[Risk] Risk Manager for IRAM2 Application

www.surecloud.com© 2016 SureCloud Limited.All rights reserved.

Risk Manager for IRAM2

Thursday 17th November 2016

Presented by:

Nick Rafferty, Chief Operating Officer

Oliver Vistisen, Head of Products

© 2016 SureCloud Limited. All rights reserved. www.surecloud.com

Agenda

• Introduction to SureCloud

• What is IRAM2?

• IRAM2 on the SureCloud Platform

• Demonstration

• Further Opportunities

• Questions & Answers


How SureCloud maximised its involvement with the ISF’s

IRAM2 programme and how you can do the same.Introduction to SureCloud


What is the SureCloud Platform?

Create & Notify Assess Review Sign-off

Global

City 1 City 2 City 3

Region

Register: Suppliers

Date: May16

Unit: EMEA

Supplier 1

Supplier 2

Supplier 3

Supplier 4

Supplier 5

Registers Workflows

Assessments

3rd Party Risk

Risk Assessment

Compliance Gap Anal.

Audit

CSR

Incident Response

BIA

Groups Reports Dashboards & Charts

API: Excel, Power BI




SureCloud GRC Applications


IRAM2 programme and how you can do the same.What is IRAM2?


What is IRAM2?


What is IRAM2?


What is IRAM2?


What is IRAM2?


IRAM2 Assessment Tool


IRAM2 programme and how you can do the same.IRAM2 on the SureCloud Platform


What has SureCloud done?

• Multiple staff members attended ISF practitioner training

• Worked with key ISF community members to ensure we can support wider practitioner

requirements

• Conducted multiple in-house risk assessments to understand the methodology in detail

• Proactively suggested ways to streamline the process through technology


What does the SureCloud Platform provide?

• Re-use of common stages through centralisation of content

• Workflow to automate aspects of the process

• Notifications and offline assessments

• Multi-assessment management and status tracking

• Aggregation across assessments and business focused reporting

• Links to other GRC applications such as Compliance Manager for BAU activities


IRAM2 Assessment Tool


What is SureCloud delivering?



IRAM2 programme and how you can do the same.Demonstration



IRAM2 programme and how you can do the same.Further Opportunities


IRAM2: Triage Approach

• A full IRAM2 assessment may not be necessary for all levels of criticality

• Each organisations BIA can drive informed decision-making:

Major or Critical BI Rating – undertake the full IRAM2 methodology

Medium BI Rating – apply Prioritised Controls

Minor BI Rating – No need to proceed

• Predefined Threat & Threat Events assessments and Control Effectiveness assessments

• The ISF is currently working to define what a triage approach might look like


Tying it all together

Compliance Manager

Policies

ISO

OperationalControls

Processes

Objectives

Actions List

Risk Assessments

Champions Owners

CategoriesRisk

Library

Department

Incidents

Affected Assets

Failed Controls

Loss Estimation

\Action Plan

Incident Manager

Audits

Audit UniverseSystems &

Components

AssetsBusiness Impact

Assessments

Products & Services

Audit Plan

Tests

COSO

Control Library

PCI OHSAS

Risk Appetite & Tolerance

Metrics

Standards

Requirements

Emergency Response &

DR Plans

Training

Business Continuity Manager

Policy Manager

Audit Manager

Reference Lists

Findings

GRC

Assessment Manager

Third Party Register

Key Contacts

RelationshipOwner

Assessments

Risk Manager



IRAM2 programme and how you can do the same.Questions & Answers


Questions & Answers

About SureCloud

• SureCloud is a provider of GRC Applications and Cybersecurity Services. Our Cloud Platform has

helped 100s of blue chip businesses and 1,000s of users to improve productivity and efficiency by

replacing and automating spreadsheet based risk and compliance processes

• In addition, our cybersecurity testing and assurance services team help organisations secure their

information assets, systems and networks as well as providing a holistic view of cyber risk using the

SureCloud Platform.

[Risk] Risk Manager for IRAM2 Application

Technology