie in dit rapport is uitsluitend bestemd voor gebruik bij bovenvermelde client. Het kan vertrouwelijke en persoonlijke informatie bevatten

More information

Storage in Microsoft Azure Wat moet ik daarmee? Bert Wolters @bertwolters

Storage in Microsoft Azure Wat moet ik daarmee? Bert Wolters @bertwolters Storage in Microsoft Azure Wat moet ik daarmee? Bert Wolters @bertwolters Welk deel van het platform hebben we nu behandeld? Agenda Recap: Storage Account Nieuw! Premium Storage Nieuw! Native backup voor

More information

2005 Kasse Initiatives, LLC version 1.2. ITIL Overview - 1

2005 Kasse Initiatives, LLC version 1.2. ITIL Overview - 1 ITIL IT Infrastructure Library Overview ITIL Overview - 1 Vocabulary Incident - any event which is not part of the standard operation of a service and which causes or may cause an interruption to or reduction

More information

Industrial Managed Services

Industrial Managed Services Industrial Managed Services M2M Summit 2012 Roland Schneiders Business Consultant Düsseldorf, 5th September 2012 Cofely Zuid Nederland BV Amerikalaan 35 6199 AE MAASTRICHT-AIRPORT Application Engineer

More information

Information security policies. Security in Organizations 2011 Eric Verheul

Information security policies. Security in Organizations 2011 Eric Verheul Information security policies Security in Organizations 2011 Eric Verheul 1 Main literature for this lecture: 1. ISO 27001 and ISO 27002 Literature 2. Besluit voorschrift informatiebeveiliging rijksdienst

More information

Ensuring minimum SHE Competences: a case study for manufacturing employees in a multinational

Ensuring minimum SHE Competences: a case study for manufacturing employees in a multinational Ensuring minimum SHE Competences: a case study for manufacturing employees in a multinational H.J.H. Rouhof 12 P.H.J.J. Swuste 3, A. van Lit 4, W. Lemmens 1, J. Devens 1 and J.J. Prooi 1 Summary Recent

More information

How to deliver Self Service IT Automation

How to deliver Self Service IT Automation How to deliver Self IT Automation Roeland Verhoeven, Manager Cloud Supply Chain Simac ICT Rien du Pre, HP Cloud Solution Architect Datum: 17-06-2014 Hoe te komen tot een Self Customer Centric Portal Er

More information

Netherlands Forensic Institute

Netherlands Forensic Institute Results CEPOL and ENFSI Forensic IT working group joint meeting common results Prof. Dr. Zeno Geradts Senior forensic scientist Chairman ENFSI Forensic IT Working group Tallinn, 2014 Netherlands Forensic

More information

Uw partner in system management oplossingen

Uw partner in system management oplossingen Uw partner in system management oplossingen User Centric IT Bring your Own - Corporate Owned Onderzoek Forrester Welke applicatie gebruik je het meest op mobiele devices? Email 76% SMS 67% IM / Chat 48%

More information

Principles of Fund Governance BNP Paribas Investment Partners Funds (Nederland) N.V.

Principles of Fund Governance BNP Paribas Investment Partners Funds (Nederland) N.V. Principles of Fund Governance BNP Paribas Investment Partners Funds (Nederland) N.V. Versie november 2012 Inleiding Het doel van de Principles of Fund Governance (verder Principles ) is het geven van nadere

More information

Private Equity Survey 2011

Private Equity Survey 2011 Private Equity Survey 2011 Success of portfolio companies through quality of management and organization. Herman D. Koning Ron Jansen February 9, 2011 1 This afternoon 14.30 Reception 15.00 Welcome by

More information

Relationele Databases 2002/2003

Relationele Databases 2002/2003 1 Relationele Databases 2002/2003 Hoorcollege 5 22 mei 2003 Jaap Kamps & Maarten de Rijke April Juli 2003 Plan voor Vandaag Praktische dingen 3.8, 3.9, 3.10, 4.1, 4.4 en 4.5 SQL Aantekeningen 3 Meer Queries.

