SlideShare ist ein Scribd-Unternehmen logo

ciso-platform-annual-summit-2013-IT risk as business risk

Priyanka Aash
Priyanka Aash

Presented by Wayne Tufek at CISO Platform Annual Summit, 2013. Wayne Tufek is currently the IT Security and Risk Manager at the University of Melbourne. His career spans over 17 years as an active hands on practitioner of information security and technology risk management. He has worked in the public sector, Big 4, financial services, consumer products and education sectors.

Wirtschaft & FinanzenBusiness
1 von 14
CISO PLATFORM ANNUAL SUMMIT IT Risk as Business Risk Wayne Tufek CISO Platform Annual Summit November 15-16 Hyatt Regency Mumbai
Agenda • • • • Overview of IT risk What causes IT risk? The business consequences of IT Risk Examples
Overview of IT Risk • • • • Risk IT Risk IT Governance Risk management
What Causes IT Risk? • George Westerman from MIT Sloan • http://cisr.mit.edu/research/research-overview/classic-topics/it-related-risk/ – Failure of oversight and governance processes (ineffective IT governance) • Series of poor decisions and badly structured IT assets • Locally optimised decisions • Lack of business involvement – Uncontrolled complexity – Inattention to risk • IT risk results from decision-making processes that ignore the full range of business needs that arise from using IT
The Business Consequences of IT Risk Agility Accuracy Access Availability Source: George Westerman http://cisr.mit.edu/research/research-overview/classic-topics/it-related-risk/
The Business Consequences of IT Risk (cont) Enterprise IT Risks Availability Access Business continuity DRP Information protection Knowledge sharing Preventing attacks Accuracy Agility Ability to implement Data Integrity Regulatory compliance major strategic change Source: George Westerman http://cisr.mit.edu/research/researchoverview/classic-topics/it-related-risk/ IT Risk Factors Technology & Infrastructure Applications & Information Configuration management Architecture complexity Degree of standardisation Redundancy Age of technology Data integrity Degree of customisation People & Skills Vendors & Other Partners Policy & Process Organisational Turnover SLAs Controls Skills planning Use of firms standards Degree of standardisation Recruitingtraining Sole source risk Accountability ITBusiness relationship Cost cutting Complexity Funding
Example Risk Factors • Availability – Alternative site – Excessive time to restore (RTO, RPO, MTO) – Special hardware or equipment or a unique environment – Network links
Example Risk Factors • Access – Financial impact of unauthorised modification of data – Impact of unauthorised disclosure – Are duties segregated? – Is access based on the users role? – Can the system track user actions and provide reports? – How effective is the access provisioning/deprovisioning process?
Example Risk Factors • Accuracy – What is the financial impact of incorrect applications? – How will inaccuracy impact customers and the organisation’s reputation? – What regulatory and government compliance is required? – Is there a high level of customisation? – Are calculations performed by any third parties?
Example Risk Factors • Agility – Is the system hard coded with custom features difficult to modify? – Is the system supported by the vendor? – Does the system require hard to obtain technical resources to maintain support? – Can the system be scaled in terms of volume? – Is the documentation adequate? – Does the system run on out of date software
Example • Single Sign-On implementation Agility Accuracy Access Availability Source: George Westerman http://cisr.mit.edu/research/research-overview/classic-topics/it-related-risk/
Example • Moving corporate data to the cloud Agility Accuracy Access Availability Source: George Westerman http://cisr.mit.edu/research/research-overview/classic-topics/it-related-risk/
Questions
Contact • wtufek@unimelb.edu.au • LinkedIn – http://www.linkedin.com/pub/wayne-tufek/0/338/312

Empfohlen

Challenges in is development
Challenges in is developmentChallenges in is development
Challenges in is developmentAhmad Ammari
 
Richard Andrews Resume 2016-sr-admin-boa-3
Richard Andrews Resume 2016-sr-admin-boa-3Richard Andrews Resume 2016-sr-admin-boa-3
Richard Andrews Resume 2016-sr-admin-boa-3Rich Andrews
 
