SlideShare a Scribd company logo

Role of it governance cyberfrat

N
Nanda Mohan Shenoy

My presentation at the Cyberfrat event on 9th Nov at SBIlLife Insurance Office

Services
1 of 16
Download to read offline
Role of IT Governance and IS Audit in Cyber Risk Mitigation Nanda Mohan Shenoy D CAIIB,DBM-Part I,, NSE Certified Market Professional Level-1 ,P G Diploma in IRPM, PG Diploma in EDP and Computer Management, DIM,LA ISO 9001,LA ISO 27001 NISM empanelled CPE Trainer Director 1
Disclaimer • The views expressed in the presentation are the personal views of the speaker and not the Organisation which he represents. • The audience is expected to exercise due diligence and cross check the facts before forming any opinion or judgment • The audience may agree to the view of the speaker or agree to disagree with the views of the speaker 2
Incident? 3
Indian Context • What is wonder? – Day after day countless people die. Yet the living wish to live forever. O Lord, what can be a greater wonder – Day after day countless cyber attacks happen . Yet the CISO thinks his organisation will not be attacked. O Lord, what can be a greater wonder 4
Tyres of Cyber Suraksha • Governance • Technical • HR Controls • Operational 5
Governance 6
Board Room Agenda Information Security Cyber Security Wanna Cry RBI/IRDA/ SEBI 7
Summary of Board Responsibility 1. Approve the following policies i. IT Policy ii. IS Policy iii. IS Audit Framework iv. Change Management Policy v. Cyber Security Policy vi. BCP Policy vii. Outsourcing Policy 2. Members be part of the i. IT Strategy Committee ii. ACB 3. Review the results of the i. Risk Assessment ii. BCP 4. Outsourcing Policy responsibility 5. Undergo an awareness session on Cyber Security Board Board Board Board Board Board Board Board Board Board Board Board Board Board 8
9 Thanks to Regulators • Cyber Security Policy (distinct from Information Security Policy) • Cyber Crisis Management Plan (Resilience) • Cyber Security Preparedness Indicators • Vulnerability/R isk Assessment 9
Amul –The taste of the Board –IT Policy –Infosec Policy –Cyber Security Policy 10 Confused
Focus • Information Security – Protection of Assets – ISO 27001 has 14 control groups 35 Control Objectives and 114 Controls – Only 1 CG A16 talks about Incident Management • Cyber Security –Protect –Detect –Respond –Recover – The Incident Management of ISO 27001 :2013 A.16 has these controls. – It can be seen as an expansion of A.16 11
Board Room Language • CISO to talk the language of the board • They only understand two things – Topline – Bottomline • Not too technical • Wear multiple hats • Facts & Figures 12
Audit • All • U • Do • Is • Tick 13
14 Current Gaps • IRDA talks only about IS & Cyber Security – learn from the banking industry and make it separate • Once the Cyber Security becomes separate the Audit of that also is imminent • The Cyber Security Audit also should be included separately as a part of the IS Audit Charter or a separate Audit Charter for Cyber Security • So a Separate Assurance is required for Cyber Security 14
Concluding Remarks MERE PAAS GOVERNANCE HAI AAJ MERE PAAS WEBSENSE HAI,WAF HAI,BLUE COAT HAI, SMOKE SCREEN HAI, RADARK HAI, KYA HE TUMHARE PAAS 15
nmds@bestfitsolutions.in, 09820409261 nநன்றி ध यवाद 16

Recommended

Senior Management Awareness presetnation
Senior Management Awareness presetnationSenior Management Awareness presetnation
Senior Management Awareness presetnationNanda Mohan Shenoy
 
IT compliance
IT complianceIT compliance
IT compliancePhan Vuong
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Information Security
Information SecurityInformation Security
Information SecurityWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3Anne Starr
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 

Recommended

Senior Management Awareness presetnation
Senior Management Awareness presetnationSenior Management Awareness presetnation
Senior Management Awareness presetnationNanda Mohan Shenoy
 
