The LEADing Practice Enterprise Security Standards

Size: px
Start display at page:

Download "The LEADing Practice Enterprise Security Standards"

Transcription

1 The LEADing Practice Enterprise Standards Integrating Architecture and Enterprise Architecture Presenter: James Thomas LEAD Enterprise Architect at Knotion

2 Copyright note on Intellectual Capital: ALL RIGHTS RESERVED LEADing Practice ApS respects the intellectual property of others, and we ask others to do the same. All information and materials contained in the LEAD frameworks, methods and approaches with associated tools and templates, such as maps, matrices and models is Intellectual Capital (IC) and Intellectual Property (IP) of LEADing Practice ApS and limitations apply to the reuse of this IC/IP. The intellectual Property Rights (IPR) consists of information, knowledge, objects, artifacts, experience, insight and/or ideas, that are structured to enable reuse to deliver value creation and realization. The LEADing Practice ApS, often referred to as LEAD, intellectual capital is protected by law, including, but not limited to, internationally recognized United States and European Union IPR copyright law. Except as specifically indicated otherwise in writing, LEADing Practice ApS is the owner of the copyright in the entire LEAD Frameworks content (including images, text and look and feel attributes) and LEADing Practice ApS reserves all rights in that regard. Use or misuse of the IPR, the trademarks, service mark or logos is expressly prohibited and may violate country, federal and state law. LEADing Practice ApS is an open architecture and community open source standard and therefore provides open access to all deliverables for certified LEAD practitioners, thereby ensuring that modelling principles are applied correctly. A open architecture and open standard community has been set in place to encourage sharing, learning and reuse of information and thereby increase knowledge among LEAD community practitioners, and with this ultimately improvement of one s project, engagement and the LEAD development. Use of the LEAD frameworks, methods and approaches is restricted to certified LEAD community members in good practitioner standing, who are able to use these items solely for their non-commercial internal use. Legal access to the detail of LEAD will be provided to you with your membership. Members are prohibited from sharing the LEAD material in its entirety with other parties who are not members of LEAD community since the concepts and models are protected by intellectual property rights. Guidelines for LEAD community members using the IPR material As a LEAD member comes greater personal responsibility and the following intellectual property conditions apply: Can be used free of charge for LEAD certified practitioners. Cannot be share, copied or made available for non-community member, which are not LEAD certified practitioners. When using any materials, it must include a source notice either in an adjacent area or as a footnote to indicate the source. The source should be specified the following way : Source: A part of the LEAD Frameworks and possibly indicate the LEAD work product family, such as Part of LEAD Process Framework. Cannot be systematically given away do not download all our content and simply hand it over to other colleagues or clients that are not trained and certified. To ensure correct usage, any company usage of the LEAD material e.g. templates and tools has to be tailored and agreed upon by LEADing Practice ApS. LEADing Practice ApS may, in appropriate circumstances and at its discretion, terminate the access/accounts of users who infringe the intellectual property rights and pursue legal action. Guidelines for non-lead community members using the IPR material The following conditions apply to use of the LEAD Intellectual Property for non-community members: Can be used free of charge for lecturing and research at any University and Business School Material available at can be used in a non-commercial way for knowledge sharing. When using any materials, it must include a source should be specified the following way : Source: A part of the LEAD Frameworks and possibly indicate the LEAD work product family, such as Part of LEAD Process Framework. General guidelines that apply for all LEAD IPR material Any use of original texts, graphics, images, screen shots, and other materials from LEAD sources must be approved by LEADing Practice ApS. Any material cannot be generally distributed to colleagues, clients and or an undefined audience without written permission from LEADing Practice ApS. Cannot be altered or changed (the using company) in any way without explicit written permission from LEADing Practice ApS. In most cases, the LEADing Practice ApS acts as a distribution channel for the Publisher and Authors of the material provided. LEADing Practice ApS may, in appropriate circumstances of infringement of the intellectual property rights pursue legal action. For questions, please get in touch with us at

3 Agenda Situation: is more critical than ever Complications: Focus areas and many options We need a holistic architecture methodology Integrating and Enterprise Architecture Applying LEADing Practices Reference Content Lessons Learned or Pitfalls Conclusion: Takeaways

4 Situation is becoming more critical than ever The number of exposures and high profile breaches are increasing Attacks are more sophisticated New opportunities bring new threats and vulnerabilities mobile, social, cloud, etc.. Many links in the chain are increasing the risk of a breach information supply chains

5 Analyze/Identify Existing Strategies Business Innovation & Transformation Enablement

6 is top concern in 2014 for state CIOs "It is significant that security has now risen to the number one priority on our top 10 list. As I presented in congressional testimony before the Committee on Homeland last week, cyber-attacks against state governments are growing in number and becoming increasingly sophisticated. has to be the top priority for all sectors. Clearly from our top 10 voting results, the state CIOs agree on this. - NASCIO President and Mississippi Chief Information Officer, Craig Orgeron In ranked order, the top 10 priorities for strategy, management processes and solutions are: Consolidation / Optimization Cloud services Project and portfolio management Strategic IT planning Budget and cost control Mobile services / mobility Shared services Interoperable nationwide public safety broadband network (FirstNet) Healthcare is top concern in 2014 for state CIOs - FierceCIO National Association of State Chief Information Officers, November 5, 2013

7 CIO Barometer CSC Nearly three-quarters of respondents said that more-effective management of IT security and cybersecurity is a priority for their 2014 IT budgets. When asked to identify the IT department s main contributions, more than 60 percent cited securing the business. And when it comes to major challenges facing their IT departments, nearly 80 percent cited the management of expanding IT security, making it their top challenge. As the world continues to revolve on a digital axis, IT security becomes more and more critical. Last year alone (2012), there were more than 2,500 separate incidents, exposing more than 250 million records. Copyright 2013 Computer Sciences Corporation - The CIO s New Role: Core Strategy Enabler, CIO Barometer 2013 Private and semi-public companies and public institutions with a minimum of 500 employees 681 managers were interviewed on five continents and in 18 countries. These managers represent the following target positions: CIO; IT director; IT manager

8 Data Breach Trends Data Breach QuickView - An Executive s Guide to 2013: Data Breach Trends Sponsored by: Risk Based ; Open Foundation February 2014

9 Cyberrisk in banking: A review of the key industry threats and responses ahead September 2013 Both technologies and threats are evolving Mobile devices and applications are primary examples of the balance between greater efficiency and new kinds of cyberrisks Awareness remains low 30% rate limited customer awareness as a key challenge Preparedness for cyberrisks remains patchy Less than one in four banks believe their internal resources are highly prepared Trust trumps financial losses Banks are only spending just enough on cybersecurity to make customers trust them A lack of cooperation is hindering progress Because many banks are typically only financially liable when their own systems are compromised, there is little incentive for them to cooperate with other stakeholders when it comes to cybersecurity. Response strategies are evolving A shift in thinking: from trying to prevent all risks, to instead trying to identify key weaknesses The quantitative findings presented in this report come from a survey of 250 respondents in financial services, with 55 percent in retail banking and 45 percent in commercial banking, conducted by Longitude Research September 2013.

