An Introduction to the Information Security Program Model (ISPM)

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "An Introduction to the Information Security Program Model (ISPM)"

Transcription

1 SECURELY ENABLING BUSINESS An Introduction to the Information Security Program Model (ISPM) Presented by: Nick Puetz VP of Strategic Services, FishNet Security David Robinson CIO, Lockton Companies

2 AGENDA Information Security Program Model (ISPM) Overview Why the ISPM Goals of the ISPM ISPM Overview ISPM Deliverables

3 GAP ANALYSIS GAPS Client asks: How mature is my security program? What do I need to fix first? What does my long-term roadmap look like? How do I manage and measure my program once you leave? What traditional Gap Analysis projects are missing? Findings are overly tactical; very black and white. Lacks actionable and prioritized remediation roadmap. Provides very little program level analysis or direction.

4 PURPOSE OF THE ISPM Provide a foundation to build and develop an Information Security Program. Identify the gaps in your security program, evaluate its maturity and better manage your security strategy. Ensure priority is placed on the most valued aspects of your security program. Articulate information security program s value and progress to executives. Continually measure the maturity of one s information security program against best practices and/or industry vertical peers.

5 ISPM OVERVIEW FishNet Security Information Security Program Model Developed: January 2012 Authors: 12+ contributors Model consists of: 3 Pillars (Governance & Policy, Risk, and Operations Management) 23 Programs 157 Strong Characteristics Based on Info Security Best Practices (ISO 27002:2005, CoBIT 4.1, CoBIT 5, NIST PS Series, NERC-CIP, and PCI) Delivery: ISPM Workshop ISPM Assessment ISPM Continuous Engagement

6 INFORMATION SECURITY PROGRAM MODEL 2014 FishNet Security Inc. All rights reserved.

7 ISPM MATURITY VOTING RANKING LEGEND

8 SECURELY ENABLING BUSINESS Information Security Program Model (ISPM) Deliverables

9 ISPM HANDBOOK Detailed narrative document that includes an explanation of the ISPM including descriptions of all Pillars and Elements. Provide guidance for ongoing management of the ISPM Annual Program that enables the customer take control of the program after the initial 12-months of the program.

10 ISPM COMPARISON DASHBOARDS Current State Self-Evaluation INFORMATION SECURITY PROGRAM MODEL (ISPM) PILLARS { Governance & Policy Risk Operations Management PROGRAMS { n/a

11 ISPM VALUE VS. PRIORITY MAP

12 DETAILED INITIATIVE PLANNING Develop an effective logging and Initiative: Target Completion End of Q Importance HIGH monitoring program INITIATIVE SUMMARY: Related Initiatives None Current Maturity (CMMI): 2.25 ABC Inc. will undertake an initiative to develop an enterprise wide approach to the collection and management of log files for key systems within the ABC, Inc. computing environment. This will include Sub-Initiatives Develop a log management framework Develop business, staffing and Conduct a software monitoring / management tool inventory Executive Sponsor Project Manager Key Staff Members Key Skillsets Required CIO IT Delivery Manager IT, Security, Audit Information Security SMEs, product SME(s) Complexity High Resources Required Executive stakeholder involvement and buy in (CEO, CIO, CISO) Resource and expertise availability Business unit buy-in RESULT OF COMPLETED INITIATIVE Future Maturity (CMMI): 4.25 ABC Inc. will have the ability to take a proactive approach to addressing network and access issues. Compliance mandates will be addressed FUNDING/RESOURCE REQUIREMENTS Internal Labor Yes SME input for technical and business requirements. Industry average: Minimum 9 resources to manage SNOC External Labor Yes - Solution specific expertise Other Costs Capital Yes: Product Expense Yes: Ongoing maintenance / support, staffing, and product owner training RISKS Impact to business operations due to a data breach or service outage ABC Company could be in violation of compliance mandates Increase time to identify and resolve network and access issues Inability to answer the why question during a post incident review KEY TASKS/OWNERS Identify compliance mandate requirements Conduct staffing feasibility assessment Develop business and technical solution requirements Develop Gain support Conduct a Determine the Roll out the

