Security Modelling in ArchiMate
•Download as PPTX, PDF•
3 likes•5,750 views
Main points covered: - the case for adopting a model -driven approach: the drivers & benefits of integrating security into EA models; - the techniques / design patterns for expressing security within ArchiMate's notational & grammar constraints; - a short demonstration of how these models can be used in practice Presenter: Steven is an independent consultant with 25+ years in IT. Based in Brussels, where he has undertaken major assignments for clients in the public sector, agencies, finance, telecoms and utilities and also lends his support to local cyber-security initiatives. Much of his work in recent years has been in the field of developing tools, processes and models to support security analysis. Steven holds numerous security, architecture and privacy certifications including SABSA Chartered Practitioner and ArchiMate 3.0. Date: August 28, 2019 Recorded webinar: https://www.youtube.com/watch?v=Bt1xRZQ5T58&t=3s
Report
Share
Report
Share
Recommended
Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...Prashanth Panduranga
The document provides an overview of enterprise architecture presented by Prashanth B P Panduranga, Director of Technology. Some key points include:
- Line of business workers and IT staff increasingly use unauthorized SaaS apps
- IT suppliers are targeting business users directly and line of business heads demand higher project velocity
- An enterprise architecture framework provides structures for developing architectures using common standards and building blocks
- Enterprise architecture applies principles and practices to guide business, information, process, and technology changes to execute organizational strategyEnterprise Security Architecture
The document discusses enterprise architecture frameworks and how they can help DreamKart, an ecommerce company facing several IT challenges. It describes the Zachman Framework, which provides a taxonomy for organizing architecture artifacts, and TOGAF, which defines an architecture development method (ADM) process. Using Zachman's taxonomy, DreamKart could classify artifacts, ensure all stakeholder perspectives are considered, and trace business requirements to technical implementations. However, Zachman alone does not provide a process for creating new architectures. TOGAF's ADM process could guide DreamKart in developing enterprise architectures by moving from generic to specific. Using both approaches could help address DreamKart's problems.
A Brief Introduction to Enterprise Architecture
Presentation to Metropolitan University (London) on the 16th Feb 2017.
The purpose of the session was to introduce core basic concepts around Enterprise Architecture and discuss the role of the Enterprise Architect .
Cloud architecture with the ArchiMate Language
This document discusses using the ArchiMate modeling language to model cloud architectures within an enterprise context. It provides an overview of ArchiMate 3.0 and shows how AWS web hosting reference architectures can be modeled at the technology layer. It demonstrates how ArchiMate can connect cloud solutions to enterprise strategy, business processes, and physical infrastructure. Adopting ArchiMate allows an organization to plan, design and ensure proper implementation of cloud solutions across the entire enterprise.
Enterprise Security Architecture
The document discusses enterprise security architecture, including its purpose and importance. It provides an overview of common architecture frameworks like Zachman, TOGAF, and SABSA that can be used for enterprise security architecture. It also discusses key concepts like taxonomy, matrix, metamodel, and lifecycle that are part of developing an enterprise security architecture. The document emphasizes the value of integrating the SABSA security framework with broader enterprise architecture frameworks like TOGAF to develop effective and agile security architectures.
Security-by-Design in Enterprise Architecture
The strategic importance of Information Security for organisations is gaining momentum. The current surge in cyber threats is compelling organisations to invest in information security to protect their assets. Rushing to protect assets often comes with the expense of excessive technology adoption without a valid strategic foundation. Enterprise Security Architecture is geared to address these issues, but is frequently misaligned with Enterprise Architecture. In this presentation we explore avenues for the adoption and enforcement of Security-By-Design in the Enterprise Architecture value-chain so as position Risk, Security and IT as true business enablers.
Modeling TOGAF with ArchiMate
The TOGAF® Architecture Development Method recommends that "an architecture description be encoded in a standard language". As the Open Group standard for enterprise modeling, Archimate is a strong candidate for this role. This presentation will explore how a diversified financial services company selected and is using Archimate for its TOGAF® implementation. The speaker will compare available enterprise modeling languages and explain why Archimate was selected, and will explain how his organization developed an enabling metamodel and diagram templates using a leading enterprise modeling tool. Methodology transition will also be covered, including how existing diagram types were mapped to TOGAF®, and how TOGAF® diagram content was mapped to Archimate.
Delivered at February 2011 Open Group San Diego Conference
IT4IT - The Full Story for Digital Transformation - Part 1
IT4IT - The Full Story for Digital Transformation end to end value chain and high level view of IT4IT Standard V2.1
Recommended
Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...Prashanth Panduranga
The document provides an overview of enterprise architecture presented by Prashanth B P Panduranga, Director of Technology. Some key points include:
- Line of business workers and IT staff increasingly use unauthorized SaaS apps
- IT suppliers are targeting business users directly and line of business heads demand higher project velocity
- An enterprise architecture framework provides structures for developing architectures using common standards and building blocks
- Enterprise architecture applies principles and practices to guide business, information, process, and technology changes to execute organizational strategyEnterprise Security Architecture
The document discusses enterprise architecture frameworks and how they can help DreamKart, an ecommerce company facing several IT challenges. It describes the Zachman Framework, which provides a taxonomy for organizing architecture artifacts, and TOGAF, which defines an architecture development method (ADM) process. Using Zachman's taxonomy, DreamKart could classify artifacts, ensure all stakeholder perspectives are considered, and trace business requirements to technical implementations. However, Zachman alone does not provide a process for creating new architectures. TOGAF's ADM process could guide DreamKart in developing enterprise architectures by moving from generic to specific. Using both approaches could help address DreamKart's problems.
A Brief Introduction to Enterprise Architecture
Presentation to Metropolitan University (London) on the 16th Feb 2017.
The purpose of the session was to introduce core basic concepts around Enterprise Architecture and discuss the role of the Enterprise Architect .
Cloud architecture with the ArchiMate Language
This document discusses using the ArchiMate modeling language to model cloud architectures within an enterprise context. It provides an overview of ArchiMate 3.0 and shows how AWS web hosting reference architectures can be modeled at the technology layer. It demonstrates how ArchiMate can connect cloud solutions to enterprise strategy, business processes, and physical infrastructure. Adopting ArchiMate allows an organization to plan, design and ensure proper implementation of cloud solutions across the entire enterprise.
Enterprise Security Architecture
The document discusses enterprise security architecture, including its purpose and importance. It provides an overview of common architecture frameworks like Zachman, TOGAF, and SABSA that can be used for enterprise security architecture. It also discusses key concepts like taxonomy, matrix, metamodel, and lifecycle that are part of developing an enterprise security architecture. The document emphasizes the value of integrating the SABSA security framework with broader enterprise architecture frameworks like TOGAF to develop effective and agile security architectures.
Security-by-Design in Enterprise Architecture
The strategic importance of Information Security for organisations is gaining momentum. The current surge in cyber threats is compelling organisations to invest in information security to protect their assets. Rushing to protect assets often comes with the expense of excessive technology adoption without a valid strategic foundation. Enterprise Security Architecture is geared to address these issues, but is frequently misaligned with Enterprise Architecture. In this presentation we explore avenues for the adoption and enforcement of Security-By-Design in the Enterprise Architecture value-chain so as position Risk, Security and IT as true business enablers.
Modeling TOGAF with ArchiMate
The TOGAF® Architecture Development Method recommends that "an architecture description be encoded in a standard language". As the Open Group standard for enterprise modeling, Archimate is a strong candidate for this role. This presentation will explore how a diversified financial services company selected and is using Archimate for its TOGAF® implementation. The speaker will compare available enterprise modeling languages and explain why Archimate was selected, and will explain how his organization developed an enabling metamodel and diagram templates using a leading enterprise modeling tool. Methodology transition will also be covered, including how existing diagram types were mapped to TOGAF®, and how TOGAF® diagram content was mapped to Archimate.
Delivered at February 2011 Open Group San Diego Conference
IT4IT - The Full Story for Digital Transformation - Part 1
IT4IT - The Full Story for Digital Transformation end to end value chain and high level view of IT4IT Standard V2.1
ITIL,COBIT and IT4IT Mapping
Mapping of practices from ITIL 4 to COBIT 2019 and IT4IT.
ITIL to COBIT Mapping
ITIL to IT4IT Mapping
IT4IT to COBIT Mapping
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Ana Kukec, Lead Enterprise Security Consultant, Enterprise Architects, Australia
The Open Group Architecture Forum and Security Forum agree that the coverage of security in TOGAF should be updated and improved. The understanding and focus of security architecture has moved from a threat-driven approach of addressing non-normative flaws through systems and applications to a risk-driven and business outcome-focused methodology of enabling a business strategy.
