FOR DATA PROTECTION - PRIVACY

CONTROL DESIGN

Mark E.S. Bernard, CISSP, CISM, CRISC, CISA, CGEIT, CNA

Skype; Mark_E_S_BernardTwitter; @MESB_TechSecure

LinkedIn; http://ca.linkedin.com/in/markesbernard

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

QUALITY & RISK MANAGEMENT INTEGRATION RESULT IN THE BEST APPROACH FOR BUSINESS!!

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

QUALITY & RISK

The Assets at risk potentially leading to

a breach of Data Protection & loss of

Confidentiality include ‘People’,

‘Information’, ‘Property /Facilities’, ’Software /Systems’,

‘Hardware’, ‘Telecommunications’

.

WORKFLOW

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

During the execution of a standard process

or operation procedure risks are

exposed and with the proper control design

mitigated to acceptable levels

within the risk appetite. Identity & Access Management is one example of a

crucial process.

THREATS & RISKS

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

To achieve the effective and efficient integration between Quality Management & Risk Management

while addressing Compliance with Legal Obligations during the Design

Control process it will be necessary to

assess risk identify threats and matching

vulnerabilities.

TESTING

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

It is necessary to define the testing scenarios to help

frame the evaluated threats and vulnerabilities ensuring

the Control Design is achieving its intended

purpose. Reiterating the mitigation control and

mapping it to the testing scenario is an important step

in validation controls and establishing a tractability

matrix for the Control Design.

GOVERNANCE

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Leveraging proven best practices for Governance like the RACI Chart is extremely useful to establishing who is accountable, responsible or who needs to be consulted

ad informed about the Control Design.

SECURITY STANDARDS

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Taking the Control Design for Data Protection and Privacy

one step further by establishing and

communicating the security controls to those on the RACI Chart that must be informed is essential to

elevating the Control design effectiveness. Additional

testing can be added to the testing scenarios that

encompassed these security tools and techniques.

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

CONTROL DESIGN

A feedback loop can ensure continuous

improvement as part of the Quality Management integration. The fishbone chart is extremely useful to communicate, track

and update the essential Control Design. This chart may also facilitate Root-Cause Analysis, Incident

Management and Problem Management.

THANK YOU!END OF PRESENTATION

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Mark E.S. Bernard, CISSP, CISM, CRISC, CISA, CGEIT, CNA

Skype; Mark_E_S_BernardTwitter; @MESB_TechSecure

LinkedIn; http://ca.linkedin.com/in/markesbernard