IT Risk Management - the right posture
description
Transcript of IT Risk Management - the right posture
![Page 1: IT Risk Management - the right posture](https://reader033.fdocuments.us/reader033/viewer/2022051514/5495558fac79592f2e8b4e05/html5/thumbnails/1.jpg)
ENTERPRISE IT RISK MANAGEMENT“EXPLORING THE RIGHT POSTURE”
PARAG DEODHAR27 JULY 2012 BANGALORE27 JULY 2012 ‐ BANGALORE
![Page 2: IT Risk Management - the right posture](https://reader033.fdocuments.us/reader033/viewer/2022051514/5495558fac79592f2e8b4e05/html5/thumbnails/2.jpg)
EVOLUTION OF IT WITHIN THE ORGANISATIONEVOLUTION OF IT WITHIN THE ORGANISATION
TRANSFORMERENABLER
TRANSFORMER
SUPPORT TEAM
27 July 2012 PARAG DEODHAR 2ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM
![Page 3: IT Risk Management - the right posture](https://reader033.fdocuments.us/reader033/viewer/2022051514/5495558fac79592f2e8b4e05/html5/thumbnails/3.jpg)
ENTERPRISE RISK & ITENTERPRISE RISK & IT
• IT is now CORE to Business• Top 3 areas which Audit Committees want to spend more time on (Source: KPMG Survey)
27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 3
![Page 4: IT Risk Management - the right posture](https://reader033.fdocuments.us/reader033/viewer/2022051514/5495558fac79592f2e8b4e05/html5/thumbnails/4.jpg)
IT RISK MANAGEMENT IS MUCH MORE THANIT SECURITY
N li i d i f i i I ll IT l d• Not limited to information security. It covers all IT‐related risks, including:• Late project deliveryLate project delivery• Not achieving enough
value from ITC li• Compliance
• Misalignment• Obsolete or inflexible
IT architecture• IT service delivery
problemsp
27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 4
![Page 5: IT Risk Management - the right posture](https://reader033.fdocuments.us/reader033/viewer/2022051514/5495558fac79592f2e8b4e05/html5/thumbnails/5.jpg)
IT RISK DOES NOT EMANATE FROM THE IT DEPARTMENT ALONE
• Mergers and Acquisitions• Purchasing software as a service• Investing in application enhancements• Outsourcing and offshoring• Outsourcing and offshoring• Integrating diverse applications
i S li k C– Business Partners, Suppliers, Banks, Customers…
• End Users• Consultants and Auditors!!!
27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 5
![Page 6: IT Risk Management - the right posture](https://reader033.fdocuments.us/reader033/viewer/2022051514/5495558fac79592f2e8b4e05/html5/thumbnails/6.jpg)
WHO OWNS IT RISK?WHO OWNS IT RISK?
• IT Risk Management ‐ Organisation Structure & Reporting line– IT team– Risk Management Team– External Vendors– Group Team
WHO’S NECK IS ON THE LINE WHENDISASTER STRIKES?
27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 6
![Page 7: IT Risk Management - the right posture](https://reader033.fdocuments.us/reader033/viewer/2022051514/5495558fac79592f2e8b4e05/html5/thumbnails/7.jpg)
CIO REPORT TO THE AUDIT COMMITTEECIO REPORT TO THE AUDIT COMMITTEE(Source: KPMG Survey)
27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 7
![Page 8: IT Risk Management - the right posture](https://reader033.fdocuments.us/reader033/viewer/2022051514/5495558fac79592f2e8b4e05/html5/thumbnails/8.jpg)
IT RISK UNIVERSEIT RISK UNIVERSE
27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 8
![Page 9: IT Risk Management - the right posture](https://reader033.fdocuments.us/reader033/viewer/2022051514/5495558fac79592f2e8b4e05/html5/thumbnails/9.jpg)
EMERGING IT RISKS IN THE BORDERLESSENTERPRISE
27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 9
![Page 10: IT Risk Management - the right posture](https://reader033.fdocuments.us/reader033/viewer/2022051514/5495558fac79592f2e8b4e05/html5/thumbnails/10.jpg)
MANAGING IT RISKSMANAGING IT RISKS
N h i d• New threats are emerging every day• Basic measures like – Anti‐Virus, Firewalls are no longer
enoughenough• Tools like SIEM, IPS, DLP, DRM… are now standard
requirementrequirement • Only tools are not enough, continuous updates, 24x7
monitoring and response is requiredmonitoring and response is required• Do you have the resources – money, time, human
resources???• What is your risk posture? What do you tell the Board? • How do you manage compliance?
27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 10
y g p
![Page 11: IT Risk Management - the right posture](https://reader033.fdocuments.us/reader033/viewer/2022051514/5495558fac79592f2e8b4e05/html5/thumbnails/11.jpg)
GUIDING PRINCIPLESGUIDING PRINCIPLESSource: ISACA
27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 11
![Page 12: IT Risk Management - the right posture](https://reader033.fdocuments.us/reader033/viewer/2022051514/5495558fac79592f2e8b4e05/html5/thumbnails/12.jpg)
IT RISK MANAGEMENT FRAMEWORKIT RISK MANAGEMENT FRAMEWORK•Responsibility and accountability for risk
Source: ISACA
accountability for risk•Risk appetite and tolerance•Awareness and communicationRi k lt•Risk culture
• Key risk indicators (KRIs)•Risk response definition and prioritisationprioritisation
• Risk scenarios• Risk scenarios•Business impact descriptions
27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 12
![Page 13: IT Risk Management - the right posture](https://reader033.fdocuments.us/reader033/viewer/2022051514/5495558fac79592f2e8b4e05/html5/thumbnails/13.jpg)
IT RISK MATURITY MODEL TO ASSESS POSTUREIT RISK – MATURITY MODEL TO ASSESS POSTURESource: ISACA
27 July 2012 ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM PARAG DEODHAR 13
![Page 14: IT Risk Management - the right posture](https://reader033.fdocuments.us/reader033/viewer/2022051514/5495558fac79592f2e8b4e05/html5/thumbnails/14.jpg)
Its not a Goal But a journeyIts not a Goal – But a journey…
THANK YOUTHANK YOU27 July 2012 PARAG DEODHAR 14ENTERPRISE IT RISK MANAGEMENT COLLOQUIUM