Following this trend, we defined fundamental characteristics of effective security architecture. 1) Capabilities are primary assets at risk, while information systems and technology components are secondary assets at risk supporting the primary assets. 2) Security requirements include the business aspects and not only the technology aspects of confidentiality, integrity and availability. 3) IT risk management is business-opportunity-driven. It requires understanding of risk appetite across business, information systems and technology architecture to manage security risks of vulnerabilities and compliance issues, which may arise at any layer of enterprise architecture in a business-outcome-focused way. 4) Security services are aligned to business drivers, goals and objectives, and managed in a risk-driven way.
Yet, there is no single security architecture development methodology to deliver these characteristics. We believe that existing information security standards and frameworks in a combination with the TOGAF are sufficient to meet the aforementioned fundamental characteristics of effective security architecture. However the challenge is in their integration. Our Enterprise Security Architecture Framework integrates key industry standards and best practices for information security and risk management, such as COBIT 5 for Information Security, ITILv3 Security Service Management, ISO/IEC 27000 and ISO/IEC 31000 families of standards, using the TOGAF Architecture Development Method and Content Meta-model as the key integrators. It is a pragmatic security architecture framework which establishes a common language between IT, security, risk and business organisations within an enterprise and ensures effective and efficient support of long-term security needs of both business and IT, with a risk-driven enterprise as a final outcome.
We will present a case study of the implementation of the aforementioned business-outcome-focused and risk-driven Enterprise Security Architecture Framework at the University of New South Wales.
Key takeaways:
-- Overview of a risk-driven and business-outcome-focused security architecture methodology seamlessly integrated with the TOGAF
-> Security strategic planning
-> Enterprise-wide compliance, internal (policies and standards) and external (laws and regulations
-> Business-opportunity driven management of security risk of threats, vulnerabilities and compliance issues across business, information systems and technology architecture
Building a Security Architecture
We will explore why the current industry approach to security is failing us. We will then discuss how building security as an architecture can raise the security level for any organization. An architectural approach is required to take security to the next level and defend against modern threats. We will discuss how you can use Cisco solutions to build a true security architecture.
What is the Value of Mature Enterprise Architecture TOGAF
This document summarizes the key points made by Judith Jones, CEO of Architecting the Enterprise, in her presentation at the Telelogic Conference on November 4th 2008 about the value of mature enterprise architecture. She discusses how enterprise architecture exists within every organization and affects its efficiency and effectiveness. It is not optional. She outlines TOGAF as the industry standard architecture framework and how it provides best practices and professionalism. Mature enterprise architecture helps organizations get work done quicker, reduce risks, and lower running costs, demonstrating its business value.
Enterprise Architecture - TOGAF Overview
Mohamed Sami provides an overview of enterprise architecture and TOGAF. He explains that enterprise architecture is a conceptual blueprint that defines the structure and operation of an organization to help it achieve its objectives. TOGAF is introduced as the most widely adopted architecture framework, with components that include the Architecture Development Method, guidelines and techniques, and a framework for architecture content and building blocks.
Enterprise Architecture
During last few years, role of Enterprise Architecture has expanded from technical to strategic in an Organization. This slide deck presents: Using Enterprise Architecture in your Organization.
Modelling Security Architecture
The intent of the paper is to propose a simple yet comprehensive technique to model enterprise security architecture and design aligned to SABSA that enables –
Standardisation of SABSA Enterprise Security Architecture framework by formalizing common language used in the form of ESA modelling notation
Reusability of model artefacts (not documents) to enable enterprise and department level collaboration and knowledge management
Generic or organisation specific Library of assets for various ESA artefacts such as – Business attribute profile(s), security services, mechanisms and components and associated views
Tool-assisted development using a separate toolbox for ESA that augments Enterprise Architecture (ToGAF) modelling using Archimate.
Define an EA Operating Model
Your Challenge
It is difficult to start the project, engage the right people, and find the necessary requirements to drive the value of an enterprise architecture operating model.
It is challenging to navigate the common enterprise architecture (EA) frameworks and right-size them for your organization.
The EA practice may struggle to effectively collaborate with the business when making decisions, resulting in outcomes that fail to engage stakeholders.
Our Advice
Critical Insight
The benefits of an EA program are only realized when all components of the operating model enable the achievement of the program goals and objectives. Many times organizations overplay the governance card while ignoring the motivational aspects that can be addressed through the organization's structure or stakeholder relations.
Info-Tech’s methodology ensures that all components of an EA operating model are considered to optimize the performance of the EA program.
Impact and Result
Place and structure your EA team to address the needs of stakeholders and deliver on the previously created strategy.
Create an engagement model by understanding each relevant process of COBIT 5 and make stakeholder interaction cards to initiate conversations.
Recognize the need for governance and formulate the appropriate boards while considering various policies, principles, and compliance.
Develop a unique architecture development framework based on best-practice approaches with an understanding of the various architectural views to ensure the creation of a successful process.
Build a communication plan and roadmap to efficiently navigate through enterprise change and involve the necessary stakeholders.
TOGAF 9.2 - Transforming Business
The latest version of the TOGAF standard has special emphasis on Business Architecture, Digital Trends, and Business Transformation beyond IT. Stuart Macgregor takes us through some of these changes to the TOGAF® 9.2 standard and discuss how they will benefit us.
Enterprise Architecture Implementation And The Open Group Architecture Framew...
The document discusses enterprise architecture and TOGAF. It defines enterprise architecture as a framework for addressing the increasing complexity of IT systems and poor alignment between business and IT needs. TOGAF provides a framework for developing enterprise architecture, with the goal of improving business-IT alignment and allowing organizations to better respond to changing business needs. The document outlines challenges in developing enterprise architecture and stresses the importance of balancing strategic planning with technology solutions.
Togaf 9.2 Introduction
The document provides an agenda for an enterprise architecture presentation covering topics such as EA introductions, frameworks, content modeling, repositories, development methods, and updates to business architecture and EA tools. It includes diagrams to illustrate EA concepts such as relating EA to Lego blocks, architecture domains, and the enterprise continuum for categorizing architecture. The presentation aims to provide an overview of enterprise architecture and discuss best practices.
Approach To It Strategy And Architecture
The document discusses an approach to IT strategy and architecture that aligns business and IT to enable organizations to adapt to constant change. It presents a framework with four views: business, functional, technical, and implementation. The business view defines goals and drivers. The functional view describes how the solution will be used. The technical view specifies how the system will be built. The implementation view details how the solution will be delivered. It advocates for stakeholder participation and using principles, models, and standards across the views.
ArchiMate® 3.0 - Trick or Treat?
In this presentation Bruno Vandenborre, The Open Group accredited trainer at Real IRM, explores the purpose and utility of the new version of the ArchiMate standard. As well as a look at the updates and changes to the new version, he discusses the various responses and critiques to ArchiMate, and provide insight into how ArchiMate benefits the South African market.
Solution Architecture Framework
Solution Architecture Framework:
1. Conceptual Architecture
2. Logical Architecture
3. Physical Architecture
Implementing Effective Enterprise Architecture
This document provides an overview of implementing an effective enterprise architecture program. It begins with some disclaimers about competing perspectives on EA. It then discusses the architecture continuum from enterprise to system level. Key aspects of a successful EA program covered include gaining executive sponsorship, starting small and showing quick wins, formalizing governance processes, and planning for both centralization initially and eventual federation. The presentation emphasizes communicating value and celebrating successes.
ArchiMate technology layer - Simplify the models
Modeling the technology layer. Learn how to select the right building blocks
This document shows alternatives to simplify models and modeling.
EA foundations (Views, Repository, Artifacts and Metamodel)
The document provides an overview of enterprise architecture foundations, including stakeholders, views and viewpoints, the enterprise continuum, and architecture repositories. It explains that the enterprise continuum classifies architecture and solution artifacts and consists of the architecture, solution, and enterprise continua. The architecture continuum shows the relationships between foundational, common, industry, and enterprise architectures, aiming to discover commonality and eliminate redundancy. It also establishes an architecture repository structure and tool standardization.
EA Intensive Course "Building Enterprise Architecture" by mr.danairat
This document outlines the agenda for a two-day course on building enterprise architecture. Day one covers introductions, current architecture challenges, the need for enterprise architecture, definitions of enterprise architecture, reference architecture frameworks, and group workshops. Day two covers maturity models, technology platforms, the TOGAF standard, cloud computing roadmaps, governance, and building a target architecture.
Strategic Enterprise Architecture Roadmap
Sample slide describing a Strategic Enterprise Architecture Roadmap to Evolve Corporate IT towards a SOA Architecture
Enterprise Security Architecture
Enterprise Architecture
Enterprise Architectural Methodologies
A Brief History of Enterprise Architecture
Zachman Framework
Business Attributes
Features & Advantages
SABSA Lifecycle
SABSA Development Process
SMP Maturity Levels
Developing IIOT System Using Microservices and Its Architectural Evaluation U...
