SlideShare ist ein Scribd-Unternehmen logo

CTO-CybersecurityForum-2010-Des Ward

Als PPT, PDF herunterladen
S
segughana
Technologie
1 von 8
The new business assurance barometer Common Assurance Maturity Model (CAMM) R Samani
Who can access your information? Increase in use of third parties to process/store information. Number of information risks are increasing... ,[object Object],[object Object],[object Object],The outsourcing ‘dividend’ How is your information accessed? Where is the data stored? Many providers use services across many countries, which have varying e-crime laws How do you assure the business? Multiple audits of same suppliers, using subjective audit frameworks and standards that do not apply to all countries Poor transparency or consistency of measurement regarding information risk management. Perimeter security is obsolete, increased need to understand performance of information risk management within providers
The 5 big Challenges More challenging with less resources 1. Measure the inherent security of a third party wishing to access the business in a scalable manner 2. Be able to objectively and reliably measure the risk management maturity of third parties 3. Ensure that all risk management requirements are reflected in contracts (and will be applicable in future) 4. Perform the due diligence required within current resourcing constraints 1. Find an approach that allows Information Risk management to be incorporated objectively into tender process 2. Find a way to compare risk management maturity between different suppliers 3. Achieve the level of transparency when self-audit is not an option 4. Find a solution that satisfies changing regulatory requirements Third Party Access Service Procurement 5. Find an approach that leverages existing investment AND will be adopted by suppliers 5. Find an approach that will be adopted by suppliers
A new approach… CAMM – New business assurance barometer Business Assurance Leverage existing expenditure Transaparent risk management Genuine USP for providers Provides a genuine USP to organisations that have higher levels of information risk maturity Risk management maturity is open for stakeholders to view, using appropriate language and detail. CAMM is built on existing standards, leveraging existing compliance expenditure. Objective Measures maturity against defined controls areas, with particular focus on key controls. Meaningful A business benefit that creates consumer trust that is meaningful, understandable and creates a clear strategy to achieve greater maturity.
How it works… (a simplified view) Achieving transparency...    Third Party Assurance Centre Maturity Maturity Maturity Third party requesting access Third party service provider Internal hosting provider Risk Appetite 1. Business sets level of risk they are willing to tolerate (number of levels depending on the data). Maturity will include CAMM plus possible bespoke modules. 2.Level of risk management maturity is communicated to business partners (and possible partners) 3. Evidence of compliance may be uploaded to central repository that can be used by numerous customers. 4. Leverage existing expenditure and remove need for duplicate verification (e.g. many customers wishing to audit third party service provider).
How it works… Modular approach provides flexibility Physical Security Business Continuity Incident Mgt HR Governance IT Services 3. Responses against common control areas provide a measurement that indicates a level of maturity 1. Controls based on existing standards such as COBIT, ISO 27001/27002, PCI, CSA Controls matrix, BS25999, etc. A. Average 3.8 ,[object Object],[object Object],[object Object],[object Object],[object Object],PCI SOX 4. Aim to allow bespoke modules to provide flexibility to suit business requirements.  Trusted Auditor May be self assessed, or use trusted auditor (for higher score). Will depend on risk appetite and/or commercial requirements.
It is anticipated for the initial set of COMMON controls and associated guidance to be completed by Q4 2010. The following details the key milestones: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Progress Still on track for Q4 2010...
Who is involved? A global collaborative effort End User Organisations Security Associations Cloud Providers Consultancies Independent consultants Over 40 organisations already involved, including…. IISP ISACA ISSA UK ENISA ISF Website on its way……….

Empfohlen

CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhousesegughana
 
CTO Cybersecurity Forum 2013 Marcel Ambiana Belingue
CTO Cybersecurity Forum 2013 Marcel Ambiana BelingueCTO Cybersecurity Forum 2013 Marcel Ambiana Belingue
CTO Cybersecurity Forum 2013 Marcel Ambiana BelingueCommonwealth Telecommunications Organisation
 
Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Dawn Yankeelov
 
BDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEsBDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEsBig Data Value Association
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveDawn Yankeelov
 
Secure Use of Cloud Computing in the Finance Sector
Secure Use of Cloud Computing in the Finance SectorSecure Use of Cloud Computing in the Finance Sector
Secure Use of Cloud Computing in the Finance SectorEftychia Chalvatzi
 
Good Practices and Recommendations on the Security and Resilience of Big Data...
Good Practices and Recommendations on the Security and Resilience of Big Data...Good Practices and Recommendations on the Security and Resilience of Big Data...
Good Practices and Recommendations on the Security and Resilience of Big Data...Eftychia Chalvatzi
 
Infocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationInfocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationEthos Media S.A.
 

