Documente Academic
Documente Profesional
Documente Cultură
Lecture 1
IT Risk Management, IT
Governance, and Cyber Risk
Management Overview
Topics
1. Course Overview
3. IT Governance
1. Attendance
2. Participation
9
IT Governance
Enterprise Governance
Source: ISACA
11
Enterprise Governance
There are two key dimensions of enterprise governance:
• Conformance
• Performance
12
Enterprise Governance
13
IT Governance
What is IT Governance?
14
IT Governance
Source: Gartner
15
IT Governance
Source: ISACA
16
IT Governance
Scope of IT Governance:
• IT principles
• IT architecture
• SOA architecture – service oriented architecture (SOA)
• IT infrastructure
• Business application needs – specifying the business need for purchased or
internally developed IT applications
• IT investment and prioritization
• People (human capital) development
• IT governance policies, processes, mechanisms, tools and metrics
17
IT Governance
19
IT Governance
IT Governance Challenges IT Risk Management Areas
Total Cost of Ownership &
IT Value Proposition
IT Governance Processes
On Demand Management & IT IT Strategy
Investment
Business Continuity and Disaster
Recovery
Business/Competitive Intelligence
Security IT Security
21
IT Demand Management
23
IT Governance
Is there:
- a clear and shared understanding and commitment to achieve the
expected benefits? In what areas? How?
- clear accountability for achieving the benefits, which should be
linked to MBOs and incentive compensation schemes, for
individuals and business units, or functional areas?
24
IT Governance
Metrics include:
- scalable, disciplined and consistent management, governance,
delivery of quality processes
- appropriate and sufficient resources available with the right
competencies, capabilities and attitudes
- a consistent set (of metrics) linked to critical success factors
(CSFs) and realistic key performance indicators (KPIs)
- succession planning
25
Cyber Risk Management
Cybersecurity Risk
Today’s cyber threat landscape Management
2013
2012
2011
2010
u Data breaches have serious financial consequences for
2009 organizations
Today’s
Landscape
9
Digital World Reality
u Digital transformation will continue and
therefore cybersecurity landscape is
constantly evolving.
u Today we have 10 billion devices
attached to Internet. In 2020 we will
have 50 billion devices connected to
internet.
u Since hackers only need to be right
once and those who protect the
organization need to be right all the
time, your cybersecurity program needs
to be constantly evolving.
u In order to evolve, it is vital to
understand who is after you, what
motivates them and what they are after.
u Understanding the landscape is a key
element in any successful cybersecurity
risk management program.
2018 – The Year of the Defender
Organizations will start managing cyber as enterprise risk
Changing the equation: Cloud will be the integral component of our defense strategy
§ Threat intelligence, early detection using AI and machine learning, behavioral anomaly detections
§ Incident Response planning and testing is a must and it involves all major functions of the organization
Cybersecurity Framework
Business IT Compliance
Drivers
• Strategies • Strategies • Methodology
• Threats • Architecture • Data
• Risk tolerance • Organization • Standards
28
Areas of Cyber Risk Management
Application/ Software
System Cyber insurance Spam Filters Restriction
Inventory Policies
Discussion:
Does Blockchain Tech Solve Security Problems or Cause New Ones?, Penny
Crossman, American Banker, August 18, 2016
https://www.americanbanker.com/news/does-blockchain-tech-solve-security-
problems-or-cause-new-ones
You are on the Board of the Directors of a Financial Services company, which you
have been informed is investing in the Blockchain technology. What are the
questions that you would pose to the company’s C-level executives? How would
you classify this type of investment? How would you measure its value?
38