My Speech at Saturn 2019. This presentation is about
the SEI Architecture Tradeoff Analysis Method (ATAM) based architectural analysis of a IIOT system that collects data from thousands of end devices for recording, analysis and display,
and its risks, sensitivity points, and tradeoffs identified during scenario-based analysis.
Presentation of se
This document provides information about system engineering. It defines system engineering as an approach to design, implement, and evaluate complex systems. It lists several jobs that system engineers can have, such as system engineer, safety engineer, and space craft system engineer. It describes some of the duties of system engineers, which include ensuring everything works properly, creating new ideas, and coordinating with others. The document discusses elements of computer-based systems, including software, hardware, people, databases, documentation, and procedures. It also covers topics like system modeling, business process engineering, system architectures, product engineering, and requirements engineering.
More Related Content
What's hot
ITIL,COBIT and IT4IT Mapping
Mapping of practices from ITIL 4 to COBIT 2019 and IT4IT.
ITIL to COBIT Mapping
ITIL to IT4IT Mapping
IT4IT to COBIT Mapping
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Ana Kukec, Lead Enterprise Security Consultant, Enterprise Architects, Australia
The Open Group Architecture Forum and Security Forum agree that the coverage of security in TOGAF should be updated and improved. The understanding and focus of security architecture has moved from a threat-driven approach of addressing non-normative flaws through systems and applications to a risk-driven and business outcome-focused methodology of enabling a business strategy.
Following this trend, we defined fundamental characteristics of effective security architecture. 1) Capabilities are primary assets at risk, while information systems and technology components are secondary assets at risk supporting the primary assets. 2) Security requirements include the business aspects and not only the technology aspects of confidentiality, integrity and availability. 3) IT risk management is business-opportunity-driven. It requires understanding of risk appetite across business, information systems and technology architecture to manage security risks of vulnerabilities and compliance issues, which may arise at any layer of enterprise architecture in a business-outcome-focused way. 4) Security services are aligned to business drivers, goals and objectives, and managed in a risk-driven way.
Yet, there is no single security architecture development methodology to deliver these characteristics. We believe that existing information security standards and frameworks in a combination with the TOGAF are sufficient to meet the aforementioned fundamental characteristics of effective security architecture. However the challenge is in their integration. Our Enterprise Security Architecture Framework integrates key industry standards and best practices for information security and risk management, such as COBIT 5 for Information Security, ITILv3 Security Service Management, ISO/IEC 27000 and ISO/IEC 31000 families of standards, using the TOGAF Architecture Development Method and Content Meta-model as the key integrators. It is a pragmatic security architecture framework which establishes a common language between IT, security, risk and business organisations within an enterprise and ensures effective and efficient support of long-term security needs of both business and IT, with a risk-driven enterprise as a final outcome.
We will present a case study of the implementation of the aforementioned business-outcome-focused and risk-driven Enterprise Security Architecture Framework at the University of New South Wales.
Key takeaways:
-- Overview of a risk-driven and business-outcome-focused security architecture methodology seamlessly integrated with the TOGAF
-> Security strategic planning
-> Enterprise-wide compliance, internal (policies and standards) and external (laws and regulations
-> Business-opportunity driven management of security risk of threats, vulnerabilities and compliance issues across business, information systems and technology architecture
Building a Security Architecture
We will explore why the current industry approach to security is failing us. We will then discuss how building security as an architecture can raise the security level for any organization. An architectural approach is required to take security to the next level and defend against modern threats. We will discuss how you can use Cisco solutions to build a true security architecture.
What is the Value of Mature Enterprise Architecture TOGAF
This document summarizes the key points made by Judith Jones, CEO of Architecting the Enterprise, in her presentation at the Telelogic Conference on November 4th 2008 about the value of mature enterprise architecture. She discusses how enterprise architecture exists within every organization and affects its efficiency and effectiveness. It is not optional. She outlines TOGAF as the industry standard architecture framework and how it provides best practices and professionalism. Mature enterprise architecture helps organizations get work done quicker, reduce risks, and lower running costs, demonstrating its business value.
Enterprise Architecture - TOGAF Overview
Mohamed Sami provides an overview of enterprise architecture and TOGAF. He explains that enterprise architecture is a conceptual blueprint that defines the structure and operation of an organization to help it achieve its objectives. TOGAF is introduced as the most widely adopted architecture framework, with components that include the Architecture Development Method, guidelines and techniques, and a framework for architecture content and building blocks.
Enterprise Architecture
During last few years, role of Enterprise Architecture has expanded from technical to strategic in an Organization. This slide deck presents: Using Enterprise Architecture in your Organization.
Modelling Security Architecture
The intent of the paper is to propose a simple yet comprehensive technique to model enterprise security architecture and design aligned to SABSA that enables –
Standardisation of SABSA Enterprise Security Architecture framework by formalizing common language used in the form of ESA modelling notation
Reusability of model artefacts (not documents) to enable enterprise and department level collaboration and knowledge management
Generic or organisation specific Library of assets for various ESA artefacts such as – Business attribute profile(s), security services, mechanisms and components and associated views
Tool-assisted development using a separate toolbox for ESA that augments Enterprise Architecture (ToGAF) modelling using Archimate.
Define an EA Operating Model
Your Challenge
It is difficult to start the project, engage the right people, and find the necessary requirements to drive the value of an enterprise architecture operating model.
It is challenging to navigate the common enterprise architecture (EA) frameworks and right-size them for your organization.
The EA practice may struggle to effectively collaborate with the business when making decisions, resulting in outcomes that fail to engage stakeholders.
Our Advice
Critical Insight
The benefits of an EA program are only realized when all components of the operating model enable the achievement of the program goals and objectives. Many times organizations overplay the governance card while ignoring the motivational aspects that can be addressed through the organization's structure or stakeholder relations.
Info-Tech’s methodology ensures that all components of an EA operating model are considered to optimize the performance of the EA program.
Impact and Result
Place and structure your EA team to address the needs of stakeholders and deliver on the previously created strategy.
Create an engagement model by understanding each relevant process of COBIT 5 and make stakeholder interaction cards to initiate conversations.
Recognize the need for governance and formulate the appropriate boards while considering various policies, principles, and compliance.
Develop a unique architecture development framework based on best-practice approaches with an understanding of the various architectural views to ensure the creation of a successful process.
Build a communication plan and roadmap to efficiently navigate through enterprise change and involve the necessary stakeholders.
TOGAF 9.2 - Transforming Business
The latest version of the TOGAF standard has special emphasis on Business Architecture, Digital Trends, and Business Transformation beyond IT. Stuart Macgregor takes us through some of these changes to the TOGAF® 9.2 standard and discuss how they will benefit us.
Enterprise Architecture Implementation And The Open Group Architecture Framew...
The document discusses enterprise architecture and TOGAF. It defines enterprise architecture as a framework for addressing the increasing complexity of IT systems and poor alignment between business and IT needs. TOGAF provides a framework for developing enterprise architecture, with the goal of improving business-IT alignment and allowing organizations to better respond to changing business needs. The document outlines challenges in developing enterprise architecture and stresses the importance of balancing strategic planning with technology solutions.
Togaf 9.2 Introduction
The document provides an agenda for an enterprise architecture presentation covering topics such as EA introductions, frameworks, content modeling, repositories, development methods, and updates to business architecture and EA tools. It includes diagrams to illustrate EA concepts such as relating EA to Lego blocks, architecture domains, and the enterprise continuum for categorizing architecture. The presentation aims to provide an overview of enterprise architecture and discuss best practices.
Approach To It Strategy And Architecture
The document discusses an approach to IT strategy and architecture that aligns business and IT to enable organizations to adapt to constant change. It presents a framework with four views: business, functional, technical, and implementation. The business view defines goals and drivers. The functional view describes how the solution will be used. The technical view specifies how the system will be built. The implementation view details how the solution will be delivered. It advocates for stakeholder participation and using principles, models, and standards across the views.
ArchiMate® 3.0 - Trick or Treat?
In this presentation Bruno Vandenborre, The Open Group accredited trainer at Real IRM, explores the purpose and utility of the new version of the ArchiMate standard. As well as a look at the updates and changes to the new version, he discusses the various responses and critiques to ArchiMate, and provide insight into how ArchiMate benefits the South African market.
Solution Architecture Framework
Solution Architecture Framework:
1. Conceptual Architecture
2. Logical Architecture
3. Physical Architecture
Implementing Effective Enterprise Architecture
This document provides an overview of implementing an effective enterprise architecture program. It begins with some disclaimers about competing perspectives on EA. It then discusses the architecture continuum from enterprise to system level. Key aspects of a successful EA program covered include gaining executive sponsorship, starting small and showing quick wins, formalizing governance processes, and planning for both centralization initially and eventual federation. The presentation emphasizes communicating value and celebrating successes.
