Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization
|
|
- Dominic Turner
- 8 years ago
- Views:
Transcription
1 Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization
2 Outside View of Increased Regulatory Requirements Regulatory compliance is often seen as sand in the gears requirements that increase cost, introduce friction into the business processes, and have little or no payback. Introduction of multiple standards and an increasingly complex regulatory environment has disrupted IT Governance focus on improving process efficiencies Limited awareness of unified mapping of new standards and requirements has resulted in duplication of efforts Shifts in technology usage, such as the use of Cloud Computing, has introduced new risks to businesses and introduced uncertainty on how to mitigate these risks while continuing to meet new requirements Source: Gartner Research 1
3 Pressures on Business Today Uncertainty Increased Boards & Executives Accountability Liability Multiple Diverse Risks Modern Enterprise Spiraling Compliance Costs Speed Variability Globalization 2
4 Governance Requirements Common Elements and Challenges 3
5 Governance Requirements Understand the external and internal governance expectations of IT, and the common controls and objectives. Legislative & Mandated SOX HIPAA/HITECH PCI NIST Red Flag Rules ediscovery External & nonmandated ISO 27001/2 SLA HITRUST COSO COBIT Internal SAS 70 Internal SLAs Business Continuity Customer Requirements 4
6 Governance Requirements ISO Compliance Examines the organization's information security risks, taking account of the threats, vulnerabilities and impacts Requires the organization to design and implement a coherent and comprehensive suite of information security controls Brings information security under explicit management control PCI Compliance Prevents credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations which hold, process, or pass cardholder information SOX Established corporate governance standards for public companies. Placed responsibility on boards of directors, CEOs and CFOs to design and implement appropriate corporate governance processes. 5
7 Governance Requirements HIPAA/HITECH Outlines information security requirements for health information systems and exchanges. Established the Common Security Framework (CSF), a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. The CSF harmonizes the requirements of existing standards and regulations, including federal (HIPAA, HITECH), third party (PCI, COBIT) and government (NIST, FTC). Business Continuity Prepares an organization to respond to events that disrupt normal and on-going operations. Risk management is an essential element of business continuity. and many more 6
8 7
9 Governance Requirements Typical Challenges Managed in silos Mostly reactionary projects Handled separately from mainstream processes and decision making Humans utilized as middleware leading to Greater risks More complexity Lower confidence Higher cost Limited and fragmented use of technology 8
10 Governance Requirements Common Elements - One Framework, Multiple Standards Compliance frameworks have been developed to simultaneously cover a wide range of standards: ISACA COBIT ISACA has and continues to invest efforts in mapping COBIT framework with ISO/IEC 27002, SOX, etc. to improve control environment efficiencies. Unified Compliance Framework (UCF) One of the first and largest independent initiatives to map IT controls across international regulations, standards, and best practices. HITRUST Common Security Framework (CSF) Unifies all targeted frameworks and standards (COBIT, ISO, PCI, HIPAA, etc.) relevant to health care. Many portions of the framework can also aid non-health care related organizations. 9
11 What is HITRUST? Executive Committee The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of the broad adoption of health information systems and exchanges. Industry-based collaboration among healthcare, business, technology and information security leaders, has established the Common Security Framework (CSF), a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. The CSF is an information security framework that harmonizes the requirements of existing standards and regulations, including federal (HIPAA, HITECH), third party (PCI, COBIT) and government (NIST, FTC). As a framework, the CSF provides organizations with the needed structure, detail and clarity relating to information security tailored to the healthcare industry. Beyond the establishment of the CSF, HITRUST is also driving adoption and widespread confidence in the framework and sound risk management practices through education, advocacy and other outreach activities. Ultimately, an organization's adoption of the CSF will establish confidence in its ability to ensure the security of personal health information.
