of 9/9
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM *** Mark E.S. Bernard, CISSP, CISM, CRISC, CISA, CGEIT, CNA, Twitter; @Security_KM LinkedIn; http://ca.linkedin.com/in/markesbernard

Mark E.S. Bernard, CISSP, CISM, CRISC, CISA, CGEIT, CNA ... · *** this document has been classified for public distribution by securekm *** mark e.s. bernard, cissp, cism, crisc,

  • View
    0

  • Download
    0

Embed Size (px)

Text of Mark E.S. Bernard, CISSP, CISM, CRISC, CISA, CGEIT, CNA ... · *** this document has been...

  • *** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***

    Mark E.S. Bernard, CISSP, CISM, CRISC, CISA, CGEIT, CNA,

    Twitter; @Security_KMLinkedIn; http://ca.linkedin.com/in/markesbernard

  • The Assets at risk potentially leading to

    a breach of Data Protection & loss of

    Confidentiality include ‘People’,

    ‘Information’, ‘Property /Facilities’, ’Software /Systems’,

    ‘Hardware’, ‘Telecommunications’

    .

    *** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***

  • During the execution of a standard process

    or operation procedure risks are

    exposed and with the proper control design

    mitigated to acceptable levels

    within the risk appetite. Identity &

    Access Management is one example of a

    crucial process.

    *** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***

  • To achieve the effective and efficient integration between Quality Management & Risk Management

    while addressing Compliance with Legal Obligations during the Design

    Control process it will be necessary to

    assess risk identify threats and matching

    vulnerabilities.

    *** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***

  • It is necessary to define the testing scenarios to help

    frame the evaluated threats and vulnerabilities ensuring

    the Control Design is achieving its intended

    purpose. Reiterating the mitigation control and

    mapping it to the testing scenario is an important step

    in validation controls and establishing a tractability

    matrix for the Control Design.

    *** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***

  • Leveraging proven best practices for Governance like the RACI Chart is extremely useful to establishing who is accountable, responsible or who needs to be consulted

    ad informed about the Control Design.

    *** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***

  • Taking the Control Design for Data Protection and Privacy

    one step further by establishing and

    communicating the security controls to those on the RACI Chart that must be informed is essential to

    elevating the Control design effectiveness. Additional

    testing can be added to the testing scenarios that

    encompassed these security tools and techniques.

    *** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***

  • A feedback loop can ensure continuous

    improvement as part of the Quality Management integration. The fishbone chart is extremely useful to communicate, track

    and update the essential Control Design. This chart may also facilitate Root-Cause Analysis, Incident

    Management and Problem Management.

    *** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***

  • *** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***

    Mark E.S. Bernard, CISSP, CISM, CRISC, CISA, CGEIT, CNA,

    Twitter; @Security_KMLinkedIn; http://ca.linkedin.com/in/markesbernard