O documento compara as normas COSO ERM:2017 e ISO 31000:2018 para gestão de riscos, destacando suas semelhanças e diferenças. As normas buscam integrar a gestão de riscos aos objetivos e estratégias das organizações, porém a ISO se concentra nos princípios enquanto o COSO detalha componentes e processos. Ambas enfatizam a importância da gestão de riscos para o suporte à tomada de decisão.
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB
The webinar covers:
• Overview of ISO 31000 and how this standard implies threats but opportunities as well
• Risk-based thinking as an integral part of ISO 9001:2015 and ISO 14001:2015
• Principles, processes and framework of ISO 31000
• How organizations can reduce uncertainty, seize opportunities and treat risks
Presenter:
This session will be presented by PECB Trainer Jacob McLean, Principal Consultant and Managing Director of Kaizen Training & Management Consultants Limited.
Link of the recorded session published on YouTube: https://youtu.be/MVBMM6X3Vgw
Adm. José Antônio Salazar Neto
Palestrante
Graduado em Administração, Pós-Graduado em Finanças e Visão Estratégica de Negóciospela FGV-SP, atuou até 2016 em Governança, como Diretor de Auditoria Interna e antes comoGerente Executivo de Controles Internos, Riscos e Compliance. Atua como Consultor emFinanças e Governança Corporativa, através da DDAICOM – Cons. Empresarial. Foicorresponsável pela implantação do Gerenciamento de Riscos na Indústria Automotiva local em sua coligada de Serviços Financeiros. É Conselheiro Certificado pelo IBGC e CRMA(“Certified in Risk Management Assurance”) pelo IIA.
IT Governance or Corporate governance of information technology is a subset discipline of corporate
governance, focused on information and technology (IT) and its performance and risk management.
The interest in IT Governance is due to the ongoing need within organizations to focus value creation efforts
on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders.
ITIL and ISO 20000: Fundamentals and necessary compliance SynergiesPECB
The world of Information Technology (IT) is voluminous, fast paced, innovative and very exciting!
You have to love IT to make it work!
To love IT you must live IT, to live IT you must embrace a design for success and understand business impacts from system failures (not just the hardware). To embrace a design for success and mitigate system failures you need a formal structure and independent validation.
This webinar will introduce you to the structure and choices within the ITIL fundamentals (Information Technology Infrastructure Library fundamentals) and a mechanism to validate the performance of the implemented ITIL structure compliant with the ISO 20000 standard (Information Technology -- Service management -- Part 1: Service management system requirements). The object of this webinar is to excite you about a formal IT structure and encourage you to be fearless about independently validating your service management arrangements.
Main points covered:
- Introducing an IT structure for service delivery and a case for IT system validation
- ITIL component options for IT service provision structure
- ISO 20000 as an IT service provision validation mechanism
- Synergy of ISO 20000 requirements and mandatory ITIL components
Presenter:
Eugene is an accomplished high-calibre sustainability and resilience authority, professional engineer and Fellow of the Business Continuity Institute (BCI). With over 25 years of hands-on experience he has developed and improved corporate resilience for a number of organisations from various sectors. His accomplishments include delivery of legislative & regulatory compliance requirements, implementation of ITIL, service, business continuity, information security, quality & risk management systems. In addition Eugene has many years of experience auditing ISO management systems. Eugene has represented the UK Institute of Directors (IoD) on the British Standards Institute (BSI) technical committees responsible for developing ISO resilience standards. He has published many thought provoking articles and a book chapter endorsing the importance of standards as the foundation for good organisational practice. Eugene is an experienced design engineer, implementer, exercise facilitator, trainer and auditor with internationally gifted credentials.
Listen to the recorded webinar here:
https://youtu.be/2CmWnNtFrcY
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB
The webinar covers:
• Overview of ISO 31000 and how this standard implies threats but opportunities as well
• Risk-based thinking as an integral part of ISO 9001:2015 and ISO 14001:2015
• Principles, processes and framework of ISO 31000
• How organizations can reduce uncertainty, seize opportunities and treat risks
Presenter:
This session will be presented by PECB Trainer Jacob McLean, Principal Consultant and Managing Director of Kaizen Training & Management Consultants Limited.
