Designing Effective Controls, Security Safeguards and Governance by a Risk-Based Methodology

Why Should You Attend:

In the past, the approach used to conceive and develop governance, audit and security provisions by professionals in all fields of endeavor was empirical, inconsistent and based on feeling and experience. Most importantly, the controls and safeguards were sorely lacking in risk management thinking. As the business environment becomes more complex and new threats appear daily from the use of new technologies and the global environment plus the advent of new laws and regulations that need to be complied with, the traditional and empirical methods for designing and implementing governance, controls and security safeguards is thoroughly inadequate and it must give way to a far more structured and risk-based approach to facilitate the development of cost-effective control and governance safeguards.

This webinar is designed to provide participants with a proven and highly structured, risk-based practical methodology for conceiving, designing and implementing sound governance, control and security practices. Participants will gain a very clear understanding of practical risk analysis methods and how they are applied to governance, controls and security practices design which can also assist them in their risk management duties to reduce company exposure and increase profitability.

Learning Objectives:

• Review the deficiencies of past and present approaches and methods for conceiving and designing governance provisions, internal controls and security safeguards.
• Learn how important it is to link the development of governance and control measures to the presence of threats and risks.
• Learn that all governance, controls and security safeguards are intended to response to threats and risks.
• Learn a highly structured, risk based methodology for conceiving, designing and implementing governance, controls and compliance practice to develop your own internal standards for designing controls.

Areas Covered in the Webinar:

• A review of the empirical ways by which governance and controls practices are developed and implemented in today’s business environment pointing out the deficiencies.
• A review of risk analysis principles and definition of terms (vulnerabilities, threats, risks, exposure, control and governance objectives, control and security solutions to mitigate the impact of threats and risks).
• A structured, risk based- methodology for designing and implementing governance, controls and security safeguards.
• Explanation of the key elements of the methodology with illustrations.
• Q&A

Who Will Benefit:

• Audit executives, chief auditors, internal auditors, IT auditors
• External or independent auditors, CPAs
• IT executives, CIOs, systems and datacenter professionals
• Chief security officers (CSOs), chief technology officers (CTOs)
• Security and control professionals
• Corporate and IT governance officers, chief compliance officer (CCOs), CFOs, chief risk officers (CROs)
• System quality assurance and standards development professionals
• Technology acquisition team leaders and staff
• Technology assessors
• Management consultants
• Any user department manager responsible for risk management and development of safety and security practices and controls
• Legal officers
• Procurement and contracting professionals
• Governance, risk management and compliance (GRC) professionals
• Any professional interested in or dealing with governance, internal control and security practices

Instructor Profile:

Javier F. Kuong is the president and principal consultant of Management Advisory Services & Publications (MASP), an organization that for over 30 years has been devoted solely to consulting, training, publications, research and development in enterprise and IT governance, compliance, auditing, security, service level agreements and business continuity planning. He is the author of over 40 books and treatises in the above fields of expertise. He is the author of a very recent book entitled: “Service Level Agreements for Cloud Computing – Guidelines for Selecting Cloud Service Providers.”

Topic Background:

In an imperfect business world, there will be a host of barriers or impediments to achieve the critical business goals and objectives of the enterprise and consequently fail to achieve the corporate mission statement. These barriers are often beyond the direct control of management, technologists, business professionals, and operations personnel. They manifest themselves in the form of threats that are lurking and waiting to happen.

Increasingly, senior management and financial, auditing, security, risk management and operations personnel are compelled to develop governance provisions, internal controls and protection safeguards to substantially minimize the adverse impact of these threats. However, in order to effectively develop cost-effective countermeasures, organizations and practitioners should have standards and a well-thought out methodology to develop, design and implement governance, controls and security safeguards to minimize the potential tangible financial and intangible losses that can derive from the adverse threats materializing.

Follow us :