24 February 2006

OPS Risk: From Basel to the Hearing Room...

The Basel Committee on Banking Supervision, an arm of Switzerland-based Bank for International Settlements, has defined the Basel II capital adequacy requirements for global banks. One of the committee's principal goals is to reduce risk in the financial system worldwide by aligning each banks capital requirements to more accurately reflect its credit, market and operational risks.

Archer Technologies (Archer), a leader in enterprise security and compliance solutions, has announced the release of its Vendor Management solution. Vendor Management enables organizations to consolidate disparate vendor information into a single application to optimize resources and reduce risk. Archer also announced its expansion into operational risk management with the introduction of the Sarbanes-Oxley (SOX) Compliance Management solution. This new offering complements Archer's Vendor Management product and enables companies to dramatically decrease the cost and effort associated with SOX compliance.

The significance of the new modules from Archer could be summed up in one or two words.



Due to the number of financial institutions currently utilizing these solutions for Enterprise Security Management it makes sense to add the modules that intersect with the Enterprise Risk Mission Critical Activities. Operational Risk Management is converging with some of the elements of the traditional CISO job function. Just ask any CISO (Chief Information Security Officer) at a public institution about the number of times the audit teams have been knocking on the door trying to get access.

The relevance of supply chain management and SOX Management modules for the CISO has to do with the real essence of what Operational Risk is all about. Three years ago just managing threats to the desktop PC's, Web Servers and other vital E-Commerce functions was enough. Not anymore.

Now you must add your inteligence feeds from providers such as iJet, OSAC, iDefense, Shavlik, and Stratfor. Then you combine your Real Estate assets including facilities, Gulfstream G5's and create a correlation of real-time enterprise risk to give you a 360-degree view. Combine this with a monitoring system for the ever changing controls in your ERP system and now you have a holistic mechanism for mananging Operational Risk in your enterprise.

That's the easy part. The hard part is yet to be done. The correlated information still requires the grey matter to make faster and more relevant decisions to accept, transfer or mitigate this threat. What are the implications of each? When do I act? How do I execute? All the knowledge from your tools and systems still leaves the most difficult aspect of Enterprise Risk Management.

Just ask all of the people sitting in SOC's, JFO's or any center where a fusion of information is creating the knowledge necessary to make these decisions. They all have the same answer:

You must create a “culture of preparedness” in which all people share responsibility for corporate risk management and homeland security. This includes strong partnerships between federal, state and local governments and especially the private sector. You never know where or when your next incident is going to occur:

The Phoenix hostage incident began about 3:30 p.m. (5:30 p.m. ET) when a man entered the offices of the National Labor Relations Board, grabbed a secretary and took her into a room where a hearing was being held, said Gordon Jorgensen, who retired last month from the board and had spoken with some of the NLRB employees.

"The guy was apparently in our reception area and wanted to talk to someone and ... one of our secretaries walked by. He pulled a gun on her" and escorted her into the room, where a hearing was being held.

One woman escaped early in the evening and a second woman was released about an hour before the man surrendered.

Dozens of police and fire crews were on the scene, and authorities evacuated the building and sealed the area.

No comments:

Post a Comment