13 ISPM STRATEGIC ROADMAP

14 TARGETED ROADMAP Ref# Recommendation Program Priority Initiative Start Resource Product Component Cost ST-01 ST-02 Develop and effective Logging and Monitoring program Build a BYOD strategy and plan Operations Management High Q Internal Yes $ Strategic Business Alignment High Q Blended Yes $$ ST-03 ST-04 Migrate to a unified compliance approach for audit and assessment activities Develop the security Risk Management Communications High Q Blended Yes $$$ High Q Internal No $$$$ ST-05 Conduct a data security associated with the data types used throughout ABC Inc. Communications Medium Q Blended Possible $$$ ST-07 Define business requirements for a enterprise wide GRC solution Policy Management / Risk Management Medium Q Internal Yes $$$

15 ISPM VS. GAP ANALYSIS Executive Summary Detailed Security Controls Analysis Maturity Dashboard Future Initiatives/Remediation Roadmap Provides Executive Reporting Tools Continuous Model Refresh Option Detailed Remediation Recommendations Gap Analysis ISPM Workshop Full ISPM Assessment

16 Q&A DAVID ROBINSON Tell us a little bit about yourself and where you are from.

17 Q&A DAVID ROBINSON Why did you decide to engage FishNet Security for a security review project?

18 Q&A DAVID ROBINSON Had Lockton traditionally used any standards or frameworks to measure and drive security initiatives?

19 Q&A DAVID ROBINSON How do these standards or frameworks stack up when compared to the ISPM?

20 Q&A DAVID ROBINSON Describe what the ISPM provided that traditional gap analysis projects have not.

21 Q&A DAVID ROBINSON What did you like about the data gathering process during the onsite workshop?

22 Q&A DAVID ROBINSON What value did you get out of the final set of deliverables that were provided by FishNet Security?

23 Q&A DAVID ROBINSON How did Lockton use the information that came out of the workshop?

24 Q&A DAVID ROBINSON How does Lockton plan to leverage the ISPM beyond the project that FishNet Security conducted?

25 Q&A DAVID ROBINSON Were there any unexpected side benefits realized by Lockton during the ISPM engagement?

26 THANK YOU Nick Puetz VP, Strategic Services FishNet Security facebook.com/fishnetsecurity twitter.com/fishnetsecurity

Secure360. Measuring the Maturity of your Information Security Program Impossible? Presented by: Mark Carney, VP of Strategic Services

Secure360. Measuring the Maturity of your Information Security Program Impossible? Presented by: Mark Carney, VP of Strategic Services Secure360 Measuring the Maturity of your Information Security Program Impossible? Presented by: Mark Carney, VP of Strategic Services Question about Life HOW DO YOU KNOW IF YOU ARE GETTING THE MOST OUT

More information

Vendor Risk Management Financial Organizations

Vendor Risk Management Financial Organizations Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current

More information

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview The University of Pittsburgh NIST Cybersecurity Framework Pitt NIST Cybersecurity Framework Program Wrap Up Questions

More information

Enterprise Service Management (ESM)

Enterprise Service Management (ESM) Enterprise Service Management (ESM) A Reference Model for Adopting and Adapting IT Best Practices Across and Enterprise itsm003 v.3.0 Agenda and Objectives What are ESM Best Practices? What is the ESM

More information

Applied Security Metrics

Applied Security Metrics Applied Security Metrics Planning, design and implementation of security metrics Doug Streit, ODU Dan Han, VCU Designing a Security Metrics Framework Doug Streit, ODU Metrics Program Getting Started 1.