12 Governance Requirements Common Elements - One Framework, Multiple Standards The HITRUST Common Security Framework (CSF) provides a valuable method to assess the security controls in a healthcare environment and provide a path for continuous improvement. Because it was developed leveraging multiple security standards and regulations, the model provides a convenient single model to leverage for many of your security governance requirements. COBIT COBIT ISO 27001/2 ISO 27001/2 HITECH Act HIPAA Security PCI HITECH Act HITRUST CSF HIPAA Security PCI Meaningful Use NIST States Meaningful Use NIST States 11
13 HITRUST Common Security Framework (CSF) The HITRUST Common Security Framework is a viable alternative to developing a custom framework HITRUST unifies all targeted frameworks and standards relevant to health care HITRUST is constantly revised to ensure currency and relevance Control practices tailored to the health care environment Self-assessment criteria for control and supporting control practice compliance 2009 HITRUST LLC, Frisco, TX. All Rights Reserved. 12
14 13 Governance Framework
15 IT Governance vs. Compliance Productivity IT Governance Policy Do it right Strategy Value Defining Standards IT Processes Val IT ITIL ISO Best Practices Process Do it better Performance Value Adding Risk Management CobiT Operation Risk Mgmt IT Security IT Risk Mgmt Control Objectives (statements) Do it to protect Mitigation Value Preserving Controls Practices Compliance Sox Banking Regs National Regs Other Regs Do it or else Check & Balance Transparency Regulation Reporting & Metrics 14
16 The Protiviti Governance Model The value of effective governance is improved business performance and outcomes. Effective IT governance aids in addressing and mitigating some of the overall risks faced by an organization By implementing effective governance practices mechanisms are established for IT to: Understand and manage all ITrelated risks Optimize returns on IT-related business investments Deliver value from IT expenditure Maximize opportunities for business use of IT Provide appropriate IT capabilities Address legal and regulatory compliance Provide transparency and assurance that IT objectives are being achieved 15
17 Envisioning the Future State IT Governance is defined as the ability for the enterprise s IT function to sustain and extend the organization s strategies and objectives. Understand & Scope Identify your organization s internal & external requirements. Establish Desired Structure Assess Business and IT strategy to determine the proper alignment of business activities and controls. Determine Existing Capabilities Evaluate the existing formal and informal management practices within IT. Assess how these align with the desired structure of the governance program. Create Plan to Enhance Existing Processes & Controls Create a plan to enhance and formalize existing management processes. Sustain Measure process throughput via KPIs, monitor process performance and identify workflow constraints. 16
18 Common Governance Implementation Strategy Security Policy & Program Security Strategy & Architecture Security Implementation & Deployment Security Metrics Incident Response Awareness & Training Infrastructure Vulnerability Application Vulnerability Network Vulnerability Database Vulnerability Program Policy Standards Alignment Metrics Awareness Training Strength Servers Network Application Database ID Mgmt Policy Implementation SSO, RBAC Federation Trusted Credentials Open Identities Data Centric Discovery Classification Data Leakage Encryption Privacy Compliance PCI, HITRUST Vendor Mgmt Access Mgmt Policy & Standards IDAM Design & Implementation Identity Credential Selection Services Identity Federation Strategy & Implementation Data Classification Data Leakage Services Encryption & Storage Strategy & Implementation Privacy Management & Implementation PCI Planning, Readiness & Compliance HITRUST Planning, Readiness & Compliance Other Data Compliance Vendor Due Diligence Other Data Security & Privacy Management 17
19 Envisioning the Future State What IT processes will be impacted: Determine the processes that will influence IT s new KPIs? - Security Administration - Asset Management - Project Management - Security Monitoring - Incident Management What is to be measured: Your specific control requirements must be integrated into existing management processes. Consider what KPIs are needed to measure compliance? Process Performance? Resource productivity? Establish an organizational structure and performance expectations that support the objectives How can our KPIs be categorized into how IT manages demand and service? 18
20 19
