Cyber Security. & GRC Metrics That Tell a Story! Presented by: Swarnika Mehta Manager, KPMG Cyber Security Services
|
|
- Maximillian Knight
- 6 years ago
- Views:
Transcription
1 Cyber Security & GRC Metrics That Tell a Story! Presented by: Swarnika Mehta Manager, KPMG Cyber Security Services Eva Benn Senior Associate, KPMG Cyber Security Services
2 Contents 2
3 Introduction
4 In the news Hackers Stole Credit Card Information From Thousands of Arby s Customers Jonathan Vanian Feb 09, 2017 Hackers have stolen customer credit card information from an unknown number of Arby s restaurants, according to a report on Thursday. Read more at: Military personnel data leaked in Dun & Bradstreet database By James Rogers, Published March 16, 2017 The huge leak of a Dun & Bradstreet database containing the details of almost 33.7 million people includes over 100,000 military personnel, according to the security researcher who reported the leak. Read more at: itary-personnel-data-leaked-in-dunbradstreet-database.html 4
5 The hard questions How do we distill the important information and complex metrics in a way that can be consumed by senior executives and the board? Information Security Metrics Program (ISMP) 5
6 Key Metrics
7 Key reporting metrics Application Security Server Security Endpoint Security Incident Management Vendor Security Operations Low % of % Applications scanned % Vulnerabilities % of ICF/non-ICF servers missing sev 4/5patches Time to remediate security events % of endpoints missing critical security patches Medium High Closed Pending Open High, Medium, and Low Risk Vendors 8.8 Average vendor risk score # of resources with certifications Time to remediate vulnerabilities CSP % of ICF/non-ICF Servers with AV and CSP installed % of endpoints with Anti-Virus installed Time to resolve incidents % of vendors completed risk assessments On Track Delayed Security projects 7
8 How do I tell the story? Align with business goals Q1 Q2 Q1 Q2 Q1 Q2 % customer satisfaction Provide holistic trends in cyber security risks % 23% Reporting by stakeholders Vulnerabilities remediated Reduction in compliance failures 39% 45% 58% 23% High Medium Low Facts that matter! Which numbers have gone up? Which numbers have gone down? Operational Redundancies Data Leakage Vendor Risk Insider threat Malware Demonstrate ROI on IT investments Focused metrics Investment Savings Do it again! 8
9 Metrics Program and Technology Enablement
10 Common Challenges People No business context Lack of awareness Poor delivery Process Technology Arbitrary thresholds No clear requirements Too many metrics Lack of capability to gather, collect or analyze data Manually producing metrics is too time consuming Not all historical data is usable and requires expensive cleanup 10
11 Key components of an ISMP Roles and responsibilities with supporting processes needed to operationalize the program and keep it relevant over time Organizing metrics results into visually appealing and intuitive reports at each stakeholder level. Examples include management level memo, program level scorecard and operational level dashboard Governance and Ongoing Maintenance Presentation and Reporting Scope and Coverage Measurement and Analysis Areas of measurement within the program. This includes domains (e.g., Endpoint Security, Threat Management) and relevant metrics within each domain Extraction and Collection Collecting raw metrics data from identified data sources or source systems to calculate metrics. Calculating metrics based on raw metrics data and analyzing results using thresholds, weighting, targets, trending, etc. 11
12 Building an information security metrics program Strategy and Design DEFINE STRATEGY DESIGN BUILD ROADMAP Implementation (Manual) DEVELOP METRICS PHASED ROLLOUT OPERATIONALIZE Implementation (Enhanced) AUTOMATE FULL ROLLOUT DATA & ANLAYTICS Non-existent Mature 12
13 Enhancement opportunities Aggregate Score by Domain Metrics will be aggregated into domains (e.g. Incident Management, Mobile Security, etc.) An aggregated score will be provided for each domain using simple, yet specific formulae Weighted Metrics Metrics will be weighted based on their importance on applied assets (e.g. critical application vs. non-critical application) to help with prioritization of metrics Thresholds and tolerance levels will help analyze if the measured or calculated value of each metric is helping track risks as well as performance objectives Risk & Control Mapping Risks will be mapped to each domain so that the user will be able to decide on appropriate actions to be taken based on the types of risk exposure Relevant controls will be mapped to each domain to provide the user with the ability to devise an initial remediation strategy and action Dimensions Each metric report can be dimensionalized (filtered), through relationships, so that the user can come in from a different view point (e.g. Segment, Region, Country, Business Unit, Sub BU, Data Center, Data Center Supplier, IT Area, Stakeholder, CISO). User will be able to view trends for each metric and compare against other related metrics Drill Down Capability Users will have the ability to drill down into each domain to see individual metric reports and other detailed information (e.g. server name, stakeholder, etc.) 13