10 Complication Many initiatives working on improving the Enterprise Risk and Information landscape The market is already flooded with too many checklists has traditionally been the realm of Techies Enterprise Risk Management is being driven from a business perspective, while IT is still tool -focused Where to start with so many options?

11 So many options... Calder-Moir IT Governance Framework CobiT King III ISC2 BoK (CISSP) IT-Grundschutz STIGs (US Govt Guidelines) TickIT (Software Development) FIPS200 SSE-CMM O-ISM3 SABSA OSA FEAF FAIR COSO GAIT OCTAVE NIST SP FISMA (FIPS199, FIPS200, SP800-30,37,39,53,53A,60) ISO (ISMS) ISO (Controls) ISO (ISMS Implementation, Processes) ISO (Measures & Measurement) ISO (ISec. Risk Management) ISO ( Techniques) ISO (ISMS Auditing) ISO (ISM Controls Auditing) ISO (Governance of information security) ISF ITIL NIST SP800 (Series) Sarbanes-Oxley (SOX) Basel I, II, III PCI-DSS

12 Need for a holistic methodology IT has to evolve: information TECHNOLOGY INFORMATION technology BUSINESS SECURITY / ENTERPRISE SECURITY Enterprise Risk models are essential can t be an afterthought any more has to be architected-in from the start Identify the most sensitive areas of the business, the most likely threats, and a holistic defence strategy - an architecture of technology and processes - designed specifically to protect the business

13 Architecture to date some examples Enterprise Architecture Frameworks FEAF DoDAF TOGAF Architecture Frameworks Federal Enterprise Architecture and Privacy Profile (FEA-SPP) Open Architecture (OSA) Sherwood Applied Business Architecture (SABSA) Are these attempts sufficient?

14 FEAF

15 DoDAF

16 TOGAF

17 FEA-SPP Framework

18 OSA Taxonomy

19 SABSA Model 19

20 SABSA Operational Risk Model

21 Attempts to Integrate Architecture and Enterprise Architecture

22 TOGAF and SABSA

23 Some Challenges

24 Applying LEADing practices Overview of the LEADing Practice Reference Framework

25 Objective of Reference Framework What is the LEADing Practice Reference Framework? The LEADing Practice Reference Framework is based on a collection of best and leading practice Modelling and Architecture disciplines. The Reference Framework is the essential starting point with guiding principles for any practitioner working with and around aspects. It provides a structural concept around strategic definitions e.g. wants, needs, identification, goals, issues and problems. Therefore the Reference Framework is a basis of reference content to analyze, appraise, approximate, assess and capture a Objects and or artifacts idea, design, plan, scheme and structure in order to understand the underlying concept, thought, view, vision as well as perspective. Why is it used? The purpose of the Reference Framework is to define how to organize and structure the viewpoints and objects associated with Modelling and Architecture. The Reference Framework serves as guiding principles to establish a common practice for creating, interpreting, analyzing and using objects within a particular domain and/or layers of an enterprise or an organization. Using the Reference Framework is done through a set of principles e.g. how and where can the Objects be related (and where not). The Reference Framework can be used with the 6 LEAD methods and 4 LEAD approaches that are all integrated with each other and with supporting maps, matrices and models.

26 Enterprise Modelling and Enterprise Architecture an integrated part of the LEADing Practice Frameworks, Method and Approaches Enterprise Modelling is the abstract representation, description and definition of a structure. It is the discipline of representing and replicating the area that is being modelled to have a simplified representation of the real enterprise business. Then it sculptures and forms and designs/redesigns the specific area that is being modelled to improve its performance. Examples of Enterprise Modelling Service Model renewal Optimization Improvement Business Model Value management Performance management Measurements Rules Modelling Knowledge Management Information Modelling Decision Modelling Reporting Strategy Management Governance Modelling ITIL COBIT BPM Notations Val IT

27 Enterprise Architecture an integrated part of the LEADing Practice Frameworks, Method and Approaches Enterprise Architecture: The organization, administration of conceptual, logical and physical relationships and connectivity of specific objects and artifacts to each other (and the environment) in order to understand complexity and manage structure to enable transformation, performance or value. Example of Enterprise Architecture Business Architecture Architecture Value Architecture Data Architecture Information Architecture Cloud Architecture Solution Architecture Application Architecture Platform Architecture Infrastructure Architecture Technology Architecture Service-Oriented Architecture

28 Identification of common objects within Enterprise Modelling and Enterprise Architecture Strategy Resources Goals Competencies Critical Success Factors (CSFs) Requirements PPIs Business Functions/Tasks Business Services SLA Tasks Events KPIs SPIs Data Components Data Entities Data Service Data Objects Appl. Functions Appl. Feature Application Service Infrastructure Devices Application Components Infrastructure Services Platform Service Platform device Infrastructure Components Platform Components

29 Enterprise Modelling and Enterprise Architecture is an integrated part of the LEADing Practice Frameworks, Methods and Approaches

30 Enterprise Modelling and Enterprise Architecture is an integrated part of the LEADing Practice Reference Framework Rule Engine Compliance Rules Business Rule Goal Logical Design Conceptual Context Complexity Reporting Decision Table Object Connections Physical Execution Decision Table Measurements Business Measurements Optimization Area Groups Steps Activity Artifacts Performance Information Knowledge Management Efficiency Effectiveness

31 Working with Enterprise Modelling and Enterprise Architecture through the LEAD Objects In the LEAD object modelling principles, a LEAD object refers to a specific, specialized object that is used by the Decomposition & Composition principles within the LEADing Practice Frameworks, LEADing Practice Methods and LEADing Practice Approaches. In terms of the LEAD Way of Working within Modelling and Architecture using the LEAD meta objects and the classification* of any of the general LEAD objects, which are categorized** in the following 17 object groups: Requirement & Goal Rules Services Owner Flow Application Platform Media Channel Business Competency Object (categorization) Roles Measurement Data Infrastructure Compliance *Classify = to assemble by order **Categorize = to divide into groups

32 The LEADing Practice Reference Framework Structural Way of Working

33 The Structural Way Through The Layers 33

34 Modelling and Architecture through working with the LEAD Objects The purpose of LEAD Object modelling is to: Decompose the Objects into the smallest parts that can, should and needs to be modelled, and then compose the Objects entities before building them (through mapping, simulation and scenarios). Visualize and clarify Object relationships with the LEAD artifacts by using maps, matrices and models (alternative representation of information). Reduce and/or enhance complexity of Modelling and Architecture principles applying the decomposition and composition method or modelling it through the architectural layers (Layered Architecture Method). Adding Requirements Communicate Value to the customers throughout the entire LifeCycle. Blueprinting and Implementation.