21 Future State Outcomes Organizational Transparency Ongoing collaboration with the entire organization to determine current compliance requirements, overlaps amongst these requirements, and opportunities for control consolidation to improve efficiencies. Communication on a regular basis between IT teams to maintain standardized processes Integration, Streamlined Processes, and Common Dialog Understanding business needs, the current IT landscape including people, processes, and technology, and the required future state Development of solid risk management strategies capable of identifying high-risk processes and control requirements to mitigate these risks Integration and standardization of activities among the entire IT team from Help Desk to Infrastructure Support 20
22 Future State Outcomes Integration, Streamlined Processes, and Common Dialog (continued) Proactive monitoring of Public Policy and the current Regulatory Environment in order to meet new and existing regulatory requirements Automation of compliance efforts through Governance, Risk, and Compliance platforms Security and Resource Efficiencies Controls driven by business process vs. compliance Improvement in security and monitoring from streamlined control sets Increased resource efficiencies and cost savings through effectively defined roles 21
23 Summary Identify and assess all of your external and internal governance requirements. Build a single common control framework specific to your organization leverage existing frameworks as a starting point. Determine the KPIs that could be used to measure adherence. Identify the IT management processes that influence your control and KPI requirements. Determine how you can formalize and enhance those existing processes. Build sustainability through active management, link performance objectives to organizational objectives. Compliance should be a byproduct of a good governance process 22
24 Contact Us For additional information or to receive a copy of this slide deck, please contact the presentation team: Timothy Maloney Darren Jones Powerful Insights. Proven Delivery. One PPG Place, Suite 2350 Pittsburgh, PA Direct: Mobile: Fax: Timothy.Maloney@protiviti.com Powerful Insights. Proven Delivery. One PPG Place, Suite 2350 Pittsburgh, PA Direct: Mobile: Fax: Darren.Jones@protiviti.com 23
25 24
HITRUST CSF Assurance Program
HITRUST CSF Assurance Program Simplifying the information protection of healthcare data 1 May 2015 2015 HITRUST LLC, Frisco, TX. All Rights Reserved Table of Contents Background CSF Assurance Program Overview
More informationSensitive Data Management: Current Trends in HIPAA and HITRUST
Sensitive Data Management: Current Trends in HIPAA and HITRUST Presented by, Cal Slemp Managing Director, New York, NY June 12, 2012 Speaker Presenter Topic Objective Cal Slemp Managing Director, New York
More informationHIPAA and HITRUST - FAQ
A COALFIRE WHITE PAPER HIPAA and HITRUST - FAQ by Andrew Hicks, MBA, CISA, CCM, CRISC, HITRUST CSF Practitioner Director, Healthcare Practice Lead Coalfire February 2013 Introduction Organizations are
More informationWhat can HITRUST do for me?
What can HITRUST do for me? Dr. Bryan Cline CISO & VP, CSF Development & Implementation Bryan.Cline@HITRUSTalliance.net Jason Taule Chief Security & Privacy Officer Jason.Taule@FEIsystems.com Introduction
More informationKey Speculations & Problems faced by Cloud service user s in Today s time. Wipro Recommendation: GRC Framework for Cloud Computing
Contents Introduction Why GRC Assessment Benefits of Cloud computing and Problem Statement Key Speculations & Problems faced by Cloud service user s in Today s time Threats, Vulnerabilities and related
More informationXBRL & GRC Future opportunities?
XBRL & GRC Future opportunities? Suzanne Janse Deloitte NL Paul Hulst Deloitte / Said Tabet EMC Presenters Suzanne Janse Deloitte Netherlands Director ERP (SAP, Oracle) Risk Management GRC software Paul
More informationigrc: Intelligent Governance, Risk, and Compliance White Paper
igrc: Intelligent Governance, Risk, and Compliance White Paper 2013 2013 Edgile, Inc. All Rights Reserved Executive Overview This whitepaper discusses the business needs addressed by Edgile s igrc solution,
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationHITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
More informationMU Security & Privacy Risk Assessments: What It Is & How to Approach It
MU Security & Privacy Risk Assessments: What It Is & How to Approach It Dr. Bryan S. Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP Advisor, Health Information Trust Alliance 2011-2014 HITRUST LLC, Frisco,
More informationHow To Improve Your Business
IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends
More informationAchieving Business Imperatives through IT Governance and Risk
IBM Global Technology Services Achieving Business Imperatives through IT Governance and Risk Peter Stremus Internet Security Systems, an IBM Company Introduction : Compliance Value Over the past 15 years
More informationCan CA Information Governance help us protect and manage our information throughout its life cycle and reduce our risk exposure?