More information

ead management een digital wereld

ead management een digital wereld ead management een digital wereld april 2015 Andeta LauraNuhaan social Selling Today Marketing and Sales need to change Lead management and nurturing Content Marketing /Story telling Social Selling Yelpi

More information

Constructief omgaan met conflicten

Constructief omgaan met conflicten Authentic Leadership ent programme es, trainers and Constructief omgaan met conflicten s, trainers and to grow in their 16 ability maart to coach 2012 and mentor leaders, so they can ntial and values ging

More information

The information contained in these slides is for general purposes only and presents the state of knowledge at November 30, 2011

The information contained in these slides is for general purposes only and presents the state of knowledge at November 30, 2011 1 The information contained in these slides is for general purposes only and presents the state of knowledge at November 30, 2011 No rights can be derived from this information The Medicines Evaluation

More information

BCS Specialist Certificate in Business Relationship Management Syllabus. Version 1.9 March 2015

BCS Specialist Certificate in Business Relationship Management Syllabus. Version 1.9 March 2015 BCS Specialist Certificate in Business Relationship Management Syllabus Version 1.9 March 2015 BCS Specialist Certificate in Business Relationship Management Syllabus Contents Change History... 2 Rationale...

More information

Martine de Bruijne, Cordula Wagner Safety 4 Patients www.onderzoekpatientveiligheid.nl

Martine de Bruijne, Cordula Wagner Safety 4 Patients www.onderzoekpatientveiligheid.nl Patient safety and patient outcomes Martine de Bruijne, Cordula Wagner Safety 4 Patients www.onderzoekpatientveiligheid.nl TRIP symposium, 19 maart 2013 Safety 4 patients www.onderzoekpatientveiligheid.nl

More information

ICTEC. IT Services Issues 3.4.2008. HELSINKI UNIVERSITY OF TECHNOLOGY 2007 Kari Hiekkanen

ICTEC. IT Services Issues 3.4.2008. HELSINKI UNIVERSITY OF TECHNOLOGY 2007 Kari Hiekkanen ICTEC IT Services Issues 3.4.2008 IT Services? IT Services include (for example) Consulting, IT Strategy, IT Architecture, Process, Software Software development, deployment, maintenance, operation, Custom

More information

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT

More information

How to manage Business Apps - Case for a Mobile Access Strategy -

How to manage Business Apps - Case for a Mobile Access Strategy - How to manage Business Apps - Case for a Mobile Access Strategy - Hans Heising, Product Manager Gábor Vida, Manager Software Development RAM Mobile Data 2011 Content Introduction 2 Bring your own device

More information

Architectuur hulpmiddelen TechnoVision & CORA. Maarten Engels Nieuwegein, 9 februari 2012

Architectuur hulpmiddelen TechnoVision & CORA. Maarten Engels Nieuwegein, 9 februari 2012 Architectuur hulpmiddelen TechnoVision & CORA Maarten Engels Nieuwegein, 9 februari 2012 AGENDA Hulpmiddel 1: TechnoVision Hulpmiddel 2: Common Reference Architecture Q&A Hulpmiddel 1: TechnoVision 4

More information

ISO 27000 Information Security Management Systems Foundation

ISO 27000 Information Security Management Systems Foundation ISO 27000 Information Security Management Systems Foundation Professional Certifications Sample Questions Sample Questions 1. is one of the industry standards/best practices in Service Management and Quality

More information

The Importance of IT Controls to Sarbanes-Oxley Compliance

The Importance of IT Controls to Sarbanes-Oxley Compliance Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers

More information

Information Technology Infrastructure Library -ITIL. IT Governance CEN 667

Information Technology Infrastructure Library -ITIL. IT Governance CEN 667 Information Technology Infrastructure Library -ITIL IT Governance CEN 667 1 Lectures Schedule Week Topic Introduction to IT governance Week 1 Overwiev of Information Security standards - ISO 27000 series

More information

Executive's Guide to

Executive's Guide to Executive's Guide to IT Governance Improving Systems Processes with Service Management, COBIT, and ITIL ROBERT R. MOELLER WILEY John Wiley & Sons, Inc. Contents Preface xiii PART I: IT GOVERNANCE CONCEPTS

More information

The Chinese market for environmental and water technology. Kansendossier China

The Chinese market for environmental and water technology. Kansendossier China The Chinese market for environmental and water technology Kansendossier China Kansendossier The Chinese market for environmental and water Technology Datum 2 5 2013 Agentschap NL is een agentschap van

More information

How to set up a CSIRT in an ITIL driven organization. Christian Proschinger Raiffeisen Informatik GmbH

How to set up a CSIRT in an ITIL driven organization. Christian Proschinger Raiffeisen Informatik GmbH How to set up a CSIRT in an ITIL driven organization Christian Proschinger Raiffeisen Informatik GmbH Introduction R-IT CERT Idea Introduction to ITIL Example Vulnerability Management Lessons Learned Raiffeisen

More information