Anda di halaman 1dari 13

Presented by Raju Nair ( Consultant I.

T )
M.B.A -Information Management
rajunair@consultant.com

1
 Summary  Cost Analysis
 Threat
 Conclusion
 Keys to Success
• Executive sponsorship
• Risk management stakeholders
• Organizational maturity
• Atmosphere of open
communication
• Holistic view of the organization
• Authority throughout the
process

2
 Informationtechnology (IT) plays critical role
in supporting business objectives

 Highly connected IT infrastructures


• With increasingly hostile—attacks
• Attacks mounted with increasing frequency
• Demanding ever shorter reaction times
• Organizations are unable to react to new security
threats before their business is impacted

3
Threat of I.T frauds Most affected computers
Vulnerable Safe Mumbai Chennai Rest of India

8%

39% 37%

92%
24%

Source: www.theeconomictimes.com
Dated:19 Sep 2009
4
 Executive sponsorship
 Well-defined list of risk management stakeholders
 Organizational maturity
 Atmosphere of open communication
 Teamwork
 Holistic view of the organization
 Authority throughout the process

5
 Senior management

• Unambiguously and enthusiastically support the


security risk management process

• Stakeholders may resist or undermine efforts to use


risk management

6
 Includes
• Core team

• Executive sponsors

• People owning the business assets

• IT personnel responsible and accountable


 Designing
 Deploying
 Managing the business assets

7
 Calculate organization's maturity level

 Processmay involve too much change in


order to implement it in its entirety

8
 Staff
and managers instinctively seek to drive
the process toward outcomes that will benefit
them and their parts of the organization.

9
 Team members must be empowered to meet the
commitments assigned to them
 Empowerment requires
• Team members are given the resources necessary to perform
their work

• Responsible for the decisions that affect their work

• Understand the limits to their authority

• Escalation paths available to handle issues that transcend these


limits

10
 Relative
values and costs of each control will
be compared rather than absolute financial
figures
Communication

Ongoing Training Costs

Costs to
Implementation Productivity and
Convenience

Auditing and
Acquisition Costs Verifying

11
 Proactive approach

 Organize and prioritize limited resources

 Effective controls that lower risk

12
13