SOLUTION BRIEF: CA INFORMATION GOVERNANCE Can CA Information Governance help us protect and manage our information throughout its life cycle and reduce our risk exposure? CA Information Governance delivers
More informationIT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma
IT Governance, Risk and Compliance (GRC) : A Strategic Priority Joerg Asma Agenda Introductions An Overview of IT Governance Risk & Compliance (IT-GRC) The Value Proposition Implementing an IT-GRC Program
More informationA Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
More informationPerspectives on Navigating the Challenges of Cybersecurity in Healthcare
Perspectives on Navigating the Challenges of Cybersecurity in Healthcare May 2015 1 Agenda 1. Why the Healthcare Industry Established HITRUST 2. What We Are and What We Do 3. How We Can Help Health Plans
More informationIT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE
1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH
More informationEnhancing IT Governance, Risk and Compliance Management (IT GRC)
Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT
More informationWelcome to Modulo Risk Manager Next Generation. Solutions for GRC
Welcome to Modulo Risk Manager Next Generation Solutions for GRC THE COMPLETE SOLUTION FOR GRC MANAGEMENT GRC MANAGEMENT AUTOMATION EASILY IDENTIFY AND ADDRESS RISK AND COMPLIANCE GAPS INTEGRATED GRC SOLUTIONS
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationGRC Stack Research Sponsorship
GRC Stack Research Sponsorship Overview Achieving Governance, Risk Management and Compliance (GRC) goals requires appropriate assessment criteria, relevant control objectives and timely access to necessary
More informationCA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.
TECHNOLOGY BRIEF: REDUCING COST AND COMPLEXITY WITH GLOBAL GOVERNANCE CONTROLS CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. Table of Contents Executive
More informationInformation Technology Auditing for Non-IT Specialist
Information Technology Auditing for Non-IT Specialist IIA Pittsburgh Chapter October 4, 2010 Agenda Introductions What are General Computer Controls? Auditing IT processes controls Understanding and evaluating
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationProject Management and ITIL Transitions
Project Management and ITIL Transitions April 30 th 2012 Linda Budiman Director CSC 1 Agenda Thought Leadership: Linda Budiman What is ITIL & Project Management: Applied to Transitions Challenges & Successes:
More informationManaging Amazon Web Services within a Hybrid IT model
Managing Amazon Web Services within a Hybrid IT model The last few years have seen revolutionary changes to IT operations as technology infrastructure has been transformed through virtualisation, and the
More informationThe Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach
The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25
More informationIT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014
IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security
More informationBest Practices in Identity and Access Management (I&AM) for Regulatory Compliance. RSA Security and Accenture February 26, 2004 9:00 AM
Best Practices in Identity and Access Management (I&AM) for Regulatory Compliance RSA Security and Accenture February 26, 2004 9:00 AM Agenda Laura Robinson, Industry Analyst, RSA Security Definition of
More informationCloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing
Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Executive Summary As cloud service providers mature, and expand and refine their offerings, it is increasingly difficult for
More informationMU Security & Privacy Risk Assessments: What It Is & How to Approach It
MU Security & Privacy Risk Assessments: What It Is & How to Approach It Dr. Bryan S. Cline, CISSP-ISSEP, CISM, CISA, ASEP, CCSFP CISO & VP, CSF Development & Implementation Health Information Trust Alliance
More informationCombine ITIL and COBIT to Meet Business Challenges
Combine ITIL and COBIT to Meet Business Challenges By Peter Hill, Director, IT Governance Network, and Ken Turbitt, Best Practices Director, BMC Software BEST PRACTICES WHITE PAPER Table of Contents ABSTRACT...
