Presentation is loading. Please wait.

Presentation is loading. Please wait.

GRC, A holistic Road Map for Information Security Transformation

Published byJulie Jacobs Modified over 5 years ago

Similar presentations

Presentation on theme: "GRC, A holistic Road Map for Information Security Transformation"— Presentation transcript:

1 GRC, A holistic Road Map for Information Security Transformation
Eng. Mohamed Saad Mousa Head of information Security IKEA Saudi and Bahrain

2 Digital Transformation Era
Future Driven Technologies Robotics Very Cheap Labour Block chain create internet of money Virtual Reality Reality As you imagine Clouded computing ICT department in no where Big Data Analysis Determine business mean stream Artificial Intelligence take a decision instead of human Internet of things IOT will be Sensing every thing Agile Software development development of software is not a big deal Cyber Security Program

3 Cyber resilience statistics (EY 20th Global Information Security Survey 2017-18 )

4 2019 Will Be The Year Of Cyber War ?
2018 will see the arms race between organisations and hackers continue to intensify. As well as this, 2018 could see a full-scale cyber war break out between countries.  Growth in number of attacks 2017 saw a significant escalation in the number of cyber-attacks levied against nation states, and Ward Solutions believes that 2018 will see similar growth in the number of attacks. 

5 CISO Challenges business reliability on ICT Culture change resistance
business relay more on ICT day after day. We live in digital business era with increasing expectation of Confidentiality, Integrity , availability and privacy Changing culture for more security environment is always a challnge New emerging technology Resources And all of these new technologies introduce new risks to business environment Still we have a very limited number of resources in information security field Budget constrains Most of business environments is struggling to reduce their expenses

6 Governance , Risk and Compliance
GRC is a system of people, processes and technology that enables an organization to understand and prioritize stakeholder expectations; set business objectives congruent with values and risks; achieve objectives while optimizing risk profile and protecting value; operate within legal, contractual, internal, social and ethical boundaries; provide relevant, reliable and timely information to appropriate stakeholders; and enable the measurement of the performance and effectiveness of the system. The sheer quantity of GRC definitions makes it hard to realize an agreement on a definition, as many definitions do overlap .The ‘Open Compliance and Ethics Group’ (OCEG) has published a more comprehensive definition, which was revised by experts from a diversity of organizations. Integrated GRC is about principal and harmony performance when perusing goals and objectives while facing uncertainty

7 GRC is a vision of Principled Performance
To address this growing web of issues, threats and challenges forward-thinking CISOs have adopted a vision of Principled Performance — a point of view and approach to business that helps organizations reliably achieve objectives while addressing uncertainty and acting with integrity. This enables. performance while considering both threats and opportunities, while honoring mandatory commitments including legal compliance and voluntary promises found in statements of mission, vision and values, contracts, and employee agreements. Principled Performance is reliable achievement of objectives while addressing uncertainty(RISK) and acting with integrity.

8 Learn Your Business Context for Principled Performance

9 GRC Road Map (Strategic insight)

10 GRC 5 integration points, IT and Information Security

11

12

13

14

15

16 01 03 05 5 Success Driving Gears 02 04 Standards and frameworks
Never relay on the standard or framework reputation. There is no best standard and every business has its own character. Chose suitable Framework that present your business objective Risk Management 02 Chose the right risk management methodology. After that Link the risk management with other Information security department activity such incident handling , vulnerability management , compliance …etc control library 03 Chose the control library that achieve your business objective not that has much more controls again there is no best standard 04 Culture change Culture resistance is most Show stopper of GRC programme. Awareness programme is most effective tool to culture change Measuring principle performance 05 The program can not be measured can not managed. : e-GRC platform will help you to have a complete vision of GRC program with holistic program KPIs.

17 GRC : Measure people security to manage information security
The GRC program is about business enablement for principal performance. The program can not be measured can not managed. People performance Processes maturity Technology benchmarking CISO should design clear KPIs that related to Program Effectiveness, Responsive , compliance ,…etc. Use standards to design your own measuring tool such as COBIT 5 PAM tool, OCEG (Burgundy Book), ISF benchmarking tool , …..

18 Questions

19 Presentation title Thank you Copyright Insight Consulting Ltd

Download ppt "GRC, A holistic Road Map for Information Security Transformation"

Similar presentations

Enabling traceability and transparency with standards-based regulatory reporting Dr. Said Tabet Senior Technologist and Industry Standards Strategist Office.

Enabling traceability and transparency with standards-based regulatory reporting Dr. Said Tabet Senior Technologist and Industry Standards Strategist Office.
Cloud Computing - clearing the fog Rob Gear 8 th December 2009.

Cloud Computing - clearing the fog Rob Gear 8 th December 2009.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Open Compliance & Ethics Group (www.oceg.org)

Open Compliance & Ethics Group (
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Architecting the Cloud INCOSE SEDC Conference April 3, 2014 Terri Wolfrom - Chief IT Architect & PM Emerging Tech Ron Jacob -

Architecting the Cloud INCOSE SEDC Conference April 3, 2014 Terri Wolfrom - Chief IT Architect & PM Emerging Tech Ron Jacob -
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Department of Information System Faculty of Computing & Information Technology King Abdul Aziz University, Jeddah, KSA.

Department of Information System Faculty of Computing & Information Technology King Abdul Aziz University, Jeddah, KSA.
Oceg © 2011 Driving Principled Performance An Overview of the OCEG GRC Capability Model.

Oceg © 2011 Driving Principled Performance An Overview of the OCEG GRC Capability Model.
The Crown and Suppliers: A New Way of Working Ways of Working14:20 – 15:05 Data Standards Open Source ICT Asset & Service Knowledgebase Agile Q&A Session.

The Crown and Suppliers: A New Way of Working Ways of Working14:20 – 15:05 Data Standards Open Source ICT Asset & Service Knowledgebase Agile Q&A Session.
COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.

COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.
By: Dr. Mohammed Alojail College of Computer Sciences & Information Technology 1.

By: Dr. Mohammed Alojail College of Computer Sciences & Information Technology 1.
ISO 26000 Richard Welford CSR Asia www.csr-asia.com © CSR Asia 2011.

ISO Richard Welford CSR Asia © CSR Asia 2011.
ITGS Standard Level Mr Gavin Johnson. ITGS The Diploma Programme information technology in a global society (ITGS) course is the study and evaluation.

ITGS Standard Level Mr Gavin Johnson. ITGS The Diploma Programme information technology in a global society (ITGS) course is the study and evaluation.
Campaign Readiness Project Overview Enabling a structured, scalable approach to customer-centric campaigns.

Campaign Readiness Project Overview Enabling a structured, scalable approach to customer-centric campaigns.
Preparing your Fabric & Apps for Windows Server 2003 End of Support Jeff Woolsey Principal Program Manager.

Preparing your Fabric & Apps for Windows Server 2003 End of Support Jeff Woolsey Principal Program Manager.
Challenges in Infosecurity Practices at IT Organizations

Challenges in Infosecurity Practices at IT Organizations
Presented By Tay Un Soo Senior VP, Bank of Commerce President of ISACA - Malaysia Chapter 1999 National Accountants Conference THRIVING IN THE DIGITAL.

Presented By Tay Un Soo Senior VP, Bank of Commerce President of ISACA - Malaysia Chapter 1999 National Accountants Conference THRIVING IN THE DIGITAL.
PERFORMERS’ RIGHTS IN TODAY’S EUROPEAN ENVIRONMENT: HOW TO ADAPT EXISTING RIGHTS TO NEW USES OF PERFORMANCES? Panel Discussion 1 – Webcasting, streaming,

PERFORMERS’ RIGHTS IN TODAY’S EUROPEAN ENVIRONMENT: HOW TO ADAPT EXISTING RIGHTS TO NEW USES OF PERFORMANCES? Panel Discussion 1 – Webcasting, streaming,
© Infosys Technologies Limited 2001-2002 The Emerging Infosys Challenging Paradigms… Integrating Change.

© Infosys Technologies Limited The Emerging Infosys Challenging Paradigms… Integrating Change.

Similar presentations

Ads by Google