Upload
prometheus-yang
View
74
Download
0
Embed Size (px)
Citation preview
Understand & Manage
IT Risk
Prometheus Yang CISA, CRISC, CFE, ISO27001 LA
3-May-15
人們害怕的不是改變 而是怕自己沒有做好萬全準備
Source: “The evolving IT risk landscape: The why and how of IT Risk Management today,” Ernst & Young, June 2011
Source: “IT Risk Management Report 2,” Symantec, 2007
If you throw me in the snake pit, the first thing I want to know is which ones are poisonous.
3rd Party / Outsourcing
Information Security
Change Management
Data Loss / Leakage / Breach
Malware / Virus
Fraud & Theft
Privacy and Data Protection
Terrorist Attack
Availability of Skills
Security / System Patch
Business Continuity
Legal / Compliance
Asset Management
Data Quality
Offshoring
Program / Project Management
Data Center Operation
Staffing
Risks can appear in different forms
Regulator fine UK Bank over IT Issues
£ 56 Million
Legacy system that cost Comair
$20 Million(USD)
3,522 employees of Morgan Stanley were
saved by effective BCP during 911
AVOID SOCIAL
ENGINEERING
S C H E M E S
Learn from
Wolf & seven young kids
2013 Dark Seoul
THREE financial institutions THREE TV stations
48,700 computers are affected
Loss of
110million
Customer Data
2013 Target
Dark Hotel
Target on biz executives Attack via hotel Wi-Fi
Use backdoor software to collect data
If you think compliance
expensive, try
NON -
COMPLIANCE
趨吉 避凶
Risk Management
less
is
MORE
Together
Everyone
Achieves
More
COURAGEOUS
INTEGRITY
Managing risks &
controls through
participation and
partnership