More informationVendor Risk Management Financial Organizations
Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current
More informationIT audit updates. Current hot topics and key considerations. IT risk assessment leading practices
IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationIT Security & Compliance. On Time. On Budget. On Demand.
IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount
More informationCA Technologies Healthcare security solutions:
CA Technologies Healthcare security solutions: Protecting your organization, patients, and information agility made possible Healthcare industry imperatives Security, Privacy, and Compliance HITECH/HIPAA
More informationAssessing & Managing IT Risk
Assessing & Managing IT Risk ISACA Pittsburgh Chapter Meeting October 18, 2010 Agenda Introductions IT Risk Assessment An Approach That Makes Sense to IT Measuring Risk Determining Results Audit Planning
More informationWell-Documented Controls Reduce Risk and Support Compliance Initiatives
White Paper Risks Associated with Missing Documentation for Health Care Providers Well-Documented Controls Reduce Risk and Support Compliance Initiatives www.solutionary.com (866) 333-2133 Many Health
More informationConsolidated Audit Program (CAP) A multi-compliance approach
Consolidated Audit Program (CAP) A multi-compliance approach ISSA CONFERENCE Carlos Pelaez, Director, Coalfire May 14, 2015 About Coalfire We help our clients recognize and control cybersecurity risk,
More informationSECURITY RISK MANAGEMENT
SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W
More informationHow to Lead the People in a Program Based Environment
SESSION ID: GRC-W01 Balancing Compliance and Operational Security Demands Steve Winterfeld Bank Information Security Officer CISSP, PCIP What is more important? Compliance with laws / regulations Following
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationDepartment of Technology Services
Department of Technology Services 2016-2019 Strategic Plan DTS Dept. of Technology Services Utah Code 63F- 1-203 explicitly requires the Chief Information Officer (CIO) to prepare an executive branch strategic
More informationwww.pwc.com Third Party Risk Management 12 April 2012
www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.
More informationAnypoint Platform Cloud Security and Compliance. Whitepaper
Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.
More informationI, (MR. TECHIE) GOT THE CISO JOB! SHOULD I PREPARE 3 ENVELOPES?
I, (MR. TECHIE) GOT THE CISO JOB! SHOULD I PREPARE 3 ENVELOPES? Todd Fitzgerald Director Global Information Security Information Security Management Author ManpowerGroup, Inc. (NYSE:MAN, Fortune 500 #129)
More informationAN OVERVIEW OF INFORMATION SECURITY STANDARDS
AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationUnderstanding HITRUST s Approach to Risk vs. Compliance-based Information Protection
Understanding Compliance vs. Risk-based Information Protection 1 Understanding HITRUST s Approach to Risk vs. Compliance-based Information Protection Why risk analysis is crucial to HIPAA compliance and
More informationCloud Computing are you ready?
Cloud Computing are you ready? Steven Krenz ITSM Practice Lead Agenda Introduction Presentation Topics The traditional Data Center: How it compares to The Cloud Cloud Computing and IT Service Management:
More informationEnabling Compliance Requirements using ISMS Framework (ISO27001)
Enabling Compliance Requirements using ISMS Framework (ISO27001) Shankar Subramaniyan Manager (GRC) Wipro Consulting Services Shankar.subramaniyan@wipro.com 10/21/09 1 Key Objectives Overview on ISO27001
More informationEMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES
EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES Aligning information with business and operational objectives ESSENTIALS Leverage EMC Consulting as your trusted advisor to move your and compliance
More informationSelf-Service SOX Auditing With S3 Control
Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with
More informationManaging Business Risk with HITRUST Leveraging Healthcare s Risk Management Framework
Managing Business Risk with HITRUST Leveraging Healthcare s Risk Management Framework Introduction This presentation is intended to address how an organization can implement the HITRUST Risk Management
More informationInformation Security Governance:
Information Security Governance: Designing and Implementing Security Effectively 2 nd Athens International Forum on Security 15 16 Jan 2009 Anestis Demopoulos, CISA, CISSP, CIA President of ISACA Athens
More informationCreating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services
Creating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services Managing Governance, Risk, and Compliance for Cloud Information Security Introduction Businesses today are
More informationAmid Ongoing Transformation and Compliance Challenges, Cybersecurity Represents Top IT Concern in Financial Services Industry
Amid Ongoing Transformation and Compliance Challenges, Cybersecurity Represents Top IT Concern in Financial Services Industry IT leaders are battening down the hatches, according to Protiviti s latest
More informationDomain 5 Information Security Governance and Risk Management
Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association
More informationIntroduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors
Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Importance of Effective Internal Controls and COSO COSO
More informationTrends in Information Technology (IT) Auditing
Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan
More informationToday s Financial Services IT Organization Delivering Security, Value and Performance Amid Major Transformation
Today s Financial Services IT Organization Delivering Security, Value and Performance Amid Major Transformation Assessing the Financial Services Industry Results from Protiviti s 2014 IT Priorities and
More informationCloud Assurance: Ensuring Security and Compliance for your IT Environment
Cloud Assurance: Ensuring Security and Compliance for your IT Environment A large global enterprise has to deal with all sorts of potential threats: advanced persistent threats (APTs), phishing, malware
More informationSo Why on Earth Would You WANT To be a CISO?
