1

Cyber Risk & Cyber Security

Training, Advisory & Implementation

Riskpro, India

2

Why Cyber Security Framework are Unique

Each industry and each enterprise within it will have differing priorities..

Each Application and each database/server is uniquely configured

Each hacking technique is unique in some way.

BFSI should adopt leading framework to evaluate their preparedness

Example RBI directives to Banks in India.

Cyber Security must be DIFFERENT & SEPARATE from the banks regular

Technology & IT Security.

ISO 27 K best practices. ISO 31000 implementation or COSO 2013

guidelines adherence, as you move towards certification.

3

RBI Guidelines on Cyber Security Framework (Download)

Cyber Security Policy

• Board approved Cyber Security Policy

Inventory of Cyber Risks

•Inventory of cyber threats and mitigating controls

Continuous monitoring (SOC)

• Setup Security operation Centre (SOC)

Cyber Crisis Management Plan

•Board approved CCMP

Cyber security indicators

•Assess level of risk/ KRI

Cyber-security awareness Trainings

•Awareness among staff at all levels

4

How Riskpro can help

• Develop board approved Cyber Security Policy and Cyber Crisis Management Policy

• Establish governance to address cyber risks

• Align to Best practices

Cyber Security Policy

•Develop Risk register specific to cyber threats

•Identify gaps in network security and IT access control risks

Inventory of Cyber Risks

• Perform independent Cyber-Risk audit services assessment

• Support on SOC operations.

• VA/PT services

Continuous monitoring (SOC)

•Board approved CCMP

•Testing of CCMP on an annual basis

•Diagnostic gaps in Crisis Management Framework

Cyber Crisis Management Plan

•Develop Key Risk Indicators to track risks and preparedness

•Periodic audit of cyber threats and report testing to Risk Committees

Cyber security indicators

•2 Days awareness trainings across Institution

•Online E Learning modules for mass awareness

•Reasonable training fees per participant or per day rates

Cyber-security awareness Trainings

5

Cyber Risk - 2 Day Training Programme content & Schedule

Risk & Cyber Risk : Introduction and leading Frameworks

- Emerging cyber risks, trends and challenges

- ISO 27000, 1,2,3,4,5,17 & 18 Frameworks

- ISO 31000 Framework

- COSO 2013 Cyber Risk Principles

- India 2016 RBI circular on Cyber security

- Cyber-Security. Security on the cloud. IoT & m2m Security.

Cyber-Risk Management Process

- Information maturity, costing, value, Prirotisation.

- IT Policies,-Internal Controls and ERM

- Cyber Risk Assessments (Identification, Risk

Assessment, Cyber Risk impact / probability)

- Cyber Risk mitigation perspective

- Risk Appetite, Risk Tolerance and Risk Limits

- Risk Monitoring ,Reporting and Risk Management

Cyber-risk factors

- Emerging Risks

- Regulatory, Compliance and Political Risks

- Risk from SCM & CRM. Demand & Supply

- Reputational Risk

- Risk from growth, scale, M&A & integration

Cyber Risk Theory vs Applied Cyber Risk

- Implementing Cyber Risk Response Strategy

- Cyber Risk in your organisational culture.

- Project vs Process cyber risk management

- Cyber risks in your industry.

- Cyber risks unique to your business.

- Tactical direction & Operational decision making.

Comprehensive Training on Cyber Treats and related Security

Day 1

Day 2

6

Cyber Incident Reporting and Management

RBI cyber-risk circular to India Banks for by SEP 30, 2016

implementation …

RBI requires near-real-time reporting of incidents. Within 2 to 6

hours.

Riskpro has a ready to deploy RBI Reporting tool accessible to all

banks for Annex. 3 of the above RBI circular.

Reporting to other agencies in real-time being implemented.

Incident tracking

7ACT Fast!! Info@riskpro.in www.riskpro.in/cybersecurity

8

Riskpro Clients Our ClientsB

an

kin

g/

Insu

ran

ce

Ban

kin

g -

Intl

*Any trademarks or logos used throughout this presentation are the property of their respective owners

9

Riskpro Clients Our ClientsC

orp

ora

te

/ M

NC

s

*Any trademarks or logos used throughout this presentation are the property of their respective owners

10

Riskpro Clients Our ClientsC

orp

ora

te

/ M

NC

s

*Any trademarks or logos used throughout this presentation are the property of their respective owners

11

Riskpro Clients Our ClientsIT

Co

mp

an

ies /

SS

AE

Clien

ts

*Any trademarks or logos used throughout this presentation are the property of their respective owners

12

Riskpro Clients Our ClientsA

cad

em

ics /

Oth

ers

*Any trademarks or logos used throughout this presentation are the property of their respective owners

Co

nsu

ltin

g F

irm

s

13

RESUMES – Our team

Founder - Riskpro

CA, CPA, MBA-Finance (USA), FRM (GARP)

Over 10 years international experience – 6 years in Bahrain and 4 years USA

18 years exp in risk management consulting and internal audits, Specialization in Operational Risk, Basel II, Sox and Control design

Worked for Ernst & Young (Bahrain), Arab Investment Company (Bahrain), Navigant Consulting(USA), Kotak Mahindra Bank (India) and Credit Suisse(India)

Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage Company)

Manoj Jain

Credentials

Co-Founder - Riskpro

PGD (Electrical & Electronics & Computer Programming)

30 years of experience in Information & Communications Technology (ICT) Solutions for Retail, Garments, Manufacturing, Services Industries.

