Top Banner
13 e 14 de Março de 2013 Brasília - Brasil Mr. Mike Popham MBA FRSA Partner Syndicus IS LLP [email protected] +44 797 650 4897
16

Real Time Risk Management

Nov 01, 2014

Download

Technology

mike_popham

Integrated Physical, Environmental, Information, Risk Measures and Controls in Real Time for Measured Protection
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Real Time Risk Management

13 e 14 de Março de 2013

Brasília - BrasilMr. Mike Popham MBA FRSA

PartnerSyndicus IS LLP

[email protected]+44 797 650 4897

Page 2: Real Time Risk Management

2

Proteus® Real Time Risk Operations

Integrated Physical, Environmental, Information, Risk Measures and Controls in Real Time for Measured

ProtectionMr. Mike Popham MBA FRSA

PartnerSyndicus IS LLP

[email protected]+44 797 650 4897

Page 3: Real Time Risk Management

Presentation of Syndicus IS LLP Real Time GRC Operations Service Benefits Multi-faceted Governance, Risk and Compliance Activities Proteus GRC Engine Proteus iGRC Engine Real Time Demonstrator

3

Proteus® Real Time Risk Operations AGENDA

Page 4: Real Time Risk Management

Proteus® Real Time Risk OperationsSYNDICUS INFORMATION SECURITY LLP

Page 5: Real Time Risk Management

Proteus® Real Time Risk MAKING PROTECTION MORE COMPLETE

Information Security Sensors

Environmental Sensors

Physical Security Sensors

Asset Based Risk

Assessment

Impact on Process and Continuity

Health & Safety Controls

Management, Specialists, and Users

facilitating processes together

using best practices, harnessed in

technologies integrated for best protective effect in real time

Real Time Risk Management

Demonstration

Click Heresee

“Geoff Ibbett and Team” 2nd down on right

Page 6: Real Time Risk Management

6

Proteus® Real Time Risk OperationsMULTI-FACETED GRC

Compliance (Gap Analysis) for anyStandard, Regulation, or Legislation

Gather information from subject matter expertsand add value through integration of data

Flexible reporting to enable the auditcommittee to quickly evaluate the company’s risk

A ‘dashboard’ bridges the gap between the complexity of the subject and

senior management

Page 7: Real Time Risk Management

Proteus® Real Time Risk INTEGRATED GRC FACETS

Page 8: Real Time Risk Management

88

Benefits of the Service

Dedicated physical, information, environmental security, H&S controls etc with integrated risk management professionals working to best practice, e.g. ISO 27001, ISO 9001 etc etc to meet the GRC needs of the enterprise

In-depth range of validation measures are included in the service Reports on compliance and risk status and progress are available to the customer

within minutes of data input and analysis Your dedicated information security and risk management professions all work from

a leading GRC engine that interrelates compliance, risk and business continuity status into the process oriented business impact assessment

Departmental specific GRC performance is available GRC engine integrates with fraud and cyber/network sensors/agents for real time

risk management

Proteus® Time Risk Operations SERVICE BENEFITS

Page 9: Real Time Risk Management

9

Controlling the Enterprise

Centralized Asset Register Single Repository for Policies and Documents, plus dissemination and e-examination Gap analysis – status of alignment to standards and non-conformities Identification of impact of risk on assets and business processes Integrates incident management and mitigation / improvements Consistent and easy visibility of global reporting Rapid installation, via the web as necessary Designed for configurability Extensions available, e.g. active directory, single sign on Intuitive interface and multi-site access worldwide, via the web Transforms governance dynamics Provides new opportunities and significant improvements in governance, risk and compliance BIA, BCP, assigning tasks and accountability, action planner and work-flow sign-off Offers tangible productivity enhancements (capacity building) Extends to operations domain via Proteus iGRC Offers a real return on investment

Proteus® Real Time Risk OperationsTRANSFORMING ENTERPRISE CONTROL

Page 10: Real Time Risk Management

1010

Referencing Best Practice

Supports a set of rules and has a capacity for rapid transition / integration rules customizable (2 months)