14 Do s and Don ts
15 Lessons learned Sustainability Rationalize frameworks (simplify and integrate) Leverage automation to support operational enablement Lessons learned Single view of risk Define scope of existing risk reporting activities Manage cyber risk within the organizational context Align correlations to business objectives and risks Focus on key metrics Scalability Build a culture of continuous improvement Design process and capabilities (process and tools) to mature over time Ownership & Accountability Establish a structured cyber risk reporting capability Rationalize processes and frameworks to enable prioritization and decision making Differentiate governance versus operational roles and responsibilities Ensure board level awareness of key cyber risk and compliance issues 15
16 Considerations for implementing an ISMP As with any additional capability added to an organization, there are several cost considerations that need to be accounted for, actual cost will depend on the scope of the ISMP. People Additional resources need to be hired or current resources need their responsibilities prioritized to support operationalizing the ISMP Raw data owners need to allocate time to support collection of metrics data Process Metrics collection, reporting development, ISMP ongoing maintenance and training processes need to be developed and executed once the ISMP is operational Additional processes to extract data may need to be defined Gather contextual data for metrics (e.g., thresholds, dimensions) Technical implementation of processes to extract data Big Security Data Technology Initial investments towards a metrics solution for automated aggregation, reporting and analytics. 16
17 Thank you
18 kpmg.com/socialmedia The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity and the views presented herein are those of the presenter. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation KPMG LLP, a U.S. limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. (On printed materials, add: Printed in the U.S.A.) The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Third Party Risk Management ( TPRM ) Transformation
Third Party Risk Management ( TPRM ) Transformation September 20, 2017 Internal use only An introduction to TPRM What is a Third Party relationship? A Third Party relationship is any business arrangement
More informationDigital Labor Analytics
Digital Labor Analytics for Risk and Compliance Transformation April 2017 Digital labor analytics and technology supports the Risk and Compliance Ecosystem and the new wave of automated compliance and
More informationThe Concept: Moving from Data Analysis to Data Analytics
The Concept: Moving from Data Analysis to Data Analytics May 19, 2016 1 2 Challenges: Addressing complex business demand with Data Analytics Solutions Business demands Business Analytics Data attributes
More informationData rich governance. Three keys to leading consumer data and information practices. kpmg.com
Data rich governance Three keys to leading consumer data and information practices kpmg.com 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
More informationTop 5 reasons incident response is failing. kpmg.com
Top 5 reasons incident response is failing kpmg.com b Top 5 reasons incident response is failing Introduction The Incident Response function within an organization is responsible for assessing the integrity
More informationPresentation for INCC LUMS 2008 May 2, 2008 Presented by Shahed Latif, KPMG LLP, Silicon Valley
MAINTAINING A SECURE GLOBAL ENTERPRISE : Challenges and Emerging Solutions Presentation for INCC LUMS 2008 May 2, 2008 Presented by Shahed Latif, KPMG LLP, Silicon Valley The 2008 Chief Information Security
More informationRSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, anti-virus, intrusion prevention systems, intrusion
More informationEnergy Trading Risk Management (ETRM) System Selection and Implementation Top Challenges
Energy Trading Risk Management (ETRM) System Selection and Implementation Top Challenges May 27, 2014 Energy Trading Risk Management Challenges Agenda Agenda Speaker Introduction Overview of Energy Trading
More informationChange, Controls & Risk
Change, Controls & Risk Compliance Monitoring and Risk Scoring Challenges and Rewards The purpose of this presentation: 1 To Think of Continually Changing Dependencies 2 To Think of Continually Changing
More informationElevate your organization. To reach the Cloud.
