www.surecloud.com © 2016 SureCloud Limited. All rights reserved. Risk Manager for IRAM 2 Thursday 17th November 2016 Presented by: Nick Rafferty, Chief Operating Officer Oliver Vistisen, Head of Products
www.surecloud.com© 2016 SureCloud Limited.All rights reserved.
Risk Manager for IRAM2
Thursday 17th November 2016
Presented by:
Nick Rafferty, Chief Operating Officer
Oliver Vistisen, Head of Products
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
Agenda
• Introduction to SureCloud
• What is IRAM2?
• IRAM2 on the SureCloud Platform
• Demonstration
• Further Opportunities
• Questions & Answers
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
How SureCloud maximised its involvement with the ISF’s
IRAM2 programme and how you can do the same.Introduction to SureCloud
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What is the SureCloud Platform?
Create & Notify Assess Review Sign-off
Global
City 1 City 2 City 3
Region
Register: Suppliers
Date: May16
Unit: EMEA
Supplier 1
Supplier 2
Supplier 3
Supplier 4
Supplier 5
Registers Workflows
Assessments
3rd Party Risk
Risk Assessment
Compliance Gap Anal.
Audit
CSR
Incident Response
BIA
Groups Reports Dashboards & Charts
API: Excel, Power BI
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
SureCloud GRC Applications
How SureCloud maximised its involvement with the ISF’s
IRAM2 programme and how you can do the same.What is IRAM2?
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What is IRAM2?
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What is IRAM2?
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What is IRAM2?
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What is IRAM2?
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
IRAM2 Assessment Tool
How SureCloud maximised its involvement with the ISF’s
IRAM2 programme and how you can do the same.IRAM2 on the SureCloud Platform
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What has SureCloud done?
• Multiple staff members attended ISF practitioner training
• Worked with key ISF community members to ensure we can support wider practitioner
requirements
• Conducted multiple in-house risk assessments to understand the methodology in detail
• Proactively suggested ways to streamline the process through technology
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What does the SureCloud Platform provide?
• Re-use of common stages through centralisation of content
• Workflow to automate aspects of the process
• Notifications and offline assessments
• Multi-assessment management and status tracking
• Aggregation across assessments and business focused reporting
• Links to other GRC applications such as Compliance Manager for BAU activities
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
IRAM2 Assessment Tool
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What is SureCloud delivering?
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
How SureCloud maximised its involvement with the ISF’s
IRAM2 programme and how you can do the same.Demonstration
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
How SureCloud maximised its involvement with the ISF’s
IRAM2 programme and how you can do the same.Further Opportunities
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
IRAM2: Triage Approach
• A full IRAM2 assessment may not be necessary for all levels of criticality
• Each organisations BIA can drive informed decision-making:
Major or Critical BI Rating – undertake the full IRAM2 methodology
Medium BI Rating – apply Prioritised Controls
Minor BI Rating – No need to proceed
• Predefined Threat & Threat Events assessments and Control Effectiveness assessments
• The ISF is currently working to define what a triage approach might look like
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
Tying it all together
Compliance Manager
Policies
ISO
OperationalControls
Processes
Objectives
Actions List
Risk Assessments
Champions Owners
CategoriesRisk
Library
Department
Incidents
Affected Assets
Failed Controls
Loss Estimation
\Action Plan
Incident Manager
Audits
Audit UniverseSystems &
Components
AssetsBusiness Impact
Assessments
Products & Services
Audit Plan
Tests
COSO
Control Library
PCI OHSAS
Risk Appetite & Tolerance
Metrics
Standards
Requirements
Emergency Response &
DR Plans
Training
Business Continuity Manager
Policy Manager
Audit Manager
Reference Lists
Findings
GRC
Assessment Manager
Third Party Register
Key Contacts
RelationshipOwner
Assessments
Risk Manager
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
How SureCloud maximised its involvement with the ISF’s
IRAM2 programme and how you can do the same.Questions & Answers
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
Questions & Answers
About SureCloud
• SureCloud is a provider of GRC Applications and Cybersecurity Services. Our Cloud Platform has
helped 100s of blue chip businesses and 1,000s of users to improve productivity and efficiency by
replacing and automating spreadsheet based risk and compliance processes
• In addition, our cybersecurity testing and assurance services team help organisations secure their
information assets, systems and networks as well as providing a holistic view of cyber risk using the
SureCloud Platform.