PACE-IT, Security+2.9: Goals of Security Controls
PACE-IT, Security+2.9: Goals of Security ControlsPACE-IT, Security+2.9: Goals of Security Controls
PACE-IT, Security+2.9: Goals of Security ControlsPace IT at Edmonds Community College
 
PACE-IT, Security+ 2.4: Basic Forensic Procedures
PACE-IT, Security+ 2.4: Basic Forensic ProceduresPACE-IT, Security+ 2.4: Basic Forensic Procedures
PACE-IT, Security+ 2.4: Basic Forensic ProceduresPace IT at Edmonds Community College
 
Framing the conversation - EMM
Framing the conversation - EMMFraming the conversation - EMM
Framing the conversation - EMMinfra-si
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk ManagmentMLG College of Learning, Inc
 
PACE-IT, Security+1.4: Common Network Protocols (part 3)
PACE-IT, Security+1.4: Common Network Protocols (part 3)PACE-IT, Security+1.4: Common Network Protocols (part 3)
PACE-IT, Security+1.4: Common Network Protocols (part 3)Pace IT at Edmonds Community College
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 

Empfohlen

Challenges in is development
Challenges in is developmentChallenges in is development
Challenges in is developmentAhmad Ammari
 
Richard Andrews Resume 2016-sr-admin-boa-3
Richard Andrews Resume 2016-sr-admin-boa-3Richard Andrews Resume 2016-sr-admin-boa-3
Richard Andrews Resume 2016-sr-admin-boa-3Rich Andrews
 
PACE-IT, Security+2.9: Goals of Security Controls
PACE-IT, Security+2.9: Goals of Security ControlsPACE-IT, Security+2.9: Goals of Security Controls
PACE-IT, Security+2.9: Goals of Security ControlsPace IT at Edmonds Community College
 
PACE-IT, Security+ 2.4: Basic Forensic Procedures
PACE-IT, Security+ 2.4: Basic Forensic ProceduresPACE-IT, Security+ 2.4: Basic Forensic Procedures
PACE-IT, Security+ 2.4: Basic Forensic ProceduresPace IT at Edmonds Community College
 
Framing the conversation - EMM
Framing the conversation - EMMFraming the conversation - EMM
Framing the conversation - EMMinfra-si
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk ManagmentMLG College of Learning, Inc
 
PACE-IT, Security+1.4: Common Network Protocols (part 3)
PACE-IT, Security+1.4: Common Network Protocols (part 3)PACE-IT, Security+1.4: Common Network Protocols (part 3)
PACE-IT, Security+1.4: Common Network Protocols (part 3)Pace IT at Edmonds Community College
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Monitoring the Data Center
Monitoring the Data CenterMonitoring the Data Center
Monitoring the Data CenterLancope, Inc.
 
Unified threat management
Unified threat managementUnified threat management
Unified threat managementYabibo
 
Lesson 1 - Introduction
Lesson 1 - Introduction Lesson 1 - Introduction
Lesson 1 - Introduction MLG College of Learning, Inc
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09Tammy Clark
 
Gtag 1 information risk and control
Gtag 1 information risk and controlGtag 1 information risk and control
Gtag 1 information risk and controlYulias Sihombing, Ak, MAk, CIA
 
PACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPace IT at Edmonds Community College
 
PACE-IT, Security+1.3: Secure Network Design Elements and Components
PACE-IT, Security+1.3: Secure Network Design Elements and ComponentsPACE-IT, Security+1.3: Secure Network Design Elements and Components
PACE-IT, Security+1.3: Secure Network Design Elements and ComponentsPace IT at Edmonds Community College
 
Autonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity TrainingAutonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity TrainingBryan Len
 
CV
CVCV
CVChad Stewart
 
Solicitud de alta como socio de acedc
Solicitud de alta como socio de acedcSolicitud de alta como socio de acedc
Solicitud de alta como socio de acedcacedc
 
nostalgia pix
nostalgia pixnostalgia pix
nostalgia pixChoo Theng Lim
 
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)Priyanka Aash
 
RAB Lighting
RAB LightingRAB Lighting
RAB LightingAllison Sundstrom
 
Bachelor in History
Bachelor in HistoryBachelor in History
Bachelor in HistoryThibault Barb
 
