This solution is a web based, effective and collaborative solution to project risk management, it allows for an effective business process that allows both the project management team and the risk management team to address project issues as it progresses through its lifecycle.
Project manager - can create a project and manage the progress of his/her project through its milestones and can oversee how all its risks are identified and managed.
Fraud, Risk or Security (compliance) - can interface with the project team and have new projects, changes or business unit ideas assessed for risks and provide resolution.
1. Project & change
Risk management
A web based tool for Compliance/Information security team to
engage projects and changes to the infrastructure
www.riesgoriskmanagement.com
By
Ben Oguntala
Ben.oguntala@riesgoriskmanagement.com
www.riesgoriskmanagement.com
2. Introduction
Project manager - can create a
Start cycle project and manage the progress of
his/her project through its milestones
and can oversee how all its risks are
identified and managed.
Engage
Approval
project team
Fraud, Risk or Security (compliance) -
can interface with the project team
and have new projects, changes or
business unit ideas assessed for risks
and provide resolution.
Risk Complete This solution is a web based, effective
management survey and collaborative solution to project
risk management, it allows for an
effective business process that allows
both the project management team
Initial risk and the risk management team to
assessment address project issues as it progresses
through its lifecycle.
www.riesgoriskmanagement.com
3. Process overview
Capturing project/change risk management lifecycle
Risk assurance
Information security/compliance Forum
Fraud
Security Risk Risk
Project policies Acceptance review
form
Risk assessment
mitigation
Engagement
Change PCI DSS
Risk
Suppliers Data
security
register
Business
Risk
units ISO27001
FSA
register
Project
www.riesgoriskmanagement.com
4. Information security project
engagement solution overview
Project Information Risk
Project Business
management security or assurance
manager analyst
office compliance forum
Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
acceptance
Risk review
form
Risk
register
Project
A simple web based tool that capture changes to your organisation’s framework providing a
consolidated platform to manage potential risks to your estate.
www.riesgoriskmanagement.com
5. The key participants
Information
Programme Project Risk Risk Assurance
security or
management management Management forum
compliance
Light touch
Project Project Senior
FRS survey option (Fast
approval management management
track)
Business
Change FRS project
Project team impact Risk Register
approval allocation
assessment
Supplier or Project Risk
Project BIA
business unit Milestone acceptance
milestone stakeholders
approval Gate approval form
Project
Risk
funding Risk review
identification
control
The web based tool ensures that the key participants are engaged and the business processes
ensures a consistent approach to all projects/changes.
www.riesgoriskmanagement.com
6. The business process
SPMB RAF
Sys admin Programme Project office FRS manager FRS consultant Risk Assurance
office forum
Assess
Project project risk Accept Review
System allocation to survey assigned project risk
administration Project PM projects register
initiation results
SPMB Assess Risk
(Programme Project cost Upload FRS resource project and acceptance
office) users code project allocation carry out form
allocation details
risk approval
FRS assessment
Fraud/Risk/Security Update Project risk
Handover to
Users project management Find risk
project
resources mitigations
RAF management Periodic
(Risk Assurance Assign review of the
Forum) projects to Raise project risk register
Complete
Users risk risk in the
FRS survey
consultant risk register
The tool ensures that the business process engages the right units at the right time and
ensures that there are no redundant or neglected elements within the operation.
www.riesgoriskmanagement.com
7. The lifecycle
Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
The next sets of slides will take you
through the lifecycle of the tool
demonstrating how each stage is
designed to address the objective of
risk management and enforcement of
compliance.
www.riesgoriskmanagement.com
8. System Admin: Account setup
Each account is set up via email and the user will be expected to change their default
password upon first login
www.riesgoriskmanagement.com
9. Project list overview
The list shows the number of projects and the activities throughout their lifecycle.
www.riesgoriskmanagement.com
10. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Project registration (1)
For each project, the Programme team can provide as much details as possible about the
www.riesgoriskmanagement.com
project.
11. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Project registration (2)
The programme team will be able to see the list of project and the approval dates, this
www.riesgoriskmanagement.com
provide them with the ability to have corporate governance for the projects.
12. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Project registration (3): project status
The aim of the project status is to allow the users to capture what stage the project is
throughout its lifecycle, green indicated passed and red indicates current position.
www.riesgoriskmanagement.com
13. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Project registration (4): project status
General project information
Project sponsors and dates
Project milestones
www.riesgoriskmanagement.com
14. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Project manager allocation (1): Assigning a project manager
A project manager is allocated to the www.riesgoriskmanagement.com an alert to the Project manager,
project and this triggers
creating his account, if new and moving the project to his queue to acknowledge.
16. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Project manager allocation (3): project list & dashboard
Project list displays the number of projects
the project manager has been allocated, he
can also henceforth add his own projects.
For each project there is a dashboard that
displays the details of the project as it
progresses.
www.riesgoriskmanagement.com
17. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Project manager allocation (4): Project team
The project manager is able to add the project team on to the project, these can include the
Business analyst, Architect, Test team, developers e.t.c. The aim is to ensure all participants are
www.riesgoriskmanagement.com
working from a central repository and all information can be communicated centrally.
18. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Project documentation
All team members will be able to
provide their relevant information
about the project.
If the project has a Teamroom
where documentations are stored
the URL can be added in order to
other participants to view.
If there are other sites that are
related these can be added as
central sites as well.
If required, documentation may
be attached locally.
Types of documentations include:
PID, BRS, HLD, LLD, test plan and
others.
www.riesgoriskmanagement.com
19. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Information security survey(1): overview
Each project will complete an information security survey, this survey will provide
an initial assessment of the project and automatically score the project.
The PM can delegate this task to any member of the project team or can complete
it himself or herself.
If the Project is scored as low then there is no further engagement required,
however if medium or high a business impact assessment will be carried out.
www.riesgoriskmanagement.com
20. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Information security survey(2): Fraud, risk or security survey
A series of questions designed to capture
the business impact that the project may
have. The questions can be customised to
fit your particular environment.
Once completed, the submit button triggers
the automatic assessment. www.riesgoriskmanagement.com
21. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Information security survey(2): survey result
The result shows how the project has been
scored and the result against each section.
Projects can score:
-High
-Medium
-Low
The projects scored medium or high are more
likely to have security risks and require an in-
depth assessments.
www.riesgoriskmanagement.com
22. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Information security survey(3): project survey result
Each project, will have its survey resulted listed against and will be visible to all the
participants in the project.
Projects that score medium or high will automatically be placed onto the Fraud,
Risk or security (compliance) radar for a business impact assessment.
www.riesgoriskmanagement.com
23. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Risk assessment (1): Project allocation to Consultant
Fraud, Risk or
Security(compliance) team will
receive all Medium and High
risks. The team manager can
assign the project to a
Consultant and the project will
be listed on the Consultant’s
queue.
www.riesgoriskmanagement.com
24. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Risk assessment (2): Invitation of state stakeholders
If the Consultant requires to invite other stakeholders or specialists (i.e. Penetration
Testers, Legal, PCI DSS QSA, Firewall operations, e.t.c.) or can carry out the operation.
www.riesgoriskmanagement.com
25. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Risk assessment (2): Business Impact Assessment
Consultant can create the Business impact assessment for the project by uploading the
completed the risk assessment document and also get add the assessment of other
www.riesgoriskmanagement.com
stakeholders.
26. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Risk assessment (3): Business Impact Assessment
Consultant can upload BIA risk assessment document or add the URL where the BIA is held
and set the BIA status. Once completed the project now reflects that the business impact
assessment has been carried out orwww.riesgoriskmanagement.com
is in progress.
27. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Risk mitigations(1): project risk registrations
New risks for the project can be
registered against the project. The
risk will include the business
impact, likelihood of occurrence,
residual risks and risk owner.
The risks are stored in the risk
register for the Risk assurance
forum (Senior managers) to
accept, reject, transfer or mitigate.
register
Risk
www.riesgoriskmanagement.com
28. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Risk mitigations(2): Risk Register
The risk register contains the risk register for all the projects and the Risk Assurance Forum
can assess each risk and decide on a resolution of the risks.
www.riesgoriskmanagement.com
29. Project Information
register
Project Project Risk Risk
Manager security
Risk
registration documentation assessment mitigation
allocation survey
Risk mitigations(3): Risk Register
Once the Risks are resolved the project can be moved forward for approval and
progressed through the project milestones.
www.riesgoriskmanagement.com