35 The LEADing Practice Reference Framework Decomposition & Composition

36 The LEADing Practice AGILE Concept The LEADing Practice AGILE Concept has been created in order to describe the requirement relationship between the LEAD Way of Thinking, Way of Working and Way of Modelling with both objects and domains within the Business, Application and Technology Layers of the LEADing Practice Reference Frameworks using interrogatives (what, who, why, etc.) and behavior (conceptual, logical, physical, etc.).

37 Some Basics around the Interrogatives used within the LEAD AGILE Concept Interrogative Context Meaning Whence Source Pertaining to source, origin, foundation or cause Who Personal/actor used to identify a particular person or persons involved Why Reason Pertaining to the motivation or reason What Context Pertaining to identity, nature, or value of a object or matter Where Location Location, place or area Whether Options Choosing between alternatives and/or options How Manner Pertaining to manner, method or way When Time Pertaining to time or timing

38

39 The LEAD Way of Thinking around Architecture and Modelling The LEADing Practice Way of Thinking around Architecture and Modelling disciplines, is the essential starting point that creates the guiding principles. Providing a structural concept around strategic definitions e.g. wants, needs, value identification, goals, issues and problems. The way of thinking postulates what ought to be with the right value abstraction level that can analyze, appraise, approximate, assess and capture Objects and/or artifacts idea, design, plan, scheme and structure in order to understand the underlying concept, thought, view, vision as well as perspective, philosophy and belief.

40 Objective of the LEADing Practice Reference Framework - How is it used Relation to Strategy Understand business model security drivers Outline goals Identify performance and value opportunities Capture value and performance expectations and drivers Align value drivers to business strategy Define innovation and transformation Define Transformation potential Develop and formalize change potential Focus Area Analyze business strategy and the relation Identify requirements to security Focus on value issues and Identify internal and external security drivers (competitive forces) weaknesses cluster Develop standards Ensure measurements (across business areas) Apply continuous improvements Ensure strategic reporting and decision flow strategy development Value Based design through the layers Business model linked to Develop competitive and differentiated advantage Business Transformation & Innovation Enablement (BITE) related to security aspects

41 LEADing Practice Maps A LEAD Map is an accurate list and representation of the decomposed and/or composed Objects. A LEAD Map is often in the form of a list that can be in a simple row as well as a catalog, and has the purpose of building an inventory or index list of the Objects that are to be either decomposed and/or composed in the different LEAD Layers (business, application and technology).

42 LEADing Practice Maps: Forces & Drivers (FD) Map Forces & Drivers External Driver/Forces For Why specification: Internal Driver/Forces For Where specification: Business, Service, Role, Technology, etc.

43 LEADing Practice Maps: Requirement (Rq) Map Requirement Who/Whom specification e.g. Stakeholder/Owner Where specification e.g. Layer, Objects, Area (, service, data, infrastructure) etc What specification: High Level Requirements What specification: Detailed Requirements

44 LEADing Practice Maps: Measurement & Reporting (MR) Map What/which specification: Where specification: Who/whom specification: Measuremen t & Reporting Objective (CSF, plan, forecast, budget) Performance Indicator (Strategic/Tactical /Operational) Service Measurements (Service Level Agreements) Process Measurements (PPI) Reporting System Reports

45 LEADing Practice Maps: Information (I) Map Information What/which specification: Object (Business, Information or Data) Data Entity How specification: Data Compliance (Including security) Who/whom specification: Business Owner Reporting

46 LEADing Practice Maps: Rule (Ru) Map Securit y Rule Business Rules Service Tier Service Rules What/which specification: Process Rules Gateways Business Object Information Object How specification: Business Compliance

47 LEADing Practice Maps: Process (P) Map What specification: Who/Whose specification: Process Business Process Area Process Groups Business process Process Steps Process Activities Stakeholder involved Process Owner Managers involved Roles/Resourc es involved

48 LEADing Practice Maps: Process Measurement Map Process Measurement Name Definition Rationale Dimension Application Function/Task

49 LEADing Practice Maps: Process Compliance Map Process Process Compliance Process Rule Process Description Process Rationale

50 LEADing Practice Maps: Service (Se) Map What specification Who/Whose specification Service Service Area Service Group Business Service Service Channel Stakeholder Involved Service Owner Manager Involved Role/Resourc e Involved

51 LEADing Practice Maps: Application (A) Map Component Whence specification: Version number Logical/Physical Component Application Module What/Which specification: Application Function Application Feature Application Task

52 LEADing Practice Maps: Application Service (AS) Map What/Which : What : Where : Who : Whose : Why : Application Service Application Service Service Description Business Service Service Provider Service Consumer Service Owner Service Requirement

53 LEADing Practice Maps: System Measurement & Reporting (AM) Map What/Which specification: Measurement Measurement Name Measurement Definition Rationale Dimension Application Function/System Report

54 LEADing Practice Maps: Application Screen (Asc) Map Screen What/Which specification: Who/Whom specification: Screen Name Screen Description Application Service Application Task Input or Output Application Role

55 LEADing Practice Maps: Application Role (ARo) Map Role Who/Whom specification: What/Which specification: Application Role Role Description Rationale

56 LEADing Practice Maps: Application Rule (AR) Map Rule What/Which specification: Application Rule Rule Description Rationale Nature

57 LEADing Practice Maps: Application Rule (AR) Map Compliance Application Compliance What/Which specification: Application Rule Compliance Description Rationale

58 LEADing Practice Maps: Application Goal & Requirement Map What/Which specification: Who/Whom specification: Goal/Require ment Objective Expectation Requirement, Specification or Assumption Details Business Process Application Component Application Function or Application Service Stakeholder

