*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***

Mark E.S. Bernard, CISSP, CISM, CRISC, CISA, CGEIT, CNA,

Twitter; @Security_KMLinkedIn; http://ca.linkedin.com/in/markesbernard

The Assets at risk potentially leading to

a breach of Data Protection & loss of

Confidentiality include ‘People’,

‘Information’, ‘Property /Facilities’, ’Software /Systems’,

‘Hardware’, ‘Telecommunications’

.

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***

During the execution of a standard process

or operation procedure risks are

exposed and with the proper control design

mitigated to acceptable levels

within the risk appetite. Identity &

Access Management is one example of a

crucial process.

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***

To achieve the effective and efficient integration between Quality Management & Risk Management

while addressing Compliance with Legal Obligations during the Design

Control process it will be necessary to

assess risk identify threats and matching

vulnerabilities.

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***

It is necessary to define the testing scenarios to help

frame the evaluated threats and vulnerabilities ensuring

the Control Design is achieving its intended

purpose. Reiterating the mitigation control and

mapping it to the testing scenario is an important step

in validation controls and establishing a tractability

matrix for the Control Design.

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***

Leveraging proven best practices for Governance like the RACI Chart is extremely useful to establishing who is accountable, responsible or who needs to be consulted

ad informed about the Control Design.

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***

Taking the Control Design for Data Protection and Privacy

one step further by establishing and

communicating the security controls to those on the RACI Chart that must be informed is essential to

elevating the Control design effectiveness. Additional

testing can be added to the testing scenarios that

encompassed these security tools and techniques.

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***

A feedback loop can ensure continuous

improvement as part of the Quality Management integration. The fishbone chart is extremely useful to communicate, track

and update the essential Control Design. This chart may also facilitate Root-Cause Analysis, Incident

Management and Problem Management.

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***

Mark E.S. Bernard, CISSP, CISM, CRISC, CISA, CGEIT, CNA,

Twitter; @Security_KMLinkedIn; http://ca.linkedin.com/in/markesbernard