More information

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013 Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities

More information

EMA CMDB Assessment Service

EMA CMDB Assessment Service The Promise of the CMDB The Configuration Management Database (CMDB) provides a common trusted source for all IT data used by the business and promises to improve IT operational efficiency and increase

More information

Breaking Down the Silos: A 21st Century Approach to Information Governance. May 2015

Breaking Down the Silos: A 21st Century Approach to Information Governance. May 2015 Breaking Down the Silos: A 21st Century Approach to Information Governance May 2015 Introduction With the spotlight on data breaches and privacy, organizations are increasing their focus on information

More information

Maintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com

Maintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance

More information

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25

More information

IESO Information & Technology Services Group Roles, Responsibilities, and Project Management. Doug Thomas: VP- I&TS and CIO May 28, 2015

IESO Information & Technology Services Group Roles, Responsibilities, and Project Management. Doug Thomas: VP- I&TS and CIO May 28, 2015 IESO Information & Technology Services Group Roles, Responsibilities, and Project Management Doug Thomas: VP- I&TS and CIO May 28, 2015 IESO I&TS: Presentation Agenda Group Overview Roles and responsibilities

More information

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE 1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH

More information

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013 IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends

More information

Vendor Management Panel Discussion. Managing 3 rd Party Risk

Vendor Management Panel Discussion. Managing 3 rd Party Risk Vendor Management Panel Discussion Managing 3 rd Party Risk Vendor Risk at its Finest Vendor Risk at its Finest CVS Care Mark Corporation announced that it had mistakenly sent letters to approximately

More information

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University. Data Sheet Cisco Optimization s Optimize Your Solution using Cisco Expertise and Leading Practices Optimizing Your Business Architecture Today, enabling business innovation and agility is about being able

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

Appendix A-2 Generic Job Titles for respective categories

Appendix A-2 Generic Job Titles for respective categories Appendix A-2 for respective categories A2.1 Job Category Software Engineering/Software Development Competency Level Master 1. Participate in the strategic management of software development. 2. Provide

More information

fs viewpoint www.pwc.com/fsi

fs viewpoint www.pwc.com/fsi fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a

More information

SITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre

SITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre SITA Service Management Strategy Implementation Presented by: SITA Service Management Centre Contents What is a Service? What is Service Management? SITA Service Management Strategy Methodology Service

More information

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security, Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security, streamline compliance reporting, and reduce the overall

More information

Process-Based Business Transformation. Todd Lohr, Practice Director

Process-Based Business Transformation. Todd Lohr, Practice Director Process-Based Business Transformation Todd Lohr, Practice Director Process-Based Business Transformation Business Process Management Process-Based Business Transformation Service Oriented Architecture

More information

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES Aligning information with business and operational objectives ESSENTIALS Leverage EMC Consulting as your trusted advisor to move your and compliance

More information

Implementing Practical Information Security Programs

Implementing Practical Information Security Programs Implementing Practical Information Security Programs CISO Summit March 17-19, 2013 Presented by: David Cass, SVP & Chief Information Security Officer, Elsevier Information Security & Data Protection Office

More information

Bridging the Security Governance Divide in Utilities

Bridging the Security Governance Divide in Utilities Bridging the Security Governance Divide in Utilities About Me Energy Security Advisor to utilities, regulators, integrators, energy start-ups Member: GTM GridEdge Exec Council ISC-ISAC Corporate Board

More information

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT

More information

Data Governance. Unlocking Value and Controlling Risk. Data Governance. www.mindyourprivacy.com

Data Governance. Unlocking Value and Controlling Risk. Data Governance. www.mindyourprivacy.com Data Governance Unlocking Value and Controlling Risk 1 White Paper Data Governance Table of contents Introduction... 3 Data Governance Program Goals in light of Privacy... 4 Data Governance Program Pillars...

