[risk] risk manager for iram2 application
TRANSCRIPT
![Page 1: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/1.jpg)
www.surecloud.com© 2016 SureCloud Limited.All rights reserved.
Risk Manager for IRAM2
Thursday 17th November 2016
Presented by:
Nick Rafferty, Chief Operating Officer
Oliver Vistisen, Head of Products
![Page 2: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/2.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
Agenda
• Introduction to SureCloud
• What is IRAM2?
• IRAM2 on the SureCloud Platform
• Demonstration
• Further Opportunities
• Questions & Answers
![Page 3: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/3.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
How SureCloud maximised its involvement with the ISF’s
IRAM2 programme and how you can do the same.Introduction to SureCloud
![Page 4: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/4.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What is the SureCloud Platform?
Create & Notify Assess Review Sign-off
Global
City 1 City 2 City 3
Region
Register: Suppliers
Date: May16
Unit: EMEA
Supplier 1
Supplier 2
Supplier 3
Supplier 4
Supplier 5
Registers Workflows
Assessments
3rd Party Risk
Risk Assessment
Compliance Gap Anal.
Audit
CSR
Incident Response
BIA
Groups Reports Dashboards & Charts
API: Excel, Power BI
![Page 5: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/5.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
![Page 6: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/6.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
![Page 7: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/7.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
SureCloud GRC Applications
![Page 8: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/8.jpg)
How SureCloud maximised its involvement with the ISF’s
IRAM2 programme and how you can do the same.What is IRAM2?
![Page 9: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/9.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What is IRAM2?
![Page 10: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/10.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What is IRAM2?
![Page 11: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/11.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What is IRAM2?
![Page 12: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/12.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What is IRAM2?
![Page 13: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/13.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
IRAM2 Assessment Tool
![Page 14: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/14.jpg)
How SureCloud maximised its involvement with the ISF’s
IRAM2 programme and how you can do the same.IRAM2 on the SureCloud Platform
![Page 15: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/15.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What has SureCloud done?
• Multiple staff members attended ISF practitioner training
• Worked with key ISF community members to ensure we can support wider practitioner
requirements
• Conducted multiple in-house risk assessments to understand the methodology in detail
• Proactively suggested ways to streamline the process through technology
![Page 16: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/16.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What does the SureCloud Platform provide?
• Re-use of common stages through centralisation of content
• Workflow to automate aspects of the process
• Notifications and offline assessments
• Multi-assessment management and status tracking
• Aggregation across assessments and business focused reporting
• Links to other GRC applications such as Compliance Manager for BAU activities
![Page 17: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/17.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
IRAM2 Assessment Tool
![Page 18: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/18.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What is SureCloud delivering?
![Page 19: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/19.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
How SureCloud maximised its involvement with the ISF’s
IRAM2 programme and how you can do the same.Demonstration
![Page 20: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/20.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
How SureCloud maximised its involvement with the ISF’s
IRAM2 programme and how you can do the same.Further Opportunities
![Page 21: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/21.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
IRAM2: Triage Approach
• A full IRAM2 assessment may not be necessary for all levels of criticality
• Each organisations BIA can drive informed decision-making:
Major or Critical BI Rating – undertake the full IRAM2 methodology
Medium BI Rating – apply Prioritised Controls
Minor BI Rating – No need to proceed
• Predefined Threat & Threat Events assessments and Control Effectiveness assessments
• The ISF is currently working to define what a triage approach might look like
![Page 22: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/22.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
Tying it all together
Compliance Manager
Policies
ISO
OperationalControls
Processes
Objectives
Actions List
Risk Assessments
Champions Owners
CategoriesRisk
Library
Department
Incidents
Affected Assets
Failed Controls
Loss Estimation
\Action Plan
Incident Manager
Audits
Audit UniverseSystems &
Components
AssetsBusiness Impact
Assessments
Products & Services
Audit Plan
Tests
COSO
Control Library
PCI OHSAS
Risk Appetite & Tolerance
Metrics
Standards
Requirements
Emergency Response &
DR Plans
Training
Business Continuity Manager
Policy Manager
Audit Manager
Reference Lists
Findings
GRC
Assessment Manager
Third Party Register
Key Contacts
RelationshipOwner
Assessments
Risk Manager
![Page 23: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/23.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
How SureCloud maximised its involvement with the ISF’s
IRAM2 programme and how you can do the same.Questions & Answers
![Page 24: [Risk] Risk Manager for IRAM2 Application](https://reader034.vdocuments.us/reader034/viewer/2022042515/58f13a5c1a28aba7198b4573/html5/thumbnails/24.jpg)
© 2016 SureCloud Limited. All rights reserved. www.surecloud.com
Questions & Answers
About SureCloud
• SureCloud is a provider of GRC Applications and Cybersecurity Services. Our Cloud Platform has
helped 100s of blue chip businesses and 1,000s of users to improve productivity and efficiency by
replacing and automating spreadsheet based risk and compliance processes
• In addition, our cybersecurity testing and assurance services team help organisations secure their
information assets, systems and networks as well as providing a holistic view of cyber risk using the
SureCloud Platform.