Elevate your organization. To reach the Cloud. En route to Digital. Results from KPMG s Harvey Nash Survey. The Harvey Nash Survey 4,500 Responses 2 Decades $1-3trn IT budget 86 Countries 118 Government
More informationEmerging & disruptive technology risks
Emerging & disruptive technology risks Shawn W. Lafferty, KPMG Partner IT Internal Audit/Risk Assurance April 2018 Why IT internal audit? find ways to overcome resource and budgetary constraints. This
More informationIIROC 2015 Financial Administrators Section Conference
IIROC 2015 Financial Administrators Section Conference September 11, 2015 kpmg.ca Presenters Chris Cornell KPMG Partner, Financial Services Steven Sharma KPMG Partner, Financial Services 2 Agenda Current
More informationWelcome to the 404 Institute Webcast
Welcome to the 404 Institute Webcast Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency Thursday, October 25, 2012 2:00 p.m. 3:00 p.m.
More informationDATA SHEET RSA IDENTITY GOVERNANCE & LIFECYCLE SERVICES ACCELERATE TIME-TO-VALUE WITH PROFESSIONAL SERVICES FROM RSA IDENTITY ASSURANCE PRACTICE
DATA SHEET RSA IDENTITY GOVERNANCE & LIFECYCLE SERVICES ACCELERATE TIME-TO-VALUE WITH PROFESSIONAL SERVICES FROM RSA IDENTITY ASSURANCE PRACTICE EXECUTIVE SUMMARY Managing identities and related risks
More informationCertification - Good and poor practice seen in banks
Certification - Good and poor practice seen in banks TISA SM&CR Certification starts sooner than you think 29 January 2019 Max Lewis, Director, KPMG SMCR Background & context June 2013: Parliamentary Commission
More informationPowered by technology, our experts are unlocking the value of your audit. Dynamic Audit
Dynamic Audit Powered by technology, our experts are unlocking the value of your audit 1 Audit is evolving The world is changing. By harnessing the power of data, companies are seizing opportunities to
More informationPositioning Internal Audit to Deliver Value
Positioning Internal Audit to Deliver Value IIA Dallas Chapter 5th Annual Super Conference October 28, 2016 History of Internal Audit 4000 B.C Formal record-keeping systems were first instituted in the
More informationSolutions. The New CIO Agenda INDUSTRIAL MANUFACTURING. Transforming information technology to strategic effectiveness and efficiency
Solutions INDUSTRIAL MANUFACTURING The New CIO Agenda Transforming information technology to strategic effectiveness and efficiency 2 The New CIO Agenda Transforming Information Technology Strategic objectives
More informationSOLUTION BRIEF RSA ARCHER PUBLIC SECTOR SOLUTIONS
RSA ARCHER PUBLIC SECTOR SOLUTIONS INTRODUCTION Federal information assurance (IA) professionals face many challenges. A barrage of new requirements and threats, a need for better risk insight, silos imposed
More informationEnterprise risk management Protecting and enhancing value Advisory
Enterprise risk management Protecting and enhancing value Advisory October 2016 kpmg.co.za 2016 KPMG Services (Pty) Ltd, a South African company and a member firm of the KPMG network of independent member
More informationSecuring Intel s External Online Presence
IT@Intel White Paper Intel IT IT Best Practices Information Security May 2011 Securing Intel s External Online Presence Executive Overview Overall, the Intel Secure External Presence program has effectively
More informationKPMG s financial management practice
KPMG s financial management practice kpmg.com KPMG LLP s (KPMG) Financial Management (FM) practice supports the growing agenda and increased responsibilities of the CFO. We work with our clients with passion
More informationBusiness Risk Intelligence
Business Risk Intelligence Bringing business focus to information risk It s a challenge maintaining a strong security and risk posture. CISOs need to constantly assess new threats that are complex and
More informationRight now! 26th Annual Insurance Conference Tuesday, November 28, kpmg.ca/insuranceconference2017
Right now! 26th Annual Insurance Conference Tuesday, November 28, 2017 kpmg.ca/insuranceconference2017 Agenda Topic IT Cost Optimization 3 Technology challenges 4 Case for change 5 Identifying the right
More informationHow well does your procurement measure up?