More information

Enterprise Security Tactical Plan

Enterprise Security Tactical Plan Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise

More information

Symantec Security Program Assessment

Symantec Security Program Assessment Leverage security maturity to prioritize achievement of enterprise goals The Symantec Security Program Assessment evaluates the maturity of your information security program providing an understanding

More information

Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015

Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 2015 CloudeAssurance Page 1 Table of Contents Copyright and Disclaimer... 3 Appendix A: Introduction... 4 Appendix

More information

Office of the Chief Information Officer

Office of the Chief Information Officer Office of the Chief Information Officer Business Plan: 2012 2015 Department / Ministère: Executive Council Date: November 15, 2012 1 P a g e This Page Left Intentionally Blank 2 P a g e Contents The Business

More information

Moving Forward with IT Governance and COBIT

Moving Forward with IT Governance and COBIT Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around

More information

Solving IT systems management and service management challenges with help of IBM Tivoli Overview

Solving IT systems management and service management challenges with help of IBM Tivoli Overview Solving IT systems management and service management challenges with help of IBM Tivoli Overview Ēriks Miķelsons Tivoli Product Sales Manager Baltic Countries October 10, 2007 Vilnius Innovation is the

More information

EMA Service Catalog Assessment Service

EMA Service Catalog Assessment Service MORE INFORMATION: To learn more about the EMA Service Catalog, please contact the EMA Business Development team at +1.303.543.9500 or enterpriseit@enterprisemanagement.com The IT Service Catalog Aligning

More information

IA Metrics Why And How To Measure Goodness Of Information Assurance

IA Metrics Why And How To Measure Goodness Of Information Assurance IA Metrics Why And How To Measure Goodness Of Information Assurance Nadya I. Bartol PSM Users Group Conference July 2005 Agenda! IA Metrics Overview! ISO/IEC 21827 (SSE-CMM) Overview! Applying IA metrics

More information

Master Data Management Defining & Measuring MDM Maturity, A Continuous Improvement Approach

Master Data Management Defining & Measuring MDM Maturity, A Continuous Improvement Approach Master Data Management Defining & Measuring MDM Maturity, A Continuous Improvement Approach DEFINE IMPROVE MEASURE Presentation by Mark Allen 1 About the Author Mark Allen has over 25 years of data management

More information

Board of Trustees IT Subcommittee Meeting. November 3, 2014 2:00-2:50 PM Harper Center 3023

Board of Trustees IT Subcommittee Meeting. November 3, 2014 2:00-2:50 PM Harper Center 3023 Board of Trustees IT Subcommittee Meeting November 3, 2014 2:00-2:50 PM Harper Center 3023 Agenda Introductions June 2, 2014 Meeting Minutes Creighton University Digital Strategy Information Technology

More information

All PMO s are NOT the same!

All PMO s are NOT the same! October 2015 Trissential Consulting Carl M. Manello Practice Lead All PMO s are NOT the same! There is a lack of perceived value of PMOs, a lack of project/program maturity and a lack of executive support

More information

ITIL and IT Operations Optimization

ITIL and IT Operations Optimization ITIL and IT Operations Optimization Ed Holub, Research VP 22 July 2009 Gartner Webinar Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written

More information

Impact of New Internal Control Frameworks

Impact of New Internal Control Frameworks Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com

More information

The Value of Vulnerability Management*

The Value of Vulnerability Management* The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda

More information

Beyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist

Beyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist Beyond Mandates: Getting to Sustainable IT Governance Best Practices Steve Romero PMP, CISSP, CPM IT Governance Evangelist Agenda > IT Governance Definition > IT Governance Principles > IT Governance Decisions

More information

Advanced Topics for TOGAF Integrated Management Framework

Advanced Topics for TOGAF Integrated Management Framework Instructor: Robert Weisman MSc, PEng, PMP CD Robert.weisman@buildthevision.ca Advanced Topics for TOGAF Integrated Management Framework ROBERT WEISMAN CEO BUILD THE VISION, INC. WWW.BUILDTHEVISION.CA EMAIL:

More information

NETWORK SECURITY SOLUTIONS

NETWORK SECURITY SOLUTIONS NETWORK SECURITY SOLUTIONS Protecting Your Environment While Maintaining Connectivity OVERVIEW Network security and design is significantly more complex than it was even just a few years ago, and the pace

