Leading financial institutions are transforming the way they manage IT risk

Similar documents
Aligning IT risk management with strategic business goals

IBM Software IBM Business Process Manager

Enhancing business continuity management to address changing business realities

White paper June Managing the tidal wave of data with IBM Tivoli storage management solutions

Business Resilience: Proactive measures for forward-looking enterprises

The new era of supply chain begins now. Unleash the power of Watson Supply Chain to create a transparent, intelligent and predictive supply chain

IBM Global Business Services Microsoft Dynamics AX solutions from IBM

Are You Ready For a New Era in B2B Collaboration?

Security intelligence for service providers

IBM Sterling B2B Integrator

IBM Systems Lab Services Systems Consulting. Proven expertise to help leaders design, build, and deliver IT infrastructure for the cognitive era

Manage more data, meet healthcare regulations and improve availability

The Cognitive Bank: Redefining banks and banking

IBM Cognos Analytics on Cloud Operate and succeed at a new business speed

Embracing SaaS: A Blueprint for IT Success

Ford Motor Company keeps drivers connected

Ten steps to effective requirements management

IBM Cloud Object Storage and CTERA

Transforming software delivery with cloud

Effective SOA governance.

IBM and SAS: The Intelligence to Grow

IBM PureApplication System

Building smart products: best practices for multicore software development

Insights and analytics by IBM MaaS360 with Watson

Increase operational efficiency with intelligent store support. A seamless, wall-to-wall support solution for technology inside the store

A voice and data services provider creates a platform for innovation

Nationwide Mutual Insurance Company embraces IBM DevOp approach and Continues Testing, improves software quality by 50 percent

IBM Smarter Cities Public Safety Emergency Management

IBM Blueworks Live, the roadmap to tackle process improvement

Service management solutions White paper. Six steps toward assuring service availability and performance.

Transforming business processes and information by aligning BPM and MDM

Successful healthcare analytics begin with the right data blueprint

IBM Software Rational. Five tips for improving the ROI of your software investments

IBM Intelligent Operations Center for Smarter Cities

Security solutions White paper. Effectively manage access to systems and information to help optimize integrity and facilitate compliance.

RSA ARCHER IT & SECURITY RISK MANAGEMENT

Gain strategic insight into business services to help optimize IT.

IBM Software WebSphere Achieve agility and profitable growth

Smarter Commerce for healthcare and life sciences

Automate, manage and optimize business processes in the cloud

IBM QRadar SIEM. Detect threats with IBM QRadar Security Information and Event Management (SIEM) Highlights

Making intelligent decisions about identities and their access

IBM Cloud Resiliency Orchestration

When It Needs to Get Done at 2 a.m., That s when you can rely on CA Workload Automation

IBM Data Security Services for activity compliance monitoring and reporting log analysis management

COMPLIANCE TRUMPS RISK

IBM i2 Enterprise Insight Analysis

How enabling Supply Chain visibility can improve the bottom line

IBM Service Management for a Dynamic Infrastructure IBM Corporation

SunTrust Banks. Improving productivity, reducing vulnerability windows. Overview. Gaining control over a highly distributed environment

Planning and design for smarter cities

IBM Maximo Asset Management solutions for the oil and gas industry

Use cases for IBM Forms Experience Builder

Actionable enterprise architecture management

Watson Internet of Things. Agile Development Why requirements matter

Drive down costs with better asset lifecycle management

Address system-on-chip development challenges with enterprise verification management.

IBM Analytics. Data science is a team sport. Do you have the skills to be a team player?

Ensuring progress toward risk management and continuous configuration compliance

Leading the way in technology support

IBM Digital Analytics Accelerator

Descriptive, predictive, prescriptive: Transforming asset and facilities management with analytics

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

Jaguar Land Rover cuts software validation time by up to 90 percent

IBM Db2 Warehouse. Hybrid data warehousing using a software-defined environment in a private cloud. The evolution of the data warehouse

Procurement: Leading the Way in Corporate Social Responsibility

20 Signs That Your Business is Ready for Managed Services. Find out when your business will truly benefit from a technology provider.

