8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
Assocham conf grc sept 13
1. Cyber Governance & Business Assurance in Cyber Era-
Challenges Before the Corporates
Prof. K. Subramanian
SM(IEEE, USA), SMACM(USA), FIETE,SM(IEEE, USA), SMACM(USA), FIETE,
SMCSI,MAIMA,MAIS(USA),MCFE(USA)SMCSI,MAIMA,MAIS(USA),MCFE(USA)
Founder Director & Professor, Advanced Center for Informatics &
Innovative Learning (ACIIL), IGNOU
EX- IT Adviser to CAG of India
Ex-DDG(NIC), Ministry of Comm. & IT
Emeritus President, eInformation Systems, Security, Audit
Association
Former President, Cyber Society of India
3. 3
Notable Quotes
"The poor have sometimes objected to being governed
badly; the rich have always objected to being governed at
all." G. K. Chesterton
“Ever since men began to modify their lives by using technology
they have found themselves in a series of technological traps.”
Roger Revelle
“The law is the last interpretation of the law given by the last
judge.”- Anon.
“Privacy is where technology and the law collide.”
--Richard Smith
(who traced the ‘I Love You’ and ‘Melissa viruses’)
"Technology makes it possible for people to gain control
over everything, except over technology" John Tudor
4. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 44
MEDIATING FACTORS:MEDIATING FACTORS:
EnvironmentEnvironment
CultureCulture
StructureStructure
Standard ProceduresStandard Procedures
PoliticsPolitics
Management DecisionsManagement Decisions
ChanceChance
ORGANIZATIONSORGANIZATIONS INFORMATIONINFORMATION
TECHNOLOGYTECHNOLOGY
5. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 5
Principles of Good Governance
Leadership
Selflessness
Integrity
Objectivity
Accountability
Openness
Honesty
Humane Governance
Should be Creative
Uses Knowledge for
National Wealth and
Health creation
Understands the
economics of Knowledge
High Morality
8. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 8
Corporate Governance
Business Assurance Framework
Global Phenomena
Combines Code of UK
and SOX of USA
Basel II & III
Project Governance
IT Governance
Human & Humane
Governance
India Initiatives
1. Clause 49
2. Basel II & III -RBI
3.SEBI- Corporate
Governance
Implementation
directives
4.Risk management-RBI
& TRAI
5. MCA Initiatives
8
9. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 9
Global issues with Governance of
Cyber Space
Information Technology & Business: current status and
future
Does IT matter? IT--enabled Business
- Role of Information, Information Systems
- In business
- Role of information technology in enabling business
- IT dependence
Changing Role of the CIO
Web 2.0 and 3.0 and governing cyberspace
eBusiness, eHealth, eBanking, eGovernance
Current Challenges and Issues
9
10. Creating Trust in an Enterprise
Today's information explosion is creating challenges
for business and technology leaders at virtually every
organization. The lack of trusted information and
pressure to reduce costs is on the minds of CEOs and
senior executives around the world.
What's required to solve these challenges is a
paradigm shift - from generating and managing
silos - of information, of talent and skills, of
technologies and of projects to an environment
where information is a trusted, strategic asset
that is shared across the company.
10
12. Why Assurance?
Competitive Threats & Way Forward
Internal Competition from
Liberalization
World Competition from
Globalization
Entrenched Competition
Abroad
Asymmetry in Scale,
Technology, Brands
Industry Shakeouts and
Restructuring
Learn more about own
Businesses.
Reach out to all Business &
Function Heads.
Sharpen Internal Consultancy
Competences.
Proactively Seize the Repertoire
of MS & Partners
Foster two way flow of IS & Line
Talent.