More information

COBIT Helps Organizations Meet Performance and Compliance Requirements

COBIT Helps Organizations Meet Performance and Compliance Requirements DISCUSS THIS ARTICLE COBIT Helps Organizations Meet Performance and Compliance Requirements By Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert,

More information

ITSM 101. Patrick Connelly and Sandeep Narang. Gartner. www.it.ufl.edu

ITSM 101. Patrick Connelly and Sandeep Narang. Gartner. www.it.ufl.edu ITSM 101 Patrick Connelly and Sandeep Narang Gartner 1 IT Service Management 101 Agenda What is IT Service Management? Why is IT Service Management Important? Speaking a Common Language: Overview of Key

More information

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to

More information

State of Information Security

State of Information Security State of Information Security Second Annual Assessment Study 2013 Table of Contents: Synopsis and Methodology _ page 2 A Snapshot of Participants _ page 2 Survey Findings _ page 5 Final Thoughts _ page

More information

Information Technology Governance: Key Success Factors

Information Technology Governance: Key Success Factors Information Technology Governance: Key Success Factors Tim Brooks VP & CIO Saint Louis University AITP September 22, 2011 Tim Brooks - Saint Louis University 1 Discussion Points What is IT Governance?

More information

OE PROJECT CHARTER TEMPLATE

OE PROJECT CHARTER TEMPLATE PROJECT : PREPARED BY: DATE (MM/DD/YYYY): Project Name Typically the Project Manager Project Charter Last Modified Date PROJECT CHARTER VERSION HISTORY VERSION DATE (MM/DD/YYYY) COMMENTS (DRAFT, SIGNED,

More information

Fortune 500 Medical Devices Company Addresses Unique Device Identification

Fortune 500 Medical Devices Company Addresses Unique Device Identification Fortune 500 Medical Devices Company Addresses Unique Device Identification New FDA regulation was driver for new data governance and technology strategies that could be leveraged for enterprise-wide benefit

More information

Establishing Enterprise Portfolio and Project Management in a Shared Service Environment

Establishing Enterprise Portfolio and Project Management in a Shared Service Environment Establishing Enterprise Portfolio and Project Management Author: Lynn Tyndall Date: October 14, 2008 Version: 1.0 1 of 8 Document Revision History Revision # Date Change Authorization Document Approval(s)

More information

Finding The PPM Sweet Spot

Finding The PPM Sweet Spot Finding The PPM Sweet Spot How the Cloud and a Top Down Approach Can Help Drive Project Portfolio Value Featured Presenter: Daniel Stang Research Director Welcome! Thank you for joining us. A few things

More information

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015 Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...

More information

The Core of V3 Service Strategy

The Core of V3 Service Strategy Integriertes Risk und Compliance Management als Elemente einer umfassenden IT-Governance Strategie Ing. Martin Pscheidl, MBA, MSc cert. IT Service Manager Manager, Technical Sales CA Software Österreich

More information

IT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma

IT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma IT Governance, Risk and Compliance (GRC) : A Strategic Priority Joerg Asma Agenda Introductions An Overview of IT Governance Risk & Compliance (IT-GRC) The Value Proposition Implementing an IT-GRC Program

More information

Employing ITSM in Value Added Service Provisioning

Employing ITSM in Value Added Service Provisioning RL Consulting People Process Technology Organization Integration Employing ITSM in Value Added Service Provisioning Prepared by: Rick Leopoldi January 31, 2015 BACKGROUND Service provisioning can oftentimes

More information

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012 Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters

More information

ITIL and IT Operations Optimization

ITIL and IT Operations Optimization ITIL and IT Operations Optimization Ed Holub, Research VP 17 June 2009 Gartner Webinar Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written