59 LEADing Practice Maps: Data (D) Map What/which specification: Who is involved: Where is it used: Data Data Component Data Object (information/ data) Data Entity Data Type Data Service Data Owner Data Users Data Channel Channel

60 LEADing Practice Maps: Data Rule (DR) Map What/Which What Where Whose Why Rule Data Rule Data Rule Description Data Compliance Data Rule Owner Data Rule Rationale

61 LEADing Practice Maps: Platform (PL) Map What/Which Who is involved: Where Platfor m Logical/Physical Component Device Function Service Owner Users Channel Media

62 LEADing Practice Maps: Platform Service (PLS) Map What/which Where Whose Who Why Platform Serv Service ice Name Platform Service Business Descripti Service on Applicati on Service Applicati on Function Data Service Infrastruc ture Service Service Flow Data Flow Service Provider Service Owner Service Consume r Service Require ment

63 LEADing Practice Maps: Platform Rule (PLR) Map What/Which What Where Whose Why Rule Platform Rule Platform Rule Description Platform Compliance Platform Rule Owner Platform Rule Rationale

64 LEADing Practice Maps: Platform Distribution (PLD) Map What/Which What Where Whose Why Distributi on Platform Distribution Name Logical Application Component Platform Distribution Description Platform Service Platform Distribution Owner Platform Distribution Requirement

65 LEADing Practice Maps: Infrastructure (IF) Map What/Which specification: Who is involved: Where is it used: Infrastructure Logical/Physical Component Device Function Feature Service Owner Users Channel

66 LEADing Practice Maps: Infrastructure Rules (IFR) Map What/Which What Where Whose Why Rule Infrastructure Rule Infrastructure Rule Description Infrastructure Rule Compliance Infrastructure Rule Owner Infrastructure Rule Rationale

67

68 LEAD Requirement Management Method - Conceptual Description Why Stakeholder (ST) Matrix What in terms of security context e.g. Performance/Val ue Expectation Why specification e.g. Goal/Reason How - specification e.g. Expected areas What in terms of security context e.g. Performance/Val ue Expectation Why specification e.g. Goal/Reason How - specification e.g. Expected areas Who security specification: Stakehol der Stakeholder Who - in terms of security ownership: Stakeholder (Business Unit) Stakeholder (Department) Stakeholder (Operational Manager) Where specification: Business Area or Technology Area, etc. Business/Tec hnology Area Business Area Technology Area

69 The concept of the LEAD Requirement Management Reference Method

70 LEAD Requirement Management Method-Conceptual Context: Example of how to link the What to the Why in the Business Competency Object Group What (Objects) Business Competency Organizational Construct/Design Resources and security aspects Why (Value Expectation) Revenue Model Service Model Cost Model Performance Model Value Model Operating Model Develop the organizational competencies X X Slim line and optimize the Organizational Compliance Construct X X Redesign the organizational business areas according to security construct and compliance aspects X (X) X Improve balance between buy and lease security forces (X) X Reduce organizational complexity (X) X X Integrate and standardize business functions and service X (X) Better resource and skills security performance X X Improve security management skills of staff (X) X Improve ability to attract security talents (X) X Optimize security resources (X) X X Capabilities Cross Organizational development and optimization (X) X X Select which and activity can be integrated or standardized X X Choose the aspects and events that have direct customer and supplier interaction (X) X X X Improve integration of business Securities across partner networks X X X Identify the management for better reporting and decision making X X Services Classify the main 's for optimization (X) X X Categorize the supporting 's for possible standardization and cost cutting X (X) X (X) High Importants X = Targeted Align pricing with service strategies according to revenue stream X X Medium Importants (X) = XSecondary target Low Importants

71

72 The LEADing Practice Reference Framework Business Decomposition & Composition

73

74 LEAD Requirement Management Method-Conceptual Description and Relations: Relating the Stakeholder Needs and Wants to the Objects and Layers

75 Applying the Objects to the Layers using the Decomposition & Composition Method (example: )

76 LEAD Requirement Management Method - Conceptual Description Why Requirement Matrix Why, in terms of reason security specification e.g. Motivation and Drivers for Whither specification e.g. Goal & Objectives (Business/Application/Technol ogy) Requirem ent Who/Whom specification e.g. Stakeholder/Owner Where specification e.g. Layer, Objects, Area (, service, data, infrastructure) etc What specification: High Level Requirements What specification: Detailed Requirements Which expectation specification e.g. Value/Performance Why, in terms of reason security specification e.g. Motivation and Drivers for Whither specification e.g. Goal & Objectives (Business/Application/Technol ogy) Which expectation specification e.g. Value/Performance

77 Layered Architecture method: Architecture The main principle behind the Leading Enterprise Architecture Development (LEAD) concept, and what makes it differ from other traditional Enterprise Architecture frameworks, is the fact that it does not only work in domains, but across layers (business, application and technology) within multiple domains through using the decomposition and composition method to integrate effortlessly across the different layers when interlinking the different modelling principles. As shown in the below example, each layer s Objects are defined by the specific layers requirements, the capability of the object, the resources, tasks and. The functions that a layer provides can be seen as the layer s services since a layer provides a set of functions and tasks and thereby services to its upper layer. In turn, the upper layer uses the lower layer s services (functionality and tasks) to achieve its own functions (services). The n th layer (+1 and/or 1) can therefore be seen as a service requester or provider since it ether gives input or uses the services provided by its lower layer.

78 Layered Architecture method: Architecture The LEAD layered method is built upon the concept of interlinking the objects that are within and work across the layers. While the layers and their specific objects may/will have different modelling principles, they do still have correlations, relationships and/or connections with other layers and these need to be related/connected in the right way: The Business Layer describes the objects within the Business layer e.g. the Business Goals, Business Requirements and Business Competencies are linked to Business Securities, Business Services and business workflow. The Application Layer describes the deliverables within the application, date and Information Architecture. The maps, matrices and models depicts how Data Goals, Data Flow & Service, Data Requirements and Data Components are linked to Application Goals, Information Flow & Service, Application Requirements and Application Flow & Component. The Technology Layer describes the deliverables within the platform and infrastructure areas. The maps, matrices and models depicts how Platform Goals, Platform Flow & Service, Platform Requirements and Platform Components are linked to Infrastructure Goal, Infrastructure Flow & Service, Infrastructure Requirements and Infrastructure Component.