IT compliance
IT complianceIT compliance
IT compliancePhan Vuong
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Information Security
Information SecurityInformation Security
Information SecurityWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3Anne Starr
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
IBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajanIBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajanShwetank Jayaswal
 
Cyber Six: Managing Security in Internet
Cyber Six: Managing Security in InternetCyber Six: Managing Security in Internet
Cyber Six: Managing Security in InternetRichardus Indrajit
 
Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance AwarenessDinesh O Bareja
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by SripathiPrajwal Panchmahalkar
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessNanda Mohan Shenoy
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityPhil Agcaoili
 
Secuntialesse
SecuntialesseSecuntialesse
SecuntialesseAnne Starr
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityPECB
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overviewstevemarsden
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security EssentialsSkoda Minotti
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Directorate of Information Security | Ditjen Aptika
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Avinash Ramineni
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptxGovt. P.G. College Sendhwa, Barwani (M.P.)
 
Insomnihack 2018 - Securing Internal Resources Through Tiered Access
Insomnihack 2018 - Securing Internal Resources Through Tiered AccessInsomnihack 2018 - Securing Internal Resources Through Tiered Access
Insomnihack 2018 - Securing Internal Resources Through Tiered AccessJoel M. Leo
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessPrecisely
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 
Slide Deck - CISSP Mentor Program Class Session 1
Slide Deck - CISSP Mentor Program Class Session 1Slide Deck - CISSP Mentor Program Class Session 1
Slide Deck - CISSP Mentor Program Class Session 1FRSecure
 
Ants and Elephants in the CISO's Office by Paul Rain
Ants and Elephants in the CISO's Office by Paul RainAnts and Elephants in the CISO's Office by Paul Rain
Ants and Elephants in the CISO's Office by Paul RainPriyanka Aash
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramFRSecure
 

More Related Content

What's hot

IBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajanIBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajanShwetank Jayaswal
 
Cyber Six: Managing Security in Internet
Cyber Six: Managing Security in InternetCyber Six: Managing Security in Internet
Cyber Six: Managing Security in InternetRichardus Indrajit
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by SripathiPrajwal Panchmahalkar
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityPhil Agcaoili
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityPECB
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overviewstevemarsden
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security EssentialsSkoda Minotti
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Avinash Ramineni
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
Insomnihack 2018 - Securing Internal Resources Through Tiered Access
Insomnihack 2018 - Securing Internal Resources Through Tiered AccessInsomnihack 2018 - Securing Internal Resources Through Tiered Access
Insomnihack 2018 - Securing Internal Resources Through Tiered AccessJoel M. Leo
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessPrecisely
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 

What's hot (19)

IBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajanIBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajan
 
Cyber Six: Managing Security in Internet
Cyber Six: Managing Security in InternetCyber Six: Managing Security in Internet
Cyber Six: Managing Security in Internet
 
Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance Awareness
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber Security
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information Security
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overview
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security Essentials
 
Information security
Information securityInformation security
Information security
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
 
Insomnihack 2018 - Securing Internal Resources Through Tiered Access
Insomnihack 2018 - Securing Internal Resources Through Tiered AccessInsomnihack 2018 - Securing Internal Resources Through Tiered Access
Insomnihack 2018 - Securing Internal Resources Through Tiered Access
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i Access
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 

Similar to Role of it governance cyberfrat

Slide Deck - CISSP Mentor Program Class Session 1
Slide Deck - CISSP Mentor Program Class Session 1Slide Deck - CISSP Mentor Program Class Session 1
Slide Deck - CISSP Mentor Program Class Session 1FRSecure
 
Ants and Elephants in the CISO's Office by Paul Rain
Ants and Elephants in the CISO's Office by Paul RainAnts and Elephants in the CISO's Office by Paul Rain
Ants and Elephants in the CISO's Office by Paul RainPriyanka Aash
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramFRSecure
 
Community IT Innovators - IT Governance 083012
Community IT Innovators - IT Governance 083012Community IT Innovators - IT Governance 083012
Community IT Innovators - IT Governance 083012Community IT Innovators
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB
 