ArchiMate technology layer - Simplify the models
Modeling the technology layer. Learn how to select the right building blocks
This document shows alternatives to simplify models and modeling.
EA foundations (Views, Repository, Artifacts and Metamodel)
The document provides an overview of enterprise architecture foundations, including stakeholders, views and viewpoints, the enterprise continuum, and architecture repositories. It explains that the enterprise continuum classifies architecture and solution artifacts and consists of the architecture, solution, and enterprise continua. The architecture continuum shows the relationships between foundational, common, industry, and enterprise architectures, aiming to discover commonality and eliminate redundancy. It also establishes an architecture repository structure and tool standardization.
EA Intensive Course "Building Enterprise Architecture" by mr.danairat
This document outlines the agenda for a two-day course on building enterprise architecture. Day one covers introductions, current architecture challenges, the need for enterprise architecture, definitions of enterprise architecture, reference architecture frameworks, and group workshops. Day two covers maturity models, technology platforms, the TOGAF standard, cloud computing roadmaps, governance, and building a target architecture.
Strategic Enterprise Architecture Roadmap
Sample slide describing a Strategic Enterprise Architecture Roadmap to Evolve Corporate IT towards a SOA Architecture
Enterprise Security Architecture
Enterprise Architecture
Enterprise Architectural Methodologies
A Brief History of Enterprise Architecture
Zachman Framework
Business Attributes
Features & Advantages
SABSA Lifecycle
SABSA Development Process
SMP Maturity Levels
What's hot (20)
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
What is the Value of Mature Enterprise Architecture TOGAF
What is the Value of Mature Enterprise Architecture TOGAF
Enterprise Architecture Implementation And The Open Group Architecture Framew...
Enterprise Architecture Implementation And The Open Group Architecture Framew...
EA foundations (Views, Repository, Artifacts and Metamodel)
EA foundations (Views, Repository, Artifacts and Metamodel)
EA Intensive Course "Building Enterprise Architecture" by mr.danairat
EA Intensive Course "Building Enterprise Architecture" by mr.danairat
Similar to Security Modelling in ArchiMate
Developing IIOT System Using Microservices and Its Architectural Evaluation U...
My Speech at Saturn 2019. This presentation is about
the SEI Architecture Tradeoff Analysis Method (ATAM) based architectural analysis of a IIOT system that collects data from thousands of end devices for recording, analysis and display,
and its risks, sensitivity points, and tradeoffs identified during scenario-based analysis.
Presentation of se
This document provides information about system engineering. It defines system engineering as an approach to design, implement, and evaluate complex systems. It lists several jobs that system engineers can have, such as system engineer, safety engineer, and space craft system engineer. It describes some of the duties of system engineers, which include ensuring everything works properly, creating new ideas, and coordinating with others. The document discusses elements of computer-based systems, including software, hardware, people, databases, documentation, and procedures. It also covers topics like system modeling, business process engineering, system architectures, product engineering, and requirements engineering.
Modern Architecture in the Cloud of 2018 (IT Camp 2018)
Today, the large public Clouds - Azure and AWS - deploy at high-speed a diversity of services and features. Between Azure Functions, Event Grid, Azure VM Scale Sets, or Logic Apps, what to choose? Shall I go on Microservices? Event-Driven? Lambda Architecture? Deploy on Serverless? Containers? Modern Compute? Let's put a bit of order in all that. Enter the Modern Architecture, the foundation of all the new wave of Cloud services and not only. Session focused on application and infrastructure architecture, examples based on Cloud, perspectives and roadmap of the corresponding services at Microsoft.
The Changing Role of a DBA in an Autonomous World
The advent of the cloud and the introduction of Oracle Autonomous Database Cloud presents opportunities for every organization, but what's the future role for the DBA? This presentation explores how the role of the DBA will continue to evolve, and provides advice on key skills required to be a successful DBA in the world of the cloud.
Best Practices Building Cloud Scale Apps with Microservices
This presentation covers general engineering and organizational principles for microservices, with 11 specific topics for best practices.
Performance Testing
The document discusses creating an effective performance testing strategy. It emphasizes that performance should be considered early in the development cycle. A good strategy defines goals, stakeholders, workflows to test, and the types of tests to run. It also evaluates tools for requirements like monitoring. Proper planning is needed for measures, reporting, load scenarios, and environments. The strategy ensures performance testing aligns with business objectives and provides insights to optimize systems.
Algorithmic auditing 1.0
Mathematical Finance & Financial Data Science Seminar
AI and machine learning are entering every aspect of our life. Marketing, autonomous driving, personalization, computer vision, finance, wearables, travel are all benefiting from the advances in AI in the last decade. As more and more AI applications are being deployed in enterprises, concerns are growing about potential "AI accidents" and the misuse of AI. With increased complexity, some are questioning whether the models actually work! As the debate about fairness, bias, and privacy grow, there is increased attention to understanding how the models work and whether the models are thoroughly tested and designed to address potential issues.
The area "Responsible AI" is fast emerging and becoming an important aspect of the adoption of machine learning and AI products in the enterprise. Companies are now incorporating formal ethics reviews, model validation exercises, and independent algorithmic auditing to ensure that the adoption of AI is transparent and has gone through formal validation phases.
In this talk, Sri will introduce Algorithmic auditing and discuss why Algorithmic auditing will be a formal process industries using AI will need. Sri will also discuss the emerging risks in the adoption of AI and discuss how QuSandbox, his company is building, will address the emerging needs of formal Algorithmic auditing practices in enterprises.
MicroServices-Part-1.pdf
The document discusses microservices architecture and related concepts:
1. It compares monolithic and microservices architecture, noting that microservices are organized around business capabilities rather than projects, with each service having its own code pipeline and deployment.
2. Communication between microservices is achieved through message-based communication, with each service focusing on a specific business capability within a bounded context.
3. The document outlines some of the benefits of microservices including that they are robust, scalable, testable, and allow for independent deployment of services. It also notes some challenges like added complexity, skillset requirements, and the need for teams to manage full lifecycles of their services.
Secure Design: Threat Modeling
Why are code reviews and penetration tests not enough to secure your organization’s software? This presentation explores the importance of threat modeling in the security journey.
An intro to building an architecture repository meta model and modeling frame...
This document discusses building an architecture repository meta-model and modeling framework. It describes how a modeling framework consists of a stakeholder framework, viewpoint framework, and modeling standards to ensure models are organized, consistent and address stakeholder concerns. It explains how well-formed models that comply with the modeling framework and meta-model can be imported into a repository database to generate analytics and insights. The meta-model defines the schema for the repository database.
Agile Development – Why requirements matter
During the Agile Austria Conference 2017, Graz, Austria
Speaker: Fariz Saracevic
This session will examine how requirements management can bring significant value to agile development teams.
Single Source of Truth for Network Automation
The document discusses the journey of network automation from simple reporting to fully integrated automated businesses. It emphasizes establishing a single source of truth for network data through a data model and storing data in a centralized database. This enables templated configuration generation and automation of network and business processes through APIs, workers, and tools that interface with the centralized data. Proper software architecture like separating customer and infrastructure data, using APIs, workers and templating promotes flexibility, testability and the ability to configure networks and businesses rather than individual devices.
Agile Development – Why requirements matter by Fariz Saracevic
The clear benefits of agile development is a better collaboration, incremental delivery, early error detection and the elimination of unnecessary work—have made it the default approach for many teams. Some developers have questioned whether requirements fall into the category of unnecessary work, and can be cut down or even completely eliminated. Meanwhile, teams developing complex products, systems and regulated IT continue to have requirements-driven legacy processes.
So how does requirements management fit in an agile world? This meetup will take a look at requirements management and how it can bring significant value to agile development in regulated IT and complex product development projects, and sets out the characteristics of an effective requirements management approach in an agile environment.
2016-03-02 research seminar
This document summarizes the research of a PhD student on developing a distributed business intelligence system using a multi-agent approach. It outlines the student's research objectives, questions, and methodology. The methodology involves applying agent-oriented modeling and design science principles. Domain and goal models are developed to analyze the problem. An architecture is proposed that uses various agent types like facilitator, miner, and aggregator agents. Communication protocols and exception handling are also discussed. Future work involves further developing the design and implementing an experimental system.