Dramatically improve the way work gets done with IBM Business Process Manager

Your Business Needs Managed Services. Find out when your business will truly benefit from a technology provider.

IBM Chemical & Petroleum. Enterprise asset management: Why it s even more important in today s oil and gas industry

20 Signs That Your Business is Ready for Managed Services. Find out when your business will truly benefit from a technology provider.

20 Signs That Your Business is Ready for Managed Services. Find out when your business will truly benefit from a technology provider.

VP SECURITIES A/S cuts costs with modern development tools

WHITE PAPER. The next chapter of enterprise analytics and how payers can prepare

IBM Planning Analytics

CareCore National uses DevOps approach to cut defects by 50 percent

QUICK FACTS. Supporting an International Infrastructure Organization with its Legacy Oracle ERP Environment

IBM Service Management solutions To support your IT objectives. Create and manage value throughout the entire service management life cycle.

IBM _` iseries systems Retail

On demand operating environment solutions To support your IT objectives Transforming your business to on demand.

IBM Service Management Buyer s guide: purchasing criteria. Choose a service management solution that integrates business and IT innovation.

Teradyne Corporation. Saving millions of dollars through integrated workplace management. Smart is...

IBM Tivoli Endpoint Manager for Software Use Analysis

Inside the Midmarket: A 2011 Perspective

How ready are you for operational SOA?

BUSINESS CONTINUITY: PROTECTING YOUR BUSINESS FUTURE

IBM Customer Analytics Five best practices for understanding customer journeys

Power your communications with IBM and Avaya

IBM AML compliance solution

Preparing your organization for a Human Resource Outsourcing implementation

The CIO and the Cloud: Strategic Allies. Recent Research on Challenges and Opportunities Facing the CIO

Customer driven. How the auto industry is transforming to let customers lead the way. Highlights. Automotive Point of view

Cognitive enterprise archive and retrieval

IBM Sterling B2B Integrator for B2B Collaboration

Risk Management For and By the BOT. Secured BOT Series

Placing a lens on supply chain planning

Businesses are ready for a new approach to IT

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

Safe Supply Chains Help Produce Sustainable Businesses

Taking Operational Decision Management to the Next Level

Transcription:

IBM Global Technology Services Thought Leadership White Paper July 2013 Leading financial institutions are transforming the way they manage IT risk Resiliency, security and agility are all being reconsidered

2 Leading financial institutions are transforming the way they manage IT risk Executive summary It is no longer sufficient to only have a plan to keep IT up and running. That plan has to be integrated with a bank s business needs. It must include the ability to effectively manage a crisis when an event occurs, and it must have inherent flexibility to adapt as threat landscapes and regulatory requirements change over time. Mobile devices, cloud computing and social networks are all part of the new financial ecosystem and must be protected. At the same time, increasing demands to reduce costs and find skilled resources to manage and analyze this environment puts pressure on virtually all businesses especially financial institutions. IT vulnerabilities jeopardize not only a bank s operations, but also its reputation and bottom line. Infrastructure failures, security breaches and events resulting in loss, corruption and inaccessibility of data can significantly impact a bank s reputation. Amid the ever-increasing threat environment, it is no wonder why many banks are finding it more difficult to manage information technology (IT) risks effectively. Unfortunately, they are also paying high costs for their challenges. The IBM Security Services Cyber Security Intelligence Index, which detailed analysis of security events for 3,700 clients across 130 countries during 2012, lists the finance industry among the most attacked industries. 1 The costly consequences of mismanaging IT resiliency and security threats are why executives in the banking industry are far more likely than their counterparts in other industries to make IT issues a part of their overall reputational risk-management strategy. Customer satisfaction Brand reputation Compliance 91 percent 92 percent of banks draw strong connections between IT risks, customer satisfaction and brand reputation. 2 of banking industry executives say that IT issues are part of the organization s overall reputational risk-management strategy. 3 87 percent of banking executives say that IT failures have severe consequences for compliance. 4 Now more than ever, IT must be reliable, predictable, available and security-rich to support a bank s critical business processes and key initiatives. Identifying risks associated with the use of IT requires the adoption of a broader, more holistic view of IT risks and services throughout the enterprise and even beyond. Such a view cannot be adequately conceived via a traditional approach that emphasizes only the physical and natural threats of IT service delivery. This paper details the problems that are inherent in the traditional approach to IT risk management for banks. It underscores the need to broaden the spectrum of risks to encompass IT threats to a bank s strategic business objectives. It also outlines steps for implementing a more holistic, structured approach to IT risk management. This approach can enable banks to assign resources across the enterprise, continually monitor IT risks using meaningful metrics and communicate their IT risk-management programs to stakeholders. Ultimately, this proactive methodology can facilitate a faster, more appropriate and more cost-effective response to IT risks enabling banks to improve service delivery to clients, business performance and resiliency. It can also help them better manage business objectives and regulatory requirements to better safeguard their bottom line and reputations.

