Documente Academic
Documente Profesional
Documente Cultură
Presented by:
• Alan Calder, CEO and Founder
• IT Governance USA Inc.
• March 20, 2018
Introduction
• Alan Calder
• Founder – IT Governance
• The single source for everything to do with IT governance, cyber risk
management, and IT compliance
• IT Governance: An International Guide to Data Security and ISO 27001/ISO
27002, 6th Edition (Open University textbook)
• www.itgovernanceusa.com
• Recognize threats
• Prevent potential threats
• Create awareness of the entire team
• Reduce costs and damages
• Create effective policies and procedures
1 2 3 4 5
Likelihood
Impact
• Vulnerability x threat
• Vulnerability = part of an asset
(unpatched software)
• Threat = external to the asset
(criminal hacker)
• Ensure practical, cost-effective
decisions
• Assign impact and likelihood values
• Based on risk criteria
1 2 3 4
• PCI DSS
• NIST
A.5 Information and A.8 Asset management A.12 Operations security A.15 Supplier
security policies relationships
A.6 Organization of A.9 Access control A.13 Communications A.16 Information security
information security security incident management
A.7 Human resources A.10 Cryptography A.14 System acquisition, A.17 Information security
security development, and aspects of business
maintenance continuity management
• vsRisk™ has been developed by Vigilant Software, which is part of the GRCI group
• vsRisk will enable users to produce consistent, reliable, and robust risk assessments year after year
• vsRisk saves users time and money compared to spreadsheets
Optional built-in
Streamlined Can generate
documentation
and accurate auditable reports
toolkit
Book a live demonstration with the Vigilant Software team to find out more
https://www.vigilantsoftware.co.uk/topic/free-demo