The Role of Security & Privacy in EA Program And EA Trends Please read all relevant texts’ chapters notably Bernard Chapter 11 and 13….. “Privacy is the shield that protects a person’s identity while actively sharing information via the web. Where privacy is about keeping the door locked, security is about the lock itself. Security is the actual online authentication and authorization protocols that networks use to protect information and the audit system used to verify the overall system’s effectiveness.” (O’Connell in IPSWITCH, 2011) EA Project Management as a project management model Similar for an EA Program Management Plan Information security and privacy are important project governance & compliance requirements and is included as component in risk management requirements EA Program’s Risk Mgt Sub-Plan Similar for an EA Program Management Plan Why & how information security and privacy incidents are regarded as enterprise risks can be explained via: EA Program’s Security & Privacy sub-plan Similar for an EA Program Management Plan How Security & Privacy risks are managed is explained in an organisation’s corporate document and customised in the EA program mgt’s security & privacy plan: Causes of Information Security & Privacy Risks & Key Prevention Areas 1. Information design access & authentication due measures 2. User Identification & training measures 3. Operations measures 4. Physical measures EA Risk Management Vs EA PROGRAM Risk Management EA is a meta-discipline that includes risk management that affects all its activities (Bernard, Chapter 1 - Page 34 & Chapter 11 – page 222) every EA activity is part of a living EA risk management process This requires understanding what risk mgt is about, which Bernard does not explain in details, but tutors can research and share insights with students Risk Management Processes : 1. Risk classification 2. Risk identification 3. Initial Risk assessment 4. Risk mitigation 5. Risk Monitoring EA Risk Management is everywhere in EA Program Plan Risk mgt details for stakeholder & business risks Risk mgt for integration & Standards compliance risks Business case evaluates all the EA risks identified Risk mgt for EA program/project performance variance and quality risks A very comprehensive Risk Mgt for security & privacy risks (http://pubs.opengroup.org/architecture/togaf9-doc/arch/chap31.html) EA Program’s Risk Management Plan Is like a project’s risk management plan for controlling the project or program’s performance variance in terms of: 1. Budget performance 2. Quality (including testing) performance 3. Timeline performance Project/program’s risk management is NOT EA risk management which is about ensuring EA modelling and management work complies to EA standards and corporate/project governance policies/standards/guides. EA Security & Privacy Plan As an EA Component “There is no 100% foolproof security because EA components are designed and managed by humans and “insider” access is the ultimate threat which cannot completely be overcome” (Bernard, page 231) Guides the design, implementation and use of protective controls for every EA component Trends Future Trends in EA Bernard, Chapter 13 Generally trends can pose as opportunities & threats. When EA trends create new or grow existing EA practice problems , they can be regarded as new and emerging or existing and growing EA issues More EA Trends Not all EA trends are EA issues More EA Trends Impacts of new technology designs on EA Trends Not all EA trends are EA issues More EA Trends Impacts of new technology designs on EA Trends In order to identify Big Data Trend’s impacts on EA practice, one needs to firstly understand what is Big Data, its enterprise ramifications, including complexity challenges. Not all Big Data Trends impact EA practice. Not all EA trends are EA issues