PSICOLOGIA DE LA SALUD
PSICOLOGIA DE LA SALUDPSICOLOGIA DE LA SALUD
PSICOLOGIA DE LA SALUDstephanie23sjs
 
Oer prezi
Oer preziOer prezi
Oer prezihelgelaj
 
Ciso bitcoin tx_mallability-pdf
Ciso bitcoin tx_mallability-pdfCiso bitcoin tx_mallability-pdf
Ciso bitcoin tx_mallability-pdfPriyanka Aash
 
Mohit_Jain_Resume
Mohit_Jain_ResumeMohit_Jain_Resume
Mohit_Jain_ResumeMohit Jain
 
447.теория и история литературы проблемы фольклоризма и мифотворчества
447.теория и история литературы проблемы фольклоризма и мифотворчества447.теория и история литературы проблемы фольклоризма и мифотворчества
447.теория и история литературы проблемы фольклоризма и мифотворчестваivanov15548
 
Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe Priyanka Aash
 
197.«основные положения гражданского права» часть 2 «договоры, направленные н...
197.«основные положения гражданского права» часть 2 «договоры, направленные н...197.«основные положения гражданского права» часть 2 «договоры, направленные н...
197.«основные положения гражданского права» часть 2 «договоры, направленные н...ivanov15666688
 
El coordinator meeting 11.5.15
El coordinator meeting 11.5.15El coordinator meeting 11.5.15
El coordinator meeting 11.5.15Minnesota English Learner Education Conference
 

Weitere ähnliche Inhalte

Was ist angesagt?

Monitoring the Data Center
Monitoring the Data CenterMonitoring the Data Center
Monitoring the Data CenterLancope, Inc.
 
Unified threat management
Unified threat managementUnified threat management
Unified threat managementYabibo
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09Tammy Clark
 
PACE-IT, Security+1.3: Secure Network Design Elements and Components
PACE-IT, Security+1.3: Secure Network Design Elements and ComponentsPACE-IT, Security+1.3: Secure Network Design Elements and Components
PACE-IT, Security+1.3: Secure Network Design Elements and ComponentsPace IT at Edmonds Community College
 
Autonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity TrainingAutonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity TrainingBryan Len
 

Was ist angesagt? (8)

Monitoring the Data Center
Monitoring the Data CenterMonitoring the Data Center
Monitoring the Data Center
 
Unified threat management
Unified threat managementUnified threat management
Unified threat management
 
Lesson 1 - Introduction
Lesson 1 - Introduction Lesson 1 - Introduction
Lesson 1 - Introduction
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
 
Gtag 1 information risk and control
Gtag 1 information risk and controlGtag 1 information risk and control
Gtag 1 information risk and control
 
PACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless Attacks
 
PACE-IT, Security+1.3: Secure Network Design Elements and Components
PACE-IT, Security+1.3: Secure Network Design Elements and ComponentsPACE-IT, Security+1.3: Secure Network Design Elements and Components
PACE-IT, Security+1.3: Secure Network Design Elements and Components
 
Autonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity TrainingAutonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity Training
 

Andere mochten auch

Solicitud de alta como socio de acedc
Solicitud de alta como socio de acedcSolicitud de alta como socio de acedc
Solicitud de alta como socio de acedcacedc
 
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)Priyanka Aash
 
PSICOLOGIA DE LA SALUD
PSICOLOGIA DE LA SALUDPSICOLOGIA DE LA SALUD
PSICOLOGIA DE LA SALUDstephanie23sjs
 
Ciso bitcoin tx_mallability-pdf
Ciso bitcoin tx_mallability-pdfCiso bitcoin tx_mallability-pdf
Ciso bitcoin tx_mallability-pdfPriyanka Aash
 
