An Introduction to the Information Security Program Model (ISPM)
|
|
- Roderick Mason
- 8 years ago
- Views:
Transcription
1 SECURELY ENABLING BUSINESS An Introduction to the Information Security Program Model (ISPM) Presented by: Nick Puetz VP of Strategic Services, FishNet Security David Robinson CIO, Lockton Companies
2 AGENDA Information Security Program Model (ISPM) Overview Why the ISPM Goals of the ISPM ISPM Overview ISPM Deliverables
3 GAP ANALYSIS GAPS Client asks: How mature is my security program? What do I need to fix first? What does my long-term roadmap look like? How do I manage and measure my program once you leave? What traditional Gap Analysis projects are missing? Findings are overly tactical; very black and white. Lacks actionable and prioritized remediation roadmap. Provides very little program level analysis or direction.
4 PURPOSE OF THE ISPM Provide a foundation to build and develop an Information Security Program. Identify the gaps in your security program, evaluate its maturity and better manage your security strategy. Ensure priority is placed on the most valued aspects of your security program. Articulate information security program s value and progress to executives. Continually measure the maturity of one s information security program against best practices and/or industry vertical peers.
5 ISPM OVERVIEW FishNet Security Information Security Program Model Developed: January 2012 Authors: 12+ contributors Model consists of: 3 Pillars (Governance & Policy, Risk, and Operations Management) 23 Programs 157 Strong Characteristics Based on Info Security Best Practices (ISO 27002:2005, CoBIT 4.1, CoBIT 5, NIST PS Series, NERC-CIP, and PCI) Delivery: ISPM Workshop ISPM Assessment ISPM Continuous Engagement
6 INFORMATION SECURITY PROGRAM MODEL 2014 FishNet Security Inc. All rights reserved.
7 ISPM MATURITY VOTING RANKING LEGEND
8 SECURELY ENABLING BUSINESS Information Security Program Model (ISPM) Deliverables
9 ISPM HANDBOOK Detailed narrative document that includes an explanation of the ISPM including descriptions of all Pillars and Elements. Provide guidance for ongoing management of the ISPM Annual Program that enables the customer take control of the program after the initial 12-months of the program.
10 ISPM COMPARISON DASHBOARDS Current State Self-Evaluation INFORMATION SECURITY PROGRAM MODEL (ISPM) PILLARS { Governance & Policy Risk Operations Management PROGRAMS { n/a
11 ISPM VALUE VS. PRIORITY MAP
12 DETAILED INITIATIVE PLANNING Develop an effective logging and Initiative: Target Completion End of Q Importance HIGH monitoring program INITIATIVE SUMMARY: Related Initiatives None Current Maturity (CMMI): 2.25 ABC Inc. will undertake an initiative to develop an enterprise wide approach to the collection and management of log files for key systems within the ABC, Inc. computing environment. This will include Sub-Initiatives Develop a log management framework Develop business, staffing and Conduct a software monitoring / management tool inventory Executive Sponsor Project Manager Key Staff Members Key Skillsets Required CIO IT Delivery Manager IT, Security, Audit Information Security SMEs, product SME(s) Complexity High Resources Required Executive stakeholder involvement and buy in (CEO, CIO, CISO) Resource and expertise availability Business unit buy-in RESULT OF COMPLETED INITIATIVE Future Maturity (CMMI): 4.25 ABC Inc. will have the ability to take a proactive approach to addressing network and access issues. Compliance mandates will be addressed FUNDING/RESOURCE REQUIREMENTS Internal Labor Yes SME input for technical and business requirements. Industry average: Minimum 9 resources to manage SNOC External Labor Yes - Solution specific expertise Other Costs Capital Yes: Product Expense Yes: Ongoing maintenance / support, staffing, and product owner training RISKS Impact to business operations due to a data breach or service outage ABC Company could be in violation of compliance mandates Increase time to identify and resolve network and access issues Inability to answer the why question during a post incident review KEY TASKS/OWNERS Identify compliance mandate requirements Conduct staffing feasibility assessment Develop business and technical solution requirements Develop Gain support Conduct a Determine the Roll out the
13 ISPM STRATEGIC ROADMAP
14 TARGETED ROADMAP Ref# Recommendation Program Priority Initiative Start Resource Product Component Cost ST-01 ST-02 Develop and effective Logging and Monitoring program Build a BYOD strategy and plan Operations Management High Q Internal Yes $ Strategic Business Alignment High Q Blended Yes $$ ST-03 ST-04 Migrate to a unified compliance approach for audit and assessment activities Develop the security Risk Management Communications High Q Blended Yes $$$ High Q Internal No $$$$ ST-05 Conduct a data security associated with the data types used throughout ABC Inc. Communications Medium Q Blended Possible $$$ ST-07 Define business requirements for a enterprise wide GRC solution Policy Management / Risk Management Medium Q Internal Yes $$$
15 ISPM VS. GAP ANALYSIS Executive Summary Detailed Security Controls Analysis Maturity Dashboard Future Initiatives/Remediation Roadmap Provides Executive Reporting Tools Continuous Model Refresh Option Detailed Remediation Recommendations Gap Analysis ISPM Workshop Full ISPM Assessment
16 Q&A DAVID ROBINSON Tell us a little bit about yourself and where you are from.
17 Q&A DAVID ROBINSON Why did you decide to engage FishNet Security for a security review project?
18 Q&A DAVID ROBINSON Had Lockton traditionally used any standards or frameworks to measure and drive security initiatives?
19 Q&A DAVID ROBINSON How do these standards or frameworks stack up when compared to the ISPM?
20 Q&A DAVID ROBINSON Describe what the ISPM provided that traditional gap analysis projects have not.
21 Q&A DAVID ROBINSON What did you like about the data gathering process during the onsite workshop?
22 Q&A DAVID ROBINSON What value did you get out of the final set of deliverables that were provided by FishNet Security?
23 Q&A DAVID ROBINSON How did Lockton use the information that came out of the workshop?
24 Q&A DAVID ROBINSON How does Lockton plan to leverage the ISPM beyond the project that FishNet Security conducted?
25 Q&A DAVID ROBINSON Were there any unexpected side benefits realized by Lockton during the ISPM engagement?
26 THANK YOU Nick Puetz VP, Strategic Services FishNet Security facebook.com/fishnetsecurity twitter.com/fishnetsecurity
Secure360. Measuring the Maturity of your Information Security Program Impossible? Presented by: Mark Carney, VP of Strategic Services
Secure360 Measuring the Maturity of your Information Security Program Impossible? Presented by: Mark Carney, VP of Strategic Services Question about Life HOW DO YOU KNOW IF YOU ARE GETTING THE MOST OUT
More informationVendor Risk Management Financial Organizations
Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current
More informationImplementing Practical Information Security Programs
Implementing Practical Information Security Programs CISO Summit March 17-19, 2013 Presented by: David Cass, SVP & Chief Information Security Officer, Elsevier Information Security & Data Protection Office
More informationEnterprise Service Management (ESM)
Enterprise Service Management (ESM) A Reference Model for Adopting and Adapting IT Best Practices Across and Enterprise itsm003 v.3.0 Agenda and Objectives What are ESM Best Practices? What is the ESM
More informationApplied Security Metrics
Applied Security Metrics Planning, design and implementation of security metrics Doug Streit, ODU Dan Han, VCU Designing a Security Metrics Framework Doug Streit, ODU Metrics Program Getting Started 1.
