The Role of Security & Privacy in EA Program

Slides:



Advertisements
Similar presentations
Checking & Corrective Action
Advertisements

Eastern cooperative oncology group ECOG ITrack Initiative Integrated Trial Development Process March 23, 2010 Donna Marinucci March 23, 2010 Donna Marinucci.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Turning Policy Into Reality Tony S Krzyżewski Director, Chief Technical Officer Protocol Policy Systems.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Agenda COBIT 5 Product Family Information Security COBIT 5 content
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works
The State of Security Management By Jim Reavis January 2003.
Accounting Information Systems Chapter Outlines
 Controls that provide security against internal and external threats  2 Types of access controls: › Physical controls › Logical controls.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
What is Program Management?
First Practice - Information Security Management System Implementation and ISO Certification.
Internal Auditing and Outsourcing
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
SecureAware Building an Information Security Management System.
Approaches for forest certification System versus performance ? Presentation prepared by Pierre Hauselmann for the WWF / WB Alliance Capacity building.
SEC835 Database and Web application security Information Security Architecture.
Social Media Jeevan Kaur, Michael Mai, Jing Jiang.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
NCHPS Fall Meeting CFR Part 37 Update. Reference: IMPLEMENTATION GUIDANCE FOR 10 CFR PART 37 PHYSICAL PROTECTION OF BYPRODUCT MATERIAL CATEGORY.
Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.
Dell Connected Security Solutions Simplify & unify.
Challenges in Infosecurity Practices at IT Organizations
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
Eliza de Guzman HTM 520 Health Information Exchange.
Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.
Audit Planning Process
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
Conducting Clinical Risk Assessments And Implementing Compliance Practices Jane L. Stratton Chiron Corporation VP/Associate General Counsel Chief Compliance.
RISK MANAGEMENT : JOURNEY OR DESTINATION ?. What is Risk? “ Any uncertain event that could significantly enhance or impede a Company’s ability to achieve.
Working with HIT Systems
ISO DOCUMENTATION. ISO Environmental Management Systems2 Lesson Learning Goals At the end of this lesson you should be able to:  Name.
IT Controls Global Technology Auditing Guide 1.
McGraw-Hill/Irwin © 2013 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 11 Computer Crime and Information Technology Security.
Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.
IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.
S3: Understanding the Business. Session objective To explain why understanding of the business of the entity is important for the auditor To explain why.
Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.
Checking and Corrective Action EPA Regions 9 & 10 and The Federal Network for Sustainability 2005.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,
IS3220 Information Technology Infrastructure Security
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.
An Overview on Risk Management
Governance & Control in ERP Systems
Chapter 9 Control, security and audit
CMGT 431 STUDY Lessons in Excellence--cmgt431study.com.
CMGT 431 STUDY Education for Service- -cmgt431study.com.
NRC Cyber Security Regulatory Overview
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Cyber Risk & Cyber Insurance - Overview
HIPAA Security Standards Final Rule
Cyber Security in a Risk Management Framework
Awareness and Auditor training kit
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Risk Management NDS Forum June 23rd 2010.
Presentation transcript:

The Role of Security & Privacy in EA Program And EA Trends Please read all relevant texts’ chapters notably Bernard Chapter 11 and 13…..

“Privacy is the shield that protects a person’s identity while actively sharing information via the web. Where privacy is about keeping the door locked, security is about the lock itself. Security is the actual online authentication and authorization protocols that networks use to protect information and the audit system used to verify the overall system’s effectiveness.” (O’Connell in IPSWITCH, 2011)

EA Project Management as a project management model Similar for an EA Program Management Plan Information security and privacy are important project governance & compliance requirements and is included as component in risk management requirements

EA Program’s Risk Mgt Sub-Plan Similar for an EA Program Management Plan Why & how information security and privacy incidents are regarded as enterprise risks can be explained via:

EA Program’s Security & Privacy sub-plan Similar for an EA Program Management Plan How Security & Privacy risks are managed is explained in an organisation’s corporate document and customised in the EA program mgt’s security & privacy plan:

Causes of Information Security & Privacy Risks & Key Prevention Areas Information design access & authentication due measures User Identification & training measures 3. Operations measures 4. Physical measures

EA Risk Management Vs EA PROGRAM Risk Management

EA Risk Management is everywhere in EA Program Plan EA is a meta-discipline that includes risk management that affects all its activities (Bernard, Chapter 1 - Page 34 & Chapter 11 – page 222)  every EA activity is part of a living EA risk management process Risk mgt details for stakeholder & business risks Risk mgt for integration & Standards compliance risks This requires understanding what risk mgt is about, which Bernard does not explain in details, but tutors can research and share insights with students Business case evaluates all the EA risks identified Risk mgt for EA program/project performance variance and quality risks Risk Management Processes : Risk classification Risk identification Initial Risk assessment Risk mitigation Risk Monitoring A very comprehensive Risk Mgt for security & privacy risks (http://pubs.opengroup.org/architecture/togaf9-doc/arch/chap31.html)

EA Program’s Risk Management Plan Is like a project’s risk management plan for controlling the project or program’s performance variance in terms of: Budget performance Quality (including testing) performance Timeline performance Project/program’s risk management is NOT EA risk management which is about ensuring EA modelling and management work complies to EA standards and corporate/project governance policies/standards/guides.

EA Security & Privacy Plan As an EA Component “There is no 100% foolproof security because EA components are designed and managed by humans and “insider” access is the ultimate threat which cannot completely be overcome” (Bernard, page 231) Guides the design, implementation and use of protective controls for every EA component

Trends

Future Trends in EA Bernard, Chapter 13 Generally trends can pose as opportunities & threats. When EA trends create new or grow existing EA practice problems , they can be regarded as new and emerging or existing and growing EA issues

More EA Trends Not all EA trends are EA issues

More EA Trends Impacts of new technology designs on EA Trends Not all EA trends are EA issues

More EA Trends Impacts of new technology designs on EA Trends In order to identify Big Data Trend’s impacts on EA practice, one needs to firstly understand what is Big Data, its enterprise ramifications, including complexity challenges. Not all Big Data Trends impact EA practice. Not all EA trends are EA issues