More information

CIOs: How to Become the CEO s Business Partner

CIOs: How to Become the CEO s Business Partner CIOs: How to Become the CEO s Business Partner A Best Practices ebook Nicolas Betbeder-Matibet, Managing Director, MEGA Asia - The Agenda for CIOs in 2012 According to Gartner*: CIO strategies concentrate

More information

Denise Black IT Transition Director. IT Shared Services. Vision to Reality

Denise Black IT Transition Director. IT Shared Services. Vision to Reality Denise Black IT Transition Director IT Shared Services Vision to Reality Agenda The End Result Background Drivers Vision Benefits Program Scope Roadmap Governance Organizational Change Stakeholder Management

More information

EMC PERSPECTIVE. Information Management Shared Services Framework

EMC PERSPECTIVE. Information Management Shared Services Framework EMC PERSPECTIVE Information Management Shared Services Framework Reader ROI Information management shared services can benefit life sciences businesses by improving decision making by increasing organizational

More information

Developing National Frameworks & Engaging the Private Sector

Developing National Frameworks & Engaging the Private Sector www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012

More information

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP How to start a software security initiative within your organization: a maturity based and metrics driven approach Marco Morana OWASP Lead/ TISO Citigroup OWASP Application Security For E-Government Copyright

More information

OLG CobiT Deployment. IT Business Process Improvement

OLG CobiT Deployment. IT Business Process Improvement OLG CobiT Deployment IT Business Process Improvement Goal & Agenda Goal: To share information about the implementation of the CobiT Controls for IT Governance at Ontario Lottery & Gaming (OLG). Agenda:

More information

IT Management & Governance Diagnostic Program

IT Management & Governance Diagnostic Program IT & Governance Diagnostic Program Prepared for Sample IT Company This report was prepared by Info-Tech Research Group for Sample IT Company on 2015-05-20. Data is comprised of 6 responses. IT & Governance

More information

Leveraging a Maturity Model to Achieve Proactive Compliance

Leveraging a Maturity Model to Achieve Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance White Paper: Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance Contents Introduction............................................................................................

More information

Principled Performance & GRC

Principled Performance & GRC part of GRC Fundamentals Principled Performance & GRC How principled performance is the new normal and the imperative for integrating governance, performance, risk, internal control and compliance management

More information

The Business IT Alignment theme. Jurriaan Horowitz

The Business IT Alignment theme. Jurriaan Horowitz The Business IT Alignment theme Jurriaan Horowitz j.horowitz@quintgroup.com Agenda Biz/IT issues and solution models Business IT Alignment (BITA) Service IT Improvement Strategy Slide 2 Agenda Biz/IT issues

More information

A Roadmap for Planning Process Improvement

A Roadmap for Planning Process Improvement Pittsburgh, Pennsylvania A Roadmap for Planning Process Improvement June 2006 E-SEPG, Amsterdam Agapi Svolou Barbara Tyson SuZ Garcia Peter Leeson Andre Heijstek 2006 Carnegie Mellon University Agenda

More information

Analyzing Risks in Healthcare. February 12, 2014

Analyzing Risks in Healthcare. February 12, 2014 Analyzing s in Healthcare February 12, 2014 1 Content What is Enterprise Management (ERM) ERM Benefits ERM Standards / ISO 31000:2009 ERM Process Register ERM Governance Model s Q&A 2 What is Enterprise

More information

ITIL AND COBIT EXPLAINED

ITIL AND COBIT EXPLAINED ITIL AND COBIT EXPLAINED 1 AGENDA Overview of Frameworks Similarities and Differences Details on COBIT Framework (based on version 4.1) Details on ITIL Framework, focused mainly on version.2. Comparison

More information

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI Gobierno de TI Enfrentando al Reto IT Facing the Challenge Everett C. Johnson, CPA International President ISACA and ITGI 1 Add titles Agenda Agenda IT governance keys IT governance focus areas: theory

More information

ESKISP6046.02 Direct security architecture development

ESKISP6046.02 Direct security architecture development Overview This standard covers the competencies concerned with directing security architecture activities. It includes setting the strategy and policies for security architecture, and being fully accountable

