KrisBudnik
Speaker: Kris Budnik, Director, Deloitte Security & Privacy Services

Presentation Topic: Managing Technology Risks: Enabling an “Assess Once, Test Once and Satisfy Many” approach

Presentation Abstract: 
Organisations are tasked with meeting a large number of technology compliance requirements including common practices (e.g. ISO27001, COBIT), industry standards (e.g. PCI DSS, DPA), regulation (e.g. SOX, Basel II, PPIA or PROATIA etc.), third party mandates as well as a range of internal policies and standards.  Many of these requirements cover similar aspects of the IT environment and companies often assess and manage these in a standalone manner or through siloed programmes.

The situation is complicated by the fact that organisations are also struggling to streamline these compliance programs; to reduce the cost and improve the quality of these programs; and to employ risk based rationalisations of control requirements.

In this presentation we will explore a practical approach to addressing this challenge and, through an effective rationalisation exercise, to implement an effective “Assess once, Test Once and Satisfy Many” programme.
About Kris Budnik:
Kris Budnik: Director, Deloitte Security & Privacy Services

Kris is an Enterprise Risk Services Director in Deloitte in charge of the Security & Privacy competency.  He has more than 12 years experience in Information Technology, 8 years of which he has spent with Deloitte Security & Privacy Services.

He has contributed to the development of the Deloitte Information Security Management framework (grounded in best practices such as ISO 17799, ISO 13335, COBIT and ISF Standard of Good Practice) and has led the implementation of Information Security Management Systems at a multitude of corporate and government institutions.  He has also consulted on major IT Governance initiatives to organisations in the health, manufacturing and retail sectors. 

Most recently, he has been involved in consulting in the information risk management space, particularly in respect to information and data classification, focussing on the practical implementation of IT focussed Governance, Risk and Compliance practices to facilitate regulatory compliance and privacy requirements.