Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
GOVERNANCE
The system of rules, practices and processes by which a
company is directed and controlled.
Involves balancing the interests of the many stakeholders in a
company.
Also provides the framework for attaining a company's
objectives.
Action plans and internal controls to performance
measurement and corporate disclosure.
Governance Principles
Rights and equitable treatment of shareholders
Interests of other stakeholders
Roles and responsibilities of the board
Integrity and ethical behaviour
Disclosure and transparency
RISK MANAGEMENT
Eliminates uncertainties.
RISK TYPES
Hazard risk
Financial risk
Operational risk
Strategic risks
Establishing Context.
2.
Identifying Risks.
3.
Analysing/Quantifying Risks.
4.
Integrating Risks.
5.
Assessing/Prioritizing Risks.
6.
Treating/Exploiting Risks.
7.
COMPLIANCE
Compliance audit :
Auditors review security polices, user access controls and risk management
procedures
Sarbanes-Oxley Act(SOX) of 2002: To protect shareholders and the general public from
accounting errors and fraudulent practices in the enterprise.
Can Spam Act of 2003: Requires businesses to label commercial emails as advertising, use
legitimate return email addresses, provide recipients with opt-out.
Payment Card Industry Data Security Standard (PCI DSS): Created in 2004 by Visa,
MasterCard, Discover and American Express to ensure the security of credit, debit and cash
card transactions.
Information Security Management System (ISMS : ISO 27001): Design, implement and
maintain a coherent set of policies, processes and systems to manage risks to theinformation
assets.
PRINCIPLES
ENABLERS
GOVERNANCE
X MANAGEMENT
Governance
EDM (Evaluate , Direct and Monitor)
Management
PBRM (Plan, Build, Run, Monitor )
OTHER STANDARDS
NIST SP 800 - 30
THANK YOU