More informationEMA CMDB Assessment Service
The Promise of the CMDB The Configuration Management Database (CMDB) provides a common trusted source for all IT data used by the business and promises to improve IT operational efficiency and increase
More informationNIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015
NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview The University of Pittsburgh NIST Cybersecurity Framework Pitt NIST Cybersecurity Framework Program Wrap Up Questions
More informationMaintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com
Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationEnabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013
Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities
More informationIESO Information & Technology Services Group Roles, Responsibilities, and Project Management. Doug Thomas: VP- I&TS and CIO May 28, 2015
IESO Information & Technology Services Group Roles, Responsibilities, and Project Management Doug Thomas: VP- I&TS and CIO May 28, 2015 IESO I&TS: Presentation Agenda Group Overview Roles and responsibilities
More informationVendor Management Panel Discussion. Managing 3 rd Party Risk
Vendor Management Panel Discussion Managing 3 rd Party Risk Vendor Risk at its Finest Vendor Risk at its Finest CVS Care Mark Corporation announced that it had mistakenly sent letters to approximately
More informationBreaking Down the Silos: A 21st Century Approach to Information Governance. May 2015
Breaking Down the Silos: A 21st Century Approach to Information Governance May 2015 Introduction With the spotlight on data breaches and privacy, organizations are increasing their focus on information
More informationfs viewpoint www.pwc.com/fsi
fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a
More informationHow To Improve Your Business
IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends
More informationOffice of the Chief Information Officer
Office of the Chief Information Officer Business Plan: 2012 2015 Department / Ministère: Executive Council Date: November 15, 2012 1 P a g e This Page Left Intentionally Blank 2 P a g e Contents The Business
More informationIT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE
1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH
More informationEMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES
EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES Aligning information with business and operational objectives ESSENTIALS Leverage EMC Consulting as your trusted advisor to move your and compliance
More informationAppendix A-2 Generic Job Titles for respective categories
Appendix A-2 for respective categories A2.1 Job Category Software Engineering/Software Development Competency Level Master 1. Participate in the strategic management of software development. 2. Provide
More informationStatement of Work. For the College of Charleston
BACKGROUND Statement of Work Service Management Roadmap and Service Desk Standardization Workshops For the College of Charleston The College of Charleston is a public liberal arts and sciences university
More informationImpact of New Internal Control Frameworks
Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com
More informationCisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.
Data Sheet Cisco Optimization s Optimize Your Solution using Cisco Expertise and Leading Practices Optimizing Your Business Architecture Today, enabling business innovation and agility is about being able
More informationInformation Security & the Business: Changing the Conversation
Information Security & the Business: Changing the Conversation James J. Cusick, PMP Chief Security Officer & Director IT Operations Wolters Kluwer, CT Corporation, New York, NY j.cusick@computer.org Introduction
More informationBridging the Security Governance Divide in Utilities
Bridging the Security Governance Divide in Utilities About Me Energy Security Advisor to utilities, regulators, integrators, energy start-ups Member: GTM GridEdge Exec Council ISC-ISAC Corporate Board
More informationThe Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach
The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25
More informationState of Information Security
State of Information Security Second Annual Assessment Study 2013 Table of Contents: Synopsis and Methodology _ page 2 A Snapshot of Participants _ page 2 Survey Findings _ page 5 Final Thoughts _ page
More informationGovernance and Management of Information Security
Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information
More informationOffice of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015
Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...
More informationMapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA
Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT
More informationProcess-Based Business Transformation. Todd Lohr, Practice Director
Process-Based Business Transformation Todd Lohr, Practice Director Process-Based Business Transformation Business Process Management Process-Based Business Transformation Service Oriented Architecture
More informationSymantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,
Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security, streamline compliance reporting, and reduce the overall
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationData Governance. Unlocking Value and Controlling Risk. Data Governance. www.mindyourprivacy.com
Data Governance Unlocking Value and Controlling Risk 1 White Paper Data Governance Table of contents Introduction... 3 Data Governance Program Goals in light of Privacy... 4 Data Governance Program Pillars...
More informationCloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015
Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 2015 CloudeAssurance Page 1 Table of Contents Copyright and Disclaimer... 3 Appendix A: Introduction... 4 Appendix
More informationCisco Network Optimization Service
Service Data Sheet Cisco Network Optimization Service Optimize your network for borderless business evolution and innovation using Cisco expertise and leading practices. New Expanded Smart Analytics Offerings
More informationSITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre
SITA Service Management Strategy Implementation Presented by: SITA Service Management Centre Contents What is a Service? What is Service Management? SITA Service Management Strategy Methodology Service
More informationEnhancing IT Governance, Risk and Compliance Management (IT GRC)
Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT
More informationSolving IT systems management and service management challenges with help of IBM Tivoli Overview
Solving IT systems management and service management challenges with help of IBM Tivoli Overview Ēriks Miķelsons Tivoli Product Sales Manager Baltic Countries October 10, 2007 Vilnius Innovation is the
More informationOakland County Department of Information Technology Project Scope and Approach
Leadership Group: Information Technology Steering Committee Department: Information Technology Division: Technical Systems and Networking Project Sponsor: Date Requested: 6/26/6 PM Customer No. 186 Request
More informationThe role of IT in business-led Data Governance. by First San Francisco Partners
The role of IT in business-led Data Governance by First San Francisco Partners 2 It s been said the first step in solving any problem is recognizing there is one. Fortunately today, more and more companies
More informationMoving Forward with IT Governance and COBIT
Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around
More informationHuman Performance & the Role of Human Resources
DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY Human Performance & the Role of Human Resources Ms. Cheryl Steptoe-Simon July 20, 2016 Human Performance Functions Human Performance Components
More informationOE PROJECT CHARTER TEMPLATE
PROJECT : PREPARED BY: DATE (MM/DD/YYYY): Project Name Typically the Project Manager Project Charter Last Modified Date PROJECT CHARTER VERSION HISTORY VERSION DATE (MM/DD/YYYY) COMMENTS (DRAFT, SIGNED,
More informationSymantec Security Program Assessment
Leverage security maturity to prioritize achievement of enterprise goals The Symantec Security Program Assessment evaluates the maturity of your information security program providing an understanding
More informationITIL and IT Operations Optimization
ITIL and IT Operations Optimization Ed Holub, Research VP 17 June 2009 Gartner Webinar Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written
More informationIA Metrics Why And How To Measure Goodness Of Information Assurance
IA Metrics Why And How To Measure Goodness Of Information Assurance Nadya I. Bartol PSM Users Group Conference July 2005 Agenda! IA Metrics Overview! ISO/IEC 21827 (SSE-CMM) Overview! Applying IA metrics
More informationCertkiller. 810-420.37Q.A. Cisco 810-420 Understanding Cisco Business Value Analysis Fundamentals
Certkiller. 810-420.37Q.A Number: Cisco 810-420 Passing Score: 800 Time Limit: 120 min File Version: 4.5 http://www.gratisexam.com/ Cisco 810-420 Understanding Cisco Business Value Analysis Fundamentals
More informationBoard of Trustees IT Subcommittee Meeting. November 3, 2014 2:00-2:50 PM Harper Center 3023
Board of Trustees IT Subcommittee Meeting November 3, 2014 2:00-2:50 PM Harper Center 3023 Agenda Introductions June 2, 2014 Meeting Minutes Creighton University Digital Strategy Information Technology
More informationHow to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP
How to start a software security initiative within your organization: a maturity based and metrics driven approach Marco Morana OWASP Lead/ TISO Citigroup OWASP Application Security For E-Government Copyright
More informationCMS Policy for Configuration Management
