Cyber Risk & Cyber Security Training, Advisory ...riskpro.in/download/cybersecurity.pdf · nce g -l...
Transcript of Cyber Risk & Cyber Security Training, Advisory ...riskpro.in/download/cybersecurity.pdf · nce g -l...
2
Why Cyber Security Framework are Unique
Each industry and each enterprise within it will have differing priorities..
Each Application and each database/server is uniquely configured
Each hacking technique is unique in some way.
BFSI should adopt leading framework to evaluate their preparedness
Example RBI directives to Banks in India.
Cyber Security must be DIFFERENT & SEPARATE from the banks regular
Technology & IT Security.
ISO 27 K best practices. ISO 31000 implementation or COSO 2013
guidelines adherence, as you move towards certification.
3
RBI Guidelines on Cyber Security Framework (Download)
Cyber Security Policy
• Board approved Cyber Security Policy
Inventory of Cyber Risks
•Inventory of cyber threats and mitigating controls
Continuous monitoring (SOC)
• Setup Security operation Centre (SOC)
Cyber Crisis Management Plan
•Board approved CCMP
Cyber security indicators
•Assess level of risk/ KRI
Cyber-security awareness Trainings
•Awareness among staff at all levels
4
How Riskpro can help
• Develop board approved Cyber Security Policy and Cyber Crisis Management Policy
• Establish governance to address cyber risks
• Align to Best practices
Cyber Security Policy
•Develop Risk register specific to cyber threats
•Identify gaps in network security and IT access control risks
Inventory of Cyber Risks
• Perform independent Cyber-Risk audit services assessment
• Support on SOC operations.
• VA/PT services
Continuous monitoring (SOC)
•Board approved CCMP
•Testing of CCMP on an annual basis
•Diagnostic gaps in Crisis Management Framework
Cyber Crisis Management Plan
•Develop Key Risk Indicators to track risks and preparedness
•Periodic audit of cyber threats and report testing to Risk Committees
Cyber security indicators
•2 Days awareness trainings across Institution
•Online E Learning modules for mass awareness
•Reasonable training fees per participant or per day rates
Cyber-security awareness Trainings
5
Cyber Risk - 2 Day Training Programme content & Schedule
Risk & Cyber Risk : Introduction and leading Frameworks
- Emerging cyber risks, trends and challenges
- ISO 27000, 1,2,3,4,5,17 & 18 Frameworks
- ISO 31000 Framework
- COSO 2013 Cyber Risk Principles
- India 2016 RBI circular on Cyber security
- Cyber-Security. Security on the cloud. IoT & m2m Security.
Cyber-Risk Management Process
- Information maturity, costing, value, Prirotisation.
- IT Policies,-Internal Controls and ERM
- Cyber Risk Assessments (Identification, Risk
Assessment, Cyber Risk impact / probability)
- Cyber Risk mitigation perspective
- Risk Appetite, Risk Tolerance and Risk Limits
- Risk Monitoring ,Reporting and Risk Management
Cyber-risk factors
- Emerging Risks
- Regulatory, Compliance and Political Risks
- Risk from SCM & CRM. Demand & Supply
- Reputational Risk
- Risk from growth, scale, M&A & integration
Cyber Risk Theory vs Applied Cyber Risk
- Implementing Cyber Risk Response Strategy
- Cyber Risk in your organisational culture.
- Project vs Process cyber risk management
- Cyber risks in your industry.
- Cyber risks unique to your business.
- Tactical direction & Operational decision making.
Comprehensive Training on Cyber Treats and related Security
Day 1
Day 2
6
Cyber Incident Reporting and Management
RBI cyber-risk circular to India Banks for by SEP 30, 2016
implementation …
RBI requires near-real-time reporting of incidents. Within 2 to 6
hours.
Riskpro has a ready to deploy RBI Reporting tool accessible to all
banks for Annex. 3 of the above RBI circular.
Reporting to other agencies in real-time being implemented.
Incident tracking
7ACT Fast!! [email protected] www.riskpro.in/cybersecurity
8
Riskpro Clients Our ClientsB
an
kin
g/
Insu
ran
ce
Ban
kin
g -
Intl
*Any trademarks or logos used throughout this presentation are the property of their respective owners
9
Riskpro Clients Our ClientsC
orp
ora
te
/ M
NC
s
*Any trademarks or logos used throughout this presentation are the property of their respective owners
10
Riskpro Clients Our ClientsC
orp
ora
te
/ M
NC
s
*Any trademarks or logos used throughout this presentation are the property of their respective owners
11
Riskpro Clients Our ClientsIT
Co
mp
an
ies /
SS
AE
Clien
ts
*Any trademarks or logos used throughout this presentation are the property of their respective owners
12
Riskpro Clients Our ClientsA
cad
em
ics /
Oth
ers
*Any trademarks or logos used throughout this presentation are the property of their respective owners
Co
nsu
ltin
g F
irm
s
13
RESUMES – Our team
Founder - Riskpro
CA, CPA, MBA-Finance (USA), FRM (GARP)
Over 10 years international experience – 6 years in Bahrain and 4 years USA
18 years exp in risk management consulting and internal audits, Specialization in Operational Risk, Basel II, Sox and Control design
Worked for Ernst & Young (Bahrain), Arab Investment Company (Bahrain), Navigant Consulting(USA), Kotak Mahindra Bank (India) and Credit Suisse(India)
Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage Company)
Manoj Jain
Credentials
Co-Founder - Riskpro
PGD (Electrical & Electronics & Computer Programming)
30 years of experience in Information & Communications Technology (ICT) Solutions for Retail, Garments, Manufacturing, Services Industries.