Empfohlen

CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhousesegughana
 
CTO Cybersecurity Forum 2013 Marcel Ambiana Belingue
CTO Cybersecurity Forum 2013 Marcel Ambiana BelingueCTO Cybersecurity Forum 2013 Marcel Ambiana Belingue
CTO Cybersecurity Forum 2013 Marcel Ambiana BelingueCommonwealth Telecommunications Organisation
 
Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Dawn Yankeelov
 
BDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEsBDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEsBig Data Value Association
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveDawn Yankeelov
 
Secure Use of Cloud Computing in the Finance Sector
Secure Use of Cloud Computing in the Finance SectorSecure Use of Cloud Computing in the Finance Sector
Secure Use of Cloud Computing in the Finance SectorEftychia Chalvatzi
 
Good Practices and Recommendations on the Security and Resilience of Big Data...
Good Practices and Recommendations on the Security and Resilience of Big Data...Good Practices and Recommendations on the Security and Resilience of Big Data...
Good Practices and Recommendations on the Security and Resilience of Big Data...Eftychia Chalvatzi
 
Infocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationInfocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationEthos Media S.A.
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingPhil Agcaoili
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilienceaccenture
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security FrameworkNorbi Hegedus
 
The State of Cyber
The State of CyberThe State of Cyber
The State of Cyberbusinessforward
 
SAT 2020 slide deck
SAT 2020 slide deckSAT 2020 slide deck
SAT 2020 slide deckIlya Rubinshteyn
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services OfferedRachel Anne Carter
 
Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Yuri Anisimov
 
CWIN17 New-York / earning the currency of trust
CWIN17 New-York / earning the currency of trustCWIN17 New-York / earning the currency of trust
CWIN17 New-York / earning the currency of trustCapgemini
 
ITU Cybersecurity Capabilities
ITU Cybersecurity CapabilitiesITU Cybersecurity Capabilities
ITU Cybersecurity CapabilitiesITU
 
9 September 2014: Cyber Security Model
9 September 2014: Cyber Security Model 9 September 2014: Cyber Security Model
9 September 2014: Cyber Security Model Defence and Security Accelerator
 
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020innov-acts-ltd
 
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSDay2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSMaitena Ilardia
 
The Digital Telecom. Security Services
The Digital Telecom. Security ServicesThe Digital Telecom. Security Services
The Digital Telecom. Security ServicesParviz Iskhakov, PhD
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingJisc
 
30 September 2014: Cyber Security Model
30 September 2014: Cyber Security Model30 September 2014: Cyber Security Model
30 September 2014: Cyber Security ModelDefence and Security Accelerator
 
Medina general presentation
Medina general presentationMedina general presentation
Medina general presentationMEDINA
 
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...IT Governance Ltd
 
CTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders JohansonCTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders Johansonsegughana
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpsonsegughana
 
CTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles WardCTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles Wardsegughana
 
CTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-ReportCTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-Reportsegughana
 
CTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-BorenCTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-Borensegughana
 

Weitere ähnliche Inhalte

Was ist angesagt?

CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingPhil Agcaoili
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilienceaccenture
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security FrameworkNorbi Hegedus
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services OfferedRachel Anne Carter
 
Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Yuri Anisimov
 
CWIN17 New-York / earning the currency of trust
CWIN17 New-York / earning the currency of trustCWIN17 New-York / earning the currency of trust
CWIN17 New-York / earning the currency of trustCapgemini
 
ITU Cybersecurity Capabilities
ITU Cybersecurity CapabilitiesITU Cybersecurity Capabilities
ITU Cybersecurity CapabilitiesITU
 
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020innov-acts-ltd
 
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSDay2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSMaitena Ilardia
 
The Digital Telecom. Security Services
The Digital Telecom. Security ServicesThe Digital Telecom. Security Services
The Digital Telecom. Security ServicesParviz Iskhakov, PhD
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingJisc
 
Medina general presentation
Medina general presentationMedina general presentation
Medina general presentationMEDINA
 
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...IT Governance Ltd
 

Was ist angesagt? (17)

CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilience
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security Framework
 
The State of Cyber
The State of CyberThe State of Cyber
The State of Cyber
 
SAT 2020 slide deck
SAT 2020 slide deckSAT 2020 slide deck
SAT 2020 slide deck
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
 
Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity
 
CWIN17 New-York / earning the currency of trust
CWIN17 New-York / earning the currency of trustCWIN17 New-York / earning the currency of trust
CWIN17 New-York / earning the currency of trust
 
ITU Cybersecurity Capabilities
ITU Cybersecurity CapabilitiesITU Cybersecurity Capabilities
ITU Cybersecurity Capabilities
 
9 September 2014: Cyber Security Model
9 September 2014: Cyber Security Model 9 September 2014: Cyber Security Model
9 September 2014: Cyber Security Model
 
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
 
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSDay2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
 
The Digital Telecom. Security Services
The Digital Telecom. Security ServicesThe Digital Telecom. Security Services
The Digital Telecom. Security Services
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharing
 
30 September 2014: Cyber Security Model
30 September 2014: Cyber Security Model30 September 2014: Cyber Security Model
30 September 2014: Cyber Security Model
 
Medina general presentation
Medina general presentationMedina general presentation
Medina general presentation
 
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
 

Andere mochten auch

CTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders JohansonCTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders Johansonsegughana
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpsonsegughana
 
CTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles WardCTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles Wardsegughana
 
CTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-ReportCTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-Reportsegughana
 
CTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-BorenCTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-Borensegughana
 
CTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip VictorCTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip Victorsegughana
 
CTO-Cybersecurity-2010-Mohamed-El-Kattani
CTO-Cybersecurity-2010-Mohamed-El-KattaniCTO-Cybersecurity-2010-Mohamed-El-Kattani
CTO-Cybersecurity-2010-Mohamed-El-Kattanisegughana
 

Andere mochten auch (7)

CTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders JohansonCTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders Johanson
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
 
CTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles WardCTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles Ward
 
CTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-ReportCTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-Report
 
CTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-BorenCTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-Boren
 
CTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip VictorCTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip Victor
 
CTO-Cybersecurity-2010-Mohamed-El-Kattani
CTO-Cybersecurity-2010-Mohamed-El-KattaniCTO-Cybersecurity-2010-Mohamed-El-Kattani
CTO-Cybersecurity-2010-Mohamed-El-Kattani
 

Ähnlich wie CTO-CybersecurityForum-2010-Des Ward

Understanding the Roles and Responsibilities of ISMS Auditor.docx
Understanding the Roles and Responsibilities of ISMS Auditor.docxUnderstanding the Roles and Responsibilities of ISMS Auditor.docx
Understanding the Roles and Responsibilities of ISMS Auditor.docxINTERCERT
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityMike Lemire
 
Pharmacovigilance Smart Sourcing Strategy: Vendor Selection for Safety & Risk...
Pharmacovigilance Smart Sourcing Strategy: Vendor Selection for Safety & Risk...Pharmacovigilance Smart Sourcing Strategy: Vendor Selection for Safety & Risk...
Pharmacovigilance Smart Sourcing Strategy: Vendor Selection for Safety & Risk...Covance
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual cisoMichael Ball
 
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudHappiest Minds Technologies
 
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Third Party Risk Management
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1ControlCase
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013Nidhi Gupta
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013Nidhi Gupta
 
Integrated Receivables: 5 Critical Factors For Adoption
Integrated Receivables: 5 Critical Factors For AdoptionIntegrated Receivables: 5 Critical Factors For Adoption
Integrated Receivables: 5 Critical Factors For Adoption3 Point Alliance
 
Risk management benchmarking 2013
Risk management benchmarking 2013Risk management benchmarking 2013
Risk management benchmarking 2013Nidhi Gupta
 
A Vision On Integrated Inspection Planning Prototyping
A Vision On Integrated Inspection Planning PrototypingA Vision On Integrated Inspection Planning Prototyping
A Vision On Integrated Inspection Planning PrototypingGH_Wijnants
 
Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)
Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)
Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)Richard Brooks
 

Ähnlich wie CTO-CybersecurityForum-2010-Des Ward (20)

Understanding the Roles and Responsibilities of ISMS Auditor.docx
Understanding the Roles and Responsibilities of ISMS Auditor.docxUnderstanding the Roles and Responsibilities of ISMS Auditor.docx
Understanding the Roles and Responsibilities of ISMS Auditor.docx
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on security
 
Pharmacovigilance Smart Sourcing Strategy: Vendor Selection for Safety & Risk...
Pharmacovigilance Smart Sourcing Strategy: Vendor Selection for Safety & Risk...Pharmacovigilance Smart Sourcing Strategy: Vendor Selection for Safety & Risk...
Pharmacovigilance Smart Sourcing Strategy: Vendor Selection for Safety & Risk...
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual ciso
 
