Profile cover photo
Profile photo
Ayilur Ramnath
70 followers -
The Coach n Consultant
The Coach n Consultant

70 followers
About
Posts

Post has attachment
Whats the best way to clear CISM exam? Many aspirants ask me this question. Simple answer is - understand the way the questions are asked and the 'expected' answer, by clearly understanding 'how things HAVE TO BE DONE' by reading the manual. Not simple enough? Okay..Understand the question first, what the question is about and the perspective of the question. The CRM (Review Manual) very clearly explains how various activities have to be performed to achieve the results, ie, the ideal ways of doing things. This may, sometimes, conflict with our current understanding of how things are being done in our respective organisations. Change this understanding. Once you have the correct understanding (from the CRM), you can eliminate the (two) wrong answer options easily. Then closely look at the other two answer options. Now you look for the 'best fit' in the given scenario. (Mostly) go with your first instinct. That would be right.

Recently delivered a CISM Exam Prep session for a bunch of aspirants who are seasoned security professionals. Well received session with lots of questions discussions.

#CISM #ISACA #ISOIEC27001 #GRCMentor #CISMExamPrep #informationsecurity
Photo
Add a comment...

Post has attachment
Architecture has always been a highly technical concept for many. Is it not? Yes, it is..Is it really, completely technical? No, its not..! Understanding the ecosystem, the enterprise goals, business/consumer needs and then aligning the technology is the key in any architectural construct.

Just completed a Professional Cloud Solution Architect course (from Cloud Credential Council) delivery for a caboodle of technology (cloud) professionals from a New York-based information technology and consulting company focused on the financial services industry including capital markets, insurance, banking and digital. The session was interspersed with technological concepts and business concepts that an architect should be knowledgeable on, to align. The security architecture and the service architecture components that contribute to the solution architecture and how they get superimposed was one of the key topics covered.

#cloudcomputing #cloudarchitecture #cloudcredentialcouncil #CCC #EXIN #GRCMentor #cloudarchitect #cloudsecurity
Photo
Add a comment...

Post has attachment
Aspirants of information security certifications first look at CISM as an option, especially, when it comes to a high reputation one and suitable for managerial level professionals. However, to understand the information security fundamentals, it is always good to learn ISO/IEC 27001:2013 upon which any other security component / knowledge can be built. In my opinion, ISO/IEC 27001 controls well interpreted is what CISM CRM is, with lots of elaborations, especially, on technical concepts. Understanding the ISO/IEC 27K structure and then reading CISM CRM would help a candidate easily pass CISM exam.

Recently, delivered a CISM Exam Preparatory training course for a gang of security professionals from a multinational bank, the fourth largest bank in the USA by total assets. Another session with ardent learners glued to their seats with abundant thirst for knowledge. Connecting ISO 27K and CISM CRM contents was a breeze and enjoyable.

#iso27001 #cism #grcmentor #isaca #informationsecurity #securitycertification #riskmanagement
Photo
Add a comment...

Post has attachment
Its again about Enterprise Risk Management. It is often underestimated by organisations the importance of risk management. In a recent COBIT 5 based assessment, I came across an organisation which boasts of performing risk related activities meticulously by conducting weekly global reviews of risks and actions. On one single question, the CRO became defenseless - whats your risk appetite? Organisations get into activities to mitigate risks even without having an understanding of their risk appetite and risk tolerance.

Learn ISO 31000:2018 based risk management methodology. It gives an excellent perspective on risk management at all levels/functions in the organsiation.

Recently delivered two hands on sessions of Certified Risk Manager - workshops - for an American multinational investment bank and financial services company headquartered in New York City. This was fourth session consecutively.

#ISO31000 #riskmanagement #ERM #riskgovernance #riskoptimization #GRCMentor #CRM
Photo
Photo
10/3/18
2 Photos - View album
Add a comment...

Post has attachment
Information security has become a focussed area for all the organisations due to data breaches and increasing regulatory (and contractual) requirements. Hence the need for security professionals has increased. I keep facing simple questions quite often: what is the entry point to infosec? Where/what to start with? The simple answer is learn ISO27001. This standard enables one to have a very good structured understanding of infosec and helps building further on it.

Recently delivered a workshop on ISO/IEC 27001:2013 Lead Auditor (IRCA accredited) for a bunch of professionals from an Global IT conglomerate. Very enthusiastic learners indeed..

Contact me for global delivery of infosec courses, especially IRCA accredited ISO 27001 Lead Auditor course.

#informationsecurity #ISO27001 #leadauditor #IRCA #GRCMentor #grc #security #cybersecurity
Photo
Add a comment...

Post has attachment
Most of the organisations do not realise the need for and importance of managing risks in a very systematic manner, at all levels in the organisation. Traditional risk documents have been copied in new environments as a ritual to show they have risk management performed. Are they really aware of the potential for a loss or gain? Not really...The changing environments eg: technology), customer and regulatory requirements emphasise the need for a systematic approach in risk management.

ISO31000:2018 provides with a beautiful framework to handle risks in an enterprise. At any level in the enterprise, risks can be managed by defining a framework using ISO31000 guidance.

Currently work with a few organisations enabling them to manage their risks formally and seriously.

Delivered recently a workshop based on ISO31000:2018 leading to 'Certified Risk Manager' certification.

#ISO31000 #riskmanagement #GRCMentor #risk #enterpriseriskmanagement #grc
Photo
Add a comment...

Post has attachment
COBIT 5 provides with a clear perspective on how the 'Enterprise IT' should be governed and managed. Most of the occasions, governance and management are interchangeably used in organisations. Learning the framework is advantageous for organisations to ensure the governance.

Recently delivered a couple of COBIT 5 Foundation session for a German global bank where the delegates were excited to learn the concepts in a structured manner with practical insights.
Photo
Photo
9/9/18
2 Photos - View album
Add a comment...

Post has attachment
Its now Risk Management workshop for the delegates from a US conglomerate.

Out of the three things related to risk - risk event, risk cause and risk effect - people tend to capture the risk cause as risk event; utterly wrong. Probably the reason is that only risk cause can be controlled. Distinguishing these together with the context setting is important to manage risks effectively. ISO 31000:2018 helps an organisation to create a good framework to manage risks at all levels.

While discussing the guidance from ISO 31000, the concepts from MoR, NIST, CRISC BoK, COSO ERM, COBIT 5 etc were also brought in order to give a broader and clearer perspective to the delegates. Another hands on session on ISO 31000:2018 delivered with declamatory discussions.

#cybersecurity #riskmanagement #iso31000 #ERM #GRCMentor #MoR #nist #COBIT5
Photo
Add a comment...

Post has attachment
At the conclusion of a CPEGP (EU GDPR) session at a fast paced technology and consulting company. Torrid learners who took the session very seriously (08-Feb)
Photo
Add a comment...

Post has attachment
Concluded another CPEGP (EU GDPR) workshop. Yet another exciting session with lots of deliberations and debates on implementation nuances..(23-Jan)
Photo
Add a comment...
Wait while more posts are being loaded