Link of the recorded session published on YouTube: https://youtu.be/MVBMM6X3Vgw
Adm. José Antônio Salazar Neto
Palestrante
Graduado em Administração, Pós-Graduado em Finanças e Visão Estratégica de Negóciospela FGV-SP, atuou até 2016 em Governança, como Diretor de Auditoria Interna e antes comoGerente Executivo de Controles Internos, Riscos e Compliance. Atua como Consultor emFinanças e Governança Corporativa, através da DDAICOM – Cons. Empresarial. Foicorresponsável pela implantação do Gerenciamento de Riscos na Indústria Automotiva local em sua coligada de Serviços Financeiros. É Conselheiro Certificado pelo IBGC e CRMA(“Certified in Risk Management Assurance”) pelo IIA.
IT Governance or Corporate governance of information technology is a subset discipline of corporate
governance, focused on information and technology (IT) and its performance and risk management.
The interest in IT Governance is due to the ongoing need within organizations to focus value creation efforts
on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders.
ITIL and ISO 20000: Fundamentals and necessary compliance SynergiesPECB
The world of Information Technology (IT) is voluminous, fast paced, innovative and very exciting!
You have to love IT to make it work!
To love IT you must live IT, to live IT you must embrace a design for success and understand business impacts from system failures (not just the hardware). To embrace a design for success and mitigate system failures you need a formal structure and independent validation.
This webinar will introduce you to the structure and choices within the ITIL fundamentals (Information Technology Infrastructure Library fundamentals) and a mechanism to validate the performance of the implemented ITIL structure compliant with the ISO 20000 standard (Information Technology -- Service management -- Part 1: Service management system requirements). The object of this webinar is to excite you about a formal IT structure and encourage you to be fearless about independently validating your service management arrangements.
Main points covered:
- Introducing an IT structure for service delivery and a case for IT system validation
- ITIL component options for IT service provision structure
- ISO 20000 as an IT service provision validation mechanism
- Synergy of ISO 20000 requirements and mandatory ITIL components
Presenter:
Eugene is an accomplished high-calibre sustainability and resilience authority, professional engineer and Fellow of the Business Continuity Institute (BCI). With over 25 years of hands-on experience he has developed and improved corporate resilience for a number of organisations from various sectors. His accomplishments include delivery of legislative & regulatory compliance requirements, implementation of ITIL, service, business continuity, information security, quality & risk management systems. In addition Eugene has many years of experience auditing ISO management systems. Eugene has represented the UK Institute of Directors (IoD) on the British Standards Institute (BSI) technical committees responsible for developing ISO resilience standards. He has published many thought provoking articles and a book chapter endorsing the importance of standards as the foundation for good organisational practice. Eugene is an experienced design engineer, implementer, exercise facilitator, trainer and auditor with internationally gifted credentials.
Listen to the recorded webinar here:
https://youtu.be/2CmWnNtFrcY
A fragmented governance, risk, and compliance (GRC) landscape leaves organizations to sort through a multitude of visions. Blue Hill identifies basic defining characteristics of GRC and how the changing business environment is leading organizations to pay more attention.
Implementing Enterprise Risk Management with ISO 31000:2009Goutama Bachtiar
This presentation slides is intended for the training-workshop lead as well as the participants.
Developed based on ISO 31000:2009 – Principles and Guidelines on Implementation, ISO/IEC 31010:2009 – Risk Assessment Techniques, ISO Guide 73:2009 – Vocabulary.
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
A corporation must have social acceptance to survive and grow.
The society’s expectations change through:
1.- Changing population mix.
2.- Changing values and orientations.
Business performance changes through
1.-Economic, competitive, and structural conditions.
2.- Regulatory constraints.
3.- Futuristic, Long Term orientation.
4.- Leadership style
Presentation given by Vincent Tophoff, IFAC Senior Technical Manager, on risk management and internal control at the Second International ISO 31000 Conference in Toronto, May 2013.
Auditoria Baseada em Riscos: por que sua organização deve implementá-laFrancesco De Cicco
O foco do trabalho dos auditores internos (de todas as áreas: Finanças, Compliance, Qualidade, Security, Segurança e Saúde, Meio Ambiente, etc.) tem mudado bastante nas duas últimas décadas. Atualmente, sobretudo por razões de custo e eficácia, a ênfase está na Auditoria Baseada em Riscos (ABR).
Auditoria Baseada em Riscos é um termo bastante utilizado no mundo todo, mas ainda muito mal compreendido. Este paper visa apresentar a abordagem do QSP para a ABR, bem como fornecer as diretrizes essenciais sobre como entendê-la e colocá-la em prática.
Saiba mais: http://iso31000.net/auditoria-baseada-em-riscos/
CONTINUIDAD OPERATIVA TECNOLÓGICA Y FUNCIONALFabián Descalzo
Desarrollo e implementación de estrategias y planes de continuidad operativa tecnológica (DRP) y funcionales de áreas de negocio (BCP), pruebas de verificación a procedimientos y recursos de recuperación, awareness y capacitación.
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)PECB
We will cover:
• Importance of Business Impact Analysis (BIA)
• What does new standard ISO 22317 cover?
• Elaborating ISO 22317
Presenter:
This session will be hosted by our partner Dr. Wolfgang H. Mahr, M.Sc., MBCI, the Managing Director of governance & continuity gmbh with more than 20 years of experience.
Knowledge of the purpose of IT strategy, policies, standards & pro cedures for an organization and the essential elements of each
https://www.infosectrain.com/blog/part-2-cisa-domain-2-governance-and-management-of-it/
Learn more about the importance of ISO 27001 and its role on GRC, what the advantages of starting with ISO 27001 are and the importance of its structure.
Main points covered:
• Definition and goals of GRC (Governance, Risk and Compliance)
• How the structure of ISO/IEC 27001 implements GRC
• Advantages of starting with ISO/IEC 27001
Presenter:
This webinar was presented by Jorge Lozano. He is a senior manager at the Cybersecurity & Privacy practice of PwC Mexico. He has over 17 years of experience in information security and holds the CISSP, CISM, CEH, and ISO27001LI certifications. He is an instructor of PECB for the ISO27001 Introduction, Foundation and Lead Implementer courses.
Link of the recorded session published on YouTube: https://youtu.be/sLfAarQ8cf0
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
In this session, we have looked into the ISO/IEC 27701 standard that has been published in August 2019. This standard glues together the ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and their sub-standards with the GDPR.
For certification and compliance, it's important to understand these standards and regulations, as the GDPR and other legislation have heated the discussion about certification. The ISO/IEC 27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
• Walkthrough of the ISO/IEC 27701
• Links with ISO/IEC 2700x series standards, ISO 29100 series...
• ISO/IEC 2700x and GDPR mapping
• Audit & certification
Presenter:
Our presenter for this webinar, Peter Geelen is director and managing consultant at CyberMinute and Owner of Quest For Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms.
Peter is an accredited Lead Auditor for ISO/IEC 27001/ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified Sr. Lead Cybersecurity Manager, ISO/IEC 27001 Master, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, CDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Date: December 04, 2019
The recorded webinar: https://www.youtube.com/watch?v=ilw4UmMSlU4&feature=emb_logo
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Google +: https://plus.google.com/+PECBGroup
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
Presentation från GRC 2014 den 15 maj. Kontakta gärna talaren om du har några frågor. Hela schemat för eventet hittar du här: http://www.transcendentgroup.com/sv/har-har-du-hela-schemat-for-grc-2014/
A fragmented governance, risk, and compliance (GRC) landscape leaves organizations to sort through a multitude of visions. Blue Hill identifies basic defining characteristics of GRC and how the changing business environment is leading organizations to pay more attention.
Implementing Enterprise Risk Management with ISO 31000:2009Goutama Bachtiar
This presentation slides is intended for the training-workshop lead as well as the participants.
Developed based on ISO 31000:2009 – Principles and Guidelines on Implementation, ISO/IEC 31010:2009 – Risk Assessment Techniques, ISO Guide 73:2009 – Vocabulary.
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
A corporation must have social acceptance to survive and grow.
The society’s expectations change through:
1.- Changing population mix.
2.- Changing values and orientations.
Business performance changes through
1.-Economic, competitive, and structural conditions.
2.- Regulatory constraints.
3.- Futuristic, Long Term orientation.
4.- Leadership style
Presentation given by Vincent Tophoff, IFAC Senior Technical Manager, on risk management and internal control at the Second International ISO 31000 Conference in Toronto, May 2013.
Auditoria Baseada em Riscos: por que sua organização deve implementá-laFrancesco De Cicco
O foco do trabalho dos auditores internos (de todas as áreas: Finanças, Compliance, Qualidade, Security, Segurança e Saúde, Meio Ambiente, etc.) tem mudado bastante nas duas últimas décadas. Atualmente, sobretudo por razões de custo e eficácia, a ênfase está na Auditoria Baseada em Riscos (ABR).
Auditoria Baseada em Riscos é um termo bastante utilizado no mundo todo, mas ainda muito mal compreendido. Este paper visa apresentar a abordagem do QSP para a ABR, bem como fornecer as diretrizes essenciais sobre como entendê-la e colocá-la em prática.