ISO 27001, Information Security Management, ISMS / ISMS BS 25999 (ISO 22301) - Business Continuity Management PCI DSS - Payment Card Industry Data Security BS 10012 - Data Protection, Specification for a Personal Information Management

System ISO 9001 - Quality management of businesses ISO 14001 - Environmental Management ISO 20000 - Service Management, Information, products and services to support Cobit 4.1 - Control Objectives for Information and related Technology Physical Controls

Proteus® Real Time Risk OperationsSPREAD OF BEST PRACTICES

Page 11: Real Time Risk Management

Governance, Policies,

Processes, Procedures

Management

International Standards

ISO

Proteus Enterprise

Risk, BIA, BCM,

Threats and Mitigations

1111

Multi-Disciplinary Teams

Preparing the organization for the future Achieve compliance, perform risk management, assess impacts, demonstrate proper governance Conduct real time risk management operations via sensors and agents, e.g.:

Physical security controls Information security controls Health and safety controls Environmental controls Risk measures Service Continuity

Proteus® Real Time Risk OperationsSENSORS/AGENTS IN THE MIX

Page 12: Real Time Risk Management

No Delays Reporting Status

Assets control Central Panel, Dashboard Overview cover losses Chart threats Risk Analysis and Evaluation Operational impact Financial Impact State regulatory Extensions Real time interface

12

Proteus® Real Time Risk Operations REPORTS STATUS NOW

Page 13: Real Time Risk Management

13

Proteus® Real Time Risk Operations FIRST TO MARKET WITH PATENT

Page 14: Real Time Risk Management

14

Proteus® Real Time Risk Operations WIDEST POSSIBLE INTEGRATION SCOPE

Normal Operations

anomaly detection, anti-virus, data security, enterprise security, federated identity, intrusion detection and prevention, malware and malware removal, messaging security, multifactor authentication, patch management, PC security, secure remote administration, security policy management, threat management, transaction monitoring, user authentication, web security, log management and analysis (SIEM), configuration assessment / vulnerability detection

Cards (present and not present)

anomaly detection, federated identity, messaging security, multifactor authentication, security policy management, threat management, transaction monitoring, user authentication, web security, log management and analysis (SIEM), configuration assessment / vulnerability detection

Internet, Mobile channels, and POS Channels

anti-virus, collaboration security, data security, enterprise security, federated identity, malware and malware removal, messaging security, multifactor authentication, patch management, PC security, secure remote administration, security policy management, threat management, transaction monitoring, user authentication, web security, log management and analysis (SIEM), configuration assessment / vulnerability detection

Detection systems deployed in Proteus® iGRC (Banking Example)

Page 15: Real Time Risk Management

15

Real Time Risk Management Demonstration

Click Heresee

“Geoff Ibbett and Team” 2nd down on right

Increased complexity due to cyber and terrorist threats

Physical Controls Management Environmental Controls Management Information Security Controls Management Health and Safety Controls Management Action Plans and On-Line Audits Business Impact Assessments Business Continuity Assessments

Proteus® Real Time Risk Operations VIEW THE DEMONSTRATOR

Page 16: Real Time Risk Management

16

Proteus® Real Time Risk Operations CONTACT THE TEAM

Mr. Mike Popham MBA FRSAPartner

Syndicus IS [email protected]

+44 797 650 4897

Syndicus Information Security LLP, Suite 36, 88-90 Hatton Garden, Holborn,

London, EC1N 8PG, UK +44 (0)845 260 2465

[email protected] www.syndicusis.com

Workshops

• Cyber protection technologies• Governance, risk and compliance • Real Time Risk management• Review of latest cyber sensors and agents:• Their benefits and effects• Current gaps in protective capability• Cyber risk management techniques:• Cyber protection best practice• Extension of best practice into managed reality• Business impact analysis • Governance in era of advanced GRC technology• Transformational for cyber protection