5 layers of defense within the company to be applied Strategically at Organization level to prevent Regulatory audit findings or cyber breach at Strategic CXO level….
Rule of IOACE
Layer 1 :- RCSA ( Risk Control Self Assessment by ITGRC Team
Layer 2 :- Operational Risk /Infosec Risk reviews
Layer 3 :- Internal Audits /Information System Audits
Layer 4 :- Compliance Reviews by Internal Compliance Teams
Layer 5 :- External Independent Audits
Above 5 layers of defense in forms of audits/reviews highlighting gaps /findings needs to be fixed before regulatory audit by regulators….
CIO or CTO or CISO should NOT be crucified for Data Security Breach or Regulatory Audit findings instead above rule of 5 :- 5 layered defense approach to be used…
As I have played CIO/CTO/CISO role from Customer perspective , CGO & CDO perspective where I have sold products /services & provided consultancy … I have seen all 3 sides of the World… nothing can beat above 5 layered defense approach….
To know & discuss more please reach out to me at vramakrishna@cisplinc.com