IBM Global Technology Services 3 (Our) operational systems and networks have been, and will continue to be, vulnerable to an increasing risk of continually evolving cyber security or other technological risks, which could result in the disclosure of confidential client or customer information, damage to (our) reputation, additional costs to (us), regulatory penalties and financial losses. Failure to maintain the value of the brand could harm (our) global competitive advantage, results of operations and strategy. Bank executive (large global bank) Problems with the traditional approach to managing IT risk Many business leaders in banking lack confidence in their organization s ability to effectively identify and manage IT risk. Consider, for example, the following findings from two different IBM studies: More than half of chief information officers (CIOs) expressed concerns about risk management and compliance. 5 Nearly a third of senior executives said they do not have a formal risk-management function in place. 6 Why is there such a lack of confidence in IT risk management among bankers? We have found that banks continue to analyze risks through a very narrow lens that focuses on the financial impact of IT service delivery. This traditional approach begins by identifying conventional threats such as fires, floods, power failures, vandalism, terrorism and security failures based on the potential impact that these threats could have on business avail- recoverability and security. Then the approach prioritizes ability, the management of those threats according to the potential business costs, losses and operational effects. However, threats that fall outside of the conventional realm such as cyber-warfare, hactivism, vandalism-led attacks and advanced persistent threats are easily overlooked. If a bank cannot identify these additional threats or accurately determine their likelihood, it cannot assess its true vulnerability to them. In addition, although the act of quantifying and qualifying these factors may provide useful information for risk analysis, it does not accommodate management s need to align IT risk management decisions with business objectives. For example, if a key priority is to maintain continuous system availability, IT-risk management decisions must encompass, at the very least,

4 Leading financial institutions are transforming the way they manage IT risk the people, processes and technologies required to meet this objective on a day-to-day basis. The failure to align IT-risk management with business objectives is a significant limitation of the traditional approach. It is also not consistent with the International Organization for Standardization s (ISO s) 31000 standard, which emphasizes risk management as a strategic discipline, as opposed to a compliance-based function, for making risk-adjusted decisions. Moreover, because the traditional approach does not establish a link with a bank s enterprise objectives and strategic business initiatives, it has yet to demonstrate the effect of risks on achieving these goals. In financial services, we make money by prudently assuming risks and managing them. So risk management is nothing new to us. What is new is the need for a better understanding of the interactions among different areas of risk. Risks have become more interdependent one risk may lead to something else. 7 The need for a more holistic approach to IT risk management Managing IT risk in a bank is becoming increasingly complex due to diverse IT architectures and platforms, multiple internal and external stakeholders and various service-delivery options deployed. The proliferation of mobile devices in the workplace also requires a much broader approach to IT risk management. As banks try to juggle IT risks, they often are challenged by: Assessing risks and developing a tailored business resilience strategy Analyzing the impact of a business disruption and the costs of downtime Protecting business-critical and customer information from system failures and security breaches Responding with speed and agility to incidents while reducing risk exposure Managing costs during incident responses and downtime Managing compliance with constantly changing governmental and industry regulations associated with business continuity and security Supporting business and IT processes that keep the business running when unexpected disruptive events occur Chief risk officer, First Horizon National Corporation