So Why on Earth Would You WANT To be a CISO? SESSION ID: PROF-M05A Todd Fitzgerald CISSP, CISA, CISM, CRISC, CGEIT, PMP, ISO27000, CIPP, CIPP/US, ITILV3f Global Director of Information Security Grant Thornton
More informationThink like an MBA not a CISSP
Think like an MBA not a CISSP Embracing University Culture to Achieve Security Initiatives' Matt Malone Security Services Director 512-650-0179 Matt.Malone@SLAITconsulting.com Goals Security is a business
More informationRSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS
RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS Security solutions for patient and provider access AT A GLANCE Healthcare organizations of all sizes are responding to the demands of patients, physicians,
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationMaintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com
Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance
More informationIT Audit in the Cloud
IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust
More informationITIL's IT Service Lifecycle - The Five New Silos of IT
The workable, practical guide to Do IT Yourself Vol. 4.01 January 1, 2008 ITIL's IT Service Lifecycle - The Five New Silos of IT By Rick Lemieux In my last article I spoke about IT s evolution from its
More informationWhite Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI
White Paper Achieving PCI Data Security Standard Compliance through Security Information Management White Paper / PCI Contents Executive Summary... 1 Introduction: Brief Overview of PCI...1 The PCI Challenge:
More informationBIO Safety - Tips For Maintaining Good Compliance
Using SIEM for Compliance Adrian Lane Security Strategist Securosis.com Overview SIM/SEM Introduction Compliance Initiatives Implementation Examples Tips Other Considerations Evolution of Terminology SIM
More informationCloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC
Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications
More informationCYBERSECURITY: ISSUES AND ISACA S RESPONSE
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures Mobile devices Social media Cloud services
More informationSecuring Your Business with Managed File Transfer
Why FTP/SFTP Solutions Are No Longer a Viable Option www.stonebranch.com Executive Summary This white paper sets out to explain the importance of a Managed File Transfer solution implementation within
More informationHans Bos Microsoft Nederland. hans.bos@microsoft.com
Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party
More informationIT Security & Compliance Risk Assessment Capabilities
ATIBA Governance, Risk and Compliance ATIBA provides information security and risk management consulting services for the Banking, Financial Services, Insurance, Healthcare, Manufacturing, Government,
More informationSecurity, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32
Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More information14 October 2015 ISACA Curaçao Conference By: Paul Helmich
Governance, Risk & Compliance A practical approach 14 October 2015 ISACA Curaçao Conference By: Paul Helmich Topics today What is GRC? How much of all the GRC literature, tools, etc. do I need to study
More informationWhitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff
Whitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff The Challenge IT Executives are challenged with issues around data, compliancy, regulation and making confident decisions on their business
More informationIT risk management discussion 2013 PIAA Leadership Camp May 15, 2013
IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2
More informationCloud Computing An Auditor s Perspective
Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
More informationIT Risk Management Life Cycle and enabling it with GRC Technology
IT Risk Management Life Cycle and enabling it with GRC Technology Debbie Lew (debbie.lew@ey.com), Senior Manager, E&Y Steven Jones (steven.jones@ey.com), Senior Manager, E&Y Overview 1. What is risk management?