A Value Centric Approach to Governance Risk & Compliance
A Value Centric Approach to Governance Risk & ComplianceA Value Centric Approach to Governance Risk & Compliance
A Value Centric Approach to Governance Risk & ComplianceInnoTech
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Livingstone Advisory
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799Abhinav Goyal
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesHinne Hettema
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...PECB
 
University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012Hakem Filiz
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planninggoreankush1
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
 
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...ITIL Indonesia
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE360 BSI
 
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin, Inc.
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 
Business Outsourcing to Asia
Business Outsourcing to AsiaBusiness Outsourcing to Asia
Business Outsourcing to AsiaConferencias FIST
 

Similar to Role of it governance cyberfrat (20)

Slide Deck - CISSP Mentor Program Class Session 1
Slide Deck - CISSP Mentor Program Class Session 1Slide Deck - CISSP Mentor Program Class Session 1
Slide Deck - CISSP Mentor Program Class Session 1
 
Ants and Elephants in the CISO's Office by Paul Rain
Ants and Elephants in the CISO's Office by Paul RainAnts and Elephants in the CISO's Office by Paul Rain
Ants and Elephants in the CISO's Office by Paul Rain
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
 
Community IT Innovators - IT Governance 083012
Community IT Innovators - IT Governance 083012Community IT Innovators - IT Governance 083012
Community IT Innovators - IT Governance 083012
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
 
A Value Centric Approach to Governance Risk & Compliance
A Value Centric Approach to Governance Risk & ComplianceA Value Centric Approach to Governance Risk & Compliance
A Value Centric Approach to Governance Risk & Compliance
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security services
 
Grc tao.4
Grc tao.4Grc tao.4
Grc tao.4
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
 
University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planning
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
 
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
 
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information security
 
Business Outsourcing to Asia
Business Outsourcing to AsiaBusiness Outsourcing to Asia
Business Outsourcing to Asia
 

More from Nanda Mohan Shenoy

Srimadbhagavata_parayanam_v3.pdf
Srimadbhagavata_parayanam_v3.pdfSrimadbhagavata_parayanam_v3.pdf
Srimadbhagavata_parayanam_v3.pdfNanda Mohan Shenoy
 
CEPAR Conference _20230204.pdf
CEPAR Conference _20230204.pdfCEPAR Conference _20230204.pdf
CEPAR Conference _20230204.pdfNanda Mohan Shenoy
 
Digitial Personal Data Bill 2022 feedback
Digitial Personal Data Bill 2022 feedbackDigitial Personal Data Bill 2022 feedback
Digitial Personal Data Bill 2022 feedbackNanda Mohan Shenoy
 
IS17428_ISACA_Chennai_20220910.pptx
IS17428_ISACA_Chennai_20220910.pptxIS17428_ISACA_Chennai_20220910.pptx
IS17428_ISACA_Chennai_20220910.pptxNanda Mohan Shenoy
 

More from Nanda Mohan Shenoy (20)

Srimadbhagavata_parayanam_v3.pdf
Srimadbhagavata_parayanam_v3.pdfSrimadbhagavata_parayanam_v3.pdf
Srimadbhagavata_parayanam_v3.pdf
 
D07_SVCMahatmyam_v1.pdf
D07_SVCMahatmyam_v1.pdfD07_SVCMahatmyam_v1.pdf
D07_SVCMahatmyam_v1.pdf
 
D06_SVCMahatmyam_v1.pdf
D06_SVCMahatmyam_v1.pdfD06_SVCMahatmyam_v1.pdf
D06_SVCMahatmyam_v1.pdf
 
D05_SVCMahatmyam_v1.pdf
D05_SVCMahatmyam_v1.pdfD05_SVCMahatmyam_v1.pdf
D05_SVCMahatmyam_v1.pdf
 
D04_SVCMahatmyam_v1.pdf
D04_SVCMahatmyam_v1.pdfD04_SVCMahatmyam_v1.pdf
D04_SVCMahatmyam_v1.pdf
 