Chief Information Officer Centers for Medicare & Medicaid Services CMS Policy for Configuration April 2012 Document Number: CMS-CIO-POL-MGT01-01 TABLE OF CONTENTS 1. PURPOSE...1 2. BACKGROUND...1 3. CONFIGURATION
More informationEMA Service Catalog Assessment Service
MORE INFORMATION: To learn more about the EMA Service Catalog, please contact the EMA Business Development team at +1.303.543.9500 or enterpriseit@enterprisemanagement.com The IT Service Catalog Aligning
More informationDeveloping National Frameworks & Engaging the Private Sector
www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012
More informationNERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice
NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to
More informationNew BGP Performa Service for Advanced Software
2014 Honeywell Users Group Americas New BGP Performa Service for Advanced Software Gary Jubien: Americas AS Aftermarket Services Leader 1 Advanced Software Solutions Portfolio 2 Document Software control
More informationBeyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist
Beyond Mandates: Getting to Sustainable IT Governance Best Practices Steve Romero PMP, CISSP, CPM IT Governance Evangelist Agenda > IT Governance Definition > IT Governance Principles > IT Governance Decisions
More information3 Fundamental Strategies to Convince the CFO to Fund Your BI Solution. e-book
3 Fundamental Strategies to Convince the CFO to Fund Your BI Solution e-book Table of Contents Do You and Your CFO See Eye to Eye on BI? Find Common Ground Do Your Homework Establish Yourself as a Trusted
More informationInformation Technology Governance: Key Success Factors
Information Technology Governance: Key Success Factors Tim Brooks VP & CIO Saint Louis University AITP September 22, 2011 Tim Brooks - Saint Louis University 1 Discussion Points What is IT Governance?
More informationState of New Jersey. DEPARTMENTAL DIRECTIVE 1 May 2006 NO. 25.2.3 INFORMATION SECURITY PROGRAM (IASD-ISB)
State of New Jersey DEPARTMENT OF MILITARY AND VETERANS AFFAIRS POST OFFICE BOX 340 TRENTON, NEW JERSEY 08625-0340 JON S. CORZINE Governor Commander-in-Chief GLENN K. RIETH Major General The Adjutant General
More informationESKISP6046.02 Direct security architecture development
Overview This standard covers the competencies concerned with directing security architecture activities. It includes setting the strategy and policies for security architecture, and being fully accountable
More informationbuilding a business case for governance, risk and compliance
building a business case for governance, risk and compliance contents introduction...3 assurance: THe last major business function To be integrated...3 current state of grc: THe challenges... 4 building
More informationITIL: What it is What it Can Do For You V2.1
ITIL: What it is What it Can Do For You V2.1 Service Solution Company Facilitated by: Patrick Musto Agenda Answer the questions what? and how? Historical Background Fundamental Principles 5 Lifecycle Phases
More informationITSM 101. Patrick Connelly and Sandeep Narang. Gartner. www.it.ufl.edu
ITSM 101 Patrick Connelly and Sandeep Narang Gartner 1 IT Service Management 101 Agenda What is IT Service Management? Why is IT Service Management Important? Speaking a Common Language: Overview of Key
More informationFortune 500 Medical Devices Company Addresses Unique Device Identification
Fortune 500 Medical Devices Company Addresses Unique Device Identification New FDA regulation was driver for new data governance and technology strategies that could be leveraged for enterprise-wide benefit
More informationNETWORK SECURITY SOLUTIONS
NETWORK SECURITY SOLUTIONS Protecting Your Environment While Maintaining Connectivity OVERVIEW Network security and design is significantly more complex than it was even just a few years ago, and the pace
More informationLeveraging a Maturity Model to Achieve Proactive Compliance
Leveraging a Maturity Model to Achieve Proactive Compliance White Paper: Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance Contents Introduction............................................................................................