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
 
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
 
Profile_Kishore Sundar
Profile_Kishore SundarProfile_Kishore Sundar
Profile_Kishore Sundar
 
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Integrated Receivables: 5 Critical Factors For Adoption
Integrated Receivables: 5 Critical Factors For AdoptionIntegrated Receivables: 5 Critical Factors For Adoption
Integrated Receivables: 5 Critical Factors For Adoption
 
Risk management benchmarking 2013
Risk management benchmarking 2013Risk management benchmarking 2013
Risk management benchmarking 2013
 
Risk management benchmarking 2013
Risk management benchmarking 2013Risk management benchmarking 2013
Risk management benchmarking 2013
 
A Vision On Integrated Inspection Planning Prototyping
A Vision On Integrated Inspection Planning PrototypingA Vision On Integrated Inspection Planning Prototyping
A Vision On Integrated Inspection Planning Prototyping
 
Presentation_IA Focus
Presentation_IA FocusPresentation_IA Focus
Presentation_IA Focus
 
The Complete Guide to Vendor Onboarding Process.pptx
The Complete Guide to Vendor Onboarding Process.pptxThe Complete Guide to Vendor Onboarding Process.pptx
The Complete Guide to Vendor Onboarding Process.pptx
 
Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)
Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)
Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)
 

Mehr von segughana

CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francissegughana
 
CTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia AsognweCTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia Asognwesegughana
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernandosegughana
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Glorisosegughana
 
CTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John CarrCTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John Carrsegughana
 
CTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John CrainCTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John Crainsegughana
 
CTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael KatunduCTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael Katundusegughana
 
CTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe TorresCTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe Torressegughana
 
Tomasz Czajkowski
Tomasz CzajkowskiTomasz Czajkowski
Tomasz Czajkowskisegughana
 
CTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will GardnerCTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will Gardnersegughana
 
CTO-CybersecurityForum-2010-Mark-Oram
CTO-CybersecurityForum-2010-Mark-OramCTO-CybersecurityForum-2010-Mark-Oram
CTO-CybersecurityForum-2010-Mark-Oramsegughana
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-DebeesingCTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-Debeesingsegughana
 
CTO-CybersecurityForum-2010-RonWilliams
CTO-CybersecurityForum-2010-RonWilliamsCTO-CybersecurityForum-2010-RonWilliams
CTO-CybersecurityForum-2010-RonWilliamssegughana
 
CTO-Cybersecurity-Forum2010-Thomas-Machdonogh
CTO-Cybersecurity-Forum2010-Thomas-MachdonoghCTO-Cybersecurity-Forum2010-Thomas-Machdonogh
CTO-Cybersecurity-Forum2010-Thomas-Machdonoghsegughana
 
CyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario HoffmannCyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario Hoffmannsegughana
 
CTO-Cybersecurity-Forum-2010-JohnCrain-Ddos
CTO-Cybersecurity-Forum-2010-JohnCrain-DdosCTO-Cybersecurity-Forum-2010-JohnCrain-Ddos
CTO-Cybersecurity-Forum-2010-JohnCrain-Ddossegughana
 
CTO-Cybersecurity-Forum-2010-Cristina Buetti
CTO-Cybersecurity-Forum-2010-Cristina BuettiCTO-Cybersecurity-Forum-2010-Cristina Buetti
CTO-Cybersecurity-Forum-2010-Cristina Buettisegughana
 
CTO-Cybersecurity-Forum-2010-Peter Burnett
CTO-Cybersecurity-Forum-2010-Peter BurnettCTO-Cybersecurity-Forum-2010-Peter Burnett
CTO-Cybersecurity-Forum-2010-Peter Burnettsegughana
 
CTO-Cybersecurity Forum-Angela McKay
CTO-Cybersecurity Forum-Angela McKayCTO-Cybersecurity Forum-Angela McKay
CTO-Cybersecurity Forum-Angela McKaysegughana
 
CTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin KoyabeCTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin Koyabesegughana
 

Mehr von segughana (20)

CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francis
 
CTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia AsognweCTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia Asognwe
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernando
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Gloriso
 
CTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John CarrCTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John Carr
 
CTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John CrainCTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John Crain
 
CTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael KatunduCTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael Katundu
 
CTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe TorresCTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe Torres
 
Tomasz Czajkowski
Tomasz CzajkowskiTomasz Czajkowski
Tomasz Czajkowski
 
CTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will GardnerCTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will Gardner
 
CTO-CybersecurityForum-2010-Mark-Oram
CTO-CybersecurityForum-2010-Mark-OramCTO-CybersecurityForum-2010-Mark-Oram
CTO-CybersecurityForum-2010-Mark-Oram
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-DebeesingCTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-Debeesing
 
CTO-CybersecurityForum-2010-RonWilliams
CTO-CybersecurityForum-2010-RonWilliamsCTO-CybersecurityForum-2010-RonWilliams
CTO-CybersecurityForum-2010-RonWilliams
 
CTO-Cybersecurity-Forum2010-Thomas-Machdonogh
CTO-Cybersecurity-Forum2010-Thomas-MachdonoghCTO-Cybersecurity-Forum2010-Thomas-Machdonogh
CTO-Cybersecurity-Forum2010-Thomas-Machdonogh
 
CyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario HoffmannCyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario Hoffmann
 
CTO-Cybersecurity-Forum-2010-JohnCrain-Ddos
CTO-Cybersecurity-Forum-2010-JohnCrain-DdosCTO-Cybersecurity-Forum-2010-JohnCrain-Ddos
CTO-Cybersecurity-Forum-2010-JohnCrain-Ddos
 
CTO-Cybersecurity-Forum-2010-Cristina Buetti
CTO-Cybersecurity-Forum-2010-Cristina BuettiCTO-Cybersecurity-Forum-2010-Cristina Buetti
CTO-Cybersecurity-Forum-2010-Cristina Buetti
 
CTO-Cybersecurity-Forum-2010-Peter Burnett
CTO-Cybersecurity-Forum-2010-Peter BurnettCTO-Cybersecurity-Forum-2010-Peter Burnett
CTO-Cybersecurity-Forum-2010-Peter Burnett
 
CTO-Cybersecurity Forum-Angela McKay
CTO-Cybersecurity Forum-Angela McKayCTO-Cybersecurity Forum-Angela McKay
CTO-Cybersecurity Forum-Angela McKay
 
CTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin KoyabeCTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin Koyabe
 

Kürzlich hochgeladen

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 

Kürzlich hochgeladen (20)

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 

CTO-CybersecurityForum-2010-Des Ward

  • 1. The new business assurance barometer Common Assurance Maturity Model (CAMM) R Samani
  • 2.
  • 3. The 5 big Challenges More challenging with less resources 1. Measure the inherent security of a third party wishing to access the business in a scalable manner 2. Be able to objectively and reliably measure the risk management maturity of third parties 3. Ensure that all risk management requirements are reflected in contracts (and will be applicable in future) 4. Perform the due diligence required within current resourcing constraints 1. Find an approach that allows Information Risk management to be incorporated objectively into tender process 2. Find a way to compare risk management maturity between different suppliers 3. Achieve the level of transparency when self-audit is not an option 4. Find a solution that satisfies changing regulatory requirements Third Party Access Service Procurement 5. Find an approach that leverages existing investment AND will be adopted by suppliers 5. Find an approach that will be adopted by suppliers
  • 4. A new approach… CAMM – New business assurance barometer Business Assurance Leverage existing expenditure Transaparent risk management Genuine USP for providers Provides a genuine USP to organisations that have higher levels of information risk maturity Risk management maturity is open for stakeholders to view, using appropriate language and detail. CAMM is built on existing standards, leveraging existing compliance expenditure. Objective Measures maturity against defined controls areas, with particular focus on key controls. Meaningful A business benefit that creates consumer trust that is meaningful, understandable and creates a clear strategy to achieve greater maturity.
  • 5. How it works… (a simplified view) Achieving transparency...    Third Party Assurance Centre Maturity Maturity Maturity Third party requesting access Third party service provider Internal hosting provider Risk Appetite 1. Business sets level of risk they are willing to tolerate (number of levels depending on the data). Maturity will include CAMM plus possible bespoke modules. 2.Level of risk management maturity is communicated to business partners (and possible partners) 3. Evidence of compliance may be uploaded to central repository that can be used by numerous customers. 4. Leverage existing expenditure and remove need for duplicate verification (e.g. many customers wishing to audit third party service provider).
  • 6.
  • 7.
  • 8. Who is involved? A global collaborative effort End User Organisations Security Associations Cloud Providers Consultancies Independent consultants Over 40 organisations already involved, including…. IISP ISACA ISSA UK ENISA ISF Website on its way……….