Objects and Object Relations Around Business Modelling and Business Architecture. Professor Mark von Rosing

Objects and Object Relations Around Business Modelling and Business Architecture. Professor Mark von Rosing Objects and Object Relations Around Business Modelling and Business Architecture Professor Mark von Rosing Prof. Mark von Rosing Professor BPM & EA Guru Business Transformation Evangelist Internationally

More information

Service Modelling & Service Architecture:

Service Modelling & Service Architecture: Service Modelling & Service Architecture: From Service Renewal and Service Flows to Service Architecture Presenter: Professor Paul Buhler Head of the Global University Alliance SOA Research & Development

More information

Business Innovation & Transformation Enablement (BITE) Method

Business Innovation & Transformation Enablement (BITE) Method Business Innovation & Transformation Enablement (BITE) Method Henrik von Scheel LEAD Developer, responsible for BITE Method LEAD the Way Copyright note on Intellectual Capital: ALL RIGHTS RESERVED LEADing

More information

Extended Process Modeling: LEADing Practice Modeling with igrafx. Ed Maddock VP of Development and Process Management Solutions

Extended Process Modeling: LEADing Practice Modeling with igrafx. Ed Maddock VP of Development and Process Management Solutions Extended Process Modeling: LEADing Practice Modeling with igrafx Ed Maddock VP of Development and Process Management Solutions Copyright note on Intellectual Capital: ALL RIGHTS RESERVED LEADing Practice

More information

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA

More information

NASCIO EA Development Tool-Kit Solution Architecture. Version 3.0

NASCIO EA Development Tool-Kit Solution Architecture. Version 3.0 NASCIO EA Development Tool-Kit Solution Architecture Version 3.0 October 2004 TABLE OF CONTENTS SOLUTION ARCHITECTURE...1 Introduction...1 Benefits...3 Link to Implementation Planning...4 Definitions...5

More information

Transform Your Bank in Measurable Steps

Transform Your Bank in Measurable Steps Banking Transformation Framework Transform Your Bank in Measurable Steps Table of Contents 2 Establish a Platform for Transformation 3 Transform Your Business 3 Use the Reference Architecture As a Foundation

More information

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013 2013 PASTA Abstract Process for Attack S imulation & Threat Assessment Abstract VerSprite, LLC Copyright 2013 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

More information

Module 6 Essentials of Enterprise Architecture Tools

Module 6 Essentials of Enterprise Architecture Tools Process-Centric Service-Oriented Module 6 Essentials of Enterprise Architecture Tools Capability-Driven Understand the need and necessity for a EA Tool IASA Global - India Chapter Webinar by Vinu Jade

More information

Developing the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009

Developing the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009 Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in

More information

Realizing business flexibility through integrated SOA policy management.

Realizing business flexibility through integrated SOA policy management. SOA policy management White paper April 2009 Realizing business flexibility through integrated How integrated management supports business flexibility, consistency and accountability John Falkl, distinguished

More information

Enterprise Security Architecture for Cyber Security. M.M.Veeraragaloo 5 th September 2013

Enterprise Security Architecture for Cyber Security. M.M.Veeraragaloo 5 th September 2013 Enterprise Security Architecture for Cyber Security M.M.Veeraragaloo 5 th September 2013 Outline Cyber Security Overview TOGAF and Sherwood Applied Business Security Architecture (SABSA) o o Overview of

More information

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material,

More information

Enterprise Architecture (EA) is the blueprint

Enterprise Architecture (EA) is the blueprint SETLabs Briefings VOL 6 NO 4 2008 Building Blocks for Enterprise Business Architecture By Eswar Ganesan and Ramesh Paturi A unified meta-model of elements can lead to effective business analysis Enterprise

More information

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera Approach to Information Security Architecture Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera About TeliaSonera TeliaSonera provides network access and telecommunication services that help

More information

Analytics Strategy Information Architecture Data Management Analytics Value and Governance Realization

Analytics Strategy Information Architecture Data Management Analytics Value and Governance Realization 1/22 As a part of Qlik Consulting, works with Customers to assist in shaping strategic elements related to analytics to ensure adoption and success throughout their analytics journey. Qlik Advisory 2/22

More information

The Value of Vulnerability Management*

The Value of Vulnerability Management* The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda

More information

SERVICE-ORIENTED MODELING FRAMEWORK (SOMF ) SERVICE-ORIENTED SOFTWARE ARCHITECTURE MODEL LANGUAGE SPECIFICATIONS

SERVICE-ORIENTED MODELING FRAMEWORK (SOMF ) SERVICE-ORIENTED SOFTWARE ARCHITECTURE MODEL LANGUAGE SPECIFICATIONS SERVICE-ORIENTED MODELING FRAMEWORK (SOMF ) VERSION 2.1 SERVICE-ORIENTED SOFTWARE ARCHITECTURE MODEL LANGUAGE SPECIFICATIONS 1 TABLE OF CONTENTS INTRODUCTION... 3 About The Service-Oriented Modeling Framework

More information

IT Risk Management Era: Research Challenges and Best Practices. Eyal Adar, Founder & CEO Eyal@WhiteCyberKnight.com Chairman of the EU SRMI

IT Risk Management Era: Research Challenges and Best Practices. Eyal Adar, Founder & CEO Eyal@WhiteCyberKnight.com Chairman of the EU SRMI IT Risk Management Era: Research Challenges and Best Practices IARA Work Group July 1 st, 2007, Santa Clara - California Eyal Adar, Founder & CEO Eyal@WhiteCyberKnight.com Chairman of the EU SRMI (Security

More information

White Paper An Enterprise Security Program and Architecture to Support Business Drivers

White Paper An Enterprise Security Program and Architecture to Support Business Drivers White Paper An Enterprise Security Program and Architecture to Support Business Drivers seccuris.com (866) 644-8442 Contents Introduction... 3 Information Assurance... 4 Sherwood Applied Business Security

More information

Process-Based Business Transformation. Todd Lohr, Practice Director

Process-Based Business Transformation. Todd Lohr, Practice Director Process-Based Business Transformation Todd Lohr, Practice Director Process-Based Business Transformation Business Process Management Process-Based Business Transformation Service Oriented Architecture

More information

OVERVIEW OF THE INDUSTRY STANDARDS

OVERVIEW OF THE INDUSTRY STANDARDS OVERVIEW OF THE INDUSTRY STANDARDS Table of Contents Background... 3 What is it we do Around Standard... 3 Why we do it... 3 How is it we do it... 4 Which areas do we develop Industry Standards... 4 1.

More information

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and

More information

SOA: The missing link between Enterprise Architecture and Solution Architecture

SOA: The missing link between Enterprise Architecture and Solution Architecture SOA: The missing link between Enterprise Architecture and Solution Architecture Jaidip Banerjee and Sohel Aziz Enterprise Architecture (EA) is increasingly being acknowledged as the way to maximize existing

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

LEADing Practice: Artifact Description: Business, Information & Data Object Modelling. Relating Objects

LEADing Practice: Artifact Description: Business, Information & Data Object Modelling. Relating Objects LEADing Practice: Artifact Description: Business, Information & Data Object Modelling Relating Objects 1 Table of Contents 1.1 The Way of Thinking with Objects... 3 1.2 The Way of Working with Objects...

More information

DATA QUALITY MATURITY

DATA QUALITY MATURITY 3 DATA QUALITY MATURITY CHAPTER OUTLINE 3.1 The Data Quality Strategy 35 3.2 A Data Quality Framework 38 3.3 A Data Quality Capability/Maturity Model 42 3.4 Mapping Framework Components to the Maturity

More information

Microsoft s Compliance Framework for Online Services

Microsoft s Compliance Framework for Online Services Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft

More information

Enterprise Architecture Assessment Guide

Enterprise Architecture Assessment Guide Enterprise Architecture Assessment Guide Editorial Writer: J. Schekkerman Version 2.2 2006 Preface An enterprise architecture (EA) establishes the organization-wide roadmap to achieve an organization s

More information

California Enterprise Architecture Framework

California Enterprise Architecture Framework Version 2.0 August 01, 2013 This Page is Intentionally Left Blank Version 2.0 ii August 01, 2013 TABLE OF CONTENTS 1 Executive Summary... 1 1.1 What is Enterprise Architecture?... 1 1.2 Why do we need

More information

From Capability-Based Planning to Competitive Advantage Assembling Your Business Transformation Value Network

From Capability-Based Planning to Competitive Advantage Assembling Your Business Transformation Value Network From Capability-Based Planning to Competitive Advantage Assembling Your Business Transformation Value Network Marc Lankhorst, BiZZdesign Iver Band, Cambia Health Solutions INTRODUCTIONS 2 1 Marc Lankhorst

More information

State of Minnesota IT Governance Framework

State of Minnesota IT Governance Framework State of Minnesota IT Governance Framework June 2012 Table of Contents Table of Contents... 2 Introduction... 4 IT Governance Overview... 4 Process for Developing the New Framework... 4 Management of the

More information

Sytorus Information Security Assessment Overview

Sytorus Information Security Assessment Overview Sytorus Information Assessment Overview Contents Contents 2 Section 1: Our Understanding of the challenge 3 1 The Challenge 4 Section 2: IT-CMF 5 2 The IT-CMF 6 Section 3: Information Management (ISM)

More information

An Oracle White Paper. December 2011. Cloud Computing Maturity Model Guiding Success with Cloud Capabilities

An Oracle White Paper. December 2011. Cloud Computing Maturity Model Guiding Success with Cloud Capabilities An Oracle White Paper December 2011 Cloud Computing Maturity Model Guiding Success with Cloud Capabilities Executive Overview... 3 Introduction... 4 Cloud Maturity Model... 4 Capabilities and Domains...

More information

How to bridge the gap between business, IT and networks

How to bridge the gap between business, IT and networks ericsson White paper Uen 284 23-3272 October 2015 How to bridge the gap between business, IT and networks APPLYING ENTERPRISE ARCHITECTURE PRINCIPLES TO ICT TRANSFORMATION A digital telco approach can

More information

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?

More information

Domain 5 Information Security Governance and Risk Management

Domain 5 Information Security Governance and Risk Management Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association

More information

Business Security Architecture: Weaving Information Security into Your Organization's Enterprise Architecture through SABSA

Business Security Architecture: Weaving Information Security into Your Organization's Enterprise Architecture through SABSA This article was downloaded by: [188.204.15.66] On: 20 February 2012, At: 01:40 Publisher: Taylor & Francis Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer

More information

Incident Management & Forensics Working Group. Charter

Incident Management & Forensics Working Group. Charter Incident Management & Forensics Working Group Charter February 2013 2013 Cloud Security Alliance All Rights Reserved All rights reserved. You may download, store, display on your computer, view, print,

More information

The Perusal and Review of Different Aspects of the Architecture of Information Security

The Perusal and Review of Different Aspects of the Architecture of Information Security The Perusal and Review of Different Aspects of the Architecture of Information Security Vipin Kumar Research Scholar, CMJ University, Shillong, Meghalaya (India) Abstract The purpose of the security architecture

More information

Background: Business Value of Enterprise Architecture TOGAF Architectures and the Business Services Architecture

Background: Business Value of Enterprise Architecture TOGAF Architectures and the Business Services Architecture Business Business Services Services and Enterprise and Enterprise This Workshop Two parts Background: Business Value of Enterprise TOGAF s and the Business Services We will use the key steps, methods and

More information

Successful Enterprise Architecture. Aligning Business and IT

Successful Enterprise Architecture. Aligning Business and IT Successful Enterprise Architecture Aligning Business and IT 1 Business process SOLUTIONS WHITE PAPER Executive Summary...3 An Integrated Business & IT Infrastructure...3 Benefits to Business and IT Go

More information

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Outline What is IT Service Management What is ISO 20000 Step by step implementation

More information

Governance and Management of Information Security

Governance and Management of Information Security Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information

More information

Integrating an ITILv3 Service Management Architecture into Business Architectures

Integrating an ITILv3 Service Management Architecture into Business Architectures Integrating an ITILv3 Service Management Architecture into Business Architectures Key Challenges experienced and Lessons Learned Trevor Lea-Cox, 2011 1 Introducing Service Management 2, 2012, 2012 1 ITIL

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,

More information

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity Cyber ROI A practical approach to quantifying the financial benefits of cybersecurity Cyber Investment Challenges In 2015, global cybersecurity spending is expected to reach an all-time high of $76.9

More information

CYBER SECURITY, A GROWING CIO PRIORITY

CYBER SECURITY, A GROWING CIO PRIORITY www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------

More information

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience Management Model (CERT-RMM), both developed at Carnegie

More information

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

The Changing IT Risk Landscape Understanding and managing existing and emerging risks The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015

More information

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2. ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework

More information

Architecting the Cloud: Enterprise Architecture Patterns for Cloud Computing

Architecting the Cloud: Enterprise Architecture Patterns for Cloud Computing Architecting the Cloud: Enterprise Architecture Patterns for Cloud Computing Prakash C. Rao VP/Chief Architect MMC Ltd Claudia Rose President/BBII Enterprises Faculty: FEAC Institute A tough place to be!