How well does your procurement measure up? Find out how KPMG and Coupa can help you achieve smarter spend management. May 2017 kpmg.com/us/coupa How well does your procurement measure up? 1 Optimizing
More informationReady for GDPR? Five steps to turn compliance into your advantage
Ready for GDPR? Five steps to turn compliance into your advantage 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG
More informationDevSecOps Embedded Security Within the Hyper Agile Speed of DevOps
DevSecOps Embedded Security Within the Hyper Agile Speed of DevOps Mark G. Moore, Managing Director, Deloitte and Touche LLP Antonio L. Bovoso, Senior Manager, Deloitte and Touche LLP What is DevSecOps?
More informationInsights into Mining Issue 12: Unlocking the value of D&A
Insights into Mining Issue 12: Unlocking the value of D&A Data and Analytics (D&A) increasingly shapes our world. The use of advanced analytics is enabling better and faster business decisions, which is
More informationPowered by DATA+ ANALYTICS. KPMG Audit
Powered by DATA+ ANALYTICS KPMG Audit Roger O Donnell Global Head of Data & Analytics, Audit 2 Our audit takes a rigorous journey through the data At KPMG, we ve been performing audits for over 100 years,
More informationVULNERABILITY MANAGEMENT BUYER S GUIDE
VULNERABILITY MANAGEMENT BUYER S GUIDE VULNERABILITY MANAGEMENT BUYER S GUIDE 01 Introduction 2 02 Key Components 3 03 Other Considerations 10 About Rapid7 11 01 INTRODUCTION Exploiting weaknesses in browsers,
More informationThe KPMG Employee Engagement Plus Index
The KPMG Plus Index Making sense of your employee engagement levels. Engaged employees are committed to their organisation, exhibit higher levels of performance, and are more likely to go the extra mile
More informationKPMG Smart Controls. Putting you in control of your controls. kpmg.co.uk
KPMG Smart Controls Putting you in control of your controls kpmg.co.uk KPMG Smart Controls Putting you in control of your controls Our solution for Control Testing, Assurance and Clouded by controls Many
More informationInternal controls over financial reporting
Internal controls over financial reporting Outlining a program that meets stakeholder expectations kpmg.com After showing why a company s internal controls over financial reporting (ICOFR) program may
More informationKey TSA provisions your M&A team needs to know now
Key TSA provisions your M&A team needs to know now March 2018 kpmg.com 1 1 Companies are increasingly focusing on a rigorous Transition Service Agreement (TSA) as a key component in creating deal value.
