BEGIN:VCALENDAR VERSION:2.0 PRODID:-//ISACA Chennai Chapter - ECPv4.9.4//NONSGML v1.0//EN CALSCALE:GREGORIAN METHOD:PUBLISH X-WR-CALNAME:ISACA Chennai Chapter X-ORIGINAL-URL:https://isaca-chennai.org X-WR-CALDESC:Events for ISACA Chennai Chapter BEGIN:VTIMEZONE TZID:"Asia/Kolkata" BEGIN:STANDARD TZOFFSETFROM:+0530 TZOFFSETTO:+0530 TZNAME:IST DTSTART:20210101T000000 END:STANDARD END:VTIMEZONE BEGIN:VEVENT DTSTART;TZID="Asia/Kolkata":20211211T154500 DTEND;TZID="Asia/Kolkata":20211211T190000 DTSTAMP:20240329T143341 CREATED:20211207T103359Z LAST-MODIFIED:20211207T103759Z UID:17391-1639237500-1639249200@isaca-chennai.org SUMMARY:Dec 2021 PDM: From ERM to CSRM' DESCRIPTION:15:45 – Virtual Networking\n16:00 – Greetings from ISACA Chennai Chapter\n16:03 – Monthly Security News Round-up\n16:25 – Chapter Updates and Speaker Introduction\n17:30 – From ERM to CSRM’ by Rohit Banerjee\n18:45 Q&A \nTopic Name: From ERM through CSRM to C-SCRM\, an overview journey from top of cyberrisk pyramid to the bottom\, using NIST and other best practices\nTopic Summary:\nIn the emergent context\, businesses and industries have faced tremendous challenges\, as demonstrated in the semiconductor shortage impacting to all the way to automotive industry\, and continued state-sponsored Advanced Persistent Threats (APTs) impacting not just the large enterprises but also the MIcro\, Small\, Medium Enterprises (MSMEs) and the common person as well\, through ransomware and spyware payloads hidden in “free” mobile apps. Hence\, the continued disruptions within the global logistics and supply chain systems\, and continued cyber attacks and breaches won’t vanish overnight\, and just detecting and responding to cyber incidents is not enough! In fact\, the quantum of cyber breaches at the MSME level is astronomically huge when cyberrisk impact is aggregated at MSME level\, however these MSME level risks are rarely consolidated or even reported. Perhaps\, a better approach would be to design a simple\, yet effective preventive cyberrisk program\, however as is the usual case\, most of the cybersecurity “experts” only focus on the technology components\, technology issues\, technology controls and technology risks\, rather than factoring the business risks at all. \nIn this webinar\, a brief overview of the Enterprise Risk Management in the business context will be discussed\, followed by an unlearning of a perspective that risk is always negative. The discussions would then consider human elements of behaviour\, attitude and EQ/EI with respect to risk-based decision making\, and then briefly explain the famous COSO ERM principles and components. The Portfolio\, Program\, Project risk pyramid will also be briefly touched upon\, before walking down the Strategy to Operations cycle of business risk decisions. After the ERM concepts\, the discussions will lead to overview perusal of recently published 2nd edition of ISACA’s Risk-IT framework and its cascading topography of I&T risks categories with special focus on cyber and information risks. That would be followed by a cursory glance of the other I&T risk best practices and frameworks and differences in their respective terminologies and taxonomies\, along with a visual analysis of the ERM to Cybersecurity Risk Management (CSRM) pipeline alignment with respect to NIST publications and other existing standards. Focus on supply chain risk management (SCRM)\, especially for ICT context will be continued\, along with special attention to Cyber Supply Chain Risk Management (C-SCRM)\, and how to leverage such alignments to improve business risk-based decisions. The discussion will finally close with walking through some of the common challenges\, pitfalls and cognitive biases while designing a high-level end-to-end CSRM and C-SCRM program\, and recommend the popular COBIT 2019 design