Author: bartvanl

Hi All!

Thanks for visiting our site!

Moralits stands for “Managing Operational Risks Ánd Leveraging IT Security”.  But what does that means?

For us, it means actually that best practices in Operational Risk Management is powering up your IT Security  at the same time. Or…vice versa: Powerful IT Security leads  to best practices in Operational Risk Management. But how then?

Moralits Moving Stars compose a set of tools to achieve this:

  • Compliance Mapping:  Re-using the same Controls Set for different regulations and different Best Practice frameworks in order to align your Business Goals, Business Requirements and your regulatory requirements: We developed a “4 M’s”method to supports this. This will result in substantially reduction of audit time and therefore contribute to Best Practices in Operational Risk Management and Powerful IT Security
  • Automate Audits via Audit tools or even MS Excel! Substantially reduction of audit time and therefore contributing to Best Practices in Operational Risk Management and Powerful IT Security is also achieved by automating your audits: faster and more accurate too. Audits are not always done by the 3rd line of defense: The 2nd and 1st lines of defense can pro-actively doing the audits too, in order to improve on your own findings before Audit comes to evaluate. Moralits can support you in Identifying exceptional items, Performing analyses, Checking calculations, Cross-matching data between systems, Testing for gaps and duplicates and Sampling. Look here for an overview how:
  • Pro-active Auditing:  As already mentioned in previous sections of this post, Moralits considers the reduction of audit time a definite “win” in achieving Best Practices for Operational Risk Management and for IT Security. We facilitate RCSA’s (Risk Control Self Assessments) and other ways of assessments like sprint- and  backlogs  reviews, project plans and so on to achieve this reduction.  Your teams have more time to learn, innovate and develop when auditors are not so long around.
  • GRC Tooling: Moralits can help your organization by configuring your GRC tools effectively for Managing risks assessments, audits, frameworks, reporting and workflow’s.  We experienced that alignment between the following repositories is key:  Risks, Controls, Regulatory Requirements, Business Requirements/Policies, Frameworks, Assessment Results and Follow-up Actions and Findings. See here our graphical overview of those repositories:
  • IT Security Management: Access Management & Security Monitoring and the correct management of Security Tooling are inevitable for proper Operational Management Practices and for IT Security Management. These are the milestones or solid bases to start with! Things like Segregation of Duties, creating profiles and knowing which events and configuration items to monitor items are key here!
  • Spreadsheet Security: We, within Moralits, often refer to key spreadsheets as the golden forgotten ones….Often they are the real crown jewels due to the easy and fast to use functionalities….But the data used in spreadsheets, are they also well protected as the applications where they are extract from? Learn more about our approach!
  • DTAP Security: To achieve Best Practices for Operational Risk Management and Leveraged IT Security, we have to look to all phases of the development of application. Moralits Moving Stars have substantial experiences in secure code review solutions, Separated test environments creations, in creating representative test-data and we have guidelines for secure promotion to production.

It maybe looks like a set of unrelated tools or disciplines, but it isn’t……In future posts I will provide here posts regarding business cases and studies by zooming in on one of the items above and I will show the relation it has with all other items above,  e.g: