SlideShare ist ein Scribd-Unternehmen logo

ciso-platform-annual-summit-2013-IT risk as business risk

Priyanka Aash
Priyanka Aash

Presented by Wayne Tufek at CISO Platform Annual Summit, 2013. Wayne Tufek is currently the IT Security and Risk Manager at the University of Melbourne. His career spans over 17 years as an active hands on practitioner of information security and technology risk management. He has worked in the public sector, Big 4, financial services, consumer products and education sectors.

Wirtschaft & FinanzenBusiness
1 von 14
CISO PLATFORM ANNUAL SUMMIT IT Risk as Business Risk Wayne Tufek CISO Platform Annual Summit November 15-16 Hyatt Regency Mumbai
Agenda • • • • Overview of IT risk What causes IT risk? The business consequences of IT Risk Examples
Overview of IT Risk • • • • Risk IT Risk IT Governance Risk management
What Causes IT Risk? • George Westerman from MIT Sloan • http://cisr.mit.edu/research/research-overview/classic-topics/it-related-risk/ – Failure of oversight and governance processes (ineffective IT governance) • Series of poor decisions and badly structured IT assets • Locally optimised decisions • Lack of business involvement – Uncontrolled complexity – Inattention to risk • IT risk results from decision-making processes that ignore the full range of business needs that arise from using IT
The Business Consequences of IT Risk Agility Accuracy Access Availability Source: George Westerman http://cisr.mit.edu/research/research-overview/classic-topics/it-related-risk/
The Business Consequences of IT Risk (cont) Enterprise IT Risks Availability Access Business continuity DRP Information protection Knowledge sharing Preventing attacks Accuracy Agility Ability to implement Data Integrity Regulatory compliance major strategic change Source: George Westerman http://cisr.mit.edu/research/researchoverview/classic-topics/it-related-risk/ IT Risk Factors Technology & Infrastructure Applications & Information Configuration management Architecture complexity Degree of standardisation Redundancy Age of technology Data integrity Degree of customisation People & Skills Vendors & Other Partners Policy & Process Organisational Turnover SLAs Controls Skills planning Use of firms standards Degree of standardisation Recruitingtraining Sole source risk Accountability ITBusiness relationship Cost cutting Complexity Funding
Example Risk Factors • Availability – Alternative site – Excessive time to restore (RTO, RPO, MTO) – Special hardware or equipment or a unique environment – Network links
Example Risk Factors • Access – Financial impact of unauthorised modification of data – Impact of unauthorised disclosure – Are duties segregated? – Is access based on the users role? – Can the system track user actions and provide reports? – How effective is the access provisioning/deprovisioning process?
Example Risk Factors • Accuracy – What is the financial impact of incorrect applications? – How will inaccuracy impact customers and the organisation’s reputation? – What regulatory and government compliance is required? – Is there a high level of customisation? – Are calculations performed by any third parties?
Example Risk Factors • Agility – Is the system hard coded with custom features difficult to modify? – Is the system supported by the vendor? – Does the system require hard to obtain technical resources to maintain support? – Can the system be scaled in terms of volume? – Is the documentation adequate? – Does the system run on out of date software
Example • Single Sign-On implementation Agility Accuracy Access Availability Source: George Westerman http://cisr.mit.edu/research/research-overview/classic-topics/it-related-risk/
Example • Moving corporate data to the cloud Agility Accuracy Access Availability Source: George Westerman http://cisr.mit.edu/research/research-overview/classic-topics/it-related-risk/
Questions
Contact • wtufek@unimelb.edu.au • LinkedIn – http://www.linkedin.com/pub/wayne-tufek/0/338/312

Empfohlen

Challenges in is development
Challenges in is developmentChallenges in is development
Challenges in is developmentAhmad Ammari
 
Richard Andrews Resume 2016-sr-admin-boa-3
Richard Andrews Resume 2016-sr-admin-boa-3Richard Andrews Resume 2016-sr-admin-boa-3
Richard Andrews Resume 2016-sr-admin-boa-3Rich Andrews
 
PACE-IT, Security+2.9: Goals of Security Controls
PACE-IT, Security+2.9: Goals of Security ControlsPACE-IT, Security+2.9: Goals of Security Controls
PACE-IT, Security+2.9: Goals of Security ControlsPace IT at Edmonds Community College
 