More informationWHITE PAPER SPLUNK SOFTWARE AS A SIEM
SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to build and operate security operations centers (SOC) of any size (large, med,
More informationScenario planning and uncertainty
Scenario planning and uncertainty Developing a dynamic strategy in a changing healthcare environment kpmg.com Several trends in the US healthcare industry are poised to change the nature of the provider
More informationEnterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model
Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model Institute of Internal Auditors, Detroit Chapter Meeting February 2019 With you today Sarah Ann Moore Director Internal Audit and Enterprise
More informationThe importance of the right reporting, analytics and information delivery
The importance of the right reporting, and Introduction This is the second of a three-part series focused on designing a business intelligence (BI) solution. In order to design a complete solution, there
More informationIntelligent automation and internal audit
Intelligent automation and internal audit Adding value through governance, risk management, and controls Second article in the series kpmg.ch Contents Governing intelligent automation across the enterprise
More informationInnovating compliance through automation
Innovating compliance through automation kpmg.com Introduction Technological innovation and generational shifts in behavior are putting pressure on organizations to become more nimble in order to avoid
More informationCFO Financial Forum Webcast
CFO Financial Forum Webcast Revenue Recognition: Are you going to be left behind? April 4, 2017 With You Today Bill Tomazin Partner Tel: 312-665-5576 wtomazinjr@kpmg.com Stephen Thompson Partner Tel: 303-382-7970
More informationMichael Lammie Director, PricewaterhouseCoopers
www.pwc.com BSA/AML Risk Assessment and Data Analytics ACAMS Chicago Chapter Michael Lammie Director, PricewaterhouseCoopers Welcome 2 Current State Risk Assessment Challenges Current State Point in time
More informationAre you prepared to deal with the exposures associated with an Oracle ERP related breach?
2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with Overview Are you prepared to deal with the exposures associated
More informationTrusted by more than 150 CSPs worldwide.
RAID is a platform designed for Communication Service Providers that want to leverage their data assets to improve business processes and gain business insights, while at the same time simplify their IT
More informationInternal controls over financial reporting
Internal controls over financial reporting Outlining a program that meets stakeholder expectations kpmg.ca After showing why a company s internal controls over financial reporting (ICOFR) program may be
More informationAstrus Third Party Intelligence
Astrus Third Party Intelligence Know your risks Introducing Astrus Enhanced Due Diligence and Astrus Monitoring www.kpmg.com/uk/astrus Astrus Background information Incorporation details Activities Addresses
More informationIT Strategic Plan Portland Community College 2017 Office of the CIO
IT Strategic Plan Portland Community College 2017 Office of the CIO 1 Our Vision Information Technology To be a nationally recognized standard for Higher Education Information Technology organizations
More informationIT Strategic Plan Portland Community College 2017 Office of the CIO
IT Strategic Plan Portland Community College 2017 Office of the CIO 1 Our Vision Information Technology To be a nationally recognized standard for Higher Education Information Technology organizations
More informationThe importance of the right reporting, analytics and information delivery
The importance of the right reporting, and information delivery Prepared by: Michael Faloney, Director, RSM US LLP michael.faloney@rsmus.com, +1 804 281 6805 Introduction This is the second of a three-part
More informationFulfilling CDM Phase II with Identity Governance and Provisioning
SOLUTION BRIEF Fulfilling CDM Phase II with Identity Governance and Provisioning SailPoint has been selected as a trusted vendor by the Continuous Diagnostics and Mitigation (CDM) and Continuous Monitoring
More informationData & Analytics enabled Internal Audit
Data & Analytics enabled Internal Audit Why Use Data and Analytics (D&A)? Add Greater Value D&A integration Turn vision into reality Do more with less Continuous Monitoring Traditional CM The power of
More informationEffective Risk Management With AML Risk Assessment. January 25, 2017
Effective Risk Management With AML Risk Assessment January 25, 2017 2017 2017 Crowe Crowe Horwath Horwath LLP LLP Agenda Regulatory Trends in Risk Assessment Crowe Approach to Anti-Money Laundering (AML)
More informationGRI s G4 Guidelines: the impact on reporting
CLIMATE CHANGE & SUSTAINABILITY KPMG International GRI s G4 Guidelines: the impact on reporting The Global Reporting Initiative (GRI) launched its fourth generation Sustainability Reporting Guidelines
More informationBuilding a Roadmap to Robust Identity and Access Management
Building a Roadmap to Robust Identity and Access Management Elevating IAM from Responsive to Proactive From cases involving private retailers to government agencies, instances of organizations failing
More informationServices to Local Government
Services to Local Government Bringing clarity to city services with the Municipal Reference Model kpmg.com/cities KPMG International 2 Services to Local Government Municipal Reference Model Cities around
More informationRSA Solution for egrc. A holistic strategy for managing risk and compliance across functional domains and lines of business.
RSA Solution for egrc A holistic strategy for managing risk and compliance across functional domains and lines of business Solution Brief Enterprise Governance, Risk and Compliance or egrc is an umbrella
More informationOutsourcing banking processes: The question is no longer if, but how to effectively manage extended enterprises
Outsourcing banking processes: The question is no longer if, but how to effectively manage extended enterprises In today s business environment, banks are continuously facing challenges to reduce their
More informationFinancial Services Internal Audit insights. Effective Internal Audit RAISING THE BAR. May 2014
Financial Services Internal Audit insights Effective Internal Audit RAISING THE BAR May 2014 BACKGROUND AND CURRENT ENVIRONMENT BACKGROUND The regulatory direction been building over several years: Basel
More informationRSA ARCHER INSPIRE EVERYONE TO OWN RISK
RSA ARCHER INSPIRE EVERYONE TO OWN RISK Executive Priorities Growth is the highest priority 54 % 25 % Technology initiatives are second priority Business Growth & Technology Copyright 2016 EMC Corporation.
More informationAssessing value in digitally enabled business operating models. #FutureOfTax
Assessing value in digitally enabled business operating models #FutureOfTax With you today Kirsty Rockall Partner, Global Transfer Pricing Services Tim Sarson Partner, Global Transfer Pricing Services
More informationNATIONAL INSTRUMENTS VISUALIZES GROWTH WITH XACTLY
NATIONAL INSTRUMENTS VISUALIZES GROWTH WITH XACTLY THE CHALLENGE National Instruments is a technology company based in Austin, TX that aims to equip engineers and scientists with systems that accelerate
More informationCREATING ORDER FROM CHAOS: METRICS THAT MATTER
SESSION ID: GRC-W04 CREATING ORDER FROM CHAOS: METRICS THAT MATTER James Lugabihl Director, Execution Assurance- Global Security Organization, ADP Marta Palanques Security Lead Consultant, Execution Assurance-
More informationReinventing Record to Report For Worry-Free Governance
Reinventing Record to Report For Worry-Free Governance Session 402 IASA 86 TH ANNUAL EDUCATIONAL CONFERENCE & BUSINESS SHOW Background Syril Mathai, CPA Trintech, Inc. VP Global Services and Partner Enablement
More informationRight-sizing SOX Frameworks with Risk Management. Chris McClean Vice President, Research Director
Right-sizing SOX Frameworks with Risk Management Chris McClean Vice President, Research Director Presenters Chris McClean Vice President, Research Director Serving Security & Risk Professionals Forrester
More informationKPMG s Major Projects Advisory Project Leadership Series: Stakeholder Management and Communication
KPMG Global Energy Institute KPMG International KPMG s Major Projects Advisory Project Leadership Series: Stakeholder Management and Communication Stakeholder management and communication is critical to
More informationYour incentive compensation plans have no borders. Why should your compliance processes?
Your incentive compensation plans have no borders. Why should your compliance processes? KPMG LINK Global Equity Tracker Powered by KPMG LINK Work Force Take care of risks before take off Challenges of
More informationMinimizing fraud exposure with effective ERP segregation of duties controls
Minimizing fraud exposure with effective ERP segregation of duties controls Prepared by: Luke Leaon, Manager, RSM US LLP luke.leaon@rsmus.com, +1 612 629 9072 Adam Harpool, Manager, RSM US LLP adam.harpool@rsmus.com,
More informationSource-to-pay: Delivering value beyond savings
Source-to-pay: Delivering value beyond savings Transforming the source-to-pay process Because the source-to-pay (S2P) process crosses three organizations procurement, finance, and IT an outdated and manual
More informationInternal controls over financial reporting Uncovering the full picture of control costs
Internal controls over financial reporting Uncovering the full picture of control costs kpmg.com Internal controls over financial reporting (ICOFR) is expensive, with many costs hidden, since the departments
More informationCRISC EXAM PREP COURSE: SESSION 4
CRISC EXAM PREP COURSE: SESSION 4 Job Practice 2 Copyright 2016 ISACA. All rights reserved. DOMAIN 4 RISK AND CONTROL MONITORING AND REPORTING Copyright 2016 ISACA. All rights reserved. Domain 4 Continuously
More informationControl and testing transformation
Control and testing transformation 1 Control and testing transformation Innovation and disruption are providing incredible opportunities and challenges to the process, risk and control environment in the
More information4/26. Analytics Strategy
1/26 Qlik Advisory As a part of Qlik Consulting, Qlik Advisory works with Customers to assist in shaping strategic elements related to analytics to ensure adoption and success throughout their analytics
More informationIT Managed Services. Agenda
IT Managed Services Agenda Introduction IT Challenges Problems with Traditional Approaches What is Managed Services The Benefits of Managed Services How it Works Q & A 517.323.7500 1 IT Challenges No Structured
More informationVULNERABILITY MANAGEMENT BUYER S GUIDE
VULNERABILITY MANAGEMENT BUYER S GUIDE CONTENTS Introduction 2 Key Components 3 Other Considerations 11 About Rapid7 12 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems, and other third-party
More informationPractices in Enterprise Risk Management
Practices in Enterprise Risk Management John Foulley Risk Management Practices Head SAS Institute Asia Pacific What is ERM? Enterprise risk management is a process, effected by an entity s board of directors,
More informationLeveraging a Dynamic Management Model for Success in Upstream
Leveraging a Dynamic Management Model for Success in Upstream 3esi-Enersight 2017 Upstream Planning Conference October 2017 Several transformative factors are impacting the upstream oil and gas sector
More informationKPMG s National Charity application form
KPMG s National Charity application form Thank you for applying to be KPMG s National Charity. All applicants must use this form to complete their application. Please ensure that your responses stay within
More informationCisco Customer Journey Analyzer
Cisco Customer Journey Analyzer An interactive, unified view into all your operations Overview Take control of your contact center with a unified view into all your data, and gain operational understanding
More informationThe importance of a solid data foundation
The importance of a solid data foundation Prepared by: Michael Faloney, Director, RSM US LLP michael.faloney@rsmus.com, +1 804 281 6805 February 2015 This is the first of a three-part series focused on
More informationYour global work force is your business. Helping you effectively manage your mobility programs across borders is ours.
Your global work force is your business. Helping you effectively manage your mobility programs across borders is ours. Powered by KPMG LINK Work Force Mobile employees, consolidated management Tax and
More informationGRI s G4 Guidelines: the impact on reporting
CLIMATE CHANGE & SUSTAINABILITY KPMG International GRI s G4 Guidelines: the impact on reporting The Global Reporting Initiative (GRI) launched its fourth generation Sustainability Reporting Guidelines
More informationISACA San Francisco Chapter
ISACA San Francisco Chapter The 2007 Privacy Panel Rena Mears, CISSP, CIPP, CPA, CISA Partner, Deloitte & Touche LLP March 23, 2007 San Francisco 0 What is Privacy and Why Now? Definition of PII The definition
More informationCapital project source-tocontract life cycle management
Capital project source-tocontract (S2C) life cycle management August 2016 kpmg.com Introduction Today, sourcing and procurement is highly leveraged in the purchase of noncapital project-related goods
More informationGCC VAT implementation roadmap are you ready?
GCC VAT implementation roadmap are you ready? www.kpmg.com/qa A brief introduction to VAT in the GCC The GCC states have worked together to develop a broad framework to introduce Value-Added Tax (VAT).
More informationRisk Management and the Internal Audit profession Two sides of the same coin? 30 th September 2015
Risk Management and the Internal Audit profession Two sides of the same coin? 30 th September 2015 Risk Management and the Internal Audit profession Two sides of the same coin? Mike Wilson Partner M: 07557564333
More informationTechnology Assurance: A Challenge for RAFM in an Evolving Market. Jerusa Verasamy
Technology Assurance: A Challenge for RAFM in an Evolving Market Jerusa Verasamy Agenda 1. Revenue Assurance and Fraud Management Definition Explanation of Leakage Positioning of RAFM in an organization
More informationThe Value- Driven CFO. kpmg.com
The Value- Driven CFO kpmg.com 2 Leading the Way in a Data-Driven Enterprise Several years of global uncertainty have made even the toughest executives flinch, and that s certainly true for chief financial
More informationSTREAM Integrated Risk Manager Take control of your GRC
STREAM Integrated Risk Manager Take control of your GRC Governance Risk & Compliance The Board wants answers Spreadsheets won t do the job STREAM Automation for GRC Risk Registers Integrated Management
More informationImplementing Analytics in Internal Audit. Jordan Lloyd Senior Manager Ravindra Singh Manager
Implementing Analytics in Internal Audit Jordan Lloyd Senior Manager Ravindra Singh Manager What does Success Look Like To deliver successful analytical insight as an everyday part of the audit process
More informationCMMI for services implementation
CMMI for services implementation Supporting effective management and service delivery in an organisation Case study for secured storage and business process services sector Management Consulting September
More informationBack to School for Business Services how to get it right?
Back to School for Business Services how to get it right? CORE conference November 8, 2016 1 Shared Services and Outsourcing Advisory WHO WE ARE KPMG s Shared Services and Outsourcing Advisory practice
More informationIntelligent Automation and Internal Audit
Intelligent Automation and Internal Audit October 2017 kpmg.com With you today Sami Salam Advisory Director Risk Consulting Services Email: ssalam@kpmg.com Arif Faheem Advisory Senior Associate Risk Consulting
More informationFinance disrupted. Future of finance in healthcare: As the industry adjusts to continuous disruption, the finance function has an opportunity to lead
Future of finance in healthcare: Finance disrupted As the industry adjusts to continuous disruption, the finance function has an opportunity to lead kpmg.com/us/futurefinance Finance disrupted Amid continuous
More informationGain strategic insight into business services to help optimize IT.
Closed-loop measurement and control solutions To support your IT objectives Gain strategic insight into business services to help optimize IT. Highlights Gain insight and visibility across the IT project
More informationERP IMPLEMENTATION RISK
ERP IMPLEMENTATION RISK Kari Sklenka-Gordon, Director at RSM National ERP Risk Advisory Leader March 2017 2015 2016 RSM US LLP. All Rights Reserved. Speaker Kari Sklenka-Gordon National RSM ERP Risk Advisory
More informationRSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT
RSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT OVERVIEW Internal Audit (IA) plays a critical role in mitigating the risks an organization faces. Audit must do so in a world of increasing risks and compliance
More information2013 Legislative & Regulatory Landscape
AUDIT COMMITTEE INSTITUTE 2013 Legislative & Regulatory Landscape James P. Liddy KPMG Vice Chair Audit March 28, 2013 Today s Discussion 2013 Legislative & Regulatory Landscape: Perspective from the Capital
More informationRSA. Sustaining Trust in the Digital World. Gintaras Pelenis
1 RSA Sustaining Trust in the Digital World Gintaras Pelenis +370 698 75456 Gintaras.pelenis@emc.com 2 IN 2011 THE DIGITAL UNIVERSE WILL SURPASS 1.8 ZETTABYTES 1,800,000,000,000,000,000,000 3 $ 4 5 Advanced
More informationIntroducing Rational Insight: Make Better Decisions by Overcoming Information Blind Spots Chris Thorp IBM Rational Software Consultant
Introducing Rational Insight: Make Better Decisions by Overcoming Information Blind Spots Chris Thorp IBM Rational Software Consultant Business Unit Designation or other information IBM 2Insight Forum
More informationThe 2014 Guide to SAP Enterprise Performance Management (EPM) Solutions: An excerpt. David Williams SAP
The 2014 Guide to SAP Enterprise Performance Management (EPM) Solutions: An excerpt David Williams SAP Performance Management Challenges for Finance The new normal for Finance professionals Volatile economic
More information