TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Real Time Risk Management
1. 13 e 14 de Março de 2013
Mr. Mike Popham MBA FRSA
Brasília - Brasil
Partner
Syndicus IS LLP
mike.popham@syndicusis.com
+44 797 650 4897
2. Proteus ® Real Time Risk
Operations
Integrated Physical, Environmental, Information, Risk
Measures and Controls in Real Time for Measured
Protection
Mr. Mike Popham MBA FRSA
Partner
Syndicus IS LLP
mike.popham@syndicusis.com
+44 797 650 4897
2
3. Proteus® Real Time Risk Operations
AGENDA
Presentation of Syndicus IS LLP
Real Time GRC Operations Service Benefits
Multi-faceted Governance, Risk and Compliance Activities
Proteus GRC Engine
Proteus iGRC Engine
Real Time Demonstrator
3
5. Proteus® Real Time Risk
MAKING PROTECTION MORE COMPLETE
Physical
Security
Sensors
Information Management,
Security Specialists, and Users Environmental
Sensors facilitating processes Sensors
together
using best practices,
harnessed in
Asset Based technologies integrated Health &
Risk for best protective Safety
Assessment effect in real time Controls
Real Time Risk
Management
Demonstration
Impact on
Click Here
see
Process and
“Geoff Ibbett and Continuity
Team” 2nd down on
right
6. Proteus® Real Time Risk Operations
MULTI-FACETED GRC
A ‘dashboard’ bridges the gap between
the complexity of the subject and
senior management
Flexible reporting to enable the audit
committee to quickly evaluate the company’s risk
Gather information from subject matter experts
and add value through integration of data
Compliance (Gap Analysis) for any
Standard, Regulation, or Legislation
6
8. Proteus® Time Risk Operations
SERVICE BENEFITS
Benefits of the Service
Dedicated physical, information, environmental security, H&S controls etc with
integrated risk management professionals working to best practice, e.g. ISO
27001, ISO 9001 etc etc to meet the GRC needs of the enterprise
In-depth range of validation measures are included in the service
Reports on compliance and risk status and progress are available to the customer
within minutes of data input and analysis
Your dedicated information security and risk management professions all work from
a leading GRC engine that interrelates compliance, risk and business continuity
status into the process oriented business impact assessment
Departmental specific GRC performance is available
GRC engine integrates with fraud and cyber/network sensors/agents for real time
risk management
8
9. Proteus® Real Time Risk Operations
TRANSFORMING ENTERPRISE CONTROL
Controlling the Enterprise
Centralized Asset Register
Single Repository for Policies and Documents, plus dissemination and e-examination
Gap analysis – status of alignment to standards and non-conformities
Identification of impact of risk on assets and business processes
Integrates incident management and mitigation / improvements
Consistent and easy visibility of global reporting
Rapid installation, via the web as necessary
Designed for configurability
Extensions available, e.g. active directory, single sign on
Intuitive interface and multi-site access worldwide, via the web
Transforms governance dynamics
Provides new opportunities and significant improvements in governance, risk and compliance
BIA, BCP, assigning tasks and accountability, action planner and work-flow sign-off
Offers tangible productivity enhancements (capacity building)
Extends to operations domain via Proteus iGRC
Offers a real return on investment
9
10. Proteus® Real Time Risk Operations
SPREAD OF BEST PRACTICES
Referencing Best Practice
Supports a set of rules and has a capacity for rapid transition / integration rules
customizable (2 months)
ISO 27001, Information Security Management, ISMS / ISMS
BS 25999 (ISO 22301) - Business Continuity Management
PCI DSS - Payment Card Industry Data Security
BS 10012 - Data Protection, Specification for a Personal Information Management
System
ISO 9001 - Quality management of businesses
ISO 14001 - Environmental Management
ISO 20000 - Service Management, Information, products and services to support
Cobit 4.1 - Control Objectives for Information and related Technology
Physical Controls
10
11. Proteus® Real Time Risk Operations
SENSORS/AGENTS IN THE MIX
Multi-Disciplinary Teams
Preparing the organization for the future
Achieve compliance, perform risk management, assess impacts, demonstrate proper governance
Conduct real time risk management operations via sensors and agents, e.g.:
Governance,
Physical security controls Policies,
Information security controls Processes,
Health and safety controls Procedures
Management
Environmental controls
Risk measures
Service Continuity Proteus
Enterprise
Risk,
International
Standards BIA, BCM,
ISO Threats and
Mitigations
11
12. Proteus® Real Time Risk Operations
REPORTS STATUS NOW
No Delays Reporting Status
Assets control
Central Panel, Dashboard
Overview cover losses
Chart threats
Risk Analysis and Evaluation
Operational impact
Financial Impact
State regulatory
Extensions
Real time interface
12
14. Proteus® Real Time Risk Operations
WIDEST POSSIBLE INTEGRATION SCOPE
Detection systems deployed in Proteus® iGRC (Banking Example)
anomaly detection, anti-virus, data security, enterprise security, federated identity,
intrusion detection and prevention, malware and malware removal, messaging security,
multifactor authentication, patch management, PC security, secure remote administration,
Normal Operations security policy management, threat management, transaction monitoring, user
authentication, web security, log management and analysis (SIEM), configuration
assessment / vulnerability detection
anomaly detection, federated identity, messaging security, multifactor authentication,
Cards (present and security policy management, threat management, transaction monitoring, user
not present) authentication, web security, log management and analysis (SIEM), configuration
assessment / vulnerability detection
anti-virus, collaboration security, data security, enterprise security, federated identity,
Internet, Mobile malware and malware removal, messaging security, multifactor authentication, patch
channels, and POS management, PC security, secure remote administration, security policy management,
Channels threat management, transaction monitoring, user authentication, web security, log
management and analysis (SIEM), configuration assessment / vulnerability detection
14
15. Proteus® Real Time Risk Operations
VIEW THE DEMONSTRATOR
Increased complexity due to cyber and terrorist
threats Real Time Risk Management
Demonstration
Physical Controls Management
Environmental Controls Management
Information Security Controls Management Click Here
Health and Safety Controls Management see
Action Plans and On-Line Audits
“Geoff Ibbett and Team”
Business Impact Assessments 2nd down on right
Business Continuity Assessments
15
16. Proteus® Real Time Risk Operations
CONTACT THE TEAM
Workshops
• Cyber protection technologies
• Governance, risk and compliance
• Real Time Risk management
• Review of latest cyber sensors and agents:
• Their benefits and effects
• Current gaps in protective capability
• Cyber risk management techniques:
• Cyber protection best practice
• Extension of best practice into managed reality
Mr. Mike Popham MBA FRSA • Business impact analysis
Partner
Syndicus IS LLP
• Governance in era of advanced GRC technology
mike.popham@syndicusis.com • Transformational for cyber protection
+44 797 650 4897
Syndicus Information Security LLP,
Suite 36, 88-90 Hatton Garden, Holborn,
London, EC1N 8PG,
UK +44 (0)845 260 2465
info@syndicusis.com www.syndicusis.com
16