More information

INTERMEDIATE QUALIFICATION

INTERMEDIATE QUALIFICATION PROFESSIONAL QUALIFICATION SCHEME INTERMEDIATE QUALIFICATION SERVICE LIFECYCLE CONTINUAL SERVICE IMPROVEMENT CERTIFICATE SYLLABUS Page 2 of 18 Document owner The Official ITIL Accreditor Contents CONTINUAL

More information

Preparation Guide. Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000

Preparation Guide. Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000 Preparation Guide Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000 Edition June 2015 Copyright 2015 EXIN All rights reserved. No part of this publication may be published,

More information

A DESIGN SCIENCE APPROACH TO DEVELOP A NEW COMPREHENSIVE SOA GOVERNANCE FRAMEWORK

A DESIGN SCIENCE APPROACH TO DEVELOP A NEW COMPREHENSIVE SOA GOVERNANCE FRAMEWORK A DESIGN SCIENCE APPROACH TO DEVELOP A NEW COMPREHENSIVE SOA GOVERNANCE FRAMEWORK Fazilat Hojaji 1 and Mohammad Reza Ayatollahzadeh Shirazi 2 1 Amirkabir University of Technology, Computer Engineering

More information

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed

More information

Information Security Management Systems

Information Security Management Systems Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector

More information

OSI Solution Architecture Framework

OSI Solution Architecture Framework OSI Solution Architecture Framework Enterprise Service Center April 2008 California Health and Human Services Agency Revision History REVISION HISTORY REVISION/WORKSITE # DATE OF RELEASE OWNER SUMMARY

More information

Independent Insight for Service Oriented Practice. An SOA Roadmap. John C. Butler Chief Architect. A CBDI Partner Company. www.cbdiforum.

Independent Insight for Service Oriented Practice. An SOA Roadmap. John C. Butler Chief Architect. A CBDI Partner Company. www.cbdiforum. Independent Insight for Oriented Practice An SOA Roadmap John C. Butler Chief Architect A CBDI Partner Company www.cbdiforum.com Agenda! SOA Vision and Opportunity! SOA Roadmap Concepts and Maturity Levels!

More information

Cross-Domain Service Management vs. Traditional IT Service Management for Service Providers

Cross-Domain Service Management vs. Traditional IT Service Management for Service Providers Position Paper Cross-Domain vs. Traditional IT for Providers Joseph Bondi Copyright-2013 All rights reserved. Ni², Ni² logo, other vendors or their logos are trademarks of Network Infrastructure Inventory

More information

Corresponding Author email: javeri_mit@yahoo.com

Corresponding Author email: javeri_mit@yahoo.com International Research Journal of Applied and Basic Sciences 2013 Available online at www.irjabs.com ISSN 2251838X / Vol, 5 (11): 14381445 Science Explorer Publications Presenting a model for the deployment

More information

agility made possible

agility made possible SOLUTION BRIEF CA IT Asset Manager how can I manage my asset lifecycle, maximize the value of my IT investments, and get a portfolio view of all my assets? agility made possible helps reduce costs, automate

More information

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used

More information

OVERVIEW OF THE LEADING PRACTICE ENTERPRISE & INDUSTRY STANDARDS

OVERVIEW OF THE LEADING PRACTICE ENTERPRISE & INDUSTRY STANDARDS OVERVIEW OF THE LEADING PRACTICE ENTERPRISE & INDUSTRY STANDARDS The value of applying standards to increase the level of reusability, replication and standardization Contents What is LEADing Practice...

More information

Assessing and implementing a Data Governance program in an organization

Assessing and implementing a Data Governance program in an organization Assessing and implementing a Data Governance program in an organization Executive Summary As companies realize the importance of data and the challenges they face in integrating the data from various sources,

More information

Service Catalog Management: A CA Service Management Process Map

Service Catalog Management: A CA Service Management Process Map TECHNOLOGY BRIEF: SERVICE CATALOG MANAGEMENT Catalog : A CA Process Map JULY 2009 Enrico Boverino SR PRINCIPAL CONSULTANT, TECHNICAL SALES ITIL SERVICE MANAGER ITAC CERTIFIED Table of Contents Executive

More information

The key linkage of Strategy, Process and Requirements

The key linkage of Strategy, Process and Requirements Business Systems Business Functions The key linkage of Strategy, Process and Requirements Leveraging value from strategic business architecture By: Frank Kowalkowski, Knowledge Consultants, Inc.. Gil Laware,

More information

Table of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise

Table of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise Best practices in open source governance Managing the selection and proliferation of open source software across your enterprise Table of contents The importance of open source governance... 2 Executive

More information

Information Security Managing The Risk

Information Security Managing The Risk Information Technology Capability Maturity Model Information Security Managing The Risk Introduction Information Security continues to be business critical and is increasingly complex to manage for the

More information

Architecture Position Description

Architecture Position Description February 9, 2015 February 9, 2015 Page i Table of Contents General Characteristics... 1 Career Path... 3 Typical Common Responsibilities for the ure Role... 4 Typical Responsibilities for Enterprise ure...

More information

IBM Software Integrated Service Management: Visibility. Control. Automation.

IBM Software Integrated Service Management: Visibility. Control. Automation. IBM Software Integrated Service Management: Visibility. Control. Automation. Enabling service innovation 2 Integrated Service Management: Visibility. Control. Automation. Every day, the world is becoming

More information

How Technology Supports Project, Program and Portfolio Management

How Technology Supports Project, Program and Portfolio Management WHITE PAPER: HOW TECHNOLOGY SUPPORTS PROJECT, PROGRAM AND PORTFOLIO MANAGEMENT SERIES 4 OF 4 How Technology Supports Project, Program and Portfolio Management SEPTEMBER 2007 Enrico Boverino CA CLARITY

More information

White Paper. An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management

White Paper. An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management White Paper An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management Managing Data as an Enterprise Asset By setting up a structure of

More information

Applying Business Architecture to the Cloud

Applying Business Architecture to the Cloud Applying Business Architecture to the Cloud Mike Rosen, Chief Scientist Mike.Rosen@ WiltonConsultingGroup.com Michael Rosen Agenda n What do we mean by the cloud? n Sample architecture and cloud support