More informationFinding The PPM Sweet Spot
Finding The PPM Sweet Spot How the Cloud and a Top Down Approach Can Help Drive Project Portfolio Value Featured Presenter: Daniel Stang Research Director Welcome! Thank you for joining us. A few things
More informationLeveraging Your Tools for Better Compliance
Leveraging Your Tools for Better Compliance Using People, Process, and Technology to Measure Compliance Agenda Why are we doing it? Current Sources of Information (People, Process, Technology) Limitation
More informationCloud Security Alliance and Standards. Jim Reavis Executive Director March 2012
Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters
More informationSuccessfully Market your PMO
Successfully Market your PMO Tom Mochal President, TenStep, Inc 1 Agenda Background PMO Communication Plan Marketing the value 2 High-level Value Proposition Companies define goals/strategies toward a
More informationCOBIT Helps Organizations Meet Performance and Compliance Requirements
DISCUSS THIS ARTICLE COBIT Helps Organizations Meet Performance and Compliance Requirements By Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert,
More informationPrinciples of Execution. Tips and Techniques for Effective Project Portfolio Management
Principles of Execution Tips and Techniques for Effective Project Management Roadmap Develop A Shared Vision for Management Understanding the Difference between Project Management Reviews and Management
More informationAdvanced Topics for TOGAF Integrated Management Framework
Instructor: Robert Weisman MSc, PEng, PMP CD Robert.weisman@buildthevision.ca Advanced Topics for TOGAF Integrated Management Framework ROBERT WEISMAN CEO BUILD THE VISION, INC. WWW.BUILDTHEVISION.CA EMAIL:
More informationEMC PERSPECTIVE. Information Management Shared Services Framework
EMC PERSPECTIVE Information Management Shared Services Framework Reader ROI Information management shared services can benefit life sciences businesses by improving decision making by increasing organizational
More information10 Best-Selling Modules For Home Information Technology Professionals
Integriertes Risk und Compliance Management als Elemente einer umfassenden IT-Governance Strategie Ing. Martin Pscheidl, MBA, MSc cert. IT Service Manager Manager, Technical Sales CA Software Österreich
More informationTutorial: Towards better managed Grids. IT Service Management best practices based on ITIL
Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL EGI Technical Forum 2011, Lyon (France) September 22, 2011 Dr. Thomas Schaaf www.gslm.eu EMERGENCE TECH LTD. The
More informationIT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma
IT Governance, Risk and Compliance (GRC) : A Strategic Priority Joerg Asma Agenda Introductions An Overview of IT Governance Risk & Compliance (IT-GRC) The Value Proposition Implementing an IT-GRC Program
More informationPrincipled Performance & GRC
part of GRC Fundamentals Principled Performance & GRC How principled performance is the new normal and the imperative for integrating governance, performance, risk, internal control and compliance management
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More informationCIOs: How to Become the CEO s Business Partner
CIOs: How to Become the CEO s Business Partner A Best Practices ebook Nicolas Betbeder-Matibet, Managing Director, MEGA Asia - The Agenda for CIOs in 2012 According to Gartner*: CIO strategies concentrate
More informationEstablishing Enterprise Portfolio and Project Management in a Shared Service Environment
Establishing Enterprise Portfolio and Project Management Author: Lynn Tyndall Date: October 14, 2008 Version: 1.0 1 of 8 Document Revision History Revision # Date Change Authorization Document Approval(s)
More informationEmploying ITSM in Value Added Service Provisioning
RL Consulting People Process Technology Organization Integration Employing ITSM in Value Added Service Provisioning Prepared by: Rick Leopoldi January 31, 2015 BACKGROUND Service provisioning can oftentimes
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationSound Transit Internal Audit Report - No. 2014-3
Sound Transit Internal Audit Report - No. 2014-3 IT Project Management Report Date: Dec. 26, 2014 Table of Contents Page Background 2 Audit Approach and Methodology 2 Summary of Results 4 Findings & Management
More informationIT Service Management Vision and Strategy Summary / Roadmap
