1 / 19

GRC, A holistic Road Map for Information Security Transformation

In the digital era, businesses face challenges in cybersecurity and adapting to new technologies. GRC (Governance, Risk, and Compliance) offers a strategic approach to aligning stakeholder expectations, setting objectives, managing risks, and enhancing performance. Learn key integration points, driving gears, and standards to navigate the complexities of information security transformation effectively.

burgessc
Download Presentation

GRC, A holistic Road Map for Information Security Transformation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GRC, A holistic Road Map for Information Security Transformation Eng. Mohamed Saad Mousa Head of information Security IKEA Saudi and Bahrain 00966562539903

  2. Digital Transformation Era Robotics Very Cheap Labour • Future Driven Technologies Block chain create internet of money Virtual Reality Reality As you imagine Clouded computing ICT department in no where Big Data Analysis Determine business mean stream Artificial Intelligence take a decision instead of human Internet of things IOT will be Sensing every thing Agile Software development development of software is not a big deal Cyber Security Program

  3. Cyber resilience statistics (EY 20th Global Information Security Survey 2017-18 )

  4. 2019 Will Be The Year Of Cyber War ?

  5. CISO Challenges business reliability on ICT Culture change resistance business relay more on ICT day after day. We live in digital business era with increasing expectation of Confidentiality, Integrity , availability and privacy Changing culture for more security environment is always a challnge New emerging technology Resources And all of these new technologies introduce new risks to business environment Still we have a very limited number of resources in information security field Budget constrains Most of business environments is struggling to reduce their expenses

  6. Governance , Risk and Compliance • GRC is a system of people, processes and technology that enables an organization to understand and prioritize stakeholder expectations; set business objectives congruent with values and risks; achieve objectives while optimizing risk profile and protecting value; operate within legal, contractual, internal, social and ethical boundaries; provide relevant, reliable and timely information to appropriate stakeholders; and enable the measurement of the performance and effectiveness of the system.

  7. GRC is a vision of Principled Performance

  8. Learn Your Business Context for Principled Performance

  9. GRC Road Map (Strategic insight)

  10. GRC 5 integration points, IT and Information Security

  11. 5 Success Driving Gears Standards and frameworks 01 Never relay on the standard or framework reputation. There is no best standard and every business has its own character. Chose suitable Framework that present your business objective Risk Management 02 Chose the right risk management methodology. After that Link the risk management with other Information security department activity such incident handling , vulnerability management , compliance …etc control library 03 Chose the control library that achieve your business objective not that has much more controls again there is no best standard 04 Culture change Culture resistance is most Show stopper of GRC programme. Awareness programme is most effective tool to culture change Measuring principle performance 05 The program can not be measured can not managed. : e-GRC platform will help you to have a complete vision of GRC program with holistic program KPIs.

  12. GRC : Measure people security to manage information security • The GRC program is about business enablement for principal performance. The program can not be measured can not managed. • People performance • Processes maturity • Technology benchmarking • CISO should design clear KPIs that related to Program Effectiveness, Responsive , compliance ,…etc. • Use standards to design your own measuring tool such as COBIT 5 PAM tool, OCEG (Burgundy Book), ISF benchmarking tool , …..

  13. Questions

  14. Thank you

More Related