guidelines to govern and manage the initiatives under one umbrella framework. \nBy the end of the webinar\, the participants should have at least a high-level understanding of the interactions and interrelations of different components and best practices relevant to cyberrisks\, business risk\, and designing risk appetite frameworks for their respective organisations. \nAgenda:\n• Understanding ERM business context\n• Accepting risk is both negative and positive\n• Taking risk decisions based on attitude and emotional intelligence\n• Introducing COSO ERM concepts\n• Cascading through Portfolio\, Program\, and Project risk pyramid\n• Assessing risk decisions within Strategy- to-Operations cycle\n• Reviewing Risk-IT framework’s risk topography\n• Focusing on I&T risks\, and cyberrisks\n• Differentiating between I&T risk taxonomies and terminologies\n• Aligning NIST CSF\, RMF\, CSRM\, C-SCRM with other best practices\n• Applying business risk decisions to cyber supply chain risk management\n• Avoiding common pitfalls\, biases\, and challenges in cyberrisks\n• Wrapping it up with COBIT 2019 EGIT design guidelines\n• Following through with reference materials \nSpeaker Bio:\nRohit Banerjee is an Enterprise IT Governance\, IT Risk and Compliance Trainer\, Consultant\, Auditor\, and Assessor\, with 20+ years of overall experience and 16+ years of professional IT experience in development\, deployment\, and delivery of Enterprise Software Solution leveraging CI/CD DevOps Strategies\, innovating and architecting e-Learning Solutions on Mobile and OTT Platforms\, drafting and publishing of cutting-edge IoT and Emergent Technologies Enterprise-wide Policies and SOPs\, implementing and consulting on Information Security and Cybersecurity Best Practices for MSMEs\, and enabling Business Process Re-engineering for e-Governance Transformation Initiatives. \nHis certifications include CRISC®\, CGEIT®\, COBIT® 5 NIST Cybersecurity Implementation Certified\, CSX® Cybersecurity Fundamentals\, Certified COBIT® 5 Assessor\, COBIT® 2019\, ISO/IEC 27001 Lead Auditor\, ISO/IEC 38500 Lead Corporate IT Governance Manager\, ISO 9001 Quality Management Systems Lead Implementer and Lead Auditor\, ISO- 21500 Lead Project Manager\, ISO/TS 29001 Oil and Gas Quality Management Systems Lead Implementer\, ITIL® V3 2011\, Certified Six Sigma Black Belt\, PMP®\, PRINCE2® & MSP® Registered Practitioner\, Certified Master Trainer and Facilitator and Certified Instructional Designer from CAMI USA. He was also CMMI-DEV V1.3 (Staged) Level 3 appraisal participant and process innovator\, and he is the only official APMG® Accredited COBIT® 5 Trainer\, and the first PECB® Certified Trainer for ISO IT Governance standard in Oman. He ranked first for CGEIT® in Muscat. \nHe is currently the Principal Consultant for MAGE IT Training and Consulting Private Limited\, and focuses on Middle East (Oman\, UAE\, Qatar\, KSA) and Africa (Mozambique\, Botswana\, Ghana\, Mauritius\, Sudan) regions to consult Ministries\, Government Agencies\, Public Sector Units\, Regulatory Authorities\, Law Enforcement Agencies\, etc. He was ex-Director at ISACA® Muscat Chapter for CGEIT®/CRISC® Certifications and ex Board Member of ISACA® Mumbai Chapter and served as Education Chair and Joint Program Chair. He also serves as ISACA® International volunteer and PMI® International volunteer. He has delivered many seminars in academic as well as professional forums. He has also authored technical research papers and articles\, and has been published in international academic journals and trade magazines. \n URL:https://isaca-chennai.org/events/dec-2021-pdm-from-erm-to-csrm/ LOCATION:Virtual Event\, India CATEGORIES:PDM ORGANIZER;CN="ISACA%20Chennai%20Chapter":MAILTO:officemanager@isaca-chennai.org / hon.secretary@isaca-chennai.org END:VEVENT END:VCALENDAR