10th september 2013 12Prof. KS@2013 Assocham conf GRC 2013
13. 13
Key Areas of AssuranceKey Areas of Assurance
• OrganizationalOrganizational
- Systems in place to identify & mitigate differing risk perceptions of- Systems in place to identify & mitigate differing risk perceptions of
stakeholders to meet business needsstakeholders to meet business needs
• SupplierSupplier
- Confidence that controls of third party suppliers adequate & meets- Confidence that controls of third party suppliers adequate & meets
organization’s benchmarksorganization’s benchmarks
• Business PartnersBusiness Partners
- Confirmation that security arrangements with partners assess & mitigate- Confirmation that security arrangements with partners assess & mitigate
business riskbusiness risk
• Services & IT SystemsServices & IT Systems
- Capability of developers, suppliers of IT services & systems to implement- Capability of developers, suppliers of IT services & systems to implement
effective systems to manage risks to the organization’s businesseffective systems to manage risks to the organization’s business
14. 14
What and Why of Business AssuranceWhat and Why of Business Assurance
• Manufacturing: Developing & implementing policies & procedures toManufacturing: Developing & implementing policies & procedures to
ensure operations are efficient, consistent, effective &ensure operations are efficient, consistent, effective &
compliant with lawcompliant with law
• ServicesServices : Process that establishes uninterrupted delivery of: Process that establishes uninterrupted delivery of
services to customer and protects interest &services to customer and protects interest &
informationinformation
• ProjectProject : Confirmation that business case viable and actual: Confirmation that business case viable and actual
costs and time lines in line with plan costs & schedulescosts and time lines in line with plan costs & schedules
• ObjectiveObjective : Delivers significant commercial value to the: Delivers significant commercial value to the
business while fully compliant with regulatorybusiness while fully compliant with regulatory
requirementsrequirements
: To avoid Enron type scandals and comply with: To avoid Enron type scandals and comply with
Sarbanes Oxley in US and Clause 49 in IndiaSarbanes Oxley in US and Clause 49 in India
15. 15
Assurance StakeholdersAssurance Stakeholders
Stakeholders
for business
assurance
Board of Directors
Management
Staff/Employees
Organisation
Customers
Public
Suppliers
Enforcement
& regulatory
authorities
Owner
Creditors
Shareholders
Insurers
Business partners
16. 16
Benefits of AssuranceBenefits of Assurance
• Contributes to effectiveness & efficiency of business operationsContributes to effectiveness & efficiency of business operations
• Ensures reliability & continuity of information systemsEnsures reliability & continuity of information systems
• Assists in compliance with laws & regulationsAssists in compliance with laws & regulations
• Assures that organizational risk exposure mitigatedAssures that organizational risk exposure mitigated
• Confirms that internal information accurate & reliableConfirms that internal information accurate & reliable
• Increases investor and lenders confidenceIncreases investor and lenders confidence
17. 17
Benefits of AssuranceBenefits of Assurance
• Supports informed decision making at management and Board levelSupports informed decision making at management and Board level
• Identifies and exploits areas of risk based advantageIdentifies and exploits areas of risk based advantage
• Ability to aggregate business unit risk in multiple jurisdictions & locationsAbility to aggregate business unit risk in multiple jurisdictions & locations
• Demonstrates proactive risk stewardshipDemonstrates proactive risk stewardship
• Establishes a process to stabilize results by protecting them fromEstablishes a process to stabilize results by protecting them from
disturbancedisturbance
• Enables independent directors to decide with comfort and confidenceEnables independent directors to decide with comfort and confidence
18. 1818
Business - technicalGovernment
regulatory
Government
developmental
Business–
financial
Civilsociety-
informational
Civil society - technical
ICT operations and
maintenance
ICT planning and
design
Investment in R & D
Marketing and
distributionProject management
and construction
Training
Borrowing capacity
Capital investment,
eg network
expansion
ICT technical
solutions
Revenue collection
ICT Risk/venture capital
Sales and promotions
Subsidies
Access to development
finance
ICT Regulatory powers
– price, quality,
interconnections,
competition)
ICT Transaction/
concession design
Investment promotion
Legal framework for
freedom of information
ICT Infrastructure
strategy
ICT skills development
Innovation (high risk), eg
community telecentres
Local customer
knowledge
Capacity to
network
A voice for the
socially excluded
Expertise in design of
‘relevant’ content
Knowledge of user
demand, eg
technology and
information gaps
Capacity to mobilise
civil society
Civilsociety-
informational
Design Parameters
19. 1919
Operational Integration
Professional Integration (HR)
Emotional/Cultural Integration
ICT & Government Business & Services Integration
Multi Technology coexistence and seamless integration
Information Assurance
Quality, Currency, Customization/Personalization
ICE is the sole integrator IT Governance is Important
21. 21
Towards Information
Assurance
Increasingly, the goal isn't about information
security but about information assurance, which
deals with issues such as data availability and
integrity.
