![Page 1: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/1.jpg)
ISACA NL C**** in a day Inspiratiesessie CRISC
Den Haag / Nootdorp, 15 november 2017
Spreker: drs. Norbert Kuiper CISM, CISA
![Page 2: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/2.jpg)
Agenda
00m - Start & welkom
05m - Kickoff, voorstellen en doelstelling sessie
10m - CRISC in vogelvlucht
25m - Handvatten (Stakeholderanalyse, Kennisprofiel, Verandermodel)
40m - Kroonjuwelen, Social media footprint, en een kijkje in de keuken van ….
65m - Hoe nu zelf verder aan de slag te gaan?
80m - Wrap up, tip & tricks en Q&A
90m - Einde
Centrale vraag:
‘Hoe verhoogt u het risicobewustzijn binnen uw organisatie?’
En graag gedurende de hele presentatie interactie met uw ervaringen
![Page 3: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/3.jpg)
Over deze sessie
In deze sessie wil ik: • Uw kennis omtrent CRISC weer even opfrissen • Mijn ervaringen op het gebied van risico’s delen • U inspireren om op een verbeterde manier verder te gaan met uw
risico management activiteiten Mijn achtergrond: • Het uitvoeren van diverse risicoanalyses binnen publieke en private
organisaties • Het risico gebaseerd beoordelen van organisaties, processen en
applicaties in het kader van interne / externe audits • Het ontwikkelen en faciliteren van trainingen en skill development
sessies over hoe om te gaan met risico’s op het gebied van cyber security en business continuity
![Page 4: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/4.jpg)
Even voorstellen
drs. Norbert Kuiper CISM, CISA Senior Consultant CyberSecurity & Business Resilience Verdonck, Klooster & Associates 06 8108 7221 [email protected] www.vka.nl
Verdonck Klooster & Associates
IT STRATEGIE & ARCHITECTUUR >
PROGRAMMAMANAGEMENT & COMMUNICATIE >
DATA & DIGITALISERING >
SOURCING & REGIE >
CYBERSECURITY & CONTINUÏTEIT >
PRIVACY >
INFORMATIEGESTUURD WERKEN >
INTERIM MANAGEMENT >
AGILE >
AUDIT & ASSURANCE >
Volg ons via:
![Page 5: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/5.jpg)
![Page 6: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/6.jpg)
CRISC in vogelvlucht (1)
CRISC = Certified in Risk and Information Systems Control
The CRISC professional demonstrates skills in both of the following: • Enterprise risk management (ERM) The discipline by which an enterprise in any industry assesses, controls, exploits, finances and monitors risk from all sources for the purpose of increasing the enterprise's short- and long-term value to its stakeholders.
• Information system (IS) control The combination of strategic, managerial and operational activities involved in gathering, processing, storing, distributing and using information and its related technologies.
![Page 7: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/7.jpg)
CRISC in vogelvlucht (2)
IT Risk Mngt Life Cycle
![Page 8: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/8.jpg)
CRISC in vogelvlucht (3)
Enterprise and IT-related Risk Types
Inclusief change risk, project risk en control risk,
and information security should also be based on risk
![Page 9: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/9.jpg)
CyberSecurity (en privacy) in het nieuws
![Page 10: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/10.jpg)
![Page 12: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/12.jpg)
![Page 15: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/15.jpg)
![Page 16: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/16.jpg)
Handvat 1: Stakeholderanalyse
![Page 17: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/17.jpg)
Kennisprofiel
WAT
HOE
WAAROM
WETEN
KUNNEN
ZIJN
Weten
Kunnen
Zijn
Weten • Weten: Welke kennis/ expertise moeten ze bezitten?
Waar moeten ze verstand van hebben? Welke diploma’s?
Kunnen
• Kunnen: wat moeten de medewerkers kunnen? Wat zijn hun vaardigheden, competenties? Welke ervaring hebben zij?
Zijn • Zijn: Welke persoonskenmerken zijn belangrijk?
Welke waarden doen er toe?
Handvat 2: Kennisprofiel
![Page 18: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/18.jpg)
“…ik de vaardigheden en competenties heb om op
de nieuwe manier te werken”
“… ik weet waarom ik moet veranderen, ik ben het ermee eens en het betekent veel voor mij”
“… ik zie dat onze leiders, collega’s
de nieuwe manier van werken
laten zien”
“… de organisatie, processen en systemen mij ondersteunen bij de gewenste veranderingen”
“Ik verander mijn houding en gedrag
als…”
BRON: Scott Keller and Colin Price, ‘Performance and Health: An evidence-based approach to transforming your organisation’, 2010.
Vaardigheden
Overtuiging Rolmodellen
Systemen en processen
Handvat 3: Verandermodel
![Page 19: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/19.jpg)
Wat is uw kroonjuweel?
Bespreek voor 4 minuten in groepjes van twee:
A. Wat is uw kroonjuweel?
B. Is uw kroonjuweel voldoende beveiligd?
C. Welke risico’s bent u bereid te accepteren?
D. Welke risico’s niet, en gaan we dus vermijden, verminderen of overdragen?
![Page 20: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/20.jpg)
En u …..
![Page 21: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/21.jpg)
En u ….. hoe veilig bent u?
![Page 23: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/23.jpg)
En nu n kijkje in de keuken van … (1)
![Page 24: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/24.jpg)
En nog n kijkje in de keuken van … (2)
![Page 25: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/25.jpg)
En nog n kijkje in de keuken van … (2)
![Page 26: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/26.jpg)
En nog n kijkje in de keuken van … (2)
![Page 27: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/27.jpg)
En hoe nu zelf verder aan de slag?
• Naast CRISC gecertificeerd te worden en blijven …
‘Hoe verhoogt u het risicobewustzijn
binnen uw organisatie?’
![Page 28: C**** in a Day - Inspiratiesessie CRISC · CRISC = Certified in Risk and Information Systems Control The CRISC professional demonstrates skills in both of the following: •Enterprise](https://reader034.vdocuments.us/reader034/viewer/2022042622/5f99ce4dcbb78b60846570e4/html5/thumbnails/28.jpg)
Dank voor uw aandacht! Vragen?
drs. Norbert Kuiper CISM, CISA Senior Consultant CyberSecurity & Resilience Verdonck, Klooster & Associates 06 8108 7221 [email protected] www.vka.nl