How to formalise the decision process with all stakeholders, IT & business, to prioritise the mitigation actions based on the risk appetite and on the cost to remediate.
How to formalize and concretize the calculation of IT risks in order to enable CIOs to prioritize them effectively?
This is the question that Etienne Grangereau, IT Risk Management Process Owner, will answer in the first part of this conference, thanks to his experience at one of the players who best masters this exercise: Société Générale.
He will cover in particular:
- Some of the risks in the industry (data leakage, interruption of IT services, cybercrime attacks, internal fraud...)
- Their coverage by processes driven by the Production teams (ITIL, obsolescence & legacy, security management, resiliency & IT disaster recovery management, outsourcing services...)
- How to formalize and objectify the calculation of these IT risks in order to move away from less clear "expert opinion" visions
- The definition of the risk appetite, the objectives to be reached and the thresholds to be respected
The second part of the conference will be a round table of IT players with different levels of maturity in the deployment of IT risk management processes: some have taken the plunge; others are in the process of evaluating this approach. This think-tank and these discussions will help enrich your own process and bring critical topics to light!