Presentation is loading. Please wait.

Presentation is loading. Please wait.

MASTER - FP7-216917 From High-level Regulations to Compliance Management Policies Beatriz Gallego – Nicasio Crespo PoFI 2011 June 9, 2011 - Pisa, Italy.

Published byErnest Craig Modified over 9 years ago

Similar presentations

Presentation on theme: "MASTER - FP7-216917 From High-level Regulations to Compliance Management Policies Beatriz Gallego – Nicasio Crespo PoFI 2011 June 9, 2011 - Pisa, Italy."— Presentation transcript:

1 MASTER - FP7-216917 From High-level Regulations to Compliance Management Policies Beatriz Gallego – Nicasio Crespo PoFI 2011 June 9, 2011 - Pisa, Italy

2 MASTER - FP7-216917 Compliance challenges for dynamic Enterprise collaboration 2 ■Classic outsourcing becomes iterative and dynamic ■Increased use of dynamically composed services ■Contractual relationships change quickly and frequently ■Different regulations and legal framework may apply ■Lack of visibility and control ■secure and trustworthy collaboration ■organization’s regulatory compliance across a chain of composed services

3 MASTER - FP7-216917 The MASTER solution ■Management of regulatory compliance ■Security assurance for collaboration amongst enterprises ■Compliance of business processes across trust domains ■Compliance governance engine aligned with Deming Cycle paradigm ■Models, concepts, technology 3 Design Enforcement Monitoring Assessment Control Process Risk Analysis Metrics KAI (Key Assurance Indicator) KSI (Key Security Indicator) SOA-based technical architecture Source: Karn-b [http://karnbulsuk.blogspot.com/]

4 MASTER - FP7-216917 The MASTER design problem Model-based transformation of high-level compliance requirements into executable policies that enable enforcement and assessment mechanisms ■MASTER Methodology ■Methodological support to specify MASTER compliance policies: monitoring, enforcement and assessment ■Based on the Deming Cycle phases with emphasis on three pillars ■Controls ■Risk ■Indicators ■MASTER Design Workbench ■Specification of high level policies (including regulations, standards, internal policy, etc...) in a structured form ■Business Context Model ■Protection & Assessment Model ■Generation of policies that will configure the MASTER supporting infrastructure 4

5 MASTER - FP7-216917 MASTER Design process ■Analyse the Business Context ■Processes, services, resources, organization hierarchy ■Establish Control Objectives and KAIs ■Based on results of Risk Assessment ■Control Objective Refinement ■Establish Control Activities ■Security best practices, ISO 27002, etc ■Design Control Processes and KSIs ■Repository of models for security/regulatory best practices: PRMs ■Verify the Design of Control Processes ■Implement Control Processes and Indicators ■Define monitoring, enforcement and assessment mechanisms ■Generate MASTER policies 5

6 MASTER - FP7-216917 MASTER Design workbench 6 Target (business) process, services and infrastructure Regulations and codes of practice Corporate policies and governance culture Design process Verification Model Design Model Policy Model Indicators Control Objectives Control Activities MASTER Policy Control Processes Threat scenarios Business Process Evidence Model

7 MASTER - FP7-216917 Model transformations 7

8 MASTER - FP7-216917 Contact Beatriz Gallego-Nicasio Crespo Atos Research & Innovation (ARI) Atos Origin, Spain beatriz.gallego-nicasio@atosorigin.com http://www.master-fp7.eu Questions? Thank you!

Download ppt "MASTER - FP7-216917 From High-level Regulations to Compliance Management Policies Beatriz Gallego – Nicasio Crespo PoFI 2011 June 9, 2011 - Pisa, Italy."

Similar presentations

Rob Kella - Chief Risk Officer

Rob Kella - Chief Risk Officer
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
An Introduction Ms. Rhona Jennings Sponsors: Mental Health Commission, Health Service Executive, St. Patrick’s University Hospital and St. John of God.

An Introduction Ms. Rhona Jennings Sponsors: Mental Health Commission, Health Service Executive, St. Patrick’s University Hospital and St. John of God.
Business Architecture

Business Architecture
Applying the SOA RA --------------------- Utah Public Safety ESB Project Utah Department of Technology Services April 10, 2008 Prepared by Robert Woolley.

Applying the SOA RA Utah Public Safety ESB Project Utah Department of Technology Services April 10, 2008 Prepared by Robert Woolley.
Guidelines and Tools for ADM

Guidelines and Tools for ADM
Oncor’s EIM Program.

Oncor’s EIM Program.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
A Presentation for the Enterprise Architect © 2008 IBM Corporation IBM Technology Day - SOA SOA Governance Miroslav Petrek IT Software Architect

A Presentation for the Enterprise Architect © 2008 IBM Corporation IBM Technology Day - SOA SOA Governance Miroslav Petrek IT Software Architect
2003 Indigo Technology, Inc. All Rights Reserved Integrated Process Teams Process Management Quality Assurance Configuration and Data Management Program.

2003 Indigo Technology, Inc. All Rights Reserved Integrated Process Teams Process Management Quality Assurance Configuration and Data Management Program.
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE www.visible.com Holistic View of the Enterprise Business Development Operations.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
Improving IT Governance Through Formal Change Management

Improving IT Governance Through Formal Change Management
Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.

Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
Training.

Training.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.

LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.
Enterprise Architecture

Enterprise Architecture
Roy Sharples The art of hustling and gun slinging within the customer-oriented culture.

Roy Sharples The art of hustling and gun slinging within the customer-oriented culture.
Corporate Governance: Beyond Compliance at a time of Recession Prof. Ashley G. Frank BA(Econ)[Magna Cum Laude], MDPA (Cum Laude], MBA, MCom [Cum Laude],

Corporate Governance: Beyond Compliance at a time of Recession Prof. Ashley G. Frank BA(Econ)[Magna Cum Laude], MDPA (Cum Laude], MBA, MCom [Cum Laude],

Similar presentations

Ads by Google