Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.

Slides:

Advertisements

Similar presentations

Armand Racine Consultant Chemicals Branch

Advertisements

Department of Homeland Security Site Assistance Visit (SAV)

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

Regulating the Financial Sector: Domestic Regulatory Regime Strategies to support financial stability and development by Marion Williams Rio de Janeiro,

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

Information Security Policies Larry Conrad September 29, 2009.

Security Controls – What Works

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

Risk Management at ANZ Banking Group Jun 18, 2008 Patrick Zhu Head of Retail Risk China Partnerships.

Viewpoint Consulting – Committed to your success.

ERM 1 Creating Value through ERM ERM Symposium – April 26, 2004 Session: CS 6A Donald Watson Vice President of Enterprise Risk ACE Group.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.

1 Operational Risk Management Member Education Series Seminar Indian Institute of Banking & Finance Nagpur November 2005.

Victorian Managed Insurance Authority APCO Presentation – Risk Management in the VPS Jonathon Masom – Risk Management Adviser.

Privileged and Confidential Strategic Approach to Asset Management Presented to October Urban Water Council Regional Seminar.

Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.

Evolving IT Framework Standards (Compliance and IT)

Global Risk Management Survey: Fifth Edition Key Findings

David N. Wozei Systems Administrator, IT Auditor.

© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.

Compliance with IOSCO requirements AMEDA Leadership Forum Alexandria Egypt Monday 27 th April 2009 by Dr. Ashraf EL Sharkawy Senior Advisor to the CMA.

Environmental Management System Definitions

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

© 2003 DelCreo, Inc. All rights reserved. | U.S. Toll-free 866.DELCREO | International 001/ |

ERP For Payments Presented by: Greg Midtbo Oracle Corporation Industry Vice President Financial Services.

SCOR® Risk Management Team Update

Health Emergency Risk Management Pir Mohammad Paya MD, MPH,DCBHD Senior Technical Specialist Public Health in Emergencies Asian Disaster Preparedness Center.

INTRODUCTION: World Bank Environmental and Social Safeguard Policies Training Workshop for Financial Intermediaries and Implementing Agencies May-June,

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.

Danida support to the microfinance industry. Overall objectives of Denmark’s development cooperation Overall objective To combat poverty and promote human.

Business Continuity Planning 101

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

CAPACITY DEVELOPMENT for the CLEAN DEVELOPMENT MECHANISM for CAMBODIA (CD4CDM-CAM) National Workshop on Capacity Development for the Clean Development.

What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.

Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.

Cyber Insurance Risk Transfer Alternatives

RISK MANAGEMENT SYSTEM

Business Briefing Security Service Providers

Albania Disaster Risk Mitigation and Adaptation Project

Physical Security Governance Model

Information Security Program

Chris Lintern Co-operative Financial Services

Risk Management and the Treasury Function

ENTERPRISE RISK MANAGEMENT IN THE CASE OF THE FINANCIAL SERVICE SECTOR

Sendai Framework for Disaster Risk Reduction

IIASA Governance Review

How can an Enterprise Risk Management (ERM), programme enable organizations achieve strategic objectives more effectively? Dr P S Sahota

Current ‘Hot Topics’ in Information Security Governance Auditing

Information Security based on International Standard ISO 27001

IS4680 Security Auditing for Compliance

Information Security: Risk Management or Business Enablement?

I have many checklists: how do I get started with cyber security?

Kuveyt Turk Participation Bank

Purpose Statement Kirsten Gantenbein 10/26/05

Understanding Cyber Insurance NASCUS/CUNA Cybersecurity Symposium

Presentation to the INTOSAI Working Group on IT Audit Systems assurance and data analytics for continued audit quality and improved efficiency of audits.

Cyber Risk & Cyber Insurance - Overview

Cybersecurity ATD technical

GRC - A Strategic Approach

ARMReN Seminar Thursday, 13 September 2007

Effective Risk Management in Decision Making Process

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

Presentation transcript:

Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria Lemieux Credit Suisse IT Risk

About Credit Suisse Credit Suisse is a leading global bank headquartered in Zurich Credit Suisse is a leading global bank headquartered in Zurich Credit Suisse Group reported income from continuing operations of CHF 8,549 million for the full year 2007 Credit Suisse Group reported income from continuing operations of CHF 8,549 million for the full year 2007 It is focussed on serving its clients in three business lines: investment banking, private banking and asset management It is focussed on serving its clients in three business lines: investment banking, private banking and asset management Total staff worldwide is 45,000 Total staff worldwide is 45,000 Credit Suisse operates in approximately 50 countries globally Credit Suisse operates in approximately 50 countries globally

About IT Risk Business continuity preparedness, readiness, oversight & crisis resolution Develop and implement the tools, framework, capability and testing program to enable successful recovery in the event of a crisis or similar planned outage Improved response and reduced impact Risk advisory, assessment, and oversight Leverage techniques such as risk assessments and metrics tracking to assist clients in evaluating risks and developing mitigation strategies based on risk appetite Effective and efficient resource allocations Training and awareness Disseminate risk guidelines, build risk awareness, and develop the required behavior across Credit Suisse Minimize issues resulting from unknowledgeable staff Regulatory & audit services Assist IT Division in meeting legal, audit and regulatory obligations Improved compliance resulting in lower operational costs IT forensic investigations The use of IT investigation and digital forensics methods to investigate data security and integrity issues Limit damage to the firm Risk management methodology, policies, and standards Develop & maintain BCM, information security & IT risk policies, standards, methodologies & metrics Risk assessment and mitigation Risk reduction initiatives Prioritize, plan, support and execute regional, divisional and global projects for risk avoidance and risk mitigation Reduction of risks in the environment IT environment protection Monitor, assess, and respond to attacks on the Credit Suisse infrastructure, prioritizing response by threat level Minimize impact from attacks

The Legal and Regulatory Landscape Bank for International Settlements (Basel II) Financial Services Authority EBK/ Swiss Banking Secrecy Data Protection Act International Standards Organisation Sarbanes Oxley Federal Financial Institution Examiners Council Gramm Leach Bliley Patriot Act Federal Information Security Management Act California SB1386 Monetary Authority of Singapore Japanese Financial Services Agency

Drivers / Business Benefit Drivers / Business Benefit –Reduced legal and regulatory risk exposure –Reduced costs for retrieval A Balanced Risk View

Drivers / Business Benefit Drivers / Business Benefit –Reduced legal and regulatory risk exposure –Reduced costs for retrieval £50,000 x ? Cases = millions Avoidance of regulatory fines Avoidance of adverse legal rulings Avoidance of reputational damage Downside Risks Downside Risks –Barriers to realising business benefits »Poor organisation of doocuments »Lack of governance »Lack of context –Introduction of new risks »Cross border data access »Data confidentiality »Intellectual Property protection A Balanced Risk View