D03_SVCMahatmyam_v1.pdf
D03_SVCMahatmyam_v1.pdfD03_SVCMahatmyam_v1.pdf
D03_SVCMahatmyam_v1.pdf
 
D02_SVCMahatmyam_v1.pdf
D02_SVCMahatmyam_v1.pdfD02_SVCMahatmyam_v1.pdf
D02_SVCMahatmyam_v1.pdf
 
D01_SVCMahatmyam_v1.pdf
D01_SVCMahatmyam_v1.pdfD01_SVCMahatmyam_v1.pdf
D01_SVCMahatmyam_v1.pdf
 
09_Sundara Kandam_v3.pdf
09_Sundara Kandam_v3.pdf09_Sundara Kandam_v3.pdf
09_Sundara Kandam_v3.pdf
 
08_Sundara Kandam_v3.pdf
08_Sundara Kandam_v3.pdf08_Sundara Kandam_v3.pdf
08_Sundara Kandam_v3.pdf
 
07_Sundara Kandam_v3.pdf
07_Sundara Kandam_v3.pdf07_Sundara Kandam_v3.pdf
07_Sundara Kandam_v3.pdf
 
06_Sundara Kandam_v3.pdf
06_Sundara Kandam_v3.pdf06_Sundara Kandam_v3.pdf
06_Sundara Kandam_v3.pdf
 
05_Sundara Kandam_v3.pdf
05_Sundara Kandam_v3.pdf05_Sundara Kandam_v3.pdf
05_Sundara Kandam_v3.pdf
 
04_Sundara Kandam_v3.pptx
04_Sundara Kandam_v3.pptx04_Sundara Kandam_v3.pptx
04_Sundara Kandam_v3.pptx
 
03_Sundara Kandam-v3.pdf
03_Sundara Kandam-v3.pdf03_Sundara Kandam-v3.pdf
03_Sundara Kandam-v3.pdf
 
02_Sundara Kandam_v3.pdf
02_Sundara Kandam_v3.pdf02_Sundara Kandam_v3.pdf
02_Sundara Kandam_v3.pdf
 
01_Sundara Kandam_v3.pdf
01_Sundara Kandam_v3.pdf01_Sundara Kandam_v3.pdf
01_Sundara Kandam_v3.pdf
 
CEPAR Conference _20230204.pdf
CEPAR Conference _20230204.pdfCEPAR Conference _20230204.pdf
CEPAR Conference _20230204.pdf
 
Digitial Personal Data Bill 2022 feedback
Digitial Personal Data Bill 2022 feedbackDigitial Personal Data Bill 2022 feedback
Digitial Personal Data Bill 2022 feedback
 
IS17428_ISACA_Chennai_20220910.pptx
IS17428_ISACA_Chennai_20220910.pptxIS17428_ISACA_Chennai_20220910.pptx
IS17428_ISACA_Chennai_20220910.pptx
 

Recently uploaded

Call Girls In {{Green Park Delhi}}9667938988 Indian Russian High Profile Esco...
Call Girls In {{Green Park Delhi}}9667938988 Indian Russian High Profile Esco...Call Girls In {{Green Park Delhi}}9667938988 Indian Russian High Profile Esco...
Call Girls In {{Green Park Delhi}}9667938988 Indian Russian High Profile Esco...aakahthapa70
 
Call Now ☎9870417354|| Call Girls in Dwarka Escort Service Delhi N.C.R.
Call Now ☎9870417354|| Call Girls in Dwarka Escort Service Delhi N.C.R.Call Now ☎9870417354|| Call Girls in Dwarka Escort Service Delhi N.C.R.
Call Now ☎9870417354|| Call Girls in Dwarka Escort Service Delhi N.C.R.riyadelhic riyadelhic
 
Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...
Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...
Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...aakahthapa70
 
DIGHA CALL GIRL 92628/1154 DIGHA CALL GI
DIGHA CALL GIRL 92628/1154 DIGHA CALL GIDIGHA CALL GIRL 92628/1154 DIGHA CALL GI
DIGHA CALL GIRL 92628/1154 DIGHA CALL GINiteshKumar82226
 
Girls For Night in Islamabad | 03274100048 🔞
Girls For Night in Islamabad | 03274100048 🔞Girls For Night in Islamabad | 03274100048 🔞
Girls For Night in Islamabad | 03274100048 🔞Ifra Zohaib
 
Hot Vip Call Girls Service In Sector 149,9818099198 Young Female Escorts Serv...
Hot Vip Call Girls Service In Sector 149,9818099198 Young Female Escorts Serv...Hot Vip Call Girls Service In Sector 149,9818099198 Young Female Escorts Serv...
Hot Vip Call Girls Service In Sector 149,9818099198 Young Female Escorts Serv...riyaescorts54
 
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...aakahthapa70
 
Call Girls in Saket (delhi) call me [8264348440 ] escort service 24X7
Call Girls in Saket (delhi) call me [8264348440 ] escort service 24X7Call Girls in Saket (delhi) call me [8264348440 ] escort service 24X7
Call Girls in Saket (delhi) call me [8264348440 ] escort service 24X7soniya singh
 
Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...
Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...
Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...aakahthapa70
 
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...aakahthapa70
 
SANGLI CALL GIRL 92628/71154 SANGLI CALL
SANGLI CALL GIRL 92628/71154 SANGLI CALLSANGLI CALL GIRL 92628/71154 SANGLI CALL
SANGLI CALL GIRL 92628/71154 SANGLI CALLNiteshKumar82226
 
Call Now ☎9870417354|| Call Girls in Noida Sector 12 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 12 Escort Service Noida N.C.R.Call Now ☎9870417354|| Call Girls in Noida Sector 12 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 12 Escort Service Noida N.C.R.riyadelhic riyadelhic
 
Russian Call Girls in Goa %(9316020077)# Russian Call Girls in Goa By Russi...
Russian Call Girls in Goa %(9316020077)# Russian Call Girls in Goa By Russi...Russian Call Girls in Goa %(9316020077)# Russian Call Girls in Goa By Russi...
Russian Call Girls in Goa %(9316020077)# Russian Call Girls in Goa By Russi...Goa Call Girls Service Goa escort agency
 
Call Girls | 😏💦 03274100048 | Call Girls Near Me
Call Girls | 😏💦 03274100048 | Call Girls Near MeCall Girls | 😏💦 03274100048 | Call Girls Near Me
Call Girls | 😏💦 03274100048 | Call Girls Near MeIfra Zohaib
 
MYSORE CALL GIRLS ESCORT SER 92628/71154
MYSORE CALL GIRLS ESCORT SER 92628/71154MYSORE CALL GIRLS ESCORT SER 92628/71154
MYSORE CALL GIRLS ESCORT SER 92628/71154NiteshKumar82226
 
9891550660 Call Girls In Noida Sector 62 Short 1500 Night 6000
9891550660 Call Girls In Noida Sector 62 Short 1500 Night 60009891550660 Call Girls In Noida Sector 62 Short 1500 Night 6000
9891550660 Call Girls In Noida Sector 62 Short 1500 Night 6000teencall080
 
Call Girls In {{Laxmi Nagar Delhi}} 9667938988 Indian Russian High Profile Es...
Call Girls In {{Laxmi Nagar Delhi}} 9667938988 Indian Russian High Profile Es...Call Girls In {{Laxmi Nagar Delhi}} 9667938988 Indian Russian High Profile Es...
Call Girls In {{Laxmi Nagar Delhi}} 9667938988 Indian Russian High Profile Es...aakahthapa70
 
Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.riyadelhic riyadelhic
 
JAMNAGAR CALL GIRLS 92628/71154 JAMNAGAR
JAMNAGAR CALL GIRLS 92628/71154 JAMNAGARJAMNAGAR CALL GIRLS 92628/71154 JAMNAGAR
JAMNAGAR CALL GIRLS 92628/71154 JAMNAGARNiteshKumar82226
 

Recently uploaded (20)

Call Girls In {{Green Park Delhi}}9667938988 Indian Russian High Profile Esco...
Call Girls In {{Green Park Delhi}}9667938988 Indian Russian High Profile Esco...Call Girls In {{Green Park Delhi}}9667938988 Indian Russian High Profile Esco...
Call Girls In {{Green Park Delhi}}9667938988 Indian Russian High Profile Esco...
 
