Nasrhuma Inc Technology Risk Management Solutions 06152010
-
Upload
nasser-j-khan -
Category
Technology
-
view
209 -
download
3
Transcript of Nasrhuma Inc Technology Risk Management Solutions 06152010
Technology RiskGovernance, Risk, and Compliance Solutions
NH Inc. nasrhuma.com [email protected]
Irvine 949.551.6080
Toronto 647.829.6850
NH Inc.
Overview of Service Offerings
GRC-Automated Governance, Risk, and Compliance Management
Enterprise Level- Solutions for Governance, Strategy, Enterprise Risk Management,
Executive Reporting Dashboards
Function Level-Manage continuous audit of business and technology processes
Transaction Level- Prevent and approve transactions to enforce internal controls
Design and implementation of internal controls framework for automated controls Business process design for automating management of audit function processes Implementation of automated tools for managing audits Design and implementation of
automated tools for enforcing preventive controls in configuration change management,
Design and implementation of tools for enforcing continuous monitoring controls in application security, user provisioning, segregation of duties, and transaction processing in compliance with a multitude of regulators.
Mapping of regulations to automated controls
Unification of internal controls frameworks in one tool
Needs assessment, business case preparation, RFI/RFP, and vendor assessments Information
Security3rd Party HIPAAPCI SOX Privacy Program
NH
In
c. n
asrh
um
a.co
m Ir
vin
e.T
oro
nto
Irvine 949.551.6080
Toronto 647.829.6850
Progressive enterprises enhance profitability by understanding and managing risk intelligently and creating strategies that move them up the GRC Maturity Curve continuouslySmart growth targets and adjustment of risk appetites can be based on realistic assessment to capacities to take risks at all levels
Maturity Curve Assessment Assessment of enterprise on how it fares on a risk maturity curve in relation to its industry’s benchmarks RoadmapCharting out a roadmapfor becoming risk intelligent and profitable at a pace that is adjustable for changing business climate
Embedding risk intelligent cultureStrategies for organizational change in people and process to embed risk-aware culture to better manage operational andreputational risks in all initiatives and programs.
GRC Strategy
Time
ReactiveProactive
OptimizedM
atu
rity
• Compliant but at a high cost to business
• Manual control
• Adhoc approach
• No best practices
• Risks are documented
• Manual risk assessment and reporting
• Tactical approach
• After the fact reporting
• Policies are enforced
• Automated Process
• Unified, standardized & strategic approach
• Prevent policy violation
• Analyze and trend
• Automated risk mitigation / Predictive risk assessments
• GRC objectives embedded throughout the organizationN
H In
c. n
asrh
um
a.co
m Ir
vin
e.T
oro
nto
Irvine 949.551.6080
Toronto 647.829.6850
ERP Security and Control
ERP SecurityDesign and implementation of application security for business processes, business intelligence, interfaces in major ERP systems such as SAP, Oracle, PeopleSoft and JD Edwards
Process Controls Design and implementation of internal controls related to business process, application configuration controls, and software change management baselines.
Identity IntegrationIntegration of fine-grained authorization with externalized coarse-grained authorization on enterprise directory level.Authentication, Single Sign On, and integration of ERP applications with identity management web services.
Interface & Data Migration ControlsDesign and implementation of controls to manage the risk of data integrity, completeness, and security in transmission of data between ERP and third party subscribing of publishing systems
NH
I I
nc.
nasr
hum
a.co
m
Irv
ine.T
oron
to
Irvine 949.551.6080
Toronto 647.829.6850
Data PrivacyDe-identify sensitive data
•Solutions assist in enforcing controls over sensitive data by enabling organizations to de-identify, mask and transform sensitive data across the enterprise in test environments•By masking personally-identifying information, solution protects the privacy and security of confidential customer, patient, and employee data to demonstrate supports compliance with privacy regulations
Mapping of Regulations to controls in systemsMapping of Privacy Act, GLBA, HIPAA, and PIPEDA to automated controls in systems processing sensitive data.
PIAConduct Privacy Impact Assessments on business system where sensitive data in processed
Lost Laptop or other device
35%
Hackers7%
Inside Job/Malicious
Code9%
Misplaced Paper9%
Lost Electronic Backup
19%
Third Party Outsource
Breach21%
How Personal Data Is Lost
International regional responses
EU DPD, APEC Privacy Framework, Safe Harbor
(EEA – U.S.)
National
US Gramm-Leach-Bliley
Canada PIPEDA
Australian Privacy Act
State/Provincial
California SB1
NY Security and Notification
British Columbia Bill 73
Contracts
Clients
Partners
Vendors
Seal Programs
Policies
Privacy Policies
Security Policies
Industry and professional
standards
AICPA/CICA
NH
In
c. n
asrh
um
a.co
m Ir
vin
e.T
oro
nto
Irvine 949.551.6080
Toronto 647.829.6850