Mohit_Jain_Resume
Mohit_Jain_ResumeMohit_Jain_Resume
Mohit_Jain_ResumeMohit Jain
 
447.теория и история литературы проблемы фольклоризма и мифотворчества
447.теория и история литературы проблемы фольклоризма и мифотворчества447.теория и история литературы проблемы фольклоризма и мифотворчества
447.теория и история литературы проблемы фольклоризма и мифотворчестваivanov15548
 
Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe Priyanka Aash
 
197.«основные положения гражданского права» часть 2 «договоры, направленные н...
197.«основные положения гражданского права» часть 2 «договоры, направленные н...197.«основные положения гражданского права» часть 2 «договоры, направленные н...
197.«основные положения гражданского права» часть 2 «договоры, направленные н...ivanov15666688
 
Nanotechnology in surgery
Nanotechnology in surgeryNanotechnology in surgery
Nanotechnology in surgeryLouizos Louizos
 
Performance Arts Awards Graded Examinations in Musical Theatre | RSL
Performance Arts Awards Graded Examinations in Musical Theatre | RSLPerformance Arts Awards Graded Examinations in Musical Theatre | RSL
Performance Arts Awards Graded Examinations in Musical Theatre | RSLFrancesca Denton
 
Information Visualization Project
Information Visualization ProjectInformation Visualization Project
Information Visualization ProjectAlexander Nwala
 
AHMED HAMDI%27S PORTFOLIO
AHMED HAMDI%27S PORTFOLIOAHMED HAMDI%27S PORTFOLIO
AHMED HAMDI%27S PORTFOLIOAhmed Hamdi
 

Andere mochten auch (19)

CV
CVCV
CV
 
Solicitud de alta como socio de acedc
Solicitud de alta como socio de acedcSolicitud de alta como socio de acedc
Solicitud de alta como socio de acedc
 
nostalgia pix
nostalgia pixnostalgia pix
nostalgia pix
 
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)
 
RAB Lighting
RAB LightingRAB Lighting
RAB Lighting
 
Bachelor in History
Bachelor in HistoryBachelor in History
Bachelor in History
 
PSICOLOGIA DE LA SALUD
PSICOLOGIA DE LA SALUDPSICOLOGIA DE LA SALUD
PSICOLOGIA DE LA SALUD
 
Oer prezi
Oer preziOer prezi
Oer prezi
 
Ciso bitcoin tx_mallability-pdf
Ciso bitcoin tx_mallability-pdfCiso bitcoin tx_mallability-pdf
Ciso bitcoin tx_mallability-pdf
 
Mohit_Jain_Resume
Mohit_Jain_ResumeMohit_Jain_Resume
Mohit_Jain_Resume
 
447.теория и история литературы проблемы фольклоризма и мифотворчества
447.теория и история литературы проблемы фольклоризма и мифотворчества447.теория и история литературы проблемы фольклоризма и мифотворчества
447.теория и история литературы проблемы фольклоризма и мифотворчества
 
Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe
 
197.«основные положения гражданского права» часть 2 «договоры, направленные н...
197.«основные положения гражданского права» часть 2 «договоры, направленные н...197.«основные положения гражданского права» часть 2 «договоры, направленные н...
197.«основные положения гражданского права» часть 2 «договоры, направленные н...
 
El coordinator meeting 11.5.15
El coordinator meeting 11.5.15El coordinator meeting 11.5.15
El coordinator meeting 11.5.15
 
Nielson_Samaj in Bhutanese Culture
Nielson_Samaj in Bhutanese CultureNielson_Samaj in Bhutanese Culture
Nielson_Samaj in Bhutanese Culture
 
Nanotechnology in surgery
Nanotechnology in surgeryNanotechnology in surgery
Nanotechnology in surgery
 
Performance Arts Awards Graded Examinations in Musical Theatre | RSL
Performance Arts Awards Graded Examinations in Musical Theatre | RSLPerformance Arts Awards Graded Examinations in Musical Theatre | RSL
Performance Arts Awards Graded Examinations in Musical Theatre | RSL
 
Information Visualization Project
Information Visualization ProjectInformation Visualization Project
Information Visualization Project
 
AHMED HAMDI%27S PORTFOLIO
AHMED HAMDI%27S PORTFOLIOAHMED HAMDI%27S PORTFOLIO
AHMED HAMDI%27S PORTFOLIO
 

Ähnlich wie ciso-platform-annual-summit-2013-IT risk as business risk

IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk ManagementTudor Damian
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems Jeffrey Paulette
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsNCC Group
 
Information technology risks
Information technology risksInformation technology risks
Information technology riskssalman butt
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpointrandalje86
 
Enterprise IT Security| CIO Innovation and Leadership
Enterprise IT Security| CIO Innovation and LeadershipEnterprise IT Security| CIO Innovation and Leadership
Enterprise IT Security| CIO Innovation and LeadershipRedZone Technologies
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientAccenture Operations
 
nist_privacy_risk_workshop_6.5.17.pptx
nist_privacy_risk_workshop_6.5.17.pptxnist_privacy_risk_workshop_6.5.17.pptx
nist_privacy_risk_workshop_6.5.17.pptxssuser0f83b7
 
nist_privacy_risk_workshop_6.5.17.pptx
nist_privacy_risk_workshop_6.5.17.pptxnist_privacy_risk_workshop_6.5.17.pptx
nist_privacy_risk_workshop_6.5.17.pptxAbdulSalamSagir1
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 
Security Architecture
Security ArchitectureSecurity Architecture
Security ArchitecturePriyank Hada
 
Best Practices to Cybersecurity Vulnerability Management,.pdf
Best Practices to Cybersecurity Vulnerability Management,.pdfBest Practices to Cybersecurity Vulnerability Management,.pdf
Best Practices to Cybersecurity Vulnerability Management,.pdfTuan Yang
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 

Ähnlich wie ciso-platform-annual-summit-2013-IT risk as business risk (20)

IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
 
Information technology risks
Information technology risksInformation technology risks
Information technology risks
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpoint
 
Enterprise IT Security| CIO Innovation and Leadership
Enterprise IT Security| CIO Innovation and LeadershipEnterprise IT Security| CIO Innovation and Leadership
Enterprise IT Security| CIO Innovation and Leadership
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber Resilient
 
Vulenerability Management.pptx
Vulenerability Management.pptxVulenerability Management.pptx
Vulenerability Management.pptx
 
nist_privacy_risk_workshop_6.5.17.pptx
nist_privacy_risk_workshop_6.5.17.pptxnist_privacy_risk_workshop_6.5.17.pptx
nist_privacy_risk_workshop_6.5.17.pptx
 
nist_privacy_risk_workshop_6.5.17.pptx
nist_privacy_risk_workshop_6.5.17.pptxnist_privacy_risk_workshop_6.5.17.pptx
nist_privacy_risk_workshop_6.5.17.pptx
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 
Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
Best Practices to Cybersecurity Vulnerability Management,.pdf
Best Practices to Cybersecurity Vulnerability Management,.pdfBest Practices to Cybersecurity Vulnerability Management,.pdf
Best Practices to Cybersecurity Vulnerability Management,.pdf
 
Incident Response
Incident Response Incident Response
Incident Response
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 

Mehr von Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

Mehr von Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Kürzlich hochgeladen

Log your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignLog your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignHenry Tapper
 
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...ssifa0344
 
Instant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School SpiritInstant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School Spiritegoetzinger
 
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptxFinTech Belgium
 
03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptxFinTech Belgium
 
Dividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxDividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxanshikagoel52
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designsegoetzinger
 
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...Suhani Kapoor
 
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free DeliveryMalad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free DeliveryPooja Nehwal
 
Quarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingQuarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingMaristelaRamos12
 
The Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfThe Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfGale Pooley
 
The Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfThe Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfGale Pooley
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdfFinTech Belgium
 
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...ssifa0344
 
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Pooja Nehwal
 
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdfAdnet Communications
 
The Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfThe Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfGale Pooley
 
