Embed Size (px)
Citation preview
Copyrights © Reserved to Ahmed Ragab
CLOUD TRANSFORMATION PROGRAMS (CTPS) IN TODAY’S GRC WORLD
Process-Oriented Framework
Middle East Cloud & Big Data Conference and Exhibition | 12 - 13 November 2014
By: Ahmed Ragab, MSc, ISMS-LA
Consulting Services Manager
Panorama Consulting and Business SolutionsKuwait
November 2014Copyrights © Reserved to Ahmed Ragab
Copyrights © Reserved to Ahmed Ragab
TABLE OF CONTENTS
Wide Spectrum
Why Organizations consider CTP within a Compliance Framework?
CIO, CISO, Board and Compliance Concerns!
GRC Impact on Cloud Transformation Programs
Cloud Transformation Program (CTP) FrameworkCopyrights © Reserved to Ahmed Ragab
Copyrights © Reserved to Ahmed Ragab
Wide Spectrum
Business Dynamics
Aggressive Competitions against Investments
Time-To-Market/Value
KEY FACTS
IT Infrastructure Complexity
From Cost-Center IT to be Profit-Center
From IT-Centric Operations to Services-Oriented/On-
Demand
Cloud Computing
Information Security
Processes Alignment
CONCERNS
Risk Management
Compliance
Governance Framework
Program Management
Proper Change Management
Copyrights © Reserved to Ahmed Ragab
Copyrights © Reserved to Ahmed Ragab
WHY ORGANIZATION SHALL CONSIDER (CTP) WITHIN A COMPLIANCE FRAMEWORK?
G
Com
plia
nce
IT Services Management
Risk
IT Governance
Process Reengineering
Information Security
Project/Program Management
Assurance
RCCopyrights © Reserved to Ahmed Ragab
Copyrights © Reserved to Ahmed Ragab
WHY ORGANIZATION SHALL CONSIDER (CTP) WITHIN A COMPLIANCE FRAMEWORK?
IT Governance
IT Risk Management
Controls
Compliance
Assurance
IT Services Management
Processes/ Processes
Reengineering
Information Security
Program Management
Copyrights © Reserved to Ahmed Ragab
Copyrights © Reserved to Ahmed Ragab
CIO, CISO Board and Compliance Concerns!
AccessibilitiesMobilityBusiness
FunctionalitiesEasy-To-Use
System’s compatibility
Integrity
Customer (Internal/External)
Processes compliance
IT Audit ControlsInformation
SecurityOperational
risks
GRC Officers
ROITime-to-market
Revenues impactClient
satisfactionBusiness
scalability
Board Members
Data SecurityInformation
Assets ExposureVulnerabilities
and threats
CISO
Deployment model
TCOOrganization’s
Competency level
Right vendorCapable
implementerAgility
CIOs
Copyrights © Reserved to Ahmed Ragab
Copyrights © Reserved to Ahmed Ragab
GRC Impact on Cloud Transformation Programs
GRC models have been progressively improved till we reached GRC Capability Model proposed by OCEG. Saying this, If we consider this GRC model as principled performance for assuring successful cloud transformation program will come with the following assured benefits:-
Mature processes definitions Reliable processes assessment Robust controls Dynamic process change Agile framework for future processes scalability Compliance management Quantitative and qualitative performance indicators Service quality Reliable CAPEX, OPEX and TCO calculations More visibility and applicability of Chargeback and Showback Time-to-market Envisioning roadmap Business integrity People development and awareness
Copyrights © Reserved to Ahmed Ragab
Copyrights © Reserved to Ahmed Ragab
CLOUD TRANSFORMATION PROGRAM (CTP) FRAMEWORK
PEOPLE PROCESS TECHNOLOGY PROJECT MANAGEMENT
CONTINUAL IMPROVEMENT
MONITORING AND EVALUATION
IMPLEMENTATION
DESIGN
ANALYSIS
DISCOVERY
People KPIs
Process KPIs
Technology KPIs PM KPIs
G
RC
Copyrights © Reserved to Ahmed Ragab
THANK YOU
For any feedback or inquiry, please contact:-
Ahmed Ragab, MSc, ISMS-LA
+965 - 60036963 Copyrights © Reserved to Ahmed Ragab