IBM Global Technology Services 5 To more appropriately identify the business risks associated with the use of IT, banks need to optimize risk management at an enterprise level by taking a broader view of IT risks that goes beyond traditional standards and aligns IT with the strategic direction of the business. Specifically, they need an approach that can realize the following business benefits: Instead, KRIs are required to help alert the organization about emerging risks well before the risk actually occurs. This allows companies to capture opportunities or reduce a potentially negative impact, which can help achieve their business objectives. KRIs must also alert the organization early enough to provide time to react and take appropriate measures to counter the risk. Reduced financial and reputational exposure by facilitating advanced assessment, incorporating preparation and incident response, decreasing the financial and business impact of incidents and planning a more realistic strategy to help better manage compliance and regulatory requirements Enhanced performance by increasing the flexibility and agility of IT services to support better response to risks and security-rich events and by facilitating reduced operating costs through the more consistent deployment of IT risk policies and procedures Improved competitive advantage by more carefully aligning business resiliency processes and infrastructure to the needs of organizations and helping banks make calculated responses to risks that competitors may lack the insight to make Although KPI and KRI metrics are different, they are related. KPIs are used to track business performance. KRIs warn businesses of impending change. Because business entities are interdependent, if a supplying entity is not capable of providing a service, the receiving or dependent entity is at risk. These are capability risks that could potentially prevent the dependent entity from achieving its performance targets and should be managed through KRIs. IT Risk Spectrum By tying classic risk techniques directly to strategic business initiatives, banks can more easily document key performance indicators (KPIs) and key risk indicators (KRIs) and prioritize risks based on their impact or on their contribution to strategic goals. Additionally, they can more efficiently implement balanced risk-management plans, employ clearer communication plans and continually monitor risk indicators. Agility and appropriateness Respond in a timely manner with the correct new or modified IT service in support of changes in business requirements Scalability and performance Maintain acceptable performance based on business needs and appropriately accommodate changes in business service volume Security and data protection Provide the appropriate access controls while protecting the business information and resources Accuracy and timeliness Provide accurate data, to the right people, at the right time, to make informed business decisions Availability and recoverability Keep systems running and, if necessary, recover from interruptions in line with business expectations The importance of stronger metrics Increasingly, banks are using KPIs to help track and manage risks. However, KPIs are not suited for this purpose because they are typically based on historical performance data.