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"
The document discusses 12 leading causes of failures in cybersecurity architectures: 1) general confusion between models, frameworks, and architectures, 2) lack of accountability, 3) not having a cybersecurity architect, 4) lacking architecture principles, 5) considering standards as architectures, 6) poorly identified requirements, 7) skipping the architectural design guide, 8) eliminating the blueprint, 9) improperly layering defenses, 10) not taking a risk-based approach, 11) not understanding control relationships, and 12) excluding service management. The key to success is engaging an architect, following guidelines, distinguishing standards from architectures, prioritizing business needs, documenting outcomes, and implementing metrics.
Better application architecture with #microservices and
#BPM (as APaaS)
The document discusses using microservices and business process management (BPM) to improve application architecture. It addresses typical IT concerns like time-to-market, governance, and costs. The document recommends developing solutions as independently deployable microservices and refactoring existing systems into microservices. It also discusses challenges like defining microservice granularity and target application architectures when using microservices and BPM.
Accelerating Enterprise Cloud Adoption: Automate Security to Migrate Faster
The document discusses accelerating enterprise cloud adoption through automating security. It provides answers to common CIO questions about implementing guidelines for logging, auditing and monitoring resources, policy enforcement recommendations, assessing threats and building threat maps. Best practices discussed include using packaged cloud resources and infrastructure as code for resource management, and AWS Infrastructure Awareness and automated policy assignment for security. The document promotes strategic partnerships to provide security tools through AWS billing and technical expertise.
ITAM AUS 2017 How to get SAM happily frolicking on the Cloud
The document summarizes the key topics from the ITAM Review Australia Conference 2017. It discusses how to manage assets across hardware, software, cloud and services. It provides an overview of asset management tools and processes, comparing ITSM and ITAM approaches. It also outlines the steps to evolve an asset management program from initial setup to ongoing optimization, covering hardware, software, cloud and establishing processes.
apidays London 2023 - Why and how to apply DDD to APIs, Radhouane Jrad, QBE E...
apidays London 2023 - APIs for Smarter Platforms and Business Processes
September 13 & 14, 2023
Why and how to apply DDD to APIs
Radhouane Jrad, Lead Integration Architect at QBE Europe
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
How to Build TOGAF Architectures With System Architect (2).ppt
This document provides an agenda and overview for a TOGAF workshop on building enterprise architectures with System Architect. The agenda covers introducing TOGAF preliminary stages, business architecture, the business service layer, information systems architecture, application portfolio management, and analysis. It discusses modeling functions, processes, services, and applications. It also describes leveraging reference models, integrating with tools like Visio and Blueworks Live, and using the FEA Services Reference Model and TMForum models. The labs guide attending building out the different architecture components in System Architect.
Similar to Security Modelling in ArchiMate (20)
Developing IIOT System Using Microservices and Its Architectural Evaluation U...
Developing IIOT System Using Microservices and Its Architectural Evaluation U...
Modern Architecture in the Cloud of 2018 (IT Camp 2018)
Modern Architecture in the Cloud of 2018 (IT Camp 2018)
Best Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with Microservices
An intro to building an architecture repository meta model and modeling frame...
An intro to building an architecture repository meta model and modeling frame...
Agile Development – Why requirements matter by Fariz Saracevic
Agile Development – Why requirements matter by Fariz Saracevic
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"
Better application architecture with #microservices and
#BPM (as APaaS)
Better application architecture with #microservices and
#BPM (as APaaS)
Accelerating Enterprise Cloud Adoption: Automate Security to Migrate Faster
Accelerating Enterprise Cloud Adoption: Automate Security to Migrate Faster
ITAM AUS 2017 How to get SAM happily frolicking on the Cloud
ITAM AUS 2017 How to get SAM happily frolicking on the Cloud
apidays London 2023 - Why and how to apply DDD to APIs, Radhouane Jrad, QBE E...
apidays London 2023 - Why and how to apply DDD to APIs, Radhouane Jrad, QBE E...
How to Build TOGAF Architectures With System Architect (2).ppt
How to Build TOGAF Architectures With System Architect (2).ppt
More from PECB
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
Denis is a dynamic and results-driven Chief Information Officer (CIO) with a distinguished career spanning information systems analysis and technical project management. With a proven track record of spearheading the design and delivery of cutting-edge Information Management solutions, he has consistently elevated business operations, streamlined reporting functions, and maximized process efficiency.
Certified as an ISO/IEC 27001: Information Security Management Systems (ISMS) Lead Implementer, Data Protection Officer, and Cyber Risks Analyst, Denis brings a heightened focus on data security, privacy, and cyber resilience to every endeavor.
His expertise extends across a diverse spectrum of reporting, database, and web development applications, underpinned by an exceptional grasp of data storage and virtualization technologies. His proficiency in application testing, database administration, and data cleansing ensures seamless execution of complex projects.
What sets Denis apart is his comprehensive understanding of Business and Systems Analysis technologies, honed through involvement in all phases of the Software Development Lifecycle (SDLC). From meticulous requirements gathering to precise analysis, innovative design, rigorous development, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: May 29, 2024
Tags: Information Security, ISO/IEC 27001, ISO/IEC 42001, Artificial Intelligence, GDPR
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
General Data Protection Regulation (GDPR) - Training Courses - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Beyond the EU: DORA and NIS 2 Directive's Global Impact
The global implications of DORA and NIS 2 Directive are significant, extending beyond the European Union.
Amongst others, the webinar covers:
• DORA and its Implications
• Nis 2 Directive and its Implications
• How to leverage directive and regulation as a marketing tool and competitive advantage
• How to use new compliance framework to request additional budget
Presenters:
Christophe Mazzola - Senior Cyber Governance Consultant
Armed with endless Excel files, a meme catalog worthy of the best X'os (formerly twittos), and a risk register to make your favorite risk manager jealous, I swapped my computer scientist cape a few years ago for that of a (cyber) threat hunter with the honorary title of CISO.
Ah, and I am also a quadruple senior certified ISO27001/2/5, Pas mal non ? C'est francais.
Malcolm Xavier
Malcolm Xavier has been working in the Digital Industry for over 18 Years now. He has worked with Global Clients in South Africa, United States and United Kingdom. He has achieved Many Professional Certifications Like CISSP, Google Cloud Practitioner, TOGAF, Azure Cloud, ITIL v3 etc.
His core competencies include IT strategy, cybersecurity, IT infrastructure management, data center migration and consolidation, data protection and compliance, risk management and governance, and IS program development and management.
Date: April 25, 2024
Tags: Information Security, Digital Operational Resilience Act (DORA)
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: Digital Operational Resilience Act (DORA) - EN | PECB
NIS 2 Directive - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
In an era where digital transformation is inevitable, the landscape of cybersecurity is constantly evolving.
Amongst others, the webinar covers:
• DORA and its Implications
• ISO/IEC 27005: Risk Management in Information Security
• Leveraging Artificial Intelligence for Enhanced Cybersecurity
Presenters:
Geoffrey L. Taylor - Director of Cybersecurity
Geoffrey Taylor brings a wealth of experience from multiple roles within various industries throughout his career. As a Certified ISO 27001 Implementer and Auditor, as well as certified ISO 27005, CISM and CRISC, he brings a unique perspective on cybersecurity strategy, risk management and the implementation of an Information Security Management System, having helped multiple organizations in aligning their strategy based on their threat landscape.
Martin Tully - Senior Cyber Governance Consultant
Martin is a Senior Consultant at CRMG with over twenty years of experience, and has previously been employed at two of the ‘Big Four’ professional services firms. Martin has worked across most industry sectors in the development of the best practice guidance and risk analysis methodologies. Martin is also accomplished at: leading the implementation of an ISMS; delivering a number of information risk assessments; reviewing information security policies; assessing security requirements across the supply chain; and updating a complete framework of supporting standards. Prior to the ISF, Martin’s roles have included delivering operational risk reporting, running research projects and benchmarking information security investments for major clients. Martin holds a Bachelors degree from Royal Holloway University of London.
Date: March 27, 2024
Tags: ISO, ISO/IEC 27005, ISO/IEC 42001, Artificial Intelligence, Information Security, Digital Operational Resilience Act (DORA)
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27005 Information Security Risk Management - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/ffX-Xbw7XUk
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
In today’s rapidly evolving world, where Artificial Intelligence (AI) not only drives innovation but also presents unique challenges and opportunities, staying ahead means being informed.
Amongst others, the webinar covers:
• ISO/IEC 27001 and ISO/IEC 42001 and their key components
• Latest trends in AI Governance
• Ethical AI practices
• Benefits of Certification
Presenters:
Jeffrey Bankard - Cybersecurity & AI Leader, AI Management Systems: ISO/IEC 42001
Jeffrey provides executive leadership for AI product creation through the product incubation unit (PIU). Ensures the timely delivery of AI consulting engagements through cross-functional teams comprised of senior information and network security leaders to establish strategic goals for improving the security architecture and risk posture for clients. Consults with business leaders to define key performance indicators and service levels. Fosters employee development through mentoring and coaching. Decides how to achieve results within the organization’s strategic plans, policies, and guidelines. Develops new products and secures those products through current AI security guidelines (ISO 42001).