More informationHITRUST. Risk Management Frameworks
Risk Management Frameworks How provides an efficient and effective approach to the selection, implementation, assessment and reporting of information security and privacy controls to manage risk in a healthcare
More informationBusiness Continuity in Healthcare
Business Continuity in Healthcare Cynthia Simeone, CBCP, PMP Director Business Resilience Catholic Health Initiatives Scott Ream President Virtual Corporation 1 Session Speakers Cynthia Simeone, CBCP,
More informationIBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Protecting your business value from
More informationSecure Cloud Hosting for Healthcare Organizations
Secure Cloud Hosting for Healthcare Organizations OUR MISSION FIREHOST MISSION Our core is an unshakable, no compromise commitment to protect our customer's digital assets with integrity and innovation
More informationCourse: Information Security Management in e-governance. Day 1. Session 3: Models and Frameworks for Information Security Management
Course: Information Security Management in e-governance Day 1 Session 3: Models and Frameworks for Information Security Management Agenda Introduction to Enterprise Security framework Overview of security
More informationNEC Managed Security Services
NEC Managed Security Services www.necam.com/managedsecurity How do you know your company is protected? Are you keeping up with emerging threats? Are security incident investigations holding you back? Is
More informationKeeping watch over your best business interests.
Keeping watch over your best business interests. 0101010 1010101 0101010 1010101 IT Security Services Regulatory Compliance Services IT Audit Services Forensic Services Risk Management Services Attestation
More informationUsing the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6
to Assess Cybersecurity Preparedness 1 of 6 Introduction Long before the signing in February 2013 of the White House Executive Order Improving Critical Infrastructure Cybersecurity, HITRUST recognized
More information4net Technologies. Managed Services and Cloud Solutions
4net Technologies Managed Services and Cloud Solutions Managed Services and Cloud Solutions Managed Services and Cloud Solutions are an opportunity for organisations to bring control to complexity by managing
More informationI. System Activities that Impact End User Privacy
I. System Activities that Impact End User Privacy A. The Information Life Cycle a. Manual processes i. Interaction ii. Data entry b. Systems i. Operating and file ii. Database iii. Applications iv. Network
More informationGreenPages Healthcare Technology Practice
GreenPages Healthcare Technology Practice Consulting, Engineering, Integration: Comprehensive Technology Solutions for Healthcare. Technology has revolutionized the healthcare industry and is now critical
More informationResponse to NIST: Developing a Framework to Improve Critical Infrastructure Cybersecurity
National Grid Overview National Grid is an international electric and natural gas company and one of the largest investor-owned energy companies in the world. We play a vital role in delivering gas and
More informationKEY TRENDS AND DRIVERS OF SECURITY
CYBERSECURITY: ISSUES AND ISACA S RESPONSE Speaker: Renato Burazer, CISA,CISM,CRISC,CGEIT,CISSP KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures
More informationFederal CIO: Cloud Selection Toolkit. Georgetown University: Chris Radich Dana Christiansen Doyle Zhang India Donald
Federal CIO: Cloud Selection Toolkit Georgetown University: Chris Radich Dana Christiansen Doyle Zhang India Donald Agenda Project Introduction Agency Cloud Challenges Toolkit Solution Overview Step 1:
More informationRSA Solution Brief. The RSA Solution for Cloud Security and Compliance
The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their
More informationCASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link
CASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link Peter Milla CASRO Technical Consultant/CIRQ Technical Advisor peter@petermilla.com Background CASRO and Standards CASRO takes
More informationThe RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief
The RSA Solution for Cloud Security and Compliance A GRC foundation for VMware infrastructure security and compliance Solution Brief The RSA Solution for Cloud Security and Compliance enables end-user
More information