Governance, risk and compliance

Published on January 2, 2019   30 min
Please wait while the transcript is being prepared...
Hi, my name is Amalia Barthel. I'm a privacy and GRC consultant and advisor, and I interact with multinational organizations in most industry sectors. In addition, I speak at conferences and I have also authored and taught courses on topics relevant to governance, risk, compliance, privacy and audit at the University of Toronto in Canada. I'm here today for one of the sessions part of practical cybersecurity series. My talk is titled, "Governance, Risk and Compliance". This session has direct applicability from large to small organizations in the areas of IT and IT security.
Today's agenda will focus on four points. Number one, the importance of risk management for organizations of all sizes. Two, governing value in the enterprise. Three, compliance and GRC, a balancing act. Four, governments approach to critical infrastructure protection and how this scales down to small and medium enterprises.
The key takeaways today are practical tips to scale to GRC, for small and medium organizations, understanding the GRC triangle, the critical role of compliance in service assurance and integrity, and thinking big picture: governments strategies to critical infrastructure protection. So, let's start.
Let's start by pointing out that in trying to position IT risk management in the overall enterprise risk forum , we need to recognize that IT risk is pervasive in the enterprise. Each risk area in the organization is inextricably linked to IT systems, and is supported or serviced by the IT function. Risk is introduced through IT systems, but it also means that IT risk management is very important for the organizations because it touches every area in the business.