Adrian Resag - Experienced in Risk and Control - ISO/IEC 27001 and ISO/IEC 42001
Adrian believes a stimulating career can span many disciplines and that leading organizations value versatile professionals. He has enjoyed managing teams spanning the globe by working in world-leading organizations as Chief Audit Executive, Head of Risk Management, Information Systems Auditor, Head of Internal Control, as a consultant, a statutory auditor and an accountant. To allow such a diverse career, his approach has been to pursue certifications in many fields (making him one of the most qualified and certified in some of them). He has written books and created professional certifications in audit & assurance and compliance & ethics, and teaches in subjects from information security to risk management. With a passion for education, Adrian founded an educational institution and has taught tens of thousands of students and professionals online, in companies, universities and in governmental organizations.
Date: February 28, 2024
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/DujXaxBhhRk
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
The importance of a robust cybersecurity strategy cannot be overstated. Learning on the effective measures to be taken and tools needed to navigate the evolving cybersecurity landscape successfully is essential.
Amongst others, the webinar covers:
• ISO/IEC 27002 and ISO/IEC 27032 and their key components
• Key Components of a Resilient Cybersecurity Strategy
• CMMC Frameworks
Presenters:
Dr. Oz Erdem
Governance, Risk and Compliance (GRC) consultant, trainer, auditor, and speaker
Dr. Erdem has over 25 years of experience in information security, trade compliance, data privacy, and risk management. He took leadership roles in governance and compliance at various Fortune 100-500 companies and SMBs, including Siemens Corporation, Siemens Industry, Linqs, Texas Instruments, Rtrust, ICEsoft Technologies, NATO C3A, and BILGEM. In addition, successfully managed software development (i.e., embedded, cloud, and SaaS) and digital product projects involving information security, mobile networks, and IoT networks. Further, Dr. Erdem led several non-profit organizations, such as National Association of District Export Councils (NADEC), Government Contractors Council (GovConCouncil), and Central-North Florida District Export Council as the Chairman of the Board.
Peter Geelen
Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
George Usi - CEO of Omnistruct
An internet pioneer and award-winning leader in internet governance with over 25 years of experience, George Usi knows that getting hacked is not a matter of ‘if’ but, ‘when’ and the fiscal and reputational effects that has on a business, the executives, and the board. George is the Co-Founder of Omnistruct, a cyber risk company. Omnistruct protects and expands revenue creation, reputation, and customer retention through cyber risk transference, governance, and compliance. We ensure that security and privacy programs work.
Date: January 24, 2024
YouTube Video: https://youtu.be/9i5p5WFExT4
Website: https://bit.ly/3SjovIP
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
As we approach the new year, the importance of a robust cybersecurity strategy cannot be overstated. Learning on the effective measures to be taken and tools needed to navigate the evolving cybersecurity landscape successfully is essential.
Amongst others, the webinar covers:
• ISO/IEC 27001 and ISO/IEC 27035 and their key components
• Key Components of a Resilient Cybersecurity Strategy
• Best practices for building a resilient cybersecurity strategy in 2024
Presenters:
Rinske Geerlings
Rinske is an internationally known consultant, speaker and certified Business Continuity, Information Security & Risk Management trainer.
She was awarded Alumnus of the Year 2012 of Delft University, Australian Business Woman of the Year 2010-13 by BPW, Risk Consultant of the Year 2017 (RMIA/Australasia) and Outstanding Security Consultant 2019 Finalist (OSPAs)
Rinske has consulted to the Department of Prime Minister & Cabinet, 15 Central Banks, APEC, BBC, Shell, Fuji Xerox, NIB Health Funds, ASIC, Departments of Defense, Immigration, Health, Industry, Education, Foreign Affairs and 100s of other public and private organizations across 5 continents.
She has been changing the way organizations ‘plan for the unexpected’. Her facilitation skills enable organizations to achieve their own results and simplify their processes. She applies a fresh, energetic, fun, practical, easy-to-apply, innovative approach to BCM, Security, and Risk.
Her 'alter ego' includes being a lead singer in SophieG Music and contributing to the global charity playing for Change, which provides music education to children in disadvantaged regions.
Loris Mansiamina
A Senior GRC Professional consultant for Small, Medium and large companies. Over 10 years, Loris has been assisting clients in both public and private sectors about various matters relating to Gouvernance, Risk Management and Compliance (GRC), Digital transformation, cyber security program management, ISO 27k & ISO 20k implementation, COBIT & ITIL implementation, etc.
Date: December 19, 2023
Tags: ISO, ISO/IEC 27001, ISO/IEC 27035, Cybersecurity, Information Security
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
ISO/IEC 27035 Information Security Incident Management - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/yT8gxRZD_4c
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
In today's rapidly evolving digital landscape, the integration of artificial intelligence (AI) in business processes is becoming increasingly essential. Hence, it is crucial to stay informed and prepared.
Amongst others, the webinar covers:
• ISO/IEC 27005 and ISO/IEC 27001 and their key components
• The standard’s alignment
• Identifying AI risks and vulnerabilities
• Implementing effective risk management strategies
Presenters:
Sabrina Feddal
With more than 16 years of background in operational security, telco as engineer and project manager for major international companies. I have founded Probe I.T in 2016 to provide my customers (both national and international) with GRC services. Winner of the 2020 award, the CEFCYS – Main French Women in cybersecurity association - jury's favorite, she remains committed on a daily basis to maintaining diversity and gender diversity in her teams.
Passionate about Law, History & Cybersecurity. She has several professional certifications acquired over the course of her career: Prince2, CISSP, Lead Implementer ISO27001, Risk Manager, University degree in Cybercrime and Digital Investigation.
Her values: excellence, discretion, professionalism.
Mike Boutwell
Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects.
Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director.
Date: November 22, 2023
Tags: ISO, ISO/IEC 27001, ISO/IEC 27005, Cybersecurity, Information Security
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
ISO/IEC 27005 Information Security Risk Management - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/TtnY1vzHzns
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
In today's digital age, cybersecurity is more critical than ever. Hence, it is crucial to stay informed and prepared.
Amongst others, the webinar covers:
• ISO/IEC 27032:2023 and ISO/IEC 27701 and their key components
• The standard’s alignment
• Emerging Cybersecurity Threats
• What is new to the ISO/IEC 27032:2023
Presenters:
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Jeffrey Crump
Mr. Jeffrey Crump is the Principal Consultant at Arizona-based Cyber Security Training and Consulting LLC and a graduate of the Certified NIS 2 Directive Lead Implementer course. He is a Certified CMMC Assessor, Certified CMMC Professional, and Instructor. Mr. Crump is also the author of Cyber Crisis Management Planning: How to reduce cyber risk and increase organizational resilience. His book has been expanded into a triad of certification courses on cyber crisis planning, exercises, and leadership.
Date: October 25, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/a21uasr8aLs
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
Cybersecurity is an ongoing journey. The regular update and improvement of security measures is essential to stay ahead of evolving threats.
Amongst others, the webinar covers:
• Benefits of Compliance
• Digital Transformation: Why
• ISO/IEC 27001 and ISO/IEC 27032
• ISO/IEC 27001: Information Security Management System (ISMS)
• ISO/IEC 27032: Cybersecurity Framework
Presenters:
Douglas Brush
Douglas Brush is a federally court-appointed Special Master, and Court Appointed Neutral expert in high-profile litigation matters involving privacy, security, and eDiscovery.
He is an information security executive with over 30 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cybersecurity, incident response, digital forensics, and information governance. In addition to serving as a CISO and leading enterprise security assessments, he has conducted hundreds of investigations involving hacking, data breaches, trade secret theft, employee malfeasance, and various other legal and compliance issues.
He is the founder and host of Cyber Security Interviews, a popular information security podcast.
Douglas is also committed to raising awareness about mental health, self-care, neurodiversity, diversity, equity, and inclusion, in the information security industry.
Malcolm Xavier
Malcolm Xavier has been working in the Digital Industry for over 18 Years now. He has worked with Global Clients in South Africa, United States and United Kingdom. He has achieved Many Professional Certifications Like CISSP, Google Cloud Practitioner, TOGAF, Azure Cloud, ITIL v3 etc.
His core competencies include IT strategy, cybersecurity, IT infrastructure management, data center migration and consolidation, data protection and compliance, risk management and governance, and IS program development and management.
