Roadmap Trivia Part 2

To implement integrated risk assessment processes to measure the effectiveness of information security controls.

To enable a balanced set of security controls to reduce the Company’s risk profile.

Web Application Security Testing

Information Security Incident Testing

Information Security Consulting

Information Risk Assessment (IRA)

Provide information security training and awareness campaigns

Improve efficiency through standardization, automation, self-services

Enhance the reporting capabilities at the services level and use metrics to measure success

All of the above

Management Focus

People focus

Implementation Focus

Integrate the IRA process with Global Release Management Process

Implement SLAs on all services, for a better resources’ allocation

No formal training required on new technologies< security testing techniques, information risk management frameworks

Technology Risk Management

Technology Risk Audit

Technology Risk SOX

Vendor assessments moved to Procurement end of 2020 – transition work early 2021

IT Audit support in collaboration with RCSA team

IT SOX scoping of changes and new systems

On time delivery of IT SOX Audit with no significant deficiencies

Improve efficiency through the increased use of process and tool automation

All of the above

Continue to balance the What and How of getting things done

Participate in Employee Engagement activities

Work independently with other 1st line assurance teams, Global Risk, 2^nd line, and business teams on cross-segment assessments, standards reviews, and projects

5

7

3

0