MASTER - FP7-216917 From High-level Regulations to Compliance Management Policies Beatriz Gallego – Nicasio Crespo PoFI 2011 June 9, 2011 - Pisa, Italy.

Slides:



Advertisements
Similar presentations
Rob Kella - Chief Risk Officer
Advertisements

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
An Introduction Ms. Rhona Jennings Sponsors: Mental Health Commission, Health Service Executive, St. Patrick’s University Hospital and St. John of God.
Business Architecture
Applying the SOA RA Utah Public Safety ESB Project Utah Department of Technology Services April 10, 2008 Prepared by Robert Woolley.
Guidelines and Tools for ADM
Oncor’s EIM Program.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
A Presentation for the Enterprise Architect © 2008 IBM Corporation IBM Technology Day - SOA SOA Governance Miroslav Petrek IT Software Architect
2003 Indigo Technology, Inc. All Rights Reserved Integrated Process Teams Process Management Quality Assurance Configuration and Data Management Program.
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
Improving IT Governance Through Formal Change Management
Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.
By Collin Smith COBIT Introduction By Collin Smith
Training.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.
Enterprise Architecture
Roy Sharples The art of hustling and gun slinging within the customer-oriented culture.
Corporate Governance: Beyond Compliance at a time of Recession Prof. Ashley G. Frank BA(Econ)[Magna Cum Laude], MDPA (Cum Laude], MBA, MCom [Cum Laude],
Emergence of identity and claim platforms Emergence of identity and claim platforms  Minimal disclosure claims vs identity citizen-centric eIdentity.
Getting Smarter with Information An Information Agenda Approach
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
Sai-innovations.com. Why we care about IA Review of Information Management statistics published by Gartner shows  Information is doubling every 2 years.
Evolving IT Framework Standards (Compliance and IT)
Business Analysis: A Business Unit Perspective International Institute of Business Analysis January 18, 2012.
Project Presentation.
Engineering, Operations & Technology | Information TechnologyAPEX | 1 Copyright © 2009 Boeing. All rights reserved. Architecture Concept UG D- DOC UG D-
Project Presentation.
Frankfurt (Germany), 6-9 June 2011 IT COMPLIANCE IN SMART GRIDS Martin Schaefer – Sweden – Session 6 – 0210.
The Challenge of IT-Business Alignment
OASIS WSQM TC Meeting Dugki Min. 컴퓨터공학부 건국대학교 Agenda 1. Roll Call 2. Review and approval of the agenda 3. Review and approval of the previous.
™ ™ © 2006, KDM Analytics Software Assurance Ecosystem and its Applications Djenana Campara Chief Executive Officer, KDM Analytics Board Director, Object.
The ISO Standards Get Familiar or Stay Away? PrivaTech Consulting Presenter: Fazila Nurani, B.A.Sc., (E.Eng.), LL.B., CIPP/C.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.
Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Managing Risk in New Computing Paradigms Applying FISMA Standards and Guidelines to Cloud Computing Workshop.
NETWORKED EUROPEAN SOFTWARE & SERVICES INITIATIVE Future research challenges in dependability - an industrial perspective from NESSI Aljosa Pasic Atos.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
IT GOVERNANCE  Objective : The objective of this area is to ensure that the Certified Information Systems Auditor ( CISA ) candidate understands and can.
1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System Managed Information Security.
11 November2014 RAILWAY SAFETY REGULATOR 2014/15 FINANCIAL YEAR QUARTER 1 & QUARTER 2 PROGRESS 1.
COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
® IBM Software Group © 2009 IBM Corporation Essentials of Modeling with the IBM Rational Software Architect, V7.5 Module 15: Traceability and Static Analysis.
Process Asad Ur Rehman Chief Technology Officer Feditec Enterprise.
© 2012 IBM Corporation IBM Security Systems 1 © 2012 IBM Corporation Cloud Security: Who do you trust? Martin Borrett Director of the IBM Institute for.
Program Management Office ͏ Project Management
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Aligning Business Process Architecture and Enterprise Architecture: A Model Driven - Service Oriented Approach Chris Capadouca Business Solutions Architect.
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
FROM PRINCIPLE TO PRACTICE: Implementing the Principles for Digital Development Perspectives and Recommendations from the Practitioner Community.
GRC: Aligning Policy, Risk and Compliance
Driving Value from IT Services using ITIL and COBIT 5 July 24, 2013 Gary Hardy ITWinners.
- Company Confidential - Corporate Overview March 2015.
What is EA? Program Pembudayaan EA & ISP KKM 2014 Ministry of Health 18 December 2014 Consulting.
© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.
Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.
Michael J. Novak ASQ Section 0511 Meeting, February 8, 2017
Design Rules for NBD – Network Based Defence
DT249/4 Information Systems Engineering Lecture 0
Transforming IT Management
Project Start-up This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No
AMI Security Roadmap April 13, 2007.
Project Start-up This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No
Matteo Merialdo RHEA Group Innovative aspects in cyber range solutions.
Awareness and Auditor training kit
Presentation transcript:

MASTER - FP From High-level Regulations to Compliance Management Policies Beatriz Gallego – Nicasio Crespo PoFI 2011 June 9, Pisa, Italy

MASTER - FP Compliance challenges for dynamic Enterprise collaboration 2 ■Classic outsourcing becomes iterative and dynamic ■Increased use of dynamically composed services ■Contractual relationships change quickly and frequently ■Different regulations and legal framework may apply ■Lack of visibility and control ■secure and trustworthy collaboration ■organization’s regulatory compliance across a chain of composed services

MASTER - FP The MASTER solution ■Management of regulatory compliance ■Security assurance for collaboration amongst enterprises ■Compliance of business processes across trust domains ■Compliance governance engine aligned with Deming Cycle paradigm ■Models, concepts, technology 3 Design Enforcement Monitoring Assessment Control Process Risk Analysis Metrics KAI (Key Assurance Indicator) KSI (Key Security Indicator) SOA-based technical architecture Source: Karn-b [

MASTER - FP The MASTER design problem Model-based transformation of high-level compliance requirements into executable policies that enable enforcement and assessment mechanisms ■MASTER Methodology ■Methodological support to specify MASTER compliance policies: monitoring, enforcement and assessment ■Based on the Deming Cycle phases with emphasis on three pillars ■Controls ■Risk ■Indicators ■MASTER Design Workbench ■Specification of high level policies (including regulations, standards, internal policy, etc...) in a structured form ■Business Context Model ■Protection & Assessment Model ■Generation of policies that will configure the MASTER supporting infrastructure 4

MASTER - FP MASTER Design process ■Analyse the Business Context ■Processes, services, resources, organization hierarchy ■Establish Control Objectives and KAIs ■Based on results of Risk Assessment ■Control Objective Refinement ■Establish Control Activities ■Security best practices, ISO 27002, etc ■Design Control Processes and KSIs ■Repository of models for security/regulatory best practices: PRMs ■Verify the Design of Control Processes ■Implement Control Processes and Indicators ■Define monitoring, enforcement and assessment mechanisms ■Generate MASTER policies 5

MASTER - FP MASTER Design workbench 6 Target (business) process, services and infrastructure Regulations and codes of practice Corporate policies and governance culture Design process Verification Model Design Model Policy Model Indicators Control Objectives Control Activities MASTER Policy Control Processes Threat scenarios Business Process Evidence Model

MASTER - FP Model transformations 7

MASTER - FP Contact Beatriz Gallego-Nicasio Crespo Atos Research & Innovation (ARI) Atos Origin, Spain Questions? Thank you!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.