Call Girls In Goa For Fun 9316020077 By Goa Call Girls For Pick Up Night
Role of it governance cyberfrat
1. Role of IT Governance and IS Audit in Cyber Risk Mitigation
Nanda Mohan Shenoy D
CAIIB,DBM-Part I,, NSE Certified Market Professional Level-1 ,P G Diploma in IRPM, PG Diploma in
EDP and Computer Management, DIM,LA ISO 9001,LA ISO 27001 NISM empanelled CPE Trainer
Director
1
2. Disclaimer
• The views expressed in the presentation
are the personal views of the speaker and
not the Organisation which he represents.
• The audience is expected to exercise due
diligence and cross check the facts before
forming any opinion or judgment
• The audience may agree to the view of the
speaker or agree to disagree with the
views of the speaker
2
4. Indian Context
• What is wonder?
– Day after day countless
people die. Yet the
living wish to live
forever. O Lord, what
can be a greater
wonder
– Day after day countless
cyber attacks happen .
Yet the CISO thinks his
organisation will not be
attacked. O Lord, what
can be a greater
wonder
4
8. Summary of Board Responsibility
1. Approve the following policies
i. IT Policy
ii. IS Policy
iii. IS Audit Framework
iv. Change Management Policy
v. Cyber Security Policy
vi. BCP Policy
vii. Outsourcing Policy
2. Members be part of the
i. IT Strategy Committee
ii. ACB
3. Review the results of the
i. Risk Assessment
ii. BCP
4. Outsourcing Policy responsibility
5. Undergo an awareness session on Cyber
Security
Board
Board
Board
Board
Board
Board
Board
Board
Board
Board
Board
Board
Board
Board
8
9. 9
Thanks to Regulators
• Cyber Security
Policy (distinct
from Information
Security Policy)
• Cyber Crisis
Management
Plan
(Resilience)
• Cyber Security
Preparedness
Indicators
• Vulnerability/R
isk
Assessment
9
10. Amul –The taste of the Board
–IT Policy
–Infosec Policy
–Cyber Security
Policy
10
Confused
11. Focus
• Information
Security
– Protection of
Assets
– ISO 27001 has
14 control
groups 35
Control
Objectives and
114 Controls
– Only 1 CG A16
talks about
Incident
Management
• Cyber Security
–Protect
–Detect
–Respond
–Recover
– The Incident
Management of ISO
27001 :2013 A.16
has these controls.
– It can be seen as an
expansion of A.16
11
12. Board Room Language
• CISO to talk the
language of the board
• They only understand
two things
– Topline
– Bottomline
• Not too technical
• Wear multiple hats
• Facts & Figures
12
14. 14
Current Gaps
• IRDA talks only about
IS & Cyber Security –
learn from the banking
industry and make it
separate
• Once the Cyber
Security becomes
separate the Audit of
that also is imminent
• The Cyber Security
Audit also should be
included separately as
a part of the IS Audit
Charter or a separate
Audit Charter for Cyber
Security
• So a Separate
Assurance is required
for Cyber Security
14