Presented by K S Narayanan at CISO Platform Annual Summit, 2013. Narayanan is the Head Information Risk Management at ING Vysya Bank responsible for strategy, policy, risk management and information security program management implementation for ING Vysya Bank.
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
ciso-platform-annual-summit-2013-Key pillars of an effective risk management program
1. Key pillars of an effective Risk Management
Program
Prepared by: K.S.Narayanan
Head – Information Risk Management - ING Vysya Bank
Date: 15th Nov 2013
2. Information Security & Risk
Information Security is
• More focused on technology
• Compliance driven
• Identify threats
• Defines controls
• Monitor controls
Information Risk Management defines
• The areas which should be secured
• Business value & Business Impact
• Compliance and strategy
• Structured Approach
• Provides information to decision makers
• Does not make decisions for business
4. “Volvo Bus Security Syndrome”
• Is there a Governance Issue ?
• Are Risks & Controls not aligned ?
• Weak architecture and control
design for fire safety ?
• Who assessed the risk appetite ?
Is this an outcome of only technology driven and compliance focused
assurance !
14th Nov 13 :- 7 dead after Mumbai-Bangalore Volvo bus catches fire
30th Oct 13 :- 45 charred to death in Volvo bus blaze near Hyderabad
Disclaimer :- This analysis is not intended to question Volvo technical and safety controls. Only used here for the
purpose of a case study for an effective risk management.
5. Effective Risk Management - Critical Factors
• Suitable Governance Model
• Common Risk Language & Risk footprints
• Risk Assessments
– Standard based + Scenario based
• Risk Appetite for business/risk decision
making
• Reference Architecture based – Security
controls implementation
• Data centric approach
6. ERM Framework – IT Risk
•
•
•
•
•
•
Aligning risk appetite and strategy
Enhancing risk response decisions
Reducing operational surprises
and losses
Identifying and managing multiple
and cross-enterprise risks
Seizing opportunities
Improving deployment of capital