The Role of Security & Privacy in EA Program

advertisement
The Role of Security & Privacy
in EA Program
And EA Trends
Please read all relevant texts’ chapters
notably Bernard Chapter 11 and 13…..
“Privacy is the shield that protects a
person’s identity while actively
sharing information via the web.
Where privacy is about keeping
the door locked, security is about
the lock itself.
Security is the actual online
authentication and authorization
protocols that networks use to
protect information and the audit
system used to verify the overall
system’s effectiveness.” (O’Connell in
IPSWITCH, 2011)
EA Project Management as a project management model
Similar for an EA Program Management Plan
Information security and privacy are
important project governance & compliance
requirements and is included as component
in risk management requirements
EA Program’s Risk Mgt Sub-Plan
Similar for an EA Program Management Plan
Why & how information security and
privacy incidents are regarded as enterprise
risks can be explained via:
EA Program’s Security & Privacy sub-plan
Similar for an EA Program Management Plan
How Security & Privacy risks are managed is
explained in an organisation’s corporate
document and customised in the EA program
mgt’s security & privacy plan:
Causes of Information Security & Privacy Risks
& Key Prevention Areas
1. Information design access &
authentication due measures
2. User Identification & training
measures
3. Operations
measures
4. Physical
measures
EA Risk Management Vs
EA PROGRAM Risk Management
EA is a meta-discipline that
includes risk management that
affects all its activities (Bernard,
Chapter 1 - Page 34 & Chapter
11 – page 222)  every EA
activity is part of a living EA risk
management process
This requires
understanding what
risk mgt is about, which
Bernard does not
explain in details, but
tutors can research and
share insights with
students
Risk Management
Processes :
1. Risk classification
2. Risk identification
3. Initial Risk
assessment
4. Risk mitigation
5. Risk Monitoring
EA Risk Management
is everywhere in EA
Program Plan
Risk mgt details
for stakeholder &
business risks
Risk mgt for integration &
Standards compliance
risks
Business case evaluates
all the EA risks identified
Risk mgt for EA
program/project
performance variance
and quality risks
A very comprehensive
Risk Mgt for security &
privacy risks
(http://pubs.opengroup.org/architecture/togaf9-doc/arch/chap31.html)
EA Program’s Risk Management Plan
Is like a project’s risk management
plan for controlling the project or
program’s performance variance in
terms of:
1. Budget performance
2. Quality (including testing)
performance
3. Timeline performance
Project/program’s risk management
is NOT EA risk management which is
about ensuring EA modelling and
management work complies to EA
standards and corporate/project
governance
policies/standards/guides.
EA Security & Privacy Plan As an EA Component
“There is no 100% foolproof security because EA components are
designed and managed by humans and “insider” access is the ultimate
threat which cannot completely be overcome” (Bernard, page 231)
Guides the design,
implementation and use
of protective controls for
every EA component
Trends
Future Trends in EA
Bernard, Chapter 13
Generally trends can pose as
opportunities & threats.
When EA trends create new or
grow existing EA practice
problems , they can be
regarded as new and
emerging or existing and
growing EA issues
More EA Trends
Not all EA trends are EA issues
More EA Trends
Impacts of new technology designs on EA Trends
Not all EA trends are EA issues
More EA Trends
Impacts of new technology designs on EA Trends
In order to identify
Big Data Trend’s impacts on EA
practice, one needs to firstly
understand what is Big Data, its
enterprise ramifications, including
complexity challenges.
Not all Big Data Trends impact EA
practice.
Not all EA trends are EA issues
Download