SlideShare une entreprise Scribd logo

The Business Of Identity, Access And Security V1.0

Télécharger en tant que PPT, PDF
T
theonassiokas

Identity management Access control Information Security

TechnologieBusiness
1  sur  35
The business of identity, access and security Theo Nassiokas Head of Risk & Compliance, Information Security Westpac Banking Corporation Identity Management Forum 2007 – November 28 - 30 th What’s in it for me?
Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Executive summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Identity Management (IDM) What is it?
Identity management defined ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Two perspectives of IDM ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Regulatory focus Access control or identity management?
What comes 1 st – The chicken or the egg? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The common regulatory thread ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Compliance, risk & governance and identity management
Regulatory compliance ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Policy compliance ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Business risk ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Risk is easy!? Source: Dr Peter Tippett - ICSA Labs (Verizon Business), Mechanicsburg, Pennsylvania, USA
Governance ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Governance ,[object Object],Corporate governance consists of five main areas CORPORATE GOVERNANCE Risk/Security Governance Administrative and Financial Governance Operational Governance Regulatory and Legal Governance IT Governance
Objective of identity management
Conservative corporate culture ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Innovative corporate culture ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Research re: IDM as enabler ,[object Object],[object Object]
Research re: IDM as enabler ,[object Object]
Research re: IDM as enabler ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Identity management convergence
Physical and logical convergence ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Who are the stakeholders? IDM Governance Physical IT Legal, Regulatory Industry codes IP Data Protection Act (UK) Sarbanes Oxley S302, 404, 409 USA PATRIOT Act ISO 27001 California Senate Bill 1386 BCP failure Phishing Cyber crime Basel II ISO 27002 Virus incidents Physical Theft Of Info Unauthorised Software Usage System Access Control License Breach Staff screening Checks Outsourced Service Provider Control Information Access Control Network domain access Unauthorised Physical access Targeted Attack – Mass Extinction Event Privacy laws
IDM convergence is innovative ,[object Object],Example – Convergence strategy ,[object Object],Strategic Planning achieves strategy Capability Today Capability Tomorrow ,[object Object],[object Object],[object Object],[object Object],[object Object],achieved through:
Is leading an innovation easy? ,[object Object],[object Object]
Aligning IT projects with business
Why is alignment to business important? ,[object Object],Assessment of Identity Management Requirements Vision and mission for Identity Management Identity Management Strategy Identity Management Strategic Plan Identity Management Operational Plans And Budgets Assessment of technology Requirements Vision and mission for technology Technology Strategy Technology Operational Plans And Budgets Technology Strategic Plan Assessment of the Business Vision and mission for the Business Business Strategy Business Operational Plans and Budgets Business Strategic Plan
Minimising project risk
The innovation effectiveness curve
The innovation value chain
Conclusion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Questions? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Thank you for your time!
Appendix A – Security Convergence ,[object Object],(Source: Forrester Research, "Trends 2005: Security Convergence Gets Real“) Actual ‘security convergence’ project budgets, based on surveying 60 end users from Canada, Europe and the United States: $7,039 $3,707 $1,713 $691 $311 Total $315 $191 $92 $35 $10 Other projects performed jointly by IT and physical security departments $277 $172 $81 $30 $10 Small projects $453 $202 $93 $36 $10 Large-scale convergence projects $994 $542 $248 $90 $30 Physical/logical access control projects $5,001 $2,600 $1,200 $500 $250 Public sector 2008 2007 2006 2005 2004   Spending on Converged Security Projects (per year in millions)

Recommandé

The Business Of Information Security V2.0
The Business Of Information Security V2.0The Business Of Information Security V2.0
The Business Of Information Security V2.0
theonassiokas
 
Introduction to nudging in IT
Introduction to nudging in ITIntroduction to nudging in IT
Introduction to nudging in IT
Christian F. Nissen
 
Cyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and GovernanceCyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and Governance
Srinidhi Aithal
 
Finding a Strategic Voice - IBM CISO Study
Finding a Strategic Voice - IBM CISO StudyFinding a Strategic Voice - IBM CISO Study
Finding a Strategic Voice - IBM CISO Study
IBMGovernmentCA
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
Taiye Lambo
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
AdilsonSuende
 
Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk Management
Shaun Sloan
 

Recommandé

The Business Of Information Security V2.0
The Business Of Information Security V2.0The Business Of Information Security V2.0
The Business Of Information Security V2.0
theonassiokas
 
Introduction to nudging in IT
Introduction to nudging in ITIntroduction to nudging in IT
Introduction to nudging in IT
Christian F. Nissen
 
Cyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and GovernanceCyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and Governance
Srinidhi Aithal
 
Finding a Strategic Voice - IBM CISO Study
Finding a Strategic Voice - IBM CISO StudyFinding a Strategic Voice - IBM CISO Study
Finding a Strategic Voice - IBM CISO Study
IBMGovernmentCA
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
Taiye Lambo
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
AdilsonSuende
 
Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk Management
Shaun Sloan
 
A smarter way to manage identities
A smarter way to manage identitiesA smarter way to manage identities
A smarter way to manage identities
Matthew Zielinski, CISSP, CBCP
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
Jack Nichelson
 
The developing world of cyber litigation and compliance
The developing world of cyber litigation and complianceThe developing world of cyber litigation and compliance
The developing world of cyber litigation and compliance
PECB
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
Capgemini
 
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Cohesive Networks
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
InfinIT - Innovationsnetværket for it
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
Ernest Staats
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management Framework
Joseph Wynn
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
PECB
 
2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?
Raffa Learning Community
 
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4
Dr. Ahmed Al Zaidy
 
The Value Of HISP Certification [Compatibility Mode]
The Value Of HISP Certification [Compatibility Mode]The Value Of HISP Certification [Compatibility Mode]
The Value Of HISP Certification [Compatibility Mode]
jdimaria
 
5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels
IBM Security
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
William McBorrough
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?
IBM Security
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
padler01
 
Information security governance
Information security governanceInformation security governance
Information security governance
Koen Maris
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
Fahmi Albaheth
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind map
David Kennedy
 
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
Rea & Associates
 
The Cloud Around The Cloud
The Cloud Around The CloudThe Cloud Around The Cloud
The Cloud Around The Cloud
theonassiokas
 
Information security awareness for business people 18mb
Information security awareness for business people 18mbInformation security awareness for business people 18mb
Information security awareness for business people 18mb
theonassiokas
 

Contenu connexe

Tendances

Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
Jack Nichelson
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
Capgemini
 
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Cohesive Networks
 
The Value Of HISP Certification [Compatibility Mode]
The Value Of HISP Certification [Compatibility Mode]The Value Of HISP Certification [Compatibility Mode]
The Value Of HISP Certification [Compatibility Mode]
jdimaria
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
padler01
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind map
David Kennedy
 
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
Rea & Associates
 

Tendances (20)

A smarter way to manage identities
A smarter way to manage identitiesA smarter way to manage identities
A smarter way to manage identities
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
 
The developing world of cyber litigation and compliance
The developing world of cyber litigation and complianceThe developing world of cyber litigation and compliance
The developing world of cyber litigation and compliance
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
 
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management Framework
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
 
2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?
 
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4
 
The Value Of HISP Certification [Compatibility Mode]
The Value Of HISP Certification [Compatibility Mode]The Value Of HISP Certification [Compatibility Mode]
The Value Of HISP Certification [Compatibility Mode]
 
5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
Information security governance
Information security governanceInformation security governance
Information security governance
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind map
 
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
 

En vedette

Information security awareness for business people 18mb
Information security awareness for business people 18mbInformation security awareness for business people 18mb
Information security awareness for business people 18mb
theonassiokas
 
Perpetual Information Security - Driving Data Protection in an Evolving Compl...
Perpetual Information Security - Driving Data Protection in an Evolving Compl...Perpetual Information Security - Driving Data Protection in an Evolving Compl...
Perpetual Information Security - Driving Data Protection in an Evolving Compl...
SafeNet
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
centralohioissa
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
centralohioissa
 

En vedette (13)

The Cloud Around The Cloud
The Cloud Around The CloudThe Cloud Around The Cloud
The Cloud Around The Cloud
 
Information security awareness for business people 18mb
Information security awareness for business people 18mbInformation security awareness for business people 18mb
Information security awareness for business people 18mb
 
Vegemite Toast - Banking IT Regulation In Asia
Vegemite Toast - Banking IT Regulation In AsiaVegemite Toast - Banking IT Regulation In Asia
Vegemite Toast - Banking IT Regulation In Asia
 
Providing a Flexible Approach to the Inflexible World of Information Security...
Providing a Flexible Approach to the Inflexible World of Information Security...Providing a Flexible Approach to the Inflexible World of Information Security...
Providing a Flexible Approach to the Inflexible World of Information Security...
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
Perpetual Information Security - Driving Data Protection in an Evolving Compl...
Perpetual Information Security - Driving Data Protection in an Evolving Compl...Perpetual Information Security - Driving Data Protection in an Evolving Compl...
Perpetual Information Security - Driving Data Protection in an Evolving Compl...
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
Femoston vs tibolone hormone replacement therapy 1.5.15
Femoston vs tibolone hormone replacement therapy 1.5.15Femoston vs tibolone hormone replacement therapy 1.5.15
Femoston vs tibolone hormone replacement therapy 1.5.15
 
Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
 
Free to Be You and Me: Providing Culturally-Sensitive Patient Care to Transge...
Free to Be You and Me: Providing Culturally-Sensitive Patient Care to Transge...Free to Be You and Me: Providing Culturally-Sensitive Patient Care to Transge...
Free to Be You and Me: Providing Culturally-Sensitive Patient Care to Transge...
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
 
Roles of Information Security Officers in State Government
Roles of Information Security Officers in State GovernmentRoles of Information Security Officers in State Government
Roles of Information Security Officers in State Government
 

Similaire à The Business Of Identity, Access And Security V1.0

Project_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_IntindoloProject_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_Intindolo
John Intindolo
 
Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011
subramanian K
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13
subramanian K
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
GrapesTech Solutions
 
PowerPoint presentation
PowerPoint presentationPowerPoint presentation
PowerPoint presentation
webhostingguy
 
Technology Risk Services
Technology Risk ServicesTechnology Risk Services
Technology Risk Services
sarah kabirat
 

Similaire à The Business Of Identity, Access And Security V1.0 (20)

Identity Management: Risk Across The Enterprise
Identity Management: Risk Across The EnterpriseIdentity Management: Risk Across The Enterprise
Identity Management: Risk Across The Enterprise
 
Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11
 
What Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceWhat Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT Governance
 
Project_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_IntindoloProject_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_Intindolo
 
Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
 
Risk Product.pptx
Risk Product.pptxRisk Product.pptx
Risk Product.pptx
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13
 
Segregation of Duties
Segregation of DutiesSegregation of Duties
Segregation of Duties
 
Tft2 Task3 Essay
Tft2 Task3 EssayTft2 Task3 Essay
Tft2 Task3 Essay
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
 
[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information
[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information
[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information
 
IT Governances
IT GovernancesIT Governances
IT Governances
 
PowerPoint presentation
PowerPoint presentationPowerPoint presentation
PowerPoint presentation
 
Why ISO 27001 for an Organisation
Why ISO 27001 for an OrganisationWhy ISO 27001 for an Organisation
Why ISO 27001 for an Organisation
 
SLVA - Developing an IT GRC Strategy
SLVA - Developing an IT GRC StrategySLVA - Developing an IT GRC Strategy
SLVA - Developing an IT GRC Strategy
 
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
Technology Risk Services
Technology Risk ServicesTechnology Risk Services
Technology Risk Services
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 

Dernier

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Dernier (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

The Business Of Identity, Access And Security V1.0

  • 1. The business of identity, access and security Theo Nassiokas Head of Risk & Compliance, Information Security Westpac Banking Corporation Identity Management Forum 2007 – November 28 - 30 th What’s in it for me?
  • 2.
  • 3.
  • 5.
  • 6.
  • 7. Regulatory focus Access control or identity management?
  • 8.
  • 9.
  • 10. Compliance, risk & governance and identity management
  • 11.
  • 12.
  • 13.
  • 14. Risk is easy!? Source: Dr Peter Tippett - ICSA Labs (Verizon Business), Mechanicsburg, Pennsylvania, USA
  • 15.
  • 16.
  • 17. Objective of identity management
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 24.
  • 25. Who are the stakeholders? IDM Governance Physical IT Legal, Regulatory Industry codes IP Data Protection Act (UK) Sarbanes Oxley S302, 404, 409 USA PATRIOT Act ISO 27001 California Senate Bill 1386 BCP failure Phishing Cyber crime Basel II ISO 27002 Virus incidents Physical Theft Of Info Unauthorised Software Usage System Access Control License Breach Staff screening Checks Outsourced Service Provider Control Information Access Control Network domain access Unauthorised Physical access Targeted Attack – Mass Extinction Event Privacy laws
  • 26.
  • 27.
  • 28. Aligning IT projects with business
  • 29.
  • 33.
  • 34.
  • 35.

Notes de l'éditeur

  1. Methodology: From April 25 to May 7, 2006 a total of 1,037 surveys were completed in the U.S. and 1,203 in Europe (UK 235; France 238; Germany 242; Spain 245; Italy 243). The statistical confidence interval for the U.S. and the European results is plus or minus 3% at a 95% level of significance.
  2. Methodology: From April 25 to May 7, 2006 a total of 1,037 surveys were completed in the U.S. and 1,203 in Europe (UK 235; France 238; Germany 242; Spain 245; Italy 243). The statistical confidence interval for the U.S. and the European results is plus or minus 3% at a 95% level of significance.
  3. Methodology: From April 25 to May 7, 2006 a total of 1,037 surveys were completed in the U.S. and 1,203 in Europe (UK 235; France 238; Germany 242; Spain 245; Italy 243). The statistical confidence interval for the U.S. and the European results is plus or minus 3% at a 95% level of significance.
  4. Raising Your Return on Innovation Investment By Alexander Kandybin and Martin Kihn   5/11/04 Each company has an intrinsic innovation effectiveness curve. Here are three ways to lift it. Pillar One: Understand Your Innovation Effectiveness Curve Pillar Two: Master the Entire Innovation Value Chain Pillar Three: Don’t Do It All Yourself
  5. Raising Your Return on Innovation Investment By Alexander Kandybin and Martin Kihn   5/11/04 Each company has an intrinsic innovation effectiveness curve. Here are three ways to lift it. Pillar One: Understand Your Innovation Effectiveness Curve Pillar Two: Master the Entire Innovation Value Chain Pillar Three: Don’t Do It All Yourself