Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Simplifying IT GRC

2 447 vues

Publié le

  • Identifiez-vous pour voir les commentaires

Simplifying IT GRC

  1. 1. Simplifying IT Governance, Risk Management & Compliance Anand Choudhary
  2. 2. IT & ITESIndian IT & ITES industry Economy is Strong export consistently demand growing 2011 2020F Market Size: Market Size: $76 Billion $225 Billion Indian IT firms IT industry is have delivery well diversified centres across to BFSI, the globe Telecom, Retail 2
  3. 3. Unidentified Risks impact Performance Impact Performance in the market Increases business costs Results in closer scrutiny Reduces investor & market confidence Impairs customer service Disrupts major operations Failure in operational controlSource: SAP Labs 3
  4. 4. About GRC• Governance, Risk Management and Compliance (GRC) issues around information have become central to organizational strategies.• Investment in this area in US is highest in 2008 at $32 billion (7.4% growth)• GRC platforms provide a single, federated framework that integrates organizational processes and tools, supporting those processes for the purpose of defining, maintaining and monitoring GRC. An appropriately chosen GRC platform can lead to reduced complexities and increased efficiencies. 4
  5. 5. What’s GRC?• Governance: The IT Governance Institute (ITGI) defines governance as “the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that the objectives are achieved, ascertaining that the risks are managed appropriately and verifying that the enterprise’s resources are being used responsibly.• Risk Management: This is an activity directed toward assessing, mitigating (to an acceptable level) and monitoring risk. The principle goal of an organization’s risk management process should be to protect the organization and its ability to perform its mission, not just its IT assets.• Compliance: It is an increasingly complex task given the global footprints of organizations, the increase in regulatory environment (which is likely to become even more stringent given the opportunities exposed by the current economic crises) and local regulations. 5
  6. 6. A Systems view of Compliance – Translating Regulations to Action Compliance   SOX PCI EUDPP Board of Dir./CEO Audit Committee Requirements  COBIT ISO  Internal Policies Board of Dir./CEO Audit Committee IT GRC Process Management Business Pack Objectives Microsoft Control library CIO/CSO & Policies Control Objectives CIO/CSO Control Activities Compliance Control Testing Status Procedures ITDM ITDM System Operational Systems Management CMDB Comply/ Incident/ Residual Authority Issue Active Risk Reports Reports Directory DW Audit (Authority Document IT Pro IT Pro View) Microsoft (Partner) System Non- Available Operations Roadmap PartnerSource: Microsoft
  7. 7. GRC: Area of concern• What compliance regulations are applicable to your area?• Have you failed any areas of compliance audits in the past? If so, what were the findings?• What improvements would you like to see in your current mechanism for prioritizing the security budget?• How do you rate the effectiveness of your security controls?• What would you like to see in the reports indicating the current status of compliance?• How do you evaluate your risk currently? What are possible areas of improvement?• What are critical threats to your area?• How many times have you experienced these threats in the past 12 months?• What area are you more concerned about, insider abuse or external threat? Please provide specifics.• Have any of your end users expressed dissatisfaction with the extra steps they have to go through because of the security controls?• Do you have a good data classification mechanism? 7
  8. 8. Microsoft: System Center Service Manager 2010• System Center Service Manager 2010 delivers an integrated platform for automating and adapting IT Service Management best practices to your organizations requirements.• One of the benefit is: IT governance, risk and compliance (IT GRC) – The IT GRC Process Management Pack (PMP) for System Center Service Manager 2010 provides end-to-end compliance management and automation for desktop and datacenter computers. The IT GRC PMP translates complex regulations and standards into authoritative control objectives and control activities for the IT organization’s compliance program. – The IT Compliance Management Series—which comprises multiple IT Compliance Management Library (IT CML) products—helps you configure Microsoft products to address specific IT GRC requirements. 8
  9. 9. Thank you!Disclaimer:This presentation is prepared with the purpose to share knowledge instead to advertise any product. 9