Carole Njoya
Founder in 2018 of Alcees, a Paris-based management consulting fabric specialized in cybersecurity, data privacy governance and digital trust, Carole Njoya provides independent, tailored and expert advisory to companies doing business in European markets and serving both B2B and B2C customers. With more than 100 cybersecurity projects delivered, she assists entities in preparing, implementing and maintaining the right best practices under the ISO 27001 compliance framework and GDPR article 25 obligation (Privacy by design) for their vendors. Carole Njoya featured in the « Women Know Cybersecurity » 2019 Twitter list edited by Cybercrime Magazine. Carole Njoya is committed in science and engineering since pre-teen period.
Date: September 27, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
YouTube video: https://youtu.be/U7tyzUrh8aI
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
The management of AI systems is a shared responsibility. By implementing the ISO 31000 Framework and complying with emerging regulations like the EU ACT, we can jointly create a more reliable, secure, and trustworthy AI ecosystem.
Amongst others, the webinar covers:
• Understanding AI and the regulatory landscape
• AI and the threat landscape
• A risk driven approach to AI assurance - based on ISO 31000 principles
• Stress testing to evaluate risk exposure
Presenters:
Chris Jefferson
Chris is the Co-Founder and CTO at Advai. As the Co-Founder of Advai, Chris is working on the application of defensive techniques to help protect AI and Machine Learning applications from being exploited. This involves work in DevOps and MLOps to create robust and consistent products that support multiple platforms, such as cloud, local, and edge.
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG. Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant. In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense that prioritized key risks to the organisation and helped minimize disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicist in the Oil and Gas Industry.
Date: August 24, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-31000
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/MXnHC6AvjXc
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Generative AI offers great opportunities for innovation in various industries. Hence, by adopting ISO/IEC 27032, you can enhance your cybersecurity resilience and efficiently address the risks associated with generative AI.
Amongst others, the webinar covers:
• AI & Privacy
• Generative AI, Models & Cybersecurity
• AI & ISO/IEC 27032
Presenters:
Christian Grafenauer
Anonymization expert, privacy engineer, data protection officer, LegalTech researcher (GDPR, Blockchain, AI) Christian Grafenauer is an accomplished privacy engineer, anonymization expert, and computer science specialist, currently serving as the project lead for anonymity assessments at techgdpr. With an extensive background as a senior architect in Blockchain for IBM and years of research in the field since 2013, Christian co-founded privacy by Blockchain design to explore the potential of Blockchain technology in revolutionizing privacy and internet infrastructure. As a dedicated advocate for integrating legal and computer science disciplines, Christian’s expertise in anonymization and GDPR compliance enables innovative AI applications, ensuring a seamless fusion of technology and governance, particularly in the realm of smart contracts. In his role at techgdpr, he supports technical compliance, Blockchain, and AI initiatives, along with anonymity assessments. Christian also represents consumer interests as a member of the national Blockchain and DTL standardization committee at din (German standardization institute) in ISO/TC 307.
Akin Johnson
Akin J. Johnson is a renowned Cybersecurity Expert, known for his expertise in protecting digital systems from potential threats. With over a decade of experience in the field, Akin has developed a deep understanding of the ever-evolving cyber landscape.
Akin is an advocate for cybersecurity awareness and frequently shares his knowledge through speaking engagements, workshops, and publications. He firmly believes in the importance of educating individuals and organizations on the best practices for safeguarding their digital assets.
Lucas Falivene
Lucas is a highly experienced cybersecurity professional with a solid base in business, information systems, information security, and cybersecurity policy-making. A former Fulbright scholar with a Master of Science degree in Information Security Policy and Management at Carnegie Mellon University (Highest distinction) and a Master's degree in Information Security at the University of Buenos Aires (Class rank 1st). Lucas has participated in several trainings conducted by the FBI, INTERPOL, OAS, and SEI/CERT as well as in the development of 4 cyber ISO national standards.
Date: July 26, 2023
YouTube Link: https://youtu.be/QPDcROniUcc
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
By embracing the importance of GDPR and leveraging ISO/IEC 27701, you can enhance your data protection practices, achieve compliance, and minimize the risk of penalties.
Amongst others, the webinar covers:
Importance of Data Protection
Understanding Data Collection and Challenges
Introduction to GDPR
Key Principles of GDPR
Who does GDPR Apply to and Its Global Implications
Introduction to ISO/IEC 27701
Implementing ISO/IEC 27701
Privacy by Design
Dealing with IT on a Daily Basis
Building Awareness and Training
Audit, Data Discovery, and Risk Assessments
Presenters:
Mike Boutwell
Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects.
Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director.
Lisa Goldsmith
Lisa Goldsmith is the founder of LJ Digital and Data Consultancy. Lisa has over 23 years’ experience of supporting leadership teams in membership, charity, and wider not-for-profit organisations to simplify their IT and digital strategy that allows them to sleep soundly at night, knowing their systems and processes are fit for purpose, GDPR compliant, secure and that they deliver value to staff, members, and stakeholders.
Prior to starting her own consultancy, Lisa gained extensive experience working for membership organisations and has knowledge and expertise at all levels of operations from working within careers and qualifications teams, as Membership Manager, as Head of Digital & IT for delivering large-scale digital, IT and GDPR compliance projects and serving on several Senior Leadership Teams. Lisa is also currently a Trustee of the BCLA and Groundwork East.
Date: June 27, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/lfJrSLaGDtc
Website: https://bit.ly/437GOnG
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
The EU has implemented a range of regulations aimed at strengthening its cybersecurity posture. In this context, the ISO/IEC 27001 standard offers a comprehensive framework for managing and safeguarding sensitive information, such as personal data.
Amongst others, the webinar covers:
• Quick recap on the ISO/IEC 27001:2013 & 2022
• ISO/IEC 27001 vs legislation
• The EU Cyber Legislation landscape
• Some considerations and consequences
• How to stay on top of the ever changing context
Presenters:
Peter Geelen
Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Jean-Luc Peters
Jean-Luc Peters brings 25 years of IT technology, information and cybersecurity expertise to boards, executives, and employees. Since the younger age he has held management positions in the private and government sector. He is currently the Head of the Cyber Emergency Response team for the National Cybersecurity Authority in Belgium. In addition to this, he is also a trainer, coach and trusted advisor focusing on enhancing cyber resilience.
Jean-Luc has helped in the technical implementation of the NIS 1 (Network and Information Security) Directive transposition in Belgium, defining the Baseline Security Guidelines governmental ISMS framework and many other projects. He holds several certifications, including ISO/IEC 27001 Lead Implementer, ISO/IEC 27005 Auditor, CISSP, GISP, Prince 2 Practitioner, ITIL etc.
Date: May 31, 2023
Tags: ISO, ISO/IEC 27001, Information Security, Cybersecurity
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/rsjwwF5zlK8
Student Information Session University KTMC
This document provides information about an informative student session hosted by PECB University and their academic partner Kaizen Training & Management Consultants Limited (KTMC) on May 18, 2023. It introduces Mustafë Bislimi of PECB University and Jacob A. McLean of KTMC. PECB University offers Executive MBA programs in cybersecurity, business continuity management, and governance, risk and compliance. Blocks 1 and 4 are offered by PECB University, while blocks 2 and 3 are offered by KTMC. The session discusses cybersecurity management and KTMC's partnership, training, and consulting services. Studying with KTMC provides advantages of cost, convenience, and expertise.
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
To protect your organization from cyber attacks, you need to implement a robust information security management system (ISMS) and business continuity management system (BCMS) based on international standards, such as ISO/IEC 27001 and ISO 22301.
Amongst others, the webinar covers:
• Why we need a cyber response plan to protect business operations
• Introduction to ISO/IEC 27001 and ISO 22301
• What do we need for a cyber security response plan?
• How do we develop a cyber security response plan?
Presenters:
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG.
Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant.
In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense, that prioritise key risks to the organisation and helped minimise disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicst in the Oil and Gas Industry.
Simon Lacey
Simon is a resourceful, creative Information & Cyber Security professional with a proven track record of instigating change, disrupting the status quo, influencing stakeholders and developing ‘big picture’ vision across business populations. Multiple industry experience; excels in building stakeholder engagement & consensus; and suporting organisations to make sustainable change.
Simon also has considerable experience of risk management, education and awareness, strategy development and consulting to senior management and is a confident and engaging public speaker.
Simon has previously worked within the NHS, Bank of England and BUPA, before setting out as an independent consultan forming Oliver Lacey Limited, supporting clients in multiple business sectors.
When not working, Simon loves to run – currently training for the Berlin Marathon, a Director of Aylesbury United Football Club, records vlogs and is an experienced standup comic.
Date: April 26, 2023
Find out more about ISO training and certification services
Training: https://bit.ly/3AyoyYF
https://bit.ly/3LbBVTx
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/i4qx5mjEqio
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 can help organizations align their information security and risk management efforts with their overall business objectives, leading to more effective risk management and better decision-making.