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...Call Girls in Nagpur High Profile
 

Kürzlich hochgeladen (20)

Log your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignLog your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaign
 
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
 
Instant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School SpiritInstant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School Spirit
 
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
 
03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx
 
Dividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxDividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptx
 
Veritas Interim Report 1 January–31 March 2024
Veritas Interim Report 1 January–31 March 2024Veritas Interim Report 1 January–31 March 2024
Veritas Interim Report 1 January–31 March 2024
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designs
 
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
 
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free DeliveryMalad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
 
Quarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingQuarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of Marketing
 
The Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfThe Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdf
 
The Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfThe Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdf
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
 
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
 
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
 
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
 
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf
 
The Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfThe Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdf
 
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
 

ciso-platform-annual-summit-2013-IT risk as business risk

  • 1. CISO PLATFORM ANNUAL SUMMIT IT Risk as Business Risk Wayne Tufek CISO Platform Annual Summit November 15-16 Hyatt Regency Mumbai
  • 2. Agenda • • • • Overview of IT risk What causes IT risk? The business consequences of IT Risk Examples
  • 3. Overview of IT Risk • • • • Risk IT Risk IT Governance Risk management
  • 4. What Causes IT Risk? • George Westerman from MIT Sloan • http://cisr.mit.edu/research/research-overview/classic-topics/it-related-risk/ – Failure of oversight and governance processes (ineffective IT governance) • Series of poor decisions and badly structured IT assets • Locally optimised decisions • Lack of business involvement – Uncontrolled complexity – Inattention to risk • IT risk results from decision-making processes that ignore the full range of business needs that arise from using IT
  • 5. The Business Consequences of IT Risk Agility Accuracy Access Availability Source: George Westerman http://cisr.mit.edu/research/research-overview/classic-topics/it-related-risk/
  • 6. The Business Consequences of IT Risk (cont) Enterprise IT Risks Availability Access Business continuity DRP Information protection Knowledge sharing Preventing attacks Accuracy Agility Ability to implement Data Integrity Regulatory compliance major strategic change Source: George Westerman http://cisr.mit.edu/research/researchoverview/classic-topics/it-related-risk/ IT Risk Factors Technology & Infrastructure Applications & Information Configuration management Architecture complexity Degree of standardisation Redundancy Age of technology Data integrity Degree of customisation People & Skills Vendors & Other Partners Policy & Process Organisational Turnover SLAs Controls Skills planning Use of firms standards Degree of standardisation Recruitingtraining Sole source risk Accountability ITBusiness relationship Cost cutting Complexity Funding
  • 7. Example Risk Factors • Availability – Alternative site – Excessive time to restore (RTO, RPO, MTO) – Special hardware or equipment or a unique environment – Network links
  • 8. Example Risk Factors • Access – Financial impact of unauthorised modification of data – Impact of unauthorised disclosure – Are duties segregated? – Is access based on the users role? – Can the system track user actions and provide reports? – How effective is the access provisioning/deprovisioning process?
  • 9. Example Risk Factors • Accuracy – What is the financial impact of incorrect applications? – How will inaccuracy impact customers and the organisation’s reputation? – What regulatory and government compliance is required? – Is there a high level of customisation? – Are calculations performed by any third parties?
  • 10. Example Risk Factors • Agility – Is the system hard coded with custom features difficult to modify? – Is the system supported by the vendor? – Does the system require hard to obtain technical resources to maintain support? – Can the system be scaled in terms of volume? – Is the documentation adequate? – Does the system run on out of date software
  • 11. Example • Single Sign-On implementation Agility Accuracy Access Availability Source: George Westerman http://cisr.mit.edu/research/research-overview/classic-topics/it-related-risk/
  • 12. Example • Moving corporate data to the cloud Agility Accuracy Access Availability Source: George Westerman http://cisr.mit.edu/research/research-overview/classic-topics/it-related-risk/
  • 14. Contact • wtufek@unimelb.edu.au • LinkedIn – http://www.linkedin.com/pub/wayne-tufek/0/338/312