PACE-IT, Security+ 2.4: Basic Forensic Procedures
PACE-IT, Security+ 2.4: Basic Forensic ProceduresPACE-IT, Security+ 2.4: Basic Forensic Procedures
PACE-IT, Security+ 2.4: Basic Forensic ProceduresPace IT at Edmonds Community College
 
Framing the conversation - EMM
Framing the conversation - EMMFraming the conversation - EMM
Framing the conversation - EMMinfra-si
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk ManagmentMLG College of Learning, Inc
 
PACE-IT, Security+1.4: Common Network Protocols (part 3)
PACE-IT, Security+1.4: Common Network Protocols (part 3)PACE-IT, Security+1.4: Common Network Protocols (part 3)
PACE-IT, Security+1.4: Common Network Protocols (part 3)Pace IT at Edmonds Community College
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 

Empfohlen

Challenges in is development
Challenges in is developmentChallenges in is development
Challenges in is developmentAhmad Ammari
 
Richard Andrews Resume 2016-sr-admin-boa-3
Richard Andrews Resume 2016-sr-admin-boa-3Richard Andrews Resume 2016-sr-admin-boa-3
Richard Andrews Resume 2016-sr-admin-boa-3Rich Andrews
 
PACE-IT, Security+2.9: Goals of Security Controls
PACE-IT, Security+2.9: Goals of Security ControlsPACE-IT, Security+2.9: Goals of Security Controls
PACE-IT, Security+2.9: Goals of Security ControlsPace IT at Edmonds Community College
 
PACE-IT, Security+ 2.4: Basic Forensic Procedures
PACE-IT, Security+ 2.4: Basic Forensic ProceduresPACE-IT, Security+ 2.4: Basic Forensic Procedures
PACE-IT, Security+ 2.4: Basic Forensic ProceduresPace IT at Edmonds Community College
 
Framing the conversation - EMM
Framing the conversation - EMMFraming the conversation - EMM
Framing the conversation - EMMinfra-si
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk ManagmentMLG College of Learning, Inc
 
PACE-IT, Security+1.4: Common Network Protocols (part 3)
PACE-IT, Security+1.4: Common Network Protocols (part 3)PACE-IT, Security+1.4: Common Network Protocols (part 3)
PACE-IT, Security+1.4: Common Network Protocols (part 3)Pace IT at Edmonds Community College
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Monitoring the Data Center
Monitoring the Data CenterMonitoring the Data Center
Monitoring the Data CenterLancope, Inc.
 
Unified threat management
Unified threat managementUnified threat management
Unified threat managementYabibo
 
Lesson 1 - Introduction
Lesson 1 - Introduction Lesson 1 - Introduction
Lesson 1 - Introduction MLG College of Learning, Inc
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09Tammy Clark
 
Gtag 1 information risk and control
Gtag 1 information risk and controlGtag 1 information risk and control
Gtag 1 information risk and controlYulias Sihombing, Ak, MAk, CIA
 
PACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPace IT at Edmonds Community College
 
PACE-IT, Security+1.3: Secure Network Design Elements and Components
PACE-IT, Security+1.3: Secure Network Design Elements and ComponentsPACE-IT, Security+1.3: Secure Network Design Elements and Components
PACE-IT, Security+1.3: Secure Network Design Elements and ComponentsPace IT at Edmonds Community College
 
Autonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity TrainingAutonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity TrainingBryan Len
 
CV
CVCV
CVChad Stewart
 
Solicitud de alta como socio de acedc
Solicitud de alta como socio de acedcSolicitud de alta como socio de acedc
Solicitud de alta como socio de acedcacedc
 
nostalgia pix
nostalgia pixnostalgia pix
nostalgia pixChoo Theng Lim
 
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)Priyanka Aash
 
RAB Lighting
RAB LightingRAB Lighting
RAB LightingAllison Sundstrom
 
Bachelor in History
Bachelor in HistoryBachelor in History
Bachelor in HistoryThibault Barb
 
PSICOLOGIA DE LA SALUD
PSICOLOGIA DE LA SALUDPSICOLOGIA DE LA SALUD
PSICOLOGIA DE LA SALUDstephanie23sjs
 
Oer prezi
Oer preziOer prezi
Oer prezihelgelaj
 
Ciso bitcoin tx_mallability-pdf
Ciso bitcoin tx_mallability-pdfCiso bitcoin tx_mallability-pdf
Ciso bitcoin tx_mallability-pdfPriyanka Aash
 
Mohit_Jain_Resume
Mohit_Jain_ResumeMohit_Jain_Resume
Mohit_Jain_ResumeMohit Jain
 
447.теория и история литературы проблемы фольклоризма и мифотворчества
447.теория и история литературы проблемы фольклоризма и мифотворчества447.теория и история литературы проблемы фольклоризма и мифотворчества
447.теория и история литературы проблемы фольклоризма и мифотворчестваivanov15548
 
Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe Priyanka Aash
 
197.«основные положения гражданского права» часть 2 «договоры, направленные н...
197.«основные положения гражданского права» часть 2 «договоры, направленные н...197.«основные положения гражданского права» часть 2 «договоры, направленные н...
197.«основные положения гражданского права» часть 2 «договоры, направленные н...ivanov15666688
 
El coordinator meeting 11.5.15
El coordinator meeting 11.5.15El coordinator meeting 11.5.15
El coordinator meeting 11.5.15Minnesota English Learner Education Conference
 

Weitere ähnliche Inhalte

Was ist angesagt?

Monitoring the Data Center
Monitoring the Data CenterMonitoring the Data Center
Monitoring the Data CenterLancope, Inc.
 
Unified threat management
Unified threat managementUnified threat management
Unified threat managementYabibo
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09Tammy Clark
 
PACE-IT, Security+1.3: Secure Network Design Elements and Components
PACE-IT, Security+1.3: Secure Network Design Elements and ComponentsPACE-IT, Security+1.3: Secure Network Design Elements and Components
PACE-IT, Security+1.3: Secure Network Design Elements and ComponentsPace IT at Edmonds Community College
 
Autonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity TrainingAutonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity TrainingBryan Len
 

Was ist angesagt? (8)

Monitoring the Data Center
Monitoring the Data CenterMonitoring the Data Center
Monitoring the Data Center
 
Unified threat management
Unified threat managementUnified threat management
Unified threat management
 
Lesson 1 - Introduction
Lesson 1 - Introduction Lesson 1 - Introduction
Lesson 1 - Introduction
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
 
Gtag 1 information risk and control
Gtag 1 information risk and controlGtag 1 information risk and control
Gtag 1 information risk and control
 
PACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless Attacks
 
PACE-IT, Security+1.3: Secure Network Design Elements and Components
PACE-IT, Security+1.3: Secure Network Design Elements and ComponentsPACE-IT, Security+1.3: Secure Network Design Elements and Components
PACE-IT, Security+1.3: Secure Network Design Elements and Components
 
Autonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity TrainingAutonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity Training
 

Andere mochten auch

Solicitud de alta como socio de acedc
Solicitud de alta como socio de acedcSolicitud de alta como socio de acedc
Solicitud de alta como socio de acedcacedc
 
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)Priyanka Aash
 
PSICOLOGIA DE LA SALUD
PSICOLOGIA DE LA SALUDPSICOLOGIA DE LA SALUD
PSICOLOGIA DE LA SALUDstephanie23sjs
 
Ciso bitcoin tx_mallability-pdf
Ciso bitcoin tx_mallability-pdfCiso bitcoin tx_mallability-pdf
Ciso bitcoin tx_mallability-pdfPriyanka Aash
 
Mohit_Jain_Resume
Mohit_Jain_ResumeMohit_Jain_Resume
Mohit_Jain_ResumeMohit Jain
 
447.теория и история литературы проблемы фольклоризма и мифотворчества
447.теория и история литературы проблемы фольклоризма и мифотворчества447.теория и история литературы проблемы фольклоризма и мифотворчества
447.теория и история литературы проблемы фольклоризма и мифотворчестваivanov15548
 
Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe Priyanka Aash
 
197.«основные положения гражданского права» часть 2 «договоры, направленные н...
197.«основные положения гражданского права» часть 2 «договоры, направленные н...197.«основные положения гражданского права» часть 2 «договоры, направленные н...
197.«основные положения гражданского права» часть 2 «договоры, направленные н...ivanov15666688
 
Nanotechnology in surgery
Nanotechnology in surgeryNanotechnology in surgery
Nanotechnology in surgeryLouizos Louizos
 
