The Role of Security & Privacy in EA Program And EA Trends
Please read all relevant texts chapters notably Bernard Chapter 11
and 13..
Slide 2
Privacy is the shield that protects a persons identity while
actively sharing information via the web. Where privacy is about
keeping the door locked, security is about the lock itself.
Security is the actual online authentication and authorization
protocols that networks use to protect information and the audit
system used to verify the overall systems effectiveness. ( OConnell
in IPSWITCH, 2011 ) OConnell in IPSWITCH, 2011
Slide 3
EA Project Management as a project management model Similar for
an EA Program Management Plan Information security and privacy are
important project governance & compliance requirements and is
included as component in risk management requirements
Slide 4
EA Programs Risk Mgt Sub-Plan Similar for an EA Program
Management Plan Why & how information security and privacy
incidents are regarded as enterprise risks can be explained
via:
Slide 5
EA Programs Security & Privacy sub-plan Similar for an EA
Program Management Plan How Security & Privacy risks are
managed is explained in an organisations corporate document and
customised in the EA program mgts security & privacy plan:
Slide 6
Causes of Information Security & Privacy Risks & Key
Prevention Areas 1.Information design access & authentication
due measures 2.User Identification & training measures
3.Operations measures 4.Physical measures
Slide 7
EA Risk Management Vs EA PROGRAM Risk Management
Slide 8
Risk Management Processes : 1.Risk classification 2.Risk
identification 3.Initial Risk assessment 4.Risk mitigation 5.Risk
Monitoring Risk mgt for integration & Standards compliance
risks A very comprehensive Risk Mgt for security & privacy
risks Risk mgt for EA program/project performance variance and
quality risks EA is a meta-discipline that includes risk management
that affects all its activities (Bernard, Chapter 1 - Page 34 &
Chapter 11 page 222) every EA activity is part of a living EA risk
management process Business case evaluates all the EA risks
identified This requires understanding what risk mgt is about,
which Bernard does not explain in details, but tutors can research
and share insights with students Risk mgt details for stakeholder
& business risks
(http://pubs.opengroup.org/architecture/togaf9-doc/arch/chap31.html)
EA Risk Management is everywhere in EA Program Plan
Slide 9
EA Programs Risk Management Plan Is like a projects risk
management plan for controlling the project or programs performance
variance in terms of: 1.Budget performance 2.Quality (including
testing) performance 3.Timeline performance Project/programs risk
management is NOT EA risk management which is about ensuring EA
modelling and management work complies to EA standards and
corporate/project governance policies/standards/guides.
Slide 10
EA Security & Privacy Plan As an EA Component Guides the
design, implementation and use of protective controls for every EA
component There is no 100% foolproof security because EA components
are designed and managed by humans and insider access is the
ultimate threat which cannot completely be overcome (Bernard, page
231)
Slide 11
Trends
Slide 12
Future Trends in EA Bernard, Chapter 13 Generally trends can
pose as opportunities & threats. When EA trends create new or
grow existing EA practice problems, they can be regarded as new and
emerging or existing and growing EA issues
Slide 13
More EA Trends Not all EA trends are EA issues
Slide 14
More EA Trends Not all EA trends are EA issues Impacts of new
technology designs on EA Trends
Slide 15
More EA Trends Not all EA trends are EA issues Impacts of new
technology designs on EA Trends In order to identify Big Data
Trends impacts on EA practice, one needs to firstly understand what
is Big Data, its enterprise ramifications, including complexity
challenges. Not all Big Data Trends impact EA practice.