Saiba mais: http://iso31000.net/auditoria-baseada-em-riscos/
CONTINUIDAD OPERATIVA TECNOLÓGICA Y FUNCIONALFabián Descalzo
Desarrollo e implementación de estrategias y planes de continuidad operativa tecnológica (DRP) y funcionales de áreas de negocio (BCP), pruebas de verificación a procedimientos y recursos de recuperación, awareness y capacitación.
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)PECB
We will cover:
• Importance of Business Impact Analysis (BIA)
• What does new standard ISO 22317 cover?
• Elaborating ISO 22317
Presenter:
This session will be hosted by our partner Dr. Wolfgang H. Mahr, M.Sc., MBCI, the Managing Director of governance & continuity gmbh with more than 20 years of experience.
Knowledge of the purpose of IT strategy, policies, standards & pro cedures for an organization and the essential elements of each
https://www.infosectrain.com/blog/part-2-cisa-domain-2-governance-and-management-of-it/
Learn more about the importance of ISO 27001 and its role on GRC, what the advantages of starting with ISO 27001 are and the importance of its structure.
Main points covered:
• Definition and goals of GRC (Governance, Risk and Compliance)
• How the structure of ISO/IEC 27001 implements GRC
• Advantages of starting with ISO/IEC 27001
Presenter:
This webinar was presented by Jorge Lozano. He is a senior manager at the Cybersecurity & Privacy practice of PwC Mexico. He has over 17 years of experience in information security and holds the CISSP, CISM, CEH, and ISO27001LI certifications. He is an instructor of PECB for the ISO27001 Introduction, Foundation and Lead Implementer courses.
Link of the recorded session published on YouTube: https://youtu.be/sLfAarQ8cf0
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
In this session, we have looked into the ISO/IEC 27701 standard that has been published in August 2019. This standard glues together the ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and their sub-standards with the GDPR.
For certification and compliance, it's important to understand these standards and regulations, as the GDPR and other legislation have heated the discussion about certification. The ISO/IEC 27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
• Walkthrough of the ISO/IEC 27701
• Links with ISO/IEC 2700x series standards, ISO 29100 series...
• ISO/IEC 2700x and GDPR mapping
• Audit & certification
Presenter:
Our presenter for this webinar, Peter Geelen is director and managing consultant at CyberMinute and Owner of Quest For Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms.
Peter is an accredited Lead Auditor for ISO/IEC 27001/ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified Sr. Lead Cybersecurity Manager, ISO/IEC 27001 Master, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, CDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Date: December 04, 2019
The recorded webinar: https://www.youtube.com/watch?v=ilw4UmMSlU4&feature=emb_logo
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Google +: https://plus.google.com/+PECBGroup
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
Presentation från GRC 2014 den 15 maj. Kontakta gärna talaren om du har några frågor. Hela schemat för eventet hittar du här: http://www.transcendentgroup.com/sv/har-har-du-hela-schemat-for-grc-2014/
[Gestão da TI] Governança de TI: Modelos, certificações e "melhores práticas"Alessandro Almeida
2º semestre de 2016.
Atividade realizada pelos alunos do 8º semestre de Sistemas de Informação (SIN-NA8).
Conteúdo: Modelos, certificações e "melhores práticas" para aplicar a Governança de TI.
Disciplina: Gestão da Tecnologia da Informação
Conteúdo: Reflexões iniciais para implementar a Governança de TI (GTI). Modelos, certificações e "melhores práticas". ISO 38.500. Qual é o modelo ideal para a GTI?
Turma: SIN-NA8
Data da aula: 26/02/2015
Controles de IT - COBIT
Controles de Planejamento - BSC
Controles de Sistemas – CMM e CMMI
Controles de Segurança – BS7799 e ISO17799
Controles de Gestão de Infra estrutura – ITIL e BS15000
Controles de Monitoramento – ISO 9001:2000
Controles de Gestão de Projetos - PMBOX
1. Use this title slide only with an image
ISO 31000:2018 & COSO ERM:2017
Semelhanças e diferenças
Eduardo Poggi | eduardo.poggi (at) modulo (dot) com
MBA, CGEIT, CISSP, CRISC, CISA, PCI QSA, PCIP
Duas principais Normas e Regulamentações para Gestão de Riscos
16. Use this title slide only with an image
ISO 31000:2018 & COSO ERM:2017
Semelhanças e diferenças
Eduardo Poggi | eduardo.poggi (at) modulo (dot) com
MBA, CGEIT, CISSP, CRISC, CISA, PCI QSA, PCIP
Duas principais Normas e Regulamentações para Gestão de Riscos