That means organizations should focus not only
on risk avoidance but also on risk management,
she said. "You have to be able to evaluate risks and
articulate them in business terms“
--Jane Scott-Norris, CISO at the U.S. State
Department
23. Enabling to rapidly move up the
Governance Evolution Staircase
Strategy/Policy
People
Process
Technology
3. Transaction
Competition
Confidentiality/privacy
Fee for transaction
E-authentication
Self-services
Skill set changes
Portfolio mgmt.
Sourcing
Inc. business staff
BPR
Relationship mgmt.
Online interfaces
Channel mgmt.
Legacy sys. links
Security
Information access
24x7 infrastructure
Sourcing
Funding stream allocations
Agency identity
“Big Browser”
Job structures
Relocation/telecommuting
Organization
Performance accountability
Multiple-programs skills
Privacy reduces
Integrated services
Change value chain
New processes/services
Change relationships
(G2G, G2B, G2C, G2E)
New applications
New data structures
Time
2. Interaction
Searchable
Database
Public response/
email
Content mgmt.
Increased
support staff
Governance
Knowledge mgmt.
E-mail best prac.
Content mgmt.
Metadata
Data synch.
Search engine
E-mail
1. Presence
Publish
Existing
Streamline
processes
Web site
Markup
Trigger
4. Transformation
Cost/
Complexity
Define policy and
outsource execution
Retain monitoring and control
Outsource service delivery staff
Outsource process execution staff
Outsource customer
facing processes
Outsource backend processes
Applications
Infrastructure
Value
5. Outsourcing
Constituent
Evolve PPP model
23
24. Why information security
Governance is important
With security incidents and data breaches having a
huge impact on corporations, security governance or
oversight by the board and executive management,
has assumed importance.
Security governance refers to the strategic direction
given by the board and executive management for
managing information security risks to achieve
corporate objectives by reducing losses and liabilities
arising from security incidents
24
25. Towards Security Governance
Security governance would
lead to development of an
information security strategy
and an action plan for
implementation through a well
defined information security
program. Governance would
lead to establishment of
organizational structures and
processes and monitoring
schemes
For the past few years, IT and security
professionals have talked about
information technology – and particularly
information security – as a "business
enabler." Today, it might also be called a
"compliance enabler." IT and security
organizations have both been on the front
lines for compliance efforts and are now
being asked to play two pivotal roles:
first, to provide a secure, well-controlled IT
environment to improve business
performance
and second, to assist the organization in
strategically and tactically addressing its
governance, risk and compliance
requirements
2510th september 2013 Prof. KS@2013 Assocham conf GRC 2013
26. Threat & Vulnerability Management
Authenticating user identities with a range of
mechanisms, such as tokens, biometrics and
Public Key Infrastructure
Developing user access policies and
procedures, rules and responsibilities and a
standardized role structure that helps
organizations meet and enforce security
standards
Centralizing user data stores in a single
enterprise directory that enables increased
efficiencies in user administration, access
control and authentication
Reducing IT operating costs and increasing
efficiency by implementing effective user
management to support self-service and
automate workflow, and by provisioning and
instituting flexible user administration
You need an integrated threat and
vulnerability management solution to better
monitor, report on and respond to complex
security threats and vulnerabilities, as well as
meet regulatory requirements.
You need to protect both your own
information assets and those you are
custodian of, such as sensitive customer data.
You want a real-time, integrated snapshot of
your security posture.
You want to correlate events from data
emerging from multiple security touch points.
You need support from a comprehensive
inventory of known threat exposures.
You need to reduce the cost of ownership of
your threat and vulnerability management
system
2610th september 2013 Prof. KS@2013 Assocham conf GRC 2013
27. Risk Identification
Assess current security capabilities, including threat management, vulnerability
management, compliance management, reporting and intelligence analysis.