More information

An Introduction to SharePoint Governance

An Introduction to SharePoint Governance An Introduction to SharePoint Governance A Guide to Enabling Effective Collaboration within the Workplace Christopher Woodill Vice President, Solutions and Strategy christopherw@navantis.com 416-477-3945

More information

Cisco Network Optimization Service

Cisco Network Optimization Service Service Data Sheet Cisco Network Optimization Service Optimize your network for borderless business evolution and innovation using Cisco expertise and leading practices. New Expanded Smart Analytics Offerings

More information

Statement of Work. For the College of Charleston

Statement of Work. For the College of Charleston BACKGROUND Statement of Work Service Management Roadmap and Service Desk Standardization Workshops For the College of Charleston The College of Charleston is a public liberal arts and sciences university

More information

building a business case for governance, risk and compliance

building a business case for governance, risk and compliance building a business case for governance, risk and compliance contents introduction...3 assurance: THe last major business function To be integrated...3 current state of grc: THe challenges... 4 building

More information

ITIL: What it is What it Can Do For You V2.1

ITIL: What it is What it Can Do For You V2.1 ITIL: What it is What it Can Do For You V2.1 Service Solution Company Facilitated by: Patrick Musto Agenda Answer the questions what? and how? Historical Background Fundamental Principles 5 Lifecycle Phases

More information

IIA Conference. September 18, 2015. Paige Needling Director, Global Information Security Recall, Inc.

IIA Conference. September 18, 2015. Paige Needling Director, Global Information Security Recall, Inc. IIA Conference September 18, 2015 Paige Needling Director, Global Information Security Recall, Inc. IT SECURITY UMBRELLA Compliance for IT Data Privacy Protection Privacy Risk Assessment Vulnerability

More information

Driving PPM Adoption Through Effective Change Management

Driving PPM Adoption Through Effective Change Management Driving PPM Adoption Through Effective Change Management Presenters: David Boghossian, Founder, PowerSteering Software Jay Hoskins, PowerSteering Business PPM Consultant Welcome! Thank you for joining

More information

Differentiate your business with a cloud contact center

Differentiate your business with a cloud contact center Differentiate your business with a cloud contact center A guide to selecting a partner that will enhance the customer experience An Ovum White Paper Sponsored by Cisco Systems, Inc. Publication Date: September

More information

RSA Archer Risk Intelligence

RSA Archer Risk Intelligence RSA Archer Risk Intelligence Harnessing Risk to Exploit Opportunity June 4, 2014 Steve Schlarman GRC Strategist 1 Risk and Compliance Where is it today? 2 Governance, Risk, & Compliance Today 3 4 A New

More information

Leveraging Your Tools for Better Compliance

Leveraging Your Tools for Better Compliance Leveraging Your Tools for Better Compliance Using People, Process, and Technology to Measure Compliance Agenda Why are we doing it? Current Sources of Information (People, Process, Technology) Limitation

More information

Principles of Execution. Tips and Techniques for Effective Project Portfolio Management

Principles of Execution. Tips and Techniques for Effective Project Portfolio Management Principles of Execution Tips and Techniques for Effective Project Management Roadmap Develop A Shared Vision for Management Understanding the Difference between Project Management Reviews and Management

More information

Hot Topics in IT. CUAV Conference May 2012

Hot Topics in IT. CUAV Conference May 2012 Hot Topics in IT CUAV Conference May 2012 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.

More information

Enterprise Business Service Management

Enterprise Business Service Management Technical white paper Enterprise Business Service Management Key steps and components of a successful solution Table of contents Executive Summary... 2 Setting the goal establishing an IT initiative...