Has created Companies, Divisions, Products, Brands, Teams & Markets.
Consulting in Business, Technology, Marketing & Sales & Strategic Planning.
Advisory, Training, Workshops & Implementation in Systems Thinking, Systems Modeling & Balanced Scorecard
Worked with TIFR, Mahindra, Ambience, Communico-Graphique & Ionidea Inc, USA,
Casper A
bra
ham
14
RESUMES - Our team CredentialsS
hrira
mG
okte
EVP - Risk Management
BTech MBA (USA)
22 years of work experience, 16 of which were in risk management domain, 11 years of global experience in USA & UK
Ex Chief Risk Officer of Birla Sun Life Insurance & CMS Info System .
Managed Risk & Compliance for two UK based insurance KPOs (Paternoster India & JLT India)
Core expertise in ERM, Capital Valuation, Operational Risk, Information Security, BCM, Governance & Internal Audit
CISA, CIA, CMA, FLMI, MBCI qualified
Rit
a S
he
wakra
man
i
Senior Vice President – Risk Advisory Services
Chartered Accountant, a Certified Internal Auditor (CIA) and a Certified Risk Mgmt Professional (CRMA).
She has around 15 years of post qualification experience into Internal Audits, Risk, Application Reviews, Operations / Process/ Internal control reviews, Fraud Investigations, Documentation of SOPs (Standard Operating processes) etc.
She has worked with consulting firms like Baker Tilly Singhi Consultants Pvt Ltd, Price Waterhouse Coopers, EY, Aneja Associates and Corporates like Reliance (Internet Exchange), GE Capital, CMS Computers etc in the past into Internal Audits and Operations Review
She has domain experience in industries such as Manufacturing, Retail, Services (IT Companies/ BPO’s/ KPO’s/ Cash Mgmt Services/ E-Governance/ Field Engineering, Media etc) amongst others.
15
RESUMES – Our Team Credentials
Executive Vice President – Basel II & Banking
Ex- Head of Integrated Risk Management department at Bank of Maharashtra
Responsible for implementation of Risk management guidelines issued by RBI from time to time on Credit risk, Market Risk and Operational risk and reporting regularly to Risk Management Committee of the Board and Board of Directors.
Put in place all policies relating to Risk Management, ALM Policy, ICAAP Policy; Stress Testing Policy, Business Continuity Planning Policy, Outsourcing Policy.
Validated Credit Risk Rating and put in place techniques for identifying and measuring of Pillar 2 risks such as concentration risk, Liquidity risk, IRRBB, Earnings risk, strategic risk etc.
R. M
ura
lidhara
n
SVP- Audit and Risk Management
CA, CIA, CFE and CISA
Ankit has over 15 years of risk management and internal audit experience, SOX &SSAE compliance, fraud reviews, regulatory compliance reviews, external & taxaudits and supporting ERP implementation to ensure effective control design.
He has headed the audit function for a midsize financial services company and thecaptive offshore unit of ANZ Bank one of the big 4 Australian banks. He has alsoworked in PWC for 8 years and Hewlett Packard for 3 years.
Ankit has extensive experience with internal audit in financial services and backoffice operations and has setup internal audit functions for captive units of fourdifferent companies.
Ankit M
anglik
16
Riskpro’s Network Presence
New Delhi
Mumbai
Bangalore
Ahmedabad
Pune
Agra
Salem
Kolkata
Hyderabad
Chennai
Jaipur
17
Who is Riskpro… Why us?
ABOUT US Riskpro is an organisation of member firms
around India devoted to client service excellence. Member firms offer wide range of services in the field of risk management.
Currently it has offices in three major cities Mumbai, Delhi and Bangalore and alliances in other cities.
Managed by experienced professionals with experiences spanning various industries.
MISSION
Provide integrated risk management consulting services to mid-large sized corporate /financial institutions in India
Be the preferred service provider for complete Governance, Risk and Compliance (GRC) solutions.
VALUE PROPOSITION You get quality advisory, normally delivered
by large consulting firms, at fee levels charged by independent & small firms
High quality deliverables
Multi-skilled & multi-disciplined organisation.
Timely completion of any task
Affordable alternative to large firms
DIFFERENTIATORS
Risk Management is our main focus
Over 200 years of cumulative experience
Hybrid Delivery model
Ability to take on large and complex projects due to delivery capabilities
We Hold hands, not shake hands.
18
Risk Management Advisory Services
Training Recruitment
Basel II/III Advisory Market Risk
Credit Risk
Operational Risk
ICAAP
Corporate Risks Enterprise Risk Assessment
Fraud Risk
Risk based Internal Audit
Operations Risk
Forensic services
IT Risk Advisory IS Audit
IT Service Management
IT Assurance
IT Governance
Operational Risk Process reviews
Policy/ Process Review
Process Improvement
Compliance Risk
Insurance Risk
Governance Corporate Governance
Business Strategic risk
Fraud Risk
Forensic Accounting
Other Risks Business/Strategic Risk
Reputation Risk
Outsourcing Risk
Contractual Risk
Banking – E Learning
Corporate Training
Regular Risk Management Training
Online Training material
Workshops / Events
AML-KYC/ ISO standards- 31000
Independent Directors for Corporates
Virtual Risk Managers
Full Time Risk Professionals
Part time Risk Professionals
Risk Managers on call – free
S E
R V
I C
E S