During this presentation, I will share my view of the new challenges of global risk management, and discuss the new threats that a Bank has had to confront in real time, and how a new global methodology was born taking into consideration all the new environmental factors, like political changes, legal environment, economic environment or new regulations. Isabel will also examine how to make managerial decision-making easier through improved information provision; how to replace “we think that” (opinion) with “the data indicates that” (facts); and how to reduce ISMS management workload by 67%. Attendees to this presentation will take away a clear explanation of the main targets of the project that we faced in achieving Corporate Intelligence, the things that they would change if they could turn back time, and how I have developed a neutral tool based on the new methodology, how they work and what they have achieved, and what their plans are for the future
2. Corporate Intelligence: How big data help us to reduce risk
Main highlights in the creation of the BFA-Bankia Group
7 local savings banks signed
Since 1 January 2011 Bankia S.A. belongs to the
an integration agreement to
Banco Financiero y de Ahorros Group and is, in
establish a Contractual Group
turn, the parent company of its own financial
organised
Sistema
group (The Bankia Group). Bankia S.A. began
Institucional de Protección (an
trading on the Spanish stock market on 20 July
Institutional Protection Scheme
2011.
as
a
or IPS) under Spanish law
30 July 2010
03 December 2010
01 January 2011
The Central Body of the IPS was incorporated under the name
Banco Financiero y de Ahorros, S.A. (BFA), as the controlling
09 May 2012
The Board of Directors of Bankia
unanimously agreed to name José
entity of such IPS and parent company of the Banco Financiero y
Ignacio Goirigolzarri as Executive
de Ahorros Group into which the seven local savings banks
Chairman of the bank, which marks
(Cajas) and the rest of the subsidiary entities were integrated.
a new stage for the company.
2 de 22 / ISF CONGRESS PARIS 2013
3. Corporate Intelligence: How big data help us to reduce risk
Main strengths of the BFA-Bankia Group
Extensive multi-channel network in Spain
Diversified customer base
Business model oriented to customer service and
satisfaction and return on management
3 de 22 / ISF CONGRESS PARIS 2013
4. Corporate Intelligence: How big data help us to reduce risk
Key operating data
MAIN INDICATORS - BANKIA
Broad customer base
More than 7 million customers, with a very close customer relationship
More than 260,000 SMEs and more than 290,000 independent contractors
High market share
~10% share of deposits in the Spanish market
4th largest bank in Spain
Bankia Retail Network made up of 2,534 branches as of 31.05.2013
Strong presence in original home territories
Benchmark institution in its natural constituencies, with market shares above 15%
Organisational strengths
Integration capacity
Powerful management information systems for enhanced efficiency and closeness to customers
Smaller, more professional board of directors
Streamlined Management Committee and representation in investee companies
Sources: BdE, Bankia . Data as of March 2013
4 de 22 / ISF CONGRESS PARIS 2013
5. Corporate Intelligence: How big data help us to reduce risk
1. Our environment
Change in risk management scene
Continuous need for new security measures
New threats
Change in real time
Global view of the organization’s security
More departments involved
Enormous amounts of information security to be managed
Compliance, public image, brand, legal, operational risk, security, etc.
Intelligence sources, Government rules, etc
5 de 22 / ISF CONGRESS PARIS 2013
6. Corporate Intelligence: How big data help us to reduce risk
2. Problems we found (I)
Reduced budget, investments must be carefully selected.
Big data to be analyzed with reduced resources
Need of impact simulations («What if» risk analysis)
Minimum reaction times needed
6 de 22 / ISF CONGRESS PARIS 2013
7. Corporate Intelligence: How big data help us to reduce risk
2. Problems we found (II)
Communication problems with the upper management and the
different areas of the organization
Managers don’t have information to make decisions
Decisions are made based on opinions, not in facts
Heavy workloads to maintain ISMS (ISO27001)
and ITSMS (ISO20000), colleagues are bored of
security measures
7 de 22 / ISF CONGRESS PARIS 2013
8. Corporate Intelligence: How big data help us to reduce risk
3. What I felt day by day
8 de 22 / ISF CONGRESS PARIS 2013
9. Corporate Intelligence: How big data help us to reduce risk
4. How can I solve these present and future problems?
Option 1: Spending one million euros in security hardware and
software
9 de 22 / ISF CONGRESS PARIS 2013
10. Corporate Intelligence: How big data help us to reduce risk
4. How can I solve these present and future problems?
Option 1: Spending one million euros in security hardware and
software
Option 2: Spending one million euros in consultancy
10 de 22 / ISF CONGRESS PARIS 2013
11. Corporate Intelligence: How big data help us to reduce risk
4. How can I solve these present and future problems?
Option 1: Spending one million euros in security hardware and
software
Option 2: Spending one million euros in consultancy
Option 3: Developing my own security methodology and adapting
it to all my problems
11 de 22 / ISF CONGRESS PARIS 2013
12. Corporate Intelligence: How big data help us to reduce risk
4. How can I solve these present and future problems?
Option 1: Spending one million euros in security hardware and
software
Option 2: Spending one million euros in consultancy
Option 3: Developing my own security methodology and adapting
it to all my problems
12 de 22 / ISF CONGRESS PARIS 2013
13. Corporate Intelligence: How big data help us to reduce risk
4. How can I solve these present and future problems?
13 de 22 / ISF CONGRESS PARIS 2013
14. Corporate Intelligence: How big data help us to reduce risk
5. Keys of the methodology
New internal function at service of the organization
Control and management framework
I feel the power of the Force
Increases decision-making capacity
by organization’s upper management
Improves information analysis
Technological, economic, legal,
security, image, etc
Develops the assessment of threats and
impacts, giving a global control and security
measures application proposal
•
Work together with other security standards (ISO, CobiT, NIST, ENS, etc)
14 de 22 / ISF CONGRESS PARIS 2013
15. Corporate Intelligence: How big data help us to reduce risk
6. How it works? (I)
Combines and analyzes multiple sources of information to obtain
an accurate image of organization’s situation
Provides management team with all information needed to make
decisions based on existing risks
Proposes, in a systematic and
automatic way, security measures
to protect the organization
15 de 22 / ISF CONGRESS PARIS 2013
16. Corporate Intelligence: How big data help us to reduce risk
7. How it works? (II)
Specific dashboard with business views for each manager
Risk Map generation per threat based on information available
Ability to make security actuarial calculations based on historic
information of the organization
«What if» risk analysis
Impact simulations
Automatic calculation and presentation
of controls and security measures
Decision support tool for managers
16 de 22 / ISF CONGRESS PARIS 2013
17. Corporate Intelligence: How big data help us to reduce risk
8. ATHINA
Athina is the goddess of wisdom, courage, inspiration, civilization, law and
justice, just warfare, mathematics, strength, strategy, the arts, crafts, and skills.
17 de 22 / ISF CONGRESS PARIS 2013
18. Corporate Intelligence: How big data help us to reduce risk
9. What is ATHINA?
A tool
supports corporate intelligence methodology
allows user to visualize in an easy way, all the information
supplied by the Corporate Intelligence sources through
dashboards designed for each manager
It is a powerful way to sell information security to top level
management
Handles and assesses all risks that affect assets
i.e.
political
changes,
legal
environment, new regulations, etc.
18 de 22 / ISF CONGRESS PARIS 2013
environment,
economic
19. Corporate Intelligence: How big data help us to reduce risk
9. What is ATHINA?
19 de 22 / ISF CONGRESS PARIS 2013
20. Corporate Intelligence: How big data help us to reduce risk
10. Some details about Athina
Needs assessment
Budget, development life cycle, banking sector…Is this the right
moment?
Evaluation of the options available in the market
If it doesn’t exist, can the integrators help me?
Selected option:
Create a «Neutral tool»
20 de 22 / ISF CONGRESS PARIS 2013
21. Corporate Intelligence: How big data help us to reduce risk
10. What I have learnt during this way with Athina
The focus is the methodology and the data’s relations
If your idea works, make it beautiful
One tablet can rule the world
Show lot of information in ATHINA, it doesn’t mean better results
Our bosses don’t have time, don’t loose time explaining all details
of the methodology
21 de 22 / ISF CONGRESS PARIS 2013
22. Corporate Intelligence: How big data help us to reduce risk
10. What I have learnt during this way with Athina
22 de 22 / ISF CONGRESS PARIS 2013
23. Corporate Intelligence: How big data help us to reduce risk
11. A picture is worth than a thousand words
23 de 22 / ISF CONGRESS PARIS 2013
24. Corporate Intelligence: How big data help us to reduce risk
11. A picture is worth than a thousand words
24 de 22 / ISF CONGRESS PARIS 2013
25. Corporate Intelligence: How big data help us to reduce risk
11. A picture is worth than a thousand words
25 de 22 / ISF CONGRESS PARIS 2013
26. Corporate Intelligence: How big data help us to reduce risk
12. Results of Corporate Intelligence
We have make managerial decision-making easier through
improved information
We have a complete view of risks affecting the organization in
real time
We react faster to new threats
We anticipate impact of various situations
We have replaced “we think that” (opinion)
with “the data indicates that” (facts)
We have reduced workload of ISMS
(ISO27001) and ITSMS (ISO20000) by 67%
26 de 22 / ISF CONGRESS PARIS 2013
27. Corporate Intelligence: How big data help us to reduce risk
13. Conclusions
After doing a review of the environment, all the signals showed that
we had to change the way to manage security.
The election was to develop a new security
methodology called Corporate Intelligence
that will allow to confront the current and
future threats.
ATHINA, the tool which support it, provides management teams with
the information and the security measures they need to protect their
business and to make the proper decisions regarding risk
management.
27 de 22 / ISF CONGRESS PARIS 2013
28. Isabel María Gómez González
Email: igomezgo@bankia.com
http://www.linkedin.com/in/ismgomez