Define c
Identify technology requirements for bridging security gaps
Integrated Security Information Management
Develop processes to evaluate and prioritize security intelligence information received
from external sources, allowing organizations to minimize risks before an attack
Implement processes that support the ongoing maintenance, evolution and
administration of security standards and policies
Determine asset attributes, such as direct and indirect associations, sensitivity and asset
criticality, to help organizations allocate resources strategically
Assist in aggregating security data from multiple sources in a central repository or
"dashboard" for user-friendly presentation to managers and auditors
Help design and implement a comprehensive security reporting system that provides a
periodic, holistic view of all IT risk and compliance systems and outputs
Assist in developing governance programs to enforce policies and
accountability
27
28. 28
9 Rules of Risk Management There is no return without risk
Rewards to go to those who take risks.
Be Transparent
Risk is measured, and managed by people,
not mathematical models.
Know what you Don’t know
Question the assumptions you make
Communicate
Risk should be discussed openly
Diversify
Multiple risk will produce more consistent
rewards
Sow Discipline
A consistent and rigorous approach will
beat a constantly changing strategy
Use common sense
It is better to be approximately right, than
to be precisely wrong.
Return is only half the question
Decisions to be made only by considering
the risk and return of the possibilities.
RiskMetrics Group
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013
29. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 29
The Insider – Who are They?
Who is an insider?
Those who work for the target organization or those having relationships with the firm
with some level of access
Employees, contractors, business partners, customers etc.
CSI/FBI Survey key findings (2007-2013)
average annual losses $billion in the past year, up sharply from the $350,000 reported
previous year
Insider attacks have now surpassed viruses as the most common cause of security incidents
in the enterprise
63 percent of respondents said that losses due to insider-related events accounted for 20
percent of their losses
(prevalence of insider criminals may be overblown by vendors of insider threat tools!)
30. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 30
Solutions Based on Study
Recommendations
Prevention by
Pre-hire screening of employees
Training and education
Early detection and treat the symptoms
Attack precursors exist, some non-cyber events
Establish good audit procedures
Disable access at appropriate times
Develop Best practices for the prevention and detection
Separation of duties and least privilege
Strict password and account management policies
31. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 31
Threat Modeling
Threat modeling is critical to address security
Prevention, detection, mitigation
There is no universal model yet
Mostly case-by-case
Efforts are under way
Microsoft threat modeling tool
Allows one to uncover security flaws using STRIDE (Spoofing,
Tampering, Repudiation, Information Disclosure, Denial of
Service, and Elevation of Privilege)
Decompose, analyze and mitigate
Insider threat modeling essential
32. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 32
Insider Threat Modeling
How modeling can help you?
An alternative to live vulnerability testing (which is not feasible)
Modeling and analysis will reveal possible attack strategies of an
insider
Modeling and risk analysis can help answer the following
questions statically:
How secure is the existing setup?
Which points are most vulnerable?
What are likely attack strategies?
Where must security systems be placed?
What you cannot model
Non-cyber events – disclosures, memory dumps, etc.
33. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 33
Information-Centric Modeling
University at Buffalo- CEISARE
Developed the concept of a Capability Acquisition Graph for
insider threat assessment
Part of a DARPA initiative
Built a tool called ICMAP (Information-Centric Modeler and
Auditor Program)
Publications in ACSAC 2004, IEEE DSN 2005, JCO 2005, IEEE ICC
2006, IFIP 11.9 Digital Forensics Conference 2007
CURRICULUM: Computing, mathematical, legal, managerial and
informatics
Various CAEs (certified by NSA, DHS), USMA, Syracuse, Buffalo,
Stony Brook, Polytechnic, Pace, RIT
34. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 34
How is a model instance generated?
Define the scope of the threat
A step-by-step bottom up approach starting with potential
targets
Who constructs the model instance?
A knowledgeable security analyst
How are costs defined?
Cryptographic access control mechanisms have well-defined
costs
Use attack templates, vulnerability reports, attacker’s privilege
and the resources that need to be protected
Low, Medium and High – relative cost assignment
Practical Considerations
35. 35
Three Key Issues and 5 Major IT
Decisions
1.The need to reduce IT
Confusion and Chaos
2. Environment demands
Accountability
3. Only most Productive
organisations will thrive
36. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 36
Calder- Moir IT Governance Framework
37. 3737
CIO & CEOCIO & CEO Business Led Info. strategyBusiness Led Info. strategy
CIO & CMOCIO & CMO Competitive Edge & CVPCompetitive Edge & CVP
CIO & CTOCIO & CTO Cost-Benefit OptimizationCost-Benefit Optimization
CIO & CFO Shareholder Value MaximizationCIO & CFO Shareholder Value Maximization
CIO & CHRO Employee Performance and RewardsCIO & CHRO Employee Performance and Rewards
CIO & Business Partners Virtual Extended EnterpriseCIO & Business Partners Virtual Extended Enterprise
CXO Internal Strategic AlliancesCXO Internal Strategic Alliances
38. 3838
Capital Productivity (ROI, EVA, MVA)
Material Productivity (60% of Cost)
Managerial Productivity (Information Worker)
Labour Productivity (Enabled by IW)
Company Productivity Micro
Factor Productivity Macro
The Productivity Promise
39. 39
CEO-CTO-CIO-CSO
Responsibility
"These systems should
ensure that both business
and technology managers are
properly engaged in
identifying compliance
requirements and planning
compliance initiatives which
typically involve
complementary adjustments
in systems, practices, training
and organization"
CXO & IT Governance
the roles and responsibilities
for IT governance,
highlighting the parts played
by the CEO, business
executives, CIO, IT steering
committee, technology
council, and IT architecture
review board
41. 41
For Visioning and Strategic Planning -For Visioning and Strategic Planning -
Scenarios & Simulations.Scenarios & Simulations.
World Class Project Management -World Class Project Management -
Hard and Soft.Hard and Soft.
Implementation andImplementation and
Operational ExcellenceOperational Excellence
DSS, EIS, CRM etc. forDSS, EIS, CRM etc. for
Optimization and Control.Optimization and Control.
Information As Competitive AdvantageInformation As Competitive Advantage
42. 42
Learn more about own Businesses.Learn more about own Businesses.
Reach out to all Business & Function Heads.Reach out to all Business & Function Heads.
Sharpen Internal Consultancy Competences.Sharpen Internal Consultancy Competences.
Proactively Seize the Repertoire of MS &Proactively Seize the Repertoire of MS &
PartnersPartners
Foster two way flow of IS & Line Talent.Foster two way flow of IS & Line Talent.
Way ForwardWay Forward
43. 43
Process Governance
1. Develop an Aligned Strategic IT
Plan:
The step-by-step format
of this methodology will
walk you through our
proven process for
creating a strategic IT
plan that is aligned with
your organization's business
objectives
2. Create a Collaborative Decision-
Making Process
As IT impacts more
business procedures, more
stakeholders will become
involved in the decision
making process. This
methodology helps you
develop a structured and
efficient decision-making
forum.
44. 44
44
Process Governance
3. Raise the Profile of IT:
By aligning IT planning with
organizational goals, IT will
become a key player in
evaluating the business
issues that factor into
enterprise-wide decision
making
4. Get the Green Light:
Keep going
45. 45
Measurement of IT Projects Value and
Effectiveness
IT Assessment
1.Validity or Relevance
2.Protectibility
3.Quantifiability
4.Informativeness
5.Generality
6.Transferability
7. Reliability to other parts of
organization
Effectiveness
Utility
Efficiency
Economy
Control
Security
Assessment of IT
Functions
Strategy
Delivery
Technology
People
Systems
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013
47. 47
Importance of Group Standards -no one standard meets all requirements
ISO 27001/BS7799 Vs COBIT Vs CMM & PCMM Vs ITIL
MissionMission
Business ObjectivesBusiness Objectives
Business RisksBusiness Risks
Applicable RisksApplicable Risks
Internal ControlsInternal Controls
ReviewReview
10th september 2013 Prof. KS@2013 Assocham conf GRC 2013
48. 48
“IT Regulations and Policies-Compliance &
Management”
Pre-requisites physical infrastructure and mind-set
PAST: We have inherited a past, for which we cannot be held responsible ;
PRESENT: have fashioned the present on the basis of development models, which
have undergone many mid-course corrections
FUTURE: The path to the future -- a future in which India and Indians will play a
dominant role in world affairs -- is replete with opportunities and challenges.
In a number of key areas, it is necessary Break from the past in order to achieve our
Vision.
We have within ourselves the capacity to succeed
We have to embrace ICE for Innovation, Creativity,
Management, Productivity & Governance
49. 49
“IT Regulations and Policies-Compliance & Management”
CREATIVITY VS COMMAND CONTROL
Too much Creativity
results in anarchy
Too much command & control
Kills Creativity
We Need a Balancing Act
In IT Regulations and Policies-Compliance & Management
51. 10th september 2013 Prof. KS@2013 Assocham conf GRC 2013 51
Assurance in the PPP Environment
52. 52
Governance - Final Message
“In Governance matters
Past is no guarantee;
Present is imperfect
&
Future is uncertain“
“Failure is not when we fall down, but when we fail to get up”
53. 53
Learning From Experience
========================1. The only source of knowledge is experience.
-- Einstein
2. One must learn by doing the thing; for though you think you know it, you
have no certainty, until you try.
-- Sophocles
3. Experience is a hard teacher because she gives the test first, and the lesson
afterwards.
-- Vernon Sanders Law
4. Nothing is a waste of time if you use the experience wisely.
-- Rodin
54. 54
“To determine how much is too much, so that we can implement
appropriate security measures to build adequate confidence and
trust”
“To derive a powerful logic for implementing or not
implementing a security measure”
Security/Risk Assurance -
Expectations
55. THANK YOU
For Interaction:
Prof. K. Subramanian
ksdir@nic.in
ksmanian48@gmail.com
Tele: 011-22723557
Let us Assure Good Cyber Governance & Business Assurance in Cyber Era
Notas do Editor
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 IT-Governanc e--> Corporate Governance 29th November 2005 Prof. K. Subramanian @2005
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 eGOV Project Governance Panel 06/10/13 Prof. KS@ sept 2007 ICISA New delhi
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Government is by the people, for the people, and of the people
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Corporate Goverance & Assurance 29th November 2007 Prof. K. Subramanian @October 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Corporate Governance & Assurance 29th November 2007 Prof. K. Subramanian @October 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 IT-Governanc e--> Corporate Governance 29th November 2005 Prof. K. Subramanian @2005 06/29/06 Prof. KS@may 2006--NPC Sikkim Program eGOV Project Management
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 IT-Governanc e--> Corporate Governance 29th November 2005 Prof. K. Subramanian @2005 06/29/06 Prof. KS@may 2006--NPC Sikkim Program eGOV Project Management
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Corporate Goverance & Assurance 29th November 2007 Prof. K. Subramanian @October 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 IT-Governanc e--> Corporate Governance 29th November 2005 Prof. K. Subramanian @2005
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 IT-Governanc e--> Corporate Governance 29th November 2005 Prof. K. Subramanian @2005
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 eGOV Project Governance Panel 06/10/13 Prof. KS@ sept 2007 ICISA New delhi
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 IT-Governanc e--> Corporate Governance 29th November 2005 Prof. K. Subramanian @2005
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 How do you handle, where do you start? Part of the SWOT analysis – strength, weakness, opportunity and threat analysis. Threat modeling just like any systems such as reliability is a good starting point Decompose your system, analyze component for susceptibility to the threats, and mitigate the threats.
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 By defining the scope of the threat one can identify the various attacks that can happen such as vulnerability exploitation, privilege abuse, social engineering, reaching for a jewel, etc.
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Corporate Goverance & Assurance 29th November 2007 Prof. K. Subramanian @October 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007 The development was guided by the Software Engineering Institute’s efforts in the late 80’s in building maturity models for software development. By using such a scale, an organization can determine where it is, define where it wants to go and, if it identifies a gap, it can do an analysis to translate the findings into projects. Reference points can be added to the scale. Comparisons can be performed with what others are doing, if that data is available, and the organization can determine where emerging international standards and industry best practices are pointing for the effective management of security and control.
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Corporate Goverance & Assurance 29th November 2007 Prof. K. Subramanian @October 2007
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013
Cyber Governance & AssuranceCyber Governance & Business Assurance september 10, 2013 Prof. KS@2013 Assocham lecture GRC sept 2013 Cybr assurance-Tne need for Technologists & Business of 'morrow 27/11/2007 Prof. KS SUNY BUF Lecture 27th November 2007