3. ENERGY GIANT / BUSINESS LINE / BUSINESS UNIT
Integrated and dynamic management of
portfolio – purchasing contracts, assets and
sales contracts
Management & Trading of Energy
Client Business Environment
6. Security Controls governance
Discipline/Part of Corporate Governance focused on
information technology (IT) oriented security controls
aligned with business constraints
Security Control book
An important element of a framework ensuring that
the organization’s policies/requirements are
formalized, monitored and implemented as controls
over time
A centralization of security controls carried out on the
organization
A tool-based methodology implementing the security
control strategy
FRAMING CONTROLS BASED ON REQUIREMENTS
10. Title Description
Nature
(administrative, technical, physical)
Function
(preventive, detective, corrective, recovery)
Type
(Security)
Frequency
Level
(1 to 3)
RACI matrix
FRAMEWORK @ A GLANCE
Control template
11. Title Description
Control suites
(STU 1, STU 2,…)
Assignee
Planning
Execution status
Basic stats
Control plan
(CTL1, CTL2,…)
FRAMEWORK @ A GLANCE
Campaign template
14. CONTROL FACTORY | DEFINE
refers to :
Control Factory (CF)
a structured collection of assets
that aids in producing controls through an assembly process
according to specific requirements1 3
2 4
The Control factory applies manufacturing
techniques and principles …
> Formalization > Automation
> Services Oriented > Industrialization
Right process right result Reduce manual intervention
Activities divided in services Reusable components
15. CONTROL FACTORY | OBJECTIVES
… to mimic the benefits of traditional
manufacturing
>Consistency
build multiple instances of a control product line & set of
controls sharing similar “features and architecture”
>Quality
integrates reusable controls reducing the likelihood of control
design flaws
>Productivity
Controls activities can be streamlined and automated
16. Conception
Design and logic according to
requirements
Suppliers
relationship
Sourcing of data,
qualification, remediation
Production
Producing resources for
controls reports, dashboards
Delivery
Making resources for controls
available
Supervision
Governing controls campaign
and remediation
Internal
QA, maintenance,
improvements
CONTROL FACTORY | ACTIVITIES/SERVICES
Customers
17. CONTROL FACTORY | PRODUCTION SERVICES
Control Production
Production is divided in 6 distinct stages :
Supply Raw data from multiple collect sources
Compute Loading, ordering & storing data
Reconcile Identities vs. accounts
Control Production of control resources
SoD Advanced controls
Report Presenting results as expected
18. PRODUCTION SERVICES| SUPPLY
Supply
… loading raw data, reconciliation, mapping
and ordering for reuse
Controlsfactory
Advanced controls
Reports/views
Controls
Data Reconciliation
Compute
2
3
1
Attaching identities to respective
unitary organization
Reconciling identities with accounts,
perms…
Producing controls in the factory
Reporting results in expected views 4
…
19. PRODUCTION SERVICES| REPORT
Report … presenting control data as requested
(format & delivery)
• Timeslots
• Reports
• Data exports
Web portal
• Reports sent to
reviewers
Campaign
20. Data
Lifecycle
Data
Quality
Data
Volume
Business
Activity
CONTROLS GOVERNANCE | FOCUS ON PITFALLS
Reduce treatment time
from import to
remediation
Based on reliable data,
readable and
understandable
Deeply analyzed and divided i.e.
volume that are “control ready”
and “supervision ready”
Better integration of
stakeholders
processes
21. › Ergonomics and design
› Administration
› Dashboard & Reporting
› Automation
CAMPAIGN & CONTROLS | ANALYSIS
› Tickets directly created and assigned
› Follow-up using the factory
› Dynamic reports (web interfaces)
› Point and click review
› Enriched information
› Delegation mechanism enhanced
› Improved planning and review mechanism
Orientations and improvements
› Automated and real-time
› Web-based dashboard