GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner...
Transcript of GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner...
![Page 1: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/1.jpg)
GRC TO INTEGRATED RISK MANAGEMENTLooking Around the Corner
Hassan Al-Helo
RSA Archer
@RSAsecurity
@RSA_Archer
![Page 2: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/2.jpg)
THE RISK CHALLENGE
![Page 3: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/3.jpg)
D I G I TA L I T W O R K F O R C E S E C U R I T Y
TRANSFORMATION
![Page 4: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/4.jpg)
4
![Page 5: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/5.jpg)
In a 2018 survey, 70% of
Security/Risk professionals
surveyed agreed that Business
Risk and IT security personnel
tend to use different tools and
language, making
communications between
these groups challenging.
– RSA/ESG Survey
Survey data from March
2017 indicates that risk data
regularly influences the
decisions of 78% of
organizations' boards of
directors.
– Gartner
69% of Security/Risk
professionals surveyed
agreed that the relationship
between business risk and IT
security can be difficult to
coordinate.
.- RSA/ESG Survey
78%
By 2020, 60% of digital
businesses will suffer major
service failures, due to the
inability of IT security teams
to manage digital risk.
– Gartner
69% 70%
60%
![Page 6: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/6.jpg)
R I S K &
C O M P L I A N C EI T S E C U R I T Y
? ??
C E O /
B O A R D
M A L I C E M A N D AT E SM O D E R N I Z AT I O N
1st Line of Defense
![Page 7: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/7.jpg)
EVOLUTION OF RISK MANAGEMENT
![Page 8: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/8.jpg)
INEFFECTIVE RISK MANAGEMENT PROCESSES…
8
Lack of ownership
or skills
Outdated reporting
Manual processes
Inconsistent controls
Information silos
Limited risk visibility
![Page 9: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/9.jpg)
…CAN LEAD TO MORE RISK IN THE BUSINESS.
9
Unresolved issues
Inaccurate insights &
misinformation
High costs & inefficiency
Holes & gaps
Disconnected data & lack of
context
Poor business decisions& missed
opportunities
![Page 10: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/10.jpg)
R I S K &
C O M P L I A N C EI T S E C U R I T Y
R I S K
? ??
C E O /
B O A R D
VISIBILITY
VINSIGHTS
IACTION
A
![Page 11: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/11.jpg)
INTEGRATED RISK MANAGEMENT
11
STRATEGIC RISK
OPERATIONAL RISK
SECURITY RESILIENCY COMPLIANCE3RD PARTYIT AUDITORM
![Page 12: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/12.jpg)
THE RSA PERSPECTIVE
![Page 13: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/13.jpg)
B O A R D o f D I R E C T O R SE X E C U T I V E M A N A G E M E N TSTAKEHOLDERS
S a l e s
F r o n t L i n e
M a r k e t i n g
O p e r a t i o n s
S e c u r i t y
F i n a n c e
R i s k M a n a g e m e n t
C o m p l i a n c eA u d i t
1 s t 2 n d 3 r dL i n e s o f D e f e n s e
IT & SECURITY
RISK MANAGEMENTOPERATIONAL RISK
MANAGEMENTAUDIT
MANAGEMENT
REGULATORY &
CORPORATE
COMPLIANCE
BUSINESS
RESILIENCY
THIRD PARTY
GOVERNANCE
PROGRAMS
RISK MANAGEMENT LIFECYCLEI D E N T I F Y
A S S E S S E V A L U A T E T R E A T
M O N I T O R
BUSINESS TRANSACTIONS and INFRASTRUCTURE
BUSINESS PERFORMANCE OPTIMIZATION
ACCOUNTABILITY COLLABORATION VISIBILITYANALYTICS EFFICIENCY
INTEGRATED RISK MANAGEMENT
![Page 14: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/14.jpg)
BREADTH ACROSS ALL DIMENSIONS OF RISK
14
MATURITY BASED
1. 3rd Party Catalog
2. 3rd Party Assessment
3. 3rd Party Engagement
Management
4. 3rd Party Governance
Business Impact
Analysis
SEQUENCED
• Data Governance
• Privacy Program Management
THEN
• Policy Program Management
• Controls Assurance
• …
PERSONA ORIENTED
CISO
• Cyber Risk Quantification
SECURITY OPERATIONS
• IT Security Vulnerability
Program
Issues Management
FULL PROGRAM APPROACH
• Risk Catalog
• Bottom-up Risk Assessment
• Key Indicator Management
• Loss Event Management
• Top-down Risk Assessment
• Operational Risk Management
![Page 15: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/15.jpg)
TAKE COMMAND OF YOUR JOURNEY
15
SiloedStreamline compliance, Build business context & reporting
MeetCompliance requirements
Transition
Risk
ManagedExpand risk focus, Improve
analysis & metrics
Addressknown & unknown Risks
RiskBusiness
AdvantagedConnect risk and the business with cross functional processes
Enablenew business Opportunities
Transform
The Maturity Journey
Matu
rity
Time
![Page 16: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/16.jpg)
ROI
16
![Page 17: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/17.jpg)
17
![Page 18: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/18.jpg)
FINAL THOUGHTS
Create and execute on an Integrated
Risk Management Vision
Anticipate the Digital
Plan your Journey
Quantify your needs vs. the investment
![Page 19: GRC TO INTEGRATED RISK MANAGEMENT · grc to integrated risk management looking around the corner hassan al-helo rsa archer @rsasecurity @rsa_archer. ... it & security risk management](https://reader035.fdocuments.net/reader035/viewer/2022062603/5f07eaf37e708231d41f68b9/html5/thumbnails/19.jpg)
19