IT Service Vision and Strategy Summary / Roadmap Lyle Nevels, Deputy Chief Information Officer Presented at the One IT Summer Gathering August 13, 2014 University Profile and Mission The University of
More informationQlik UKI Consulting Services Catalogue
Qlik UKI Consulting Services Catalogue The key to a successful Qlik project lies in the right people, the right skills, and the right activities in the right order www.qlik.co.uk Table of Contents Introduction
More informationAnalyzing Risks in Healthcare. February 12, 2014
Analyzing s in Healthcare February 12, 2014 1 Content What is Enterprise Management (ERM) ERM Benefits ERM Standards / ISO 31000:2009 ERM Process Register ERM Governance Model s Q&A 2 What is Enterprise
More informationITIL AND COBIT EXPLAINED
ITIL AND COBIT EXPLAINED 1 AGENDA Overview of Frameworks Similarities and Differences Details on COBIT Framework (based on version 4.1) Details on ITIL Framework, focused mainly on version.2. Comparison
More informationGobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI
Gobierno de TI Enfrentando al Reto IT Facing the Challenge Everett C. Johnson, CPA International President ISACA and ITGI 1 Add titles Agenda Agenda IT governance keys IT governance focus areas: theory
More informationAn Introduction to SharePoint Governance
An Introduction to SharePoint Governance A Guide to Enabling Effective Collaboration within the Workplace Christopher Woodill Vice President, Solutions and Strategy christopherw@navantis.com 416-477-3945
More informationLeading Practices in Business Transformation
Leading Practices in Business Transformation Stick To The Game Plan Business Transformation Conference October 2013 While the typical risks and challenges seem intuitive, why do business transformation
More informationDifferentiate your business with a cloud contact center
Differentiate your business with a cloud contact center A guide to selecting a partner that will enhance the customer experience An Ovum White Paper Sponsored by Cisco Systems, Inc. Publication Date: September
More informationEnterprise Business Service Management
Technical white paper Enterprise Business Service Management Key steps and components of a successful solution Table of contents Executive Summary... 2 Setting the goal establishing an IT initiative...
More informationSoftware Defined Hybrid IT. Execute your 2020 plan
Software Defined Hybrid IT Execute your 2020 plan Disruptive Change Changing IT Service Delivery Cloud Computing Social Computing Big Data Mobility Cyber Security 2015 Unisys Corporation. All rights reserved.
More informationEXECUTIVE SUMMARY...5
Table of Contents EXECUTIVE SUMMARY...5 CONTEXT...5 AUDIT OBJECTIVE...5 AUDIT SCOPE...5 AUDIT CONCLUSION...6 KEY OBSERVATIONS AND RECOMMENDATIONS...6 1. INTRODUCTION...9 1.1 BACKGROUND...9 1.2 OBJECTIVES...9
More informationSales & Operations Planning Process Excellence Program
Chemical Sector We make it happen. Better. Sales & Operations Planning Process Excellence Program Engagement Summary November 2014 S&OP Excellence Robust discussions creating valuable ideas Engagement
More informationProject Management vs. Change Management Presentation to the National Institutes of Health July 21, 2015
Project Management vs. Change Management Presentation to the National Institutes of Health July 21, 2015 Presentation Objectives 1. Understand the key challenges and linkages between the disciplines. 2.
More informationChallenges in Improving Information Security Practice in Australian General
Research Online Australian Information Security Management Conference Security Research Institute Conferences 2009 Challenges in Improving Information Security Practice in Australian General Donald C.
More informationRSA Archer Risk Intelligence
RSA Archer Risk Intelligence Harnessing Risk to Exploit Opportunity June 4, 2014 Steve Schlarman GRC Strategist 1 Risk and Compliance Where is it today? 2 Governance, Risk, & Compliance Today 3 4 A New
More informationSUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR
SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR Michael de Crespigny, CEO Information Security Forum Session ID: GRC R02B Session Classification: General Interest KEY ISSUE Our
More informationDriving PPM Adoption Through Effective Change Management
Driving PPM Adoption Through Effective Change Management Presenters: David Boghossian, Founder, PowerSteering Software Jay Hoskins, PowerSteering Business PPM Consultant Welcome! Thank you for joining
More information