More information

Oakland County Department of Information Technology Project Scope and Approach

Oakland County Department of Information Technology Project Scope and Approach Leadership Group: Information Technology Steering Committee Department: Information Technology Division: Technical Systems and Networking Project Sponsor: Date Requested: 6/26/6 PM Customer No. 186 Request

More information

Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL

Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL EGI Technical Forum 2011, Lyon (France) September 22, 2011 Dr. Thomas Schaaf www.gslm.eu EMERGENCE TECH LTD. The

More information

Cisco Unified Communications Scoped Planning and Design Services

Cisco Unified Communications Scoped Planning and Design Services Cisco Unified Communications Scoped Planning and Design Services Successfully plan and design a high-performance Cisco Unified Communications system, accelerating business advantage. Service Overview Cisco

More information

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher Understanding Enterprise Risk Management Presented by Dorothy Gjerdrum Arthur J Gallagher Learning Objectives Understand the components of a wellrun ERM program Review scope and process Explore the role

More information

The role of IT in business-led Data Governance. by First San Francisco Partners

The role of IT in business-led Data Governance. by First San Francisco Partners The role of IT in business-led Data Governance by First San Francisco Partners 2 It s been said the first step in solving any problem is recognizing there is one. Fortunately today, more and more companies

More information

Enterprise Risk Management & Information Technology

Enterprise Risk Management & Information Technology Enterprise Risk Management & Information Technology Presented by Scott Perry and Gary Ross Slalom Consulting, San Francisco Agenda Introductions Session Objectives Overview of Enterprise Risk Management

More information

TECHNOLOGY SOLUTIONS FOR THE INTERNAL AUDITOR

TECHNOLOGY SOLUTIONS FOR THE INTERNAL AUDITOR TECHNOLOGY SOLUTIONS FOR THE INTERNAL AUDITOR (BUY VS BUILD) APRIL 17, 2015 LEVERAGING TECHNOLOGY FOR AUDIT Utilizing Software to Administrate Audit Process 40% 35% 30% 37% Tools Leveraged 32% 36% Yes

More information

Regulatory Compliance Management for Energy and Utilities

Regulatory Compliance Management for Energy and Utilities Regulatory Compliance Management for Energy and Utilities The Energy and Utility (E&U) sector is transforming as enterprises are looking for ways to replace aging infrastructure and create clean, sustainable

More information

Benefits of Adopting Data Management Practices to strengthen Measurement Analysis

Benefits of Adopting Data Management Practices to strengthen Measurement Analysis Benefits of Adopting Data Management Practices to strengthen Measurement Analysis Gurdarshan Singh Brar, Dilip Gore, Arun Guruswami Wipro Technologies 1 Contents 1 About Wipro 2 IT Services Organization

More information

Smart Security. Smart Compliance.

Smart Security. Smart Compliance. Smart Security. Smart Compliance. SRM are dedicated to helping our clients stay safe in the information environment. With a wide range of knowledge and practical experience, our consultants are ready to

More information

QA Engagement Models. Managed / Integrated Test Center A Case Study

QA Engagement Models. Managed / Integrated Test Center A Case Study 1 QA Engagement Models Managed / Integrated Test Center A Case Study 2 Today s Agenda» Background» Overview of QA Engagement Models MTC & ITC» The Journey to Steady State» Transition Approach» Challenges

More information

Using Organizational Change Management Principles to Create a Scalable OCM Methodology

Using Organizational Change Management Principles to Create a Scalable OCM Methodology Using Organizational Change Management Principles to Create a Scalable OCM Methodology Cynthia Onstott John Spurrell May 16, 2016 2 Today s Learning Objectives How to develop a new Organizational Change

More information

IT Risk Management Life Cycle and enabling it with GRC Technology

IT Risk Management Life Cycle and enabling it with GRC Technology IT Risk Management Life Cycle and enabling it with GRC Technology Debbie Lew (debbie.lew@ey.com), Senior Manager, E&Y Steven Jones (steven.jones@ey.com), Senior Manager, E&Y Overview 1. What is risk management?

More information

SECURITY. Risk & Compliance Services

SECURITY. Risk & Compliance Services SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize

More information