Group Security - SCO

Page tree


                                           

Risk

Advances in technology have contributed to a continued increase in security breaches and cyber threats. 

Cyber criminals constantly find new ways to breach systems and steal valuable data or disrupt businesses.  This can lead to businesses suffering irreparable losses and damage to their reputation.

Implementing a robust Cyber Security Risk Program 

will:

  • Reduce Vulnerabilities
  • Ensure Better Security Compliance
  • Improve Business Reputation
  • Help Gain Competitive Advantage
  • Minimize Downtime

Risk Committee Meeting Governance

  • Regular Meetings (Bi-Weekly):
  • Vehicle for DT and Group Security Leadership to assess requests for exceptions and identified High and Very High cyber risk items.
  • Exception Requestor/Technical Risk Owner will attend to present their exception request.
    • SMEs on hand to answer questions.
  • Requests will be formally approved or denied.
    • Approved exceptions will have the risk entered in the Risk Registry - SimpleRisk
  • Risks that have exceeded their deadline for remediation will be reviewed with the Technical Risk Owner in person. 
    • Reasons for missing deadline, new deadline (exception extension request must be completed), impact rated.

Risk Management Tooling

SIMPLERISK

Web Based Risk Register

  • Capture, categorize, assign and track risk through its lifecycle.  
  • Automate follow up.
  • Group delegation - enables individual groups to manage and report on their specific risks.   
  • Dashboard reporting with a high degree of customizable granularity.    

RADAR   

Risk Based IT project Control Tool                                                                                          

  • Series of Questions to identify the major risks of every application and IT Project.
  • Used at the very beginning of a project or an idea generation.
  • Generates a unique report highlighting the major legal, cyber, reputation and purchasing risks of a project.

SENTRI

Risk Based Asset Classification and Security Control Tool

  • Series of questions aimed at asset type as well as data confidentiality, integrity, availability and business impact..'
  • Delivers a simplified and targeted set of security controls based on security industry standards.
  • Includes the ability to declare regulated data..










USEFUL LINKS

        SimpleRisk Links:

        Exceptions:

        RADAR/SENTRI:

        Return to:

       Contact Us!


Contacts