Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

IT and Information Security Management | Corporater

125 Aufrufe

Veröffentlicht am

Managing your organization’s Information Security to achieve better control, greater visibility, increased efficiency and effectiveness needs an integrated approach to risk and compliance management.

The ISO 27001:2013 aligns Information Security management with Enterprise Risk Management, and the insists on understanding the business context for correct implementation. This, along with digitization, created more emphasis on the assets, i.e. actual information and information containers.

Learn how your organization can use Corporater IT & Information Security Management Solution to achieve a holistic view of your enterprise’s Risk management and to elevate IT risks to the board room.
To know more, visit: https://bit.ly/30oy5kg

Acknowledgment:
Blog by Owe Lie-Bjelland titled “Digital transformation – Is cyber threat really the greatest risk of all?” published by Corporater on JUNE 12,2019. Read the full blog here: https://bit.ly/2A9tA2p

Veröffentlicht in: Software
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

IT and Information Security Management | Corporater

  1. 1. IT and Information Security Management GOVERN, MANAGE AND MEASURE YOUR ISMS
  2. 2. Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved.Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved. In the early days of information and cyber risk, back in the era of ISO 27001:2005, risk assessments were conducted focusing on the infrastructure components and the deployed software. IT & INFORMATION SECURITY
  3. 3. Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved.Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved. Consequence and probability were assessed using a qualified approach, also considering the component’s vulnerability to calculate the risk level. This approach was good enough for the IT department to reduce the risk to a perceived acceptable level. IT & INFORMATION SECURITY
  4. 4. Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved.Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved. With ISO 27001:2013 we saw a shift to align information security management more with enterprise risk management and the insistence on understanding the business context for correct implementation. IT & INFORMATION SECURITY
  5. 5. Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved.Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved. This, along with digitization, led to a shift to place more emphasis on the assets i.e. actual information and information containers. The risk assessment methodology was enhanced to a semi- quantitative approach where intervals were used to decide the consequence. This was a step in the right direction. IT & INFORMATION SECURITY
  6. 6. Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved.Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved. Decision makers need to ask the right questions to bridge the communication gap, and security managers need to be able to answer what they might perceive as irrelevant and very difficult questions. IT & INFORMATION SECURITY
  7. 7. Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved.Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved. • How secure are we as a company? • What are the residual risk values compared to the inherent values for our digital assets? • What’s our current threat level? • Are we spending the right amount of money? • What’s the expected loss for a ransomware attack scenario? • How do we compare to our peers? • What are our options for mitigating the risks? Thinking of risk in an integrated, holistic and quantitative manner will enable security staff to answer the above questions. IT & INFORMATION SECURITY
  8. 8. Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved.Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved. Modern agile GRC platforms such as Corporater Business Management Platform (BMP) provide top executives and the board with a sought-after holistic view of the organization’s risk profile as well as an integrated approach for operational units to effective and efficient collaboration. IT & INFORMATION SECURITY
  9. 9. Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved.Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved. CORPORATER IT & INFORMATION SECURITY Corporater offers an IT & Information Security Solution that provides a complete integrated approach for governing, managing and measuring your Information Security Management System (ISMS)
  10. 10. Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved.Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved. Key Areas Supported CORPORATER IT & INFORMATION SECURITY • ISMS integration • MTBF, MTTR metrics • Security program alignment with organization conflict resolution • Risk process management • Risk mitigation workflows • Performance analytics • Outcome and prioritization • Standards and policy management • Stake holder reporting
  11. 11. Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved.Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved. Key Features ▪ Business framework support ▪ Advanced traffic light settings ▪ Meeting support ▪ Assessments ▪ Approval ▪ Collaboration ▪ Analytics ▪ Reporting ▪ Automatic data collection ▪ Manual data collection ▪ Workflow for process support ▪ Access control ▪ No coding – only configuration ▪ Agile, flexible configuration environment operated by business users CORPORATER IT & INFORMATION SECURITY
  12. 12. Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved. 12 INFORMATION SECURITY GOVERNANCE CORPORATER IT & INFORMATION SECURITY The Corporater Information Security Governance solution aligns enterprise governance with IT governance frameworks such as the ISO 27001, NIST Cybersecurity Framework, COBIT Internal Control Framework, HITRUST CSF, or Federal Information Security Management Act; ensuring business objectives and security strategies are aligned and in accordance with regulations.
  13. 13. Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved. 13 REGULATORY TECHNOLOGY GOVERNANCE CORPORATER IT & INFORMATION SECURITY Regulatory requirements continue to evolve as does the demands on financial firms. As firms bring on more and more RegTechs to their stack but this does not relieve an institution of responsibility for compliance. Corporater enables organizations to fully integrate their RegTech stack building efficiencies as the conduct compliances functions as we as the ability fully integrate these RegTech solutions into risk register for assessment and mitigation.
  14. 14. Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved. 14 Lower the stress within your organization around your IT security audits, assess integrity & confidentiality risks, controls assessment on various frameworks (such as COBIT, COSO), measure compliance with various regulations, and provide transparency and alignment between IT and the business management team. INFORMATION SECURITY AUDIT CORPORATER IT & INFORMATION SECURITY
  15. 15. 15 REQUEST DEMO GET IN TOUCH WITH OUR EXPERTS Confidentialand/or proprietary. Not to be copied to third parties. © Copyright Corporater AS - All rights reserved. Corporater integrated IT & Information Security management solution can help you govern, manage and measure your ISMS and help you achieve a holistic view for your enterprise’s risk management that helps elevate IT risks to the board room.
  16. 16. THANK YOU marketing@corporater.com www.corporater.com

×