Amongst others, the webinar covers:
• Aligning the ISMS process with ISO/IEC 27001
• Using ISO 31000 within the ISMS
• Aligning the RM process with ISO 31000
• How/where does ISO/IEC 27001 fit?
Presenters:
Nick Riemsdijk
As a highly experienced and multi-skilled leader in Information and Physical Security, Nick is known as a collaborative, focused, driven and highly analytical individual with a broad portfolio of successes in client engagements. His expertise spans devising, implementing, managing and delivering information security, physical security, organizational resilience and facilities management solutions for organizations. He is certified as a Certified Information Security Manager (CISM), Certified Protection Professional (CPP), in Project Management (Prince2), ISO 22301 (Business Continuity), ISO 27001 (Information Security), and ISO 31000 (Risk Management).
Rinske Geerlings
Rinske is an internationally known consultant, speaker and certified Business Continuity, Information Security & Risk Management trainer.
She was awarded Alumnus of the Year 2012 of Delft University, Australian Business Woman of the Year 2010-13 by BPW, Risk Consultant of the Year 2017 (RMIA/Australasia) and Outstanding Security Consultant 2019 Finalist (OSPAs)
Rinske has consulted to the Department of Prime Minister & Cabinet, 15 Central Banks, APEC, BBC, Shell, Fuji Xerox, NIB Health Funds, ASIC, Departments of Defense, Immigration, Health, Industry, Education, Foreign Affairs and 100s of other public and private organizations across 5 continents.
She has been changing the way organizations ‘plan for the unexpected’. Her facilitation skills enable organizations to achieve their own results and simplify their processes. She applies a fresh, energetic, fun, practical, easy-to-apply, innovative approach to BCM, Security, and Risk.
Her 'alter ego' includes being a lead singer in SophieG Music and contributing to the global charity playing for Change, which provides music education to children in disadvantaged regions.
Date: March 23, 2023
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-31000
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/Xj0U2mbpZUs
Student Information Session University CREST ADVISORY AFRICA
This document provides information about an informative student session on March 9, 2023 for PECB University's Executive MBA programs. PECB University offers Executive MBA degrees in cybersecurity, business continuity management, and governance, risk and compliance. The session will discuss simulations that place students in realistic business scenarios, as well as core courses in strategic management and leadership. Crest Advisory Africa is introduced as the academic partner that will deliver specialization and elective courses using various modes including on-site, online and self-study, and provide opportunities for South African students. Contact information is provided for representatives from PECB University and Crest Advisory Africa.
IT Governance and Information Security – How do they map?
Effective IT Governance requires proper Information Security practices to ensure that the organization's data is secure. On the other hand, Information Security policies and procedures must be aligned with the organization's overall IT Governance framework to ensure that security measures do not negatively impact business operations.
Amongst others, the webinar covers:
▪ Bring Governance and InfoSec Together
▪ Answering WIIFM
▪ Business Terms
Presenters:
Dr. Edward Marchewka
Dr. Edward Marchewka is a seasoned executive that has come up through the ranks in the IT vertical, expanding into information security, quality management, and strategic planning.
Edward founded and serves as the Principal for 3LC Solutions, enabling YOU to Tell a Better Story in business, with our vCIO, vCISO, quality, and strategy consulting services, through metrics and relating risk to the business with our CHICAGO Metrics® SaaS solution.
He has also held several roles leading information technology, most recently with Gift of Hope Organ and Tissue Donor Network, leading the Information and Technology Services department as the Director of IT, Data, and Security Services. Prior to Gift of Hope, he ran information security for Chicago Public Schools.
Edward has earned a Doctorate of Business Administration from California Southern University and Masters’ degrees in Business Administration and Mathematics from Northern Illinois University. He earned Bachelors’ degrees in Liberal Studies and Nuclear Engineering Technologies from Thomas Edison State College, N.J. Edward maintains several active IT, security, and professional certifications from (ISC)2, ASQ, ITIL, PCI, PMI, ISACA, Microsoft, and CompTIA. He has held legacy IT certifications from Cisco and HP, and a designation from the National Security Agency.
Date: February 22, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-38500
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/2bSbAdL5Idg
Information Session University Egybyte.pptx
This document provides information about an information session held by PECB University and their academic partner EGYBYTE. PECB University offers Executive MBA programs in Cybersecurity, Business Continuity Management, and Governance, Risk and Compliance. The programs consist of 48 credits delivered through a blended model of distance learning and classroom sessions. EGYBYTE will provide support through Arabic-speaking subject matter experts, various delivery models like online and on-site training, and access to specialization and elective courses. The document outlines the program structures and lists available electives. It also discusses PECB University's accreditations and status as an active institution in the District of Columbia.
Student Information Session University Digital Encode.pptx
oin us as our Director for Business Mustafe Bislimi teams up with Dr. Obadare Peter Adewale, our academic partner Digital Encode Limited, to provide valuable information about our programs, admissions process and specialization and elective courses.
Discover the opportunities available to you as a student at PECB University and get a firsthand look at what makes us a top choice for education.
Whether you're a prospective student or simply curious about PECB University, don't miss this informative session! Subscribe to our channel and stay tuned for more videos.
For inquiries regarding admission process contact us: university.studentaffairs@pecb.com
-EMBA in Cybersecurity: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHJQUUpjMmY2NmcyeURhTzE5VlRSNjg2Y1hwd3xBQ3Jtc0tuLTZqdmZyWkc2VVNQV21YRTlKZUQ2SEtUenNXbzYyb1ZianV5cldDYTViWjZ1eVhCNWtxWHI3VTNwRS1BOE4wTERkZ3BtcndwM0sxdVoydWZYSXBkV2hYd2lwU0NLSTk5WERWMlhtVk1Ud2tuWTRjTQ&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fcybersecurity&v=3YJbbr708pk
-EMBA in Business Continuity Management: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3JQTGVhd1VfeG1weWNzUzRrMmg2bk0tc3kxUXxBQ3Jtc0tsOVF5VG82TkhRU3R5TVRWWmdhMzBrSTU2eW9wby1OYWN4VTg5bkJBY0lhTmNsOFhETzB5cVp0WU8zbTQwTlZkdk9Dby1fSXdhWmRpZFFPUmk3NS1QOGpMOVBlaDFhVVpwa2JZMkxKNGRnTnppMm93SQ&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fbusiness-continuity-management&v=3YJbbr708pk
-EMBA in Governance, Risk, and Compliance: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbUplMGtjOFRWbzdGWERmdTR2QjdSbTBuQUxCd3xBQ3Jtc0tsNVdOU1p6UERWM3ZySE55V2FlWlJ1aFlzUU85VEt0aVRoR0hyTjNHbUNVYVMyb0lzTkZycUtJRzNxazlDWGRqTHZQMWJPZEYwbG1xWjVJN1JNOW1QUjJBZDY3NkU5LVl0b2xxOFpkZW1ZX2F3QmF5cw&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fgovernance-risk-compliance&v=3YJbbr708pk
More from PECB (20)
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
Recently uploaded
The Diamonds of 2023-2024 in the IGRA collection
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
How to Add Chatter in the odoo 17 ERP Module
In Odoo, the chatter is like a chat tool that helps you work together on records. You can leave notes and track things, making it easier to talk with your team and partners. Inside chatter, all communication history, activity, and changes will be displayed.
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingExcellence Foundation for South Sudan
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...Nguyen Thanh Tu Collection
https://app.box.com/s/y977uz6bpd3af4qsebv7r9b7s21935vdTypes of Herbal Cosmetics its standardization.
Physiology and chemistry of skin and pigmentation, hairs, scalp, lips and nail, Cleansing cream, Lotions, Face powders, Face packs, Lipsticks, Bath products, soaps and baby product,
Preparation and standardization of the following : Tonic, Bleaches, Dentifrices and Mouth washes & Tooth Pastes, Cosmetics for Nails.
Top five deadliest dog breeds in America
Thinking of getting a dog? Be aware that breeds like Pit Bulls, Rottweilers, and German Shepherds can be loyal and dangerous. Proper training and socialization are crucial to preventing aggressive behaviors. Ensure safety by understanding their needs and always supervising interactions. Stay safe, and enjoy your furry friends!
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...National Information Standards Organization (NISO)
This presentation was provided by Steph Pollock of The American Psychological Association’s Journals Program, and Damita Snow, of The American Society of Civil Engineers (ASCE), for the initial session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session One: 'Setting Expectations: a DEIA Primer,' was held June 6, 2024.Assessment and Planning in Educational technology.pptx
In an education system, it is understood that assessment is only for the students, but on the other hand, