Skip to main content

GovWare 2022 Full Agenda

GovWare 2023 Temp Background


Three Lines of Defence for Cyber Risk Management: Security Checks and Balances

19 Oct 2022
Level 3, Room GW1 | Sands Expo and Convention Centre
Risk-Based Approach to Cybersecurity

Cyber risk is now a key risk that is on the agenda of the board and senior management. It is important to have the right structure and framework to allow adequate checks and balances, and to ensure that cyber risks are identified and managed at organisational level, instead of being left to the CISO and/or cyber security team. It is also important to recognise that Cyber is not purely a technology issue. It needs the right combination of People, Process and Technology as a holistic risk management approach. Three Lines of Defence model has been used in the financial services industry for many years for Governance, Risk management and Compliance (GRC). It can serve as a best practice for the government sector too. While Management function owns the risk as the first line of defence, the Risk and Compliance (2nd line) and Internal Audit (3rd line) functions serve as essential checks and balances.


Clemence Tan, Partner, Cyber Business Solutions and Services - NCS Group