Has created Companies, Divisions, Products, Brands, Teams & Markets.

Consulting in Business, Technology, Marketing & Sales & Strategic Planning.

Advisory, Training, Workshops & Implementation in Systems Thinking, Systems Modeling & Balanced Scorecard

Worked with TIFR, Mahindra, Ambience, Communico-Graphique & Ionidea Inc, USA,

Casper A

bra

ham

14

RESUMES - Our team CredentialsS

hrira

mG

okte

EVP - Risk Management

BTech MBA (USA)

22 years of work experience, 16 of which were in risk management domain, 11 years of global experience in USA & UK

Ex Chief Risk Officer of Birla Sun Life Insurance & CMS Info System .

Managed Risk & Compliance for two UK based insurance KPOs (Paternoster India & JLT India)

Core expertise in ERM, Capital Valuation, Operational Risk, Information Security, BCM, Governance & Internal Audit

CISA, CIA, CMA, FLMI, MBCI qualified

Rit

a S

he

wakra

man

i

Senior Vice President – Risk Advisory Services

Chartered Accountant, a Certified Internal Auditor (CIA) and a Certified Risk Mgmt Professional (CRMA).

She has around 15 years of post qualification experience into Internal Audits, Risk, Application Reviews, Operations / Process/ Internal control reviews, Fraud Investigations, Documentation of SOPs (Standard Operating processes) etc.

She has worked with consulting firms like Baker Tilly Singhi Consultants Pvt Ltd, Price Waterhouse Coopers, EY, Aneja Associates and Corporates like Reliance (Internet Exchange), GE Capital, CMS Computers etc in the past into Internal Audits and Operations Review

She has domain experience in industries such as Manufacturing, Retail, Services (IT Companies/ BPO’s/ KPO’s/ Cash Mgmt Services/ E-Governance/ Field Engineering, Media etc) amongst others.

15

RESUMES – Our Team Credentials

Executive Vice President – Basel II & Banking

Ex- Head of Integrated Risk Management department at Bank of Maharashtra

Responsible for implementation of Risk management guidelines issued by RBI from time to time on Credit risk, Market Risk and Operational risk and reporting regularly to Risk Management Committee of the Board and Board of Directors.

Put in place all policies relating to Risk Management, ALM Policy, ICAAP Policy; Stress Testing Policy, Business Continuity Planning Policy, Outsourcing Policy.

Validated Credit Risk Rating and put in place techniques for identifying and measuring of Pillar 2 risks such as concentration risk, Liquidity risk, IRRBB, Earnings risk, strategic risk etc.

R. M

ura

lidhara

n

SVP- Audit and Risk Management

CA, CIA, CFE and CISA

Ankit has over 15 years of risk management and internal audit experience, SOX &SSAE compliance, fraud reviews, regulatory compliance reviews, external & taxaudits and supporting ERP implementation to ensure effective control design.

He has headed the audit function for a midsize financial services company and thecaptive offshore unit of ANZ Bank one of the big 4 Australian banks. He has alsoworked in PWC for 8 years and Hewlett Packard for 3 years.

Ankit has extensive experience with internal audit in financial services and backoffice operations and has setup internal audit functions for captive units of fourdifferent companies.

Ankit M

anglik

16

Riskpro’s Network Presence

New Delhi

Mumbai

Bangalore

Ahmedabad

Pune

Agra

Salem

Kolkata

Hyderabad

Chennai

Jaipur

17

Who is Riskpro… Why us?

ABOUT US Riskpro is an organisation of member firms

around India devoted to client service excellence. Member firms offer wide range of services in the field of risk management.

Currently it has offices in three major cities Mumbai, Delhi and Bangalore and alliances in other cities.

Managed by experienced professionals with experiences spanning various industries.

MISSION

Provide integrated risk management consulting services to mid-large sized corporate /financial institutions in India

Be the preferred service provider for complete Governance, Risk and Compliance (GRC) solutions.

VALUE PROPOSITION You get quality advisory, normally delivered

by large consulting firms, at fee levels charged by independent & small firms

High quality deliverables

Multi-skilled & multi-disciplined organisation.

Timely completion of any task

Affordable alternative to large firms

DIFFERENTIATORS

Risk Management is our main focus

Over 200 years of cumulative experience

Hybrid Delivery model

Ability to take on large and complex projects due to delivery capabilities

We Hold hands, not shake hands.

18

Risk Management Advisory Services

Training Recruitment

Basel II/III Advisory Market Risk

Credit Risk

Operational Risk

ICAAP

Corporate Risks Enterprise Risk Assessment

Fraud Risk

Risk based Internal Audit

Operations Risk

Forensic services

IT Risk Advisory IS Audit

IT Service Management

IT Assurance

IT Governance

Operational Risk Process reviews

Policy/ Process Review

Process Improvement

Compliance Risk

Insurance Risk

Governance Corporate Governance

Business Strategic risk

Fraud Risk

Forensic Accounting

Other Risks Business/Strategic Risk

Reputation Risk

Outsourcing Risk

Contractual Risk

Banking – E Learning

Corporate Training

Regular Risk Management Training

Online Training material

Workshops / Events

AML-KYC/ ISO standards- 31000

Independent Directors for Corporates

Virtual Risk Managers

Full Time Risk Professionals

Part time Risk Professionals

Risk Managers on call – free

S E

R V

I C

E S