Upload
others
View
14
Download
0
Embed Size (px)
Citation preview
Integrated GRC points of view: Operational Risk & Cyber Security Management
Gregorios Themistocleous
CISA, CRISC, ITIL
Head of Cyber Security Risk, Assurance & Compliance Services
ADACOM S.A.
But How? Digital disruption is changing long proven rules in every industry as well as in all of society
The past is no longer a predictor of the futureand this is a challenge for all of us schooled in the traditional ways of doing business
Often organizations neglect the signs…The signs of a cyber breach can be very subtle,
with several incidents happening at the same time
The cumulative effect on an organization can be huge
Advanced social engineering (e.g. spear phishing, watering-hole attacks)
Sophisticated six-month intelligence gathering phase
Full knowledge of enterprise weaknesses – people, process and technology
Impacts business decisions, mergers/acquisitions, and competitive position
Accounts payable
R&DSupply chainSales
Strategic manipulation of sales and email systems result in missed sales of
-2% to 3% just prior to quarterly and
annual reporting periods
Supply chain and on-line ordering system
manipulation leads to degradation of production and receivables collection,
results in missed revenue projections
of -2% to 3%
Higher profit areas and growth product
development efforts are stolen, resulting in loss
of sales and competitive edge,
and royalty payment to nation-state companies
Periodic accounts payable fraud causes US$ millions in lost income per year.
Mass release of privacy data results in loss of public
trust and additional legal cost
…which impacts the entire value chain
2017 ISACA Research: Better Tech Governance Is Better for Business
2017 ISACA Research: Better Tech Governance Is Better for Business
2017 ISACA Research: Better Tech Governance Is Better for Business
Cybersecurity must be on Board agenda …
• Treat cyber risk as part of enterprise risk management
• Prioritize the assets that need protection
• Match cybersecurity to your strategy
• Discuss cyber risks in the language of business, not IT
Integrated Governance, Risk & Compliance
Operational Risk
ManagementAML
Fraud
Cyber Security
IT RiskModel
Risk
Legal Risk
Conduct Risk
Third-party Risk
Chartis Research, December 2015
ADACOM’s Governance, Risk & Compliance experiences
• Expanding operational risk to include cyber security
• Cyber security and operational risk functions need a common language
• Connect the technical aspects of cyber security with the people and process risks that operational risk is designed to monitor and control
• Top-down governance processes and board-level involvement
• Technology and data are a source of risk but can also be a part of the solution
• Let’s start treating data as a strategic asset
• Build an acceptable data use culture, build company norms
UNITED KINGDOMLondon
88 Wood St.,Barbican EC2V 7RS, LondonTel: +44 (0) 203 126 4590
GREECEAthens
25 Kreontos St.104 42 Athens
+30 210 5193740
ISRAELTel Aviv
16th Ha'Melacha St. 48091 Rosh Ha'Ayin
+972 74 7019424
SERBIABelgrade
Omladinskih Brigada 90v11070 Airport City+381 11 3219425
CYPRUSNicosia
7 Florinis Str..1065 Nicosia
+357 99318516
Thank you