Performance Arts Awards Graded Examinations in Musical Theatre | RSL
Performance Arts Awards Graded Examinations in Musical Theatre | RSLPerformance Arts Awards Graded Examinations in Musical Theatre | RSL
Performance Arts Awards Graded Examinations in Musical Theatre | RSLFrancesca Denton
 
Information Visualization Project
Information Visualization ProjectInformation Visualization Project
Information Visualization ProjectAlexander Nwala
 
AHMED HAMDI%27S PORTFOLIO
AHMED HAMDI%27S PORTFOLIOAHMED HAMDI%27S PORTFOLIO
AHMED HAMDI%27S PORTFOLIOAhmed Hamdi
 

Andere mochten auch (19)

CV
CVCV
CV
 
Solicitud de alta como socio de acedc
Solicitud de alta como socio de acedcSolicitud de alta como socio de acedc
Solicitud de alta como socio de acedc
 
nostalgia pix
nostalgia pixnostalgia pix
nostalgia pix
 
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)
 
RAB Lighting
RAB LightingRAB Lighting
RAB Lighting
 
Bachelor in History
Bachelor in HistoryBachelor in History
Bachelor in History
 
PSICOLOGIA DE LA SALUD
PSICOLOGIA DE LA SALUDPSICOLOGIA DE LA SALUD
PSICOLOGIA DE LA SALUD
 
Oer prezi
Oer preziOer prezi
Oer prezi
 
Ciso bitcoin tx_mallability-pdf
Ciso bitcoin tx_mallability-pdfCiso bitcoin tx_mallability-pdf
Ciso bitcoin tx_mallability-pdf
 
Mohit_Jain_Resume
Mohit_Jain_ResumeMohit_Jain_Resume
Mohit_Jain_Resume
 
447.теория и история литературы проблемы фольклоризма и мифотворчества
447.теория и история литературы проблемы фольклоризма и мифотворчества447.теория и история литературы проблемы фольклоризма и мифотворчества
447.теория и история литературы проблемы фольклоризма и мифотворчества
 
Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe
 
197.«основные положения гражданского права» часть 2 «договоры, направленные н...
197.«основные положения гражданского права» часть 2 «договоры, направленные н...197.«основные положения гражданского права» часть 2 «договоры, направленные н...
197.«основные положения гражданского права» часть 2 «договоры, направленные н...
 
El coordinator meeting 11.5.15
El coordinator meeting 11.5.15El coordinator meeting 11.5.15
El coordinator meeting 11.5.15
 
Nielson_Samaj in Bhutanese Culture
Nielson_Samaj in Bhutanese CultureNielson_Samaj in Bhutanese Culture
Nielson_Samaj in Bhutanese Culture
 
Nanotechnology in surgery
Nanotechnology in surgeryNanotechnology in surgery
Nanotechnology in surgery
 
Performance Arts Awards Graded Examinations in Musical Theatre | RSL
Performance Arts Awards Graded Examinations in Musical Theatre | RSLPerformance Arts Awards Graded Examinations in Musical Theatre | RSL
Performance Arts Awards Graded Examinations in Musical Theatre | RSL
 
Information Visualization Project
Information Visualization ProjectInformation Visualization Project
Information Visualization Project
 
AHMED HAMDI%27S PORTFOLIO
AHMED HAMDI%27S PORTFOLIOAHMED HAMDI%27S PORTFOLIO
AHMED HAMDI%27S PORTFOLIO
 

Ähnlich wie ciso-platform-annual-summit-2013-IT risk as business risk

IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk ManagementTudor Damian
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems Jeffrey Paulette
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsNCC Group
 
Information technology risks
Information technology risksInformation technology risks
Information technology riskssalman butt
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpointrandalje86
 
Enterprise IT Security| CIO Innovation and Leadership
Enterprise IT Security| CIO Innovation and LeadershipEnterprise IT Security| CIO Innovation and Leadership
Enterprise IT Security| CIO Innovation and LeadershipRedZone Technologies
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientAccenture Operations
 
nist_privacy_risk_workshop_6.5.17.pptx
nist_privacy_risk_workshop_6.5.17.pptxnist_privacy_risk_workshop_6.5.17.pptx
nist_privacy_risk_workshop_6.5.17.pptxssuser0f83b7
 
nist_privacy_risk_workshop_6.5.17.pptx
nist_privacy_risk_workshop_6.5.17.pptxnist_privacy_risk_workshop_6.5.17.pptx
nist_privacy_risk_workshop_6.5.17.pptxAbdulSalamSagir1
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 
Security Architecture
Security ArchitectureSecurity Architecture
Security ArchitecturePriyank Hada
 