6 Leading financial institutions are transforming the way they manage IT risk Introducing the IBM IT Risk Spectrum To answer the need for a more structured and holistic approach to IT risk management, IBM has developed the IT Risk Spectrum, which is designed to provide a prescriptive view of bank operations and an understanding of how IT risks affect specific business goals. This structured and holistic approach groups a variety of IT risks into five logical categories. Each risk category is associated with specific business goals to help determine the impact that the current state of IT service delivery and mitigation prioritization can have on the business goals. Thus, the IBM IT Risk Spectrum helps banks to determine how much these risks might affect business. It also helps them improve the alignment of IT to their business needs and, therefore, use IT to help achieve strategic goals. IT Risk Spectrum Agility and appropriateness Scalability and performance Security and data protection Accuracy and timeliness Availability and recovery Examples of risks and benefits A North American banking group did not have IT infrastructure and development agility. As a result, it was unable to provide innovative offerings to help the business stay ahead of competition. Benefit: The bank tried to improve its IT infrastructure and development agility. It was able to use this agility to develop innovative online and mobile cash back deals on a nationwide scale. This helped customers to save on retail purchases based on previous spending patterns. An Association of Southeast Asian Nations (ASEAN) bank faced difficulties in managing the IT infrastructure that supported a variety of banking channels available to its customers. This resulted in the bank s inability to increase its service levels and competitiveness. Benefit: The bank consolidated the supporting IT infrastructure to boost performance and reduce operational costs. A North American bank faced a cyber attack that breached the bank's network and accessed the data of credit-card holders. Risk: The bank failed to identify security vulnerabilities resulting in fraud, loss of customer confidence and regulatory scrutiny. A North American trading firm s new trading software submitted erroneous orders in stocks listed in the New York Stock Exchange. Risk: The erroneous orders caused sudden swings in stock prices and surging trading volume. The firm faced huge costs to rectify the glitch, and its stock price lost 75 percent of its value in two days. A European bank implemented application updates as part of a software upgrade. The bank failed to factor in complex systems and interdependencies. Risk: The bank faced a systems outage for multiple days and unacceptable delays to account updates, which resulted in widespread media coverage and a damaged brand reputation. Critical components of the core business of a bank must also be reviewed to help determine their linkage with the IT Risk Spectrum and identify the better metric to monitor. IBM applies its Component Business Model 8 to decompose a bank in such a way as to render the components reviewable and to allow for both dependency and parallel analysis. This framework is comprised of six domains to cover virtually all components both internal and external that are necessary to help enable business operations. They include: People: The human resources with assigned roles and responsibilities who compose the bank, as well as the processes required to maintain their skills through training and communications Processes: How the bank conducts its core business (through business-process modeling in an open-process framework) and maintains its technology through IT strategy and governance, business continuity, backup and recovery, and service management, among others Technology: Equipment and tools that support the bank s business processes, such as servers, storage systems, networks, databases, applications and telephony Suppliers: Businesses and entities that provide the critical materials, services and information necessary to allow the bank to operate and conduct business Infrastructure: Components under the control of the bank that help enable operations such as physical security, electrical systems, water and cooling Exostructure : Critical components of the ecosystem, outside the control of the bank, such as power supply, water supply, roads, transportation, food supply, communications and governance

IBM Global Technology Services 7 Underestimating the cost of reputational risk greatly exceeds the cost of protection. Proaction is preferable to reaction. 9 Finance director, U.S. bank The IBM method: Three steps to facilitate a proactive IT risk culture IBM has established a condensed risk management method based on ISO 31000, which, when applied to the IT domain, can provide a risk architecture designed for enhanced compliance management that can more easily interface with virtually any enterprise-wide risk management program. Our methodology broadens our traditional thoughts on IT risk beyond facilities, natural phenomena and server failure to include the abilities of IT services to be more available, security-rich, scalable, agile and accurate in proportion to the business need. Act Suppliers Infrastructure Availability and recoverability Security and data protection Exostructure Ascertain Scalability and performance The IBM approach to managing IT risk to your core business Agility and appropriateness Technology and timeliness Accuracy Processes People Assess The methodology includes three structured phases: ascertain, assess and act.