Call Now ☎9870417354|| Call Girls in Dwarka Escort Service Delhi N.C.R.
Call Now ☎9870417354|| Call Girls in Dwarka Escort Service Delhi N.C.R.Call Now ☎9870417354|| Call Girls in Dwarka Escort Service Delhi N.C.R.
Call Now ☎9870417354|| Call Girls in Dwarka Escort Service Delhi N.C.R.
 
Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...
Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...
Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...
 
DIGHA CALL GIRL 92628/1154 DIGHA CALL GI
DIGHA CALL GIRL 92628/1154 DIGHA CALL GIDIGHA CALL GIRL 92628/1154 DIGHA CALL GI
DIGHA CALL GIRL 92628/1154 DIGHA CALL GI
 
Girls For Night in Islamabad | 03274100048 🔞
Girls For Night in Islamabad | 03274100048 🔞Girls For Night in Islamabad | 03274100048 🔞
Girls For Night in Islamabad | 03274100048 🔞
 
Hot Vip Call Girls Service In Sector 149,9818099198 Young Female Escorts Serv...
Hot Vip Call Girls Service In Sector 149,9818099198 Young Female Escorts Serv...Hot Vip Call Girls Service In Sector 149,9818099198 Young Female Escorts Serv...
Hot Vip Call Girls Service In Sector 149,9818099198 Young Female Escorts Serv...
 
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
 
Call Girls in Saket (delhi) call me [8264348440 ] escort service 24X7
Call Girls in Saket (delhi) call me [8264348440 ] escort service 24X7Call Girls in Saket (delhi) call me [8264348440 ] escort service 24X7
Call Girls in Saket (delhi) call me [8264348440 ] escort service 24X7
 
Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...
Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...
Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...
 
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
 
SANGLI CALL GIRL 92628/71154 SANGLI CALL
SANGLI CALL GIRL 92628/71154 SANGLI CALLSANGLI CALL GIRL 92628/71154 SANGLI CALL
SANGLI CALL GIRL 92628/71154 SANGLI CALL
 
Call Now ☎9870417354|| Call Girls in Noida Sector 12 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 12 Escort Service Noida N.C.R.Call Now ☎9870417354|| Call Girls in Noida Sector 12 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 12 Escort Service Noida N.C.R.
 
Russian Call Girls in Goa %(9316020077)# Russian Call Girls in Goa By Russi...
Russian Call Girls in Goa %(9316020077)# Russian Call Girls in Goa By Russi...Russian Call Girls in Goa %(9316020077)# Russian Call Girls in Goa By Russi...
Russian Call Girls in Goa %(9316020077)# Russian Call Girls in Goa By Russi...
 
Call Girls | 😏💦 03274100048 | Call Girls Near Me
Call Girls | 😏💦 03274100048 | Call Girls Near MeCall Girls | 😏💦 03274100048 | Call Girls Near Me
Call Girls | 😏💦 03274100048 | Call Girls Near Me
 
MYSORE CALL GIRLS ESCORT SER 92628/71154
MYSORE CALL GIRLS ESCORT SER 92628/71154MYSORE CALL GIRLS ESCORT SER 92628/71154
MYSORE CALL GIRLS ESCORT SER 92628/71154
 
9891550660 Call Girls In Noida Sector 62 Short 1500 Night 6000
9891550660 Call Girls In Noida Sector 62 Short 1500 Night 60009891550660 Call Girls In Noida Sector 62 Short 1500 Night 6000
9891550660 Call Girls In Noida Sector 62 Short 1500 Night 6000
 
Call Girls In {{Laxmi Nagar Delhi}} 9667938988 Indian Russian High Profile Es...
Call Girls In {{Laxmi Nagar Delhi}} 9667938988 Indian Russian High Profile Es...Call Girls In {{Laxmi Nagar Delhi}} 9667938988 Indian Russian High Profile Es...
Call Girls In {{Laxmi Nagar Delhi}} 9667938988 Indian Russian High Profile Es...
 
Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.
 
JAMNAGAR CALL GIRLS 92628/71154 JAMNAGAR
JAMNAGAR CALL GIRLS 92628/71154 JAMNAGARJAMNAGAR CALL GIRLS 92628/71154 JAMNAGAR
JAMNAGAR CALL GIRLS 92628/71154 JAMNAGAR
 
Call Girls In Goa For Fun 9316020077 By Goa Call Girls For Pick Up Night
Call Girls In Goa For Fun 9316020077 By Goa Call Girls For Pick Up NightCall Girls In Goa For Fun 9316020077 By Goa Call Girls For Pick Up Night
Call Girls In Goa For Fun 9316020077 By Goa Call Girls For Pick Up Night
 

Role of it governance cyberfrat

  • 1. Role of IT Governance and IS Audit in Cyber Risk Mitigation Nanda Mohan Shenoy D CAIIB,DBM-Part I,, NSE Certified Market Professional Level-1 ,P G Diploma in IRPM, PG Diploma in EDP and Computer Management, DIM,LA ISO 9001,LA ISO 27001 NISM empanelled CPE Trainer Director 1
  • 2. Disclaimer • The views expressed in the presentation are the personal views of the speaker and not the Organisation which he represents. • The audience is expected to exercise due diligence and cross check the facts before forming any opinion or judgment • The audience may agree to the view of the speaker or agree to disagree with the views of the speaker 2
  • 4. Indian Context • What is wonder? – Day after day countless people die. Yet the living wish to live forever. O Lord, what can be a greater wonder – Day after day countless cyber attacks happen . Yet the CISO thinks his organisation will not be attacked. O Lord, what can be a greater wonder 4
  • 5. Tyres of Cyber Suraksha • Governance • Technical • HR Controls • Operational 5
  • 8. Summary of Board Responsibility 1. Approve the following policies i. IT Policy ii. IS Policy iii. IS Audit Framework iv. Change Management Policy v. Cyber Security Policy vi. BCP Policy vii. Outsourcing Policy 2. Members be part of the i. IT Strategy Committee ii. ACB 3. Review the results of the i. Risk Assessment ii. BCP 4. Outsourcing Policy responsibility 5. Undergo an awareness session on Cyber Security Board Board Board Board Board Board Board Board Board Board Board Board Board Board 8
  • 9. 9 Thanks to Regulators • Cyber Security Policy (distinct from Information Security Policy) • Cyber Crisis Management Plan (Resilience) • Cyber Security Preparedness Indicators • Vulnerability/R isk Assessment 9
  • 10. Amul –The taste of the Board –IT Policy –Infosec Policy –Cyber Security Policy 10 Confused
  • 11. Focus • Information Security – Protection of Assets – ISO 27001 has 14 control groups 35 Control Objectives and 114 Controls – Only 1 CG A16 talks about Incident Management • Cyber Security –Protect –Detect –Respond –Recover – The Incident Management of ISO 27001 :2013 A.16 has these controls. – It can be seen as an expansion of A.16 11
  • 12. Board Room Language • CISO to talk the language of the board • They only understand two things – Topline – Bottomline • Not too technical • Wear multiple hats • Facts & Figures 12
  • 13. Audit • All • U • Do • Is • Tick 13
  • 14. 14 Current Gaps • IRDA talks only about IS & Cyber Security – learn from the banking industry and make it separate • Once the Cyber Security becomes separate the Audit of that also is imminent • The Cyber Security Audit also should be included separately as a part of the IS Audit Charter or a separate Audit Charter for Cyber Security • So a Separate Assurance is required for Cyber Security 14
  • 15. Concluding Remarks MERE PAAS GOVERNANCE HAI AAJ MERE PAAS WEBSENSE HAI,WAF HAI,BLUE COAT HAI, SMOKE SCREEN HAI, RADARK HAI, KYA HE TUMHARE PAAS 15