Best Practices to Cybersecurity Vulnerability Management,.pdf
Best Practices to Cybersecurity Vulnerability Management,.pdfBest Practices to Cybersecurity Vulnerability Management,.pdf
Best Practices to Cybersecurity Vulnerability Management,.pdfTuan Yang
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 

Ähnlich wie ciso-platform-annual-summit-2013-IT risk as business risk (20)

IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
 
Information technology risks
Information technology risksInformation technology risks
Information technology risks
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpoint
 
Enterprise IT Security| CIO Innovation and Leadership
Enterprise IT Security| CIO Innovation and LeadershipEnterprise IT Security| CIO Innovation and Leadership
Enterprise IT Security| CIO Innovation and Leadership
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber Resilient
 
Vulenerability Management.pptx
Vulenerability Management.pptxVulenerability Management.pptx
Vulenerability Management.pptx
 
nist_privacy_risk_workshop_6.5.17.pptx
nist_privacy_risk_workshop_6.5.17.pptxnist_privacy_risk_workshop_6.5.17.pptx
nist_privacy_risk_workshop_6.5.17.pptx
 
nist_privacy_risk_workshop_6.5.17.pptx
nist_privacy_risk_workshop_6.5.17.pptxnist_privacy_risk_workshop_6.5.17.pptx
nist_privacy_risk_workshop_6.5.17.pptx
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 
Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
Best Practices to Cybersecurity Vulnerability Management,.pdf
Best Practices to Cybersecurity Vulnerability Management,.pdfBest Practices to Cybersecurity Vulnerability Management,.pdf
Best Practices to Cybersecurity Vulnerability Management,.pdf
 
Incident Response
Incident Response Incident Response
Incident Response
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 

Mehr von Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

Mehr von Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Kürzlich hochgeladen

PMFBY , Pradhan Mantri Fasal bima yojna
PMFBY , Pradhan Mantri Fasal bima yojnaPMFBY , Pradhan Mantri Fasal bima yojna
PMFBY , Pradhan Mantri Fasal bima yojnaDharmendra Kumar
 
Role of Information and technology in banking and finance .pptx
Role of Information and technology in banking and finance .pptxRole of Information and technology in banking and finance .pptx
Role of Information and technology in banking and finance .pptxNarayaniTripathi2
 
The Core Functions of the Bangko Sentral ng Pilipinas
The Core Functions of the Bangko Sentral ng PilipinasThe Core Functions of the Bangko Sentral ng Pilipinas
The Core Functions of the Bangko Sentral ng PilipinasCherylouCamus
 
Vp Girls near me Delhi Call Now or WhatsApp
Vp Girls near me Delhi Call Now or WhatsAppVp Girls near me Delhi Call Now or WhatsApp
Vp Girls near me Delhi Call Now or WhatsAppmiss dipika
 
Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170
Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170
Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170Sonam Pathan
 
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdfmagnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdfHenry Tapper
 
SBP-Market-Operations and market managment
SBP-Market-Operations and market managmentSBP-Market-Operations and market managment
SBP-Market-Operations and market managmentfactical
 
The Triple Threat | Article on Global Resession | Harsh Kumar
The Triple Threat | Article on Global Resession | Harsh KumarThe Triple Threat | Article on Global Resession | Harsh Kumar
The Triple Threat | Article on Global Resession | Harsh KumarHarsh Kumar
 
GOODSANDSERVICETAX IN INDIAN ECONOMY IMPACT
GOODSANDSERVICETAX IN INDIAN ECONOMY IMPACTGOODSANDSERVICETAX IN INDIAN ECONOMY IMPACT
GOODSANDSERVICETAX IN INDIAN ECONOMY IMPACTharshitverma1762
 
Stock Market Brief Deck for "this does not happen often".pdf
Stock Market Brief Deck for "this does not happen often".pdfStock Market Brief Deck for "this does not happen often".pdf
Stock Market Brief Deck for "this does not happen often".pdfMichael Silva
 
project management information system lecture notes
project management information system lecture notesproject management information system lecture notes
project management information system lecture notesongomchris
 