8 Leading financial institutions are transforming the way they manage IT risk Phase 1: Ascertain the purpose and scope, with clear roles and responsibilities An IT risk management program should include the activities necessary to continually identify, assess and respond to threats and their relative risks to the business. Without identified goals and clearly defined roles and responsibilities, the subsequent management processes are in jeopardy. Setting both scope and roles early in the process of establishing the program helps to facilitate your team s buy-in to the process and to the subsequent requests for mitigation actions from confirmed identified IT risk owners. Stages 1 Purpose Ascertain the purpose and scope, with clear roles and responsibilities Description Establish a bank s goals for the IT risk-management program Significance Determines strategic banking business imperatives Defines IT-risk management objectives Identifies internal and external stressors Phase 2: Assess the IT risk and prioritize treatment options With the business goals set, the IT risk areas are defined relative to the strategic business initiatives. This entails aligning the IT services directly to their support of business goals. A critical element of establishing holistic risk management for business resilience is the ability to assess a wide range of risks in a balanced way to build an overall picture of the threats and opportunities the organization faces. By using the IT Risk Spectrum and analyzing the IT services that are needed across the entire enterprise to support the business initiatives, banks can more easily identify which IT services they need most to achieve their business goals. Clearly, understanding the relationship of IT services that support business initiatives is a critical aspect of risk assessment. 2 Scope 3 Roles and responsibilities Scale the areas of IT risk to manage more effectively based on relevance to strategic banking initiatives Define areas of responsibilities involving required stakeholders Defines acceptable risk levels to the banking business as a result of the use of IT services Prioritizes the IT Risk Spectrum and IT service areas to include in the assessment activities Establishes IT risk responsibilities Identifies appropriate roles throughout the organization Defines member roles and responsibilities and facilitates buy-in from stakeholders

IBM Global Technology Services 9 Stages 1 Identify 2 Measure and prioritize 3 Treat Assess the IT risk and prioritize treatment options Description Significance Help identify IT risk to strategic banking business initiatives by analyzing cause and business impact Measure KPIs and KRIs, and prioritize IT risks by consequences and probability Create balanced treatment options Identifies a bank s strategic initiatives against which to manage and exploit IT capabilities Conducts an IT service all capabilities analysis to identify measurable IT risk and performance metrics Determines more meaningful key IT performance indicators using the IT Risk Spectrum Quantifies IT risk to the banking business based on the current IT performance capabilities Helps identify the potential impact to business strategic goals should the IT risk materialize Helps identify controls to assist with monitoring changes that may impede success Defines and prioritizes more appropriate IT service risk treatment and roadmap Helps identify controls to apply In this phase, the IT risk management plan is implemented by assigning the various resources across the organization with the responsibility and accountability to act. The risk owners establish and manage IT risk to help provide alignment with business objectives and to help increase involvement throughout the organization at practically all levels: C-level management, business lines, IT professionals, board members and employees. Stages 1 Implement Description Act to manage IT risk Assign resources in the organization with responsibility and accountability to act Significance Helps identify persons in virtually all areas within scope to establish and better manage IT risk Helps ensure alignment with business objectives Enables increased awareness across the organization Phase 3: Act to manage IT risk Now that the KPIs and KRIs have been documented and prioritized against business strategic goals, the challenge becomes one of implementing balanced treatment plans, continually monitoring the risk indicators and communicating to the stakeholders. 2 Monitor 3 Communicate Continually monitor IT risks based on IT metrics meaningful to the bank Help ensure all stakeholders are aware, educated, and able to use the IT risk program Helps monitor changes and events that may stress the bank Continually reviews to help ensure sustained alignment with business objectives Helps enable a tailored response accordingly Establishes training and awareness programs for practically all level of employees Helps ensure stakeholders understand roles Reports regularly to levels involved with the program Helps support integration of IT risk management with broader governance, risk and compliance activities Helps to emphasize that IT risk management is part of everyone s job and to develop a risk-aware and proactive risk culture