More information

Open Certification Framework. Vision Statement

Open Certification Framework. Vision Statement Open Certification Framework Vision Statement Jim Reavis and Daniele Catteddu August 2012 BACKGROUND The Cloud Security Alliance has identified gaps within the IT ecosystem that are inhibiting market adoption

More information

Enabling Data Quality

Enabling Data Quality Enabling Data Quality Establishing Master Data Management (MDM) using Business Architecture supported by Information Architecture & Application Architecture (SOA) to enable Data Quality. 1 Background &

More information

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for

More information

[project.headway] Integrating Project HEADWAY And CMMI

[project.headway] Integrating Project HEADWAY And CMMI [project.headway] I N T E G R A T I O N S E R I E S Integrating Project HEADWAY And CMMI P R O J E C T H E A D W A Y W H I T E P A P E R Integrating Project HEADWAY And CMMI Introduction This white paper

More information

SOA + BPM = Agile Integrated Tax Systems. Hemant Sharma CTO, State and Local Government

SOA + BPM = Agile Integrated Tax Systems. Hemant Sharma CTO, State and Local Government SOA + BPM = Agile Integrated Tax Systems Hemant Sharma CTO, State and Local Government Nothing Endures But Change 2 Defining Agility It is the ability of an organization to recognize change and respond

More information

HITRUST CSF Assurance Program

HITRUST CSF Assurance Program HITRUST CSF Assurance Program Simplifying the information protection of healthcare data 1 May 2015 2015 HITRUST LLC, Frisco, TX. All Rights Reserved Table of Contents Background CSF Assurance Program Overview

More information

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE ABSTRACT Changing regulatory requirements, increased attack surfaces and a need to more efficiently deliver access to the business

More information

Setting up an Effective Enterprise Architecture capability. Simon Townson Principal Enterprise Architect SAP

Setting up an Effective Enterprise Architecture capability. Simon Townson Principal Enterprise Architect SAP Setting up an Effective Enterprise Architecture capability Simon Townson Principal Enterprise Architect SAP Agenda Why? People and Organisation EA Framework Standards and Templates Tools Processes SAP

More information

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management

More information

Making Compliance Work for You

Making Compliance Work for You white paper Making Compliance Work for You with application lifecycle management Rocket bluezone.rocketsoftware.com Making Compliance Work for You with Application Lifecycle Management A White Paper by

More information

Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015

Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 2015 CloudeAssurance Page 1 Table of Contents Copyright and Disclaimer... 3 Appendix A: Introduction... 4 Appendix

More information

Bridging the IT Business Gap The Role of an Enterprise Architect

Bridging the IT Business Gap The Role of an Enterprise Architect Whitepaper Bridging the IT Business Gap The Role of an Enterprise Architect Today s enterprises understand the value that Information Technology (IT) can bring to their business. IT supports day-to-day

More information

Business Architecture Guild Body of Knowledge Handbook 2.0

Business Architecture Guild Body of Knowledge Handbook 2.0 Guild Body of Knowledge Handbook 2.0 ------------------------ Section 1: Introduction The Guild has made this Introduction section of its Body of Knowledge Handbook 2.0 ( Handbook ) publicly available

More information

IT Financial Management and Cost Recovery

IT Financial Management and Cost Recovery WHITE PAPER November 2010 IT Financial Management and Cost Recovery Patricia Genetin Sr. Principal Consultant/CA Technical Sales David Messineo Sr. Services Architect/CA Services Table of Contents Executive

More information

Business Intelligence and Analytics: Leveraging Information for Value Creation and Competitive Advantage

Business Intelligence and Analytics: Leveraging Information for Value Creation and Competitive Advantage PRACTICES REPORT BEST PRACTICES SURVEY: AGGREGATE FINDINGS REPORT Business Intelligence and Analytics: Leveraging Information for Value Creation and Competitive Advantage April 2007 Table of Contents Program

More information

CMS Policy for Configuration Management

CMS Policy for Configuration Management Chief Information Officer Centers for Medicare & Medicaid Services CMS Policy for Configuration April 2012 Document Number: CMS-CIO-POL-MGT01-01 TABLE OF CONTENTS 1. PURPOSE...1 2. BACKGROUND...1 3. CONFIGURATION

More information

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013 IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends

More information

In the first three installments of our series on Information Security

In the first three installments of our series on Information Security Information Security Management Programs: Assessment Analysis Lessons Learned and Best Practices Revealed JUSTIN SOMAINI AND ALAN HAZLETON This article, the fourth in a series, expands on the overlooked

More information

GRC Stack Research Sponsorship

GRC Stack Research Sponsorship GRC Stack Research Sponsorship Overview Achieving Governance, Risk Management and Compliance (GRC) goals requires appropriate assessment criteria, relevant control objectives and timely access to necessary

More information

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface. iii Contents List of figures List of tables OGC s foreword Chief Architect s foreword Preface Acknowledgements v vii viii 1 Introduction 1 1.1 Overview 4 1.2 Context 4 1.3 Purpose 8 1.4 Usage 8 2 Management

More information

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

CYBERSECURITY: ISSUES AND ISACA S RESPONSE CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures Mobile devices Social media Cloud services

More information

Anatomy of an Enterprise Software Delivery Project

Anatomy of an Enterprise Software Delivery Project Chapter 2 Anatomy of an Enterprise Software Delivery Project Chapter Summary I present an example of a typical enterprise software delivery project. I examine its key characteristics and analyze specific

More information

The Next Generation of Security Leaders

The Next Generation of Security Leaders The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish

More information

Data Governance Baseline Deployment

Data Governance Baseline Deployment Service Offering Data Governance Baseline Deployment Overview Benefits Increase the value of data by enabling top business imperatives. Reduce IT costs of maintaining data. Transform Informatica Platform

More information

Identity & Access Management new complex so don t start?

Identity & Access Management new complex so don t start? IT Advisory Identity & Access Management new complex so don t start? Ing. John A.M. Hermans RE Associate Partner March 2009 ADVISORY Agenda 1 KPMG s view on IAM 2 KPMG s IAM Survey 2008 3 Best approach

More information

Security. Security consulting and Integration: Definition and Deliverables. Introduction

Security. Security consulting and Integration: Definition and Deliverables. Introduction Security Security Introduction Businesses today need to defend themselves against an evolving set of threats, from malicious software to other vulnerabilities introduced by newly converged voice and data

More information