Governor Olli Rehn: Dialling back monetary restraint
Governor Olli Rehn: Dialling back monetary restraintGovernor Olli Rehn: Dialling back monetary restraint
Governor Olli Rehn: Dialling back monetary restraintSuomen Pankki
 
fca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdffca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdfHenry Tapper
 
The AES Investment Code - the go-to counsel for the most well-informed, wise...
The AES Investment Code - the go-to counsel for the most well-informed, wise...The AES Investment Code - the go-to counsel for the most well-informed, wise...
The AES Investment Code - the go-to counsel for the most well-informed, wise...AES International
 
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...Amil baba
 
(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办
(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办
(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办fqiuho152
 
212MTAMount Durham University Bachelor's Diploma in Technology
212MTAMount Durham University Bachelor's Diploma in Technology212MTAMount Durham University Bachelor's Diploma in Technology
212MTAMount Durham University Bachelor's Diploma in Technologyz xss
 
(办理学位证)加拿大萨省大学毕业证成绩单原版一比一
(办理学位证)加拿大萨省大学毕业证成绩单原版一比一(办理学位证)加拿大萨省大学毕业证成绩单原版一比一
(办理学位证)加拿大萨省大学毕业证成绩单原版一比一S SDS
 

Kürzlich hochgeladen (20)

PMFBY , Pradhan Mantri Fasal bima yojna
PMFBY , Pradhan Mantri Fasal bima yojnaPMFBY , Pradhan Mantri Fasal bima yojna
PMFBY , Pradhan Mantri Fasal bima yojna
 
Role of Information and technology in banking and finance .pptx
Role of Information and technology in banking and finance .pptxRole of Information and technology in banking and finance .pptx
Role of Information and technology in banking and finance .pptx
 
The Core Functions of the Bangko Sentral ng Pilipinas
The Core Functions of the Bangko Sentral ng PilipinasThe Core Functions of the Bangko Sentral ng Pilipinas
The Core Functions of the Bangko Sentral ng Pilipinas
 
Vp Girls near me Delhi Call Now or WhatsApp
Vp Girls near me Delhi Call Now or WhatsAppVp Girls near me Delhi Call Now or WhatsApp
Vp Girls near me Delhi Call Now or WhatsApp
 
Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170
Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170
Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170
 
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdfmagnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
 
SBP-Market-Operations and market managment
SBP-Market-Operations and market managmentSBP-Market-Operations and market managment
SBP-Market-Operations and market managment
 
The Triple Threat | Article on Global Resession | Harsh Kumar
The Triple Threat | Article on Global Resession | Harsh KumarThe Triple Threat | Article on Global Resession | Harsh Kumar
The Triple Threat | Article on Global Resession | Harsh Kumar
 
GOODSANDSERVICETAX IN INDIAN ECONOMY IMPACT
GOODSANDSERVICETAX IN INDIAN ECONOMY IMPACTGOODSANDSERVICETAX IN INDIAN ECONOMY IMPACT
GOODSANDSERVICETAX IN INDIAN ECONOMY IMPACT
 
Q1 2024 Newsletter | Financial Synergies Wealth Advisors
Q1 2024 Newsletter | Financial Synergies Wealth AdvisorsQ1 2024 Newsletter | Financial Synergies Wealth Advisors
Q1 2024 Newsletter | Financial Synergies Wealth Advisors
 
Stock Market Brief Deck for "this does not happen often".pdf
Stock Market Brief Deck for "this does not happen often".pdfStock Market Brief Deck for "this does not happen often".pdf
Stock Market Brief Deck for "this does not happen often".pdf
 
🔝+919953056974 🔝young Delhi Escort service Pusa Road
🔝+919953056974 🔝young Delhi Escort service Pusa Road🔝+919953056974 🔝young Delhi Escort service Pusa Road
🔝+919953056974 🔝young Delhi Escort service Pusa Road
 
project management information system lecture notes
project management information system lecture notesproject management information system lecture notes
project management information system lecture notes
 
Governor Olli Rehn: Dialling back monetary restraint
Governor Olli Rehn: Dialling back monetary restraintGovernor Olli Rehn: Dialling back monetary restraint
Governor Olli Rehn: Dialling back monetary restraint
 
fca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdffca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdf
 
The AES Investment Code - the go-to counsel for the most well-informed, wise...
The AES Investment Code - the go-to counsel for the most well-informed, wise...The AES Investment Code - the go-to counsel for the most well-informed, wise...
The AES Investment Code - the go-to counsel for the most well-informed, wise...
 
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
 
(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办
(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办
(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办
 
212MTAMount Durham University Bachelor's Diploma in Technology
212MTAMount Durham University Bachelor's Diploma in Technology212MTAMount Durham University Bachelor's Diploma in Technology
212MTAMount Durham University Bachelor's Diploma in Technology
 
(办理学位证)加拿大萨省大学毕业证成绩单原版一比一
(办理学位证)加拿大萨省大学毕业证成绩单原版一比一(办理学位证)加拿大萨省大学毕业证成绩单原版一比一
(办理学位证)加拿大萨省大学毕业证成绩单原版一比一
 

ciso-platform-annual-summit-2013-IT risk as business risk

  • 1. CISO PLATFORM ANNUAL SUMMIT IT Risk as Business Risk Wayne Tufek CISO Platform Annual Summit November 15-16 Hyatt Regency Mumbai
  • 2. Agenda • • • • Overview of IT risk What causes IT risk? The business consequences of IT Risk Examples
  • 3. Overview of IT Risk • • • • Risk IT Risk IT Governance Risk management
  • 4. What Causes IT Risk? • George Westerman from MIT Sloan • http://cisr.mit.edu/research/research-overview/classic-topics/it-related-risk/ – Failure of oversight and governance processes (ineffective IT governance) • Series of poor decisions and badly structured IT assets • Locally optimised decisions • Lack of business involvement – Uncontrolled complexity – Inattention to risk • IT risk results from decision-making processes that ignore the full range of business needs that arise from using IT
  • 5. The Business Consequences of IT Risk Agility Accuracy Access Availability Source: George Westerman http://cisr.mit.edu/research/research-overview/classic-topics/it-related-risk/
  • 6. The Business Consequences of IT Risk (cont) Enterprise IT Risks Availability Access Business continuity DRP Information protection Knowledge sharing Preventing attacks Accuracy Agility Ability to implement Data Integrity Regulatory compliance major strategic change Source: George Westerman http://cisr.mit.edu/research/researchoverview/classic-topics/it-related-risk/ IT Risk Factors Technology & Infrastructure Applications & Information Configuration management Architecture complexity Degree of standardisation Redundancy Age of technology Data integrity Degree of customisation People & Skills Vendors & Other Partners Policy & Process Organisational Turnover SLAs Controls Skills planning Use of firms standards Degree of standardisation Recruitingtraining Sole source risk Accountability ITBusiness relationship Cost cutting Complexity Funding
  • 7. Example Risk Factors • Availability – Alternative site – Excessive time to restore (RTO, RPO, MTO) – Special hardware or equipment or a unique environment – Network links
  • 8. Example Risk Factors • Access – Financial impact of unauthorised modification of data – Impact of unauthorised disclosure – Are duties segregated? – Is access based on the users role? – Can the system track user actions and provide reports? – How effective is the access provisioning/deprovisioning process?
  • 9. Example Risk Factors • Accuracy – What is the financial impact of incorrect applications? – How will inaccuracy impact customers and the organisation’s reputation? – What regulatory and government compliance is required? – Is there a high level of customisation? – Are calculations performed by any third parties?
  • 10. Example Risk Factors • Agility – Is the system hard coded with custom features difficult to modify? – Is the system supported by the vendor? – Does the system require hard to obtain technical resources to maintain support? – Can the system be scaled in terms of volume? – Is the documentation adequate? – Does the system run on out of date software
  • 11. Example • Single Sign-On implementation Agility Accuracy Access Availability Source: George Westerman http://cisr.mit.edu/research/research-overview/classic-topics/it-related-risk/
  • 12. Example • Moving corporate data to the cloud Agility Accuracy Access Availability Source: George Westerman http://cisr.mit.edu/research/research-overview/classic-topics/it-related-risk/
  • 14. Contact • wtufek@unimelb.edu.au • LinkedIn – http://www.linkedin.com/pub/wayne-tufek/0/338/312