10 Leading financial institutions are transforming the way they manage IT risk Why IBM? IBM provides IT risk management services to banking clients who need to more proactively identify, understand, manage and respond to operational risks and business disruptions. We can help you maintain near-continuous business operations, allowing you to better protect your brand, support growth for your bottom line and remain a trusted provider to your customers. Using industry standards, such as the ISO and ISACA, IBM resiliency specialists can become familiar with your environment and help tailor the resilience framework to your unique needs. We can also review the respective collateral to be used for the IT risk assessment and provide a roadmap for remediation and improvement. Additionally, by choosing IBM, you can gain peace of mind from knowing that we are a trusted and analyst-recognized business continuity and resiliency leader with over 50 years of experience. More than 9,000 disaster recovery clients rely on our expertise, because we can provide 100 percent recovery for clients who have declared a disaster. 10 And our robust business continuity and resiliency infrastructure includes over 160 resiliency centers across 70 countries; 1,800 highly skilled professionals; and fourmillion square feet of disaster recovery floor space. 11 With these capabilities, backed by our time-tested intellectual property, tools and methodology, we are ready to help deliver industry-leading support for your evolving risk-management needs. A global bank improves risk management with help from IBM The need: The bank s existing IT recovery solution was limited and lacked full integration with business requirements. It needed an experienced consultant to help build a corporate disaster recovery solution to facilitate more accurate analyses of business requirements and define and support critical business processes. The solution: IBM Global Services Integrated Technology Services helped the bank document its existing risk management processes and roles. Through a business recovery plan consultancy, IBM also helped the bank develop a corporate and departmental continuity plan to coordinate disaster recovery activities across a designated set of critical business functions. The benefits: Clearer delineation of responsibilities between IT and business groups Standardized process definitions that allow for commonality and transparency across major business lines and IT More accurate workflow to help ensure the right participants are involved in the process Virtually all risk-management activities are accounted for and gaps identified in the current state analysis are closed

IBM Global Technology Services 11 Are you prepared for the changing threat landscape? Business continuity and resiliency are critical requirements of a modern bank, but they are not always well understood. To properly prepare, banks should regularly evaluate their plan by using an objective, focused approach to update and strengthen it. We invite you to take the IBM Business Continuity Index test, which helps you to identify where improvements can be made and provides information and guidance on the next steps to consider when developing a robust risk management strategy for your business. 12 The IBM Continuous Operations Risk Evaluation (CORE) Workshop uses a series of tools, risk models and interviews to evaluate your current plan. 13 Contact your IBM representative to learn how a CORE Workshop can provide clear guidance to help you fortify your risk posture. For more information To learn more about IBM s services that help you address IT risk, please contact your IBM representative, or visit the following website: ibm.com/services/continuity Additionally, IBM Global Financing can help you acquire the IT solutions that your business needs in the most cost-effective and strategic way possible. We ll partner with credit-qualified clients to customize an IT financing solution to suit your business goals, enable effective cash management, and improve your total cost of ownership. IBM Global Financing is your smartest choice to fund critical IT investments and propel your business forward. For more information, visit: ibm.com/financing

Copyright IBM Corporation 2013 IBM Corporation IBM Global Services Route 100 Somers, NY 10589 Produced in the United States of America July 2013 IBM, the IBM logo, and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at Copyright and trademark information at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. 8 Component Business Model: ibm.com/software/industry/banking/framework/ 9 IBM, Six keys to effective reputational and IT risk management: Implications of the 2013 IBM Global Reputational Risk and IT Study, March 2013. 10 Based on previous IBM client engagements; statistics current as of 2013. 11 Statistics current as of 2013. 12 IBM Business Continuity Index test: http://www.ibmbusinesscontinuityindex.com/ 13 IBM Continuous Operations Risk Evaluation (CORE): ibm.com/common/ssi/cgi-bin/ssialias?subtype=fy&infotype=pm&appname= GTSE_BU_BU_USEN&htmlfid=BUF03017USEN&attachment= BUF03017USEN.PDF The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. 1 IBM, IBM Security Services Cyber Security Intelligence Index, March 2013. 2 IBM, Reputational risk and IT in the banking industry: Findings from the 2012 IBM Global Reputational Risk and IT Study, October 2012. 3 Ibid. 4 Ibid. 5 IBM, The essential CIO insights from the global chief information officer study, May 2011. 6 IBM, Key trends driving global business resilience and risk: Findings from the 2011 IBM Global Business Resilience and Risk Study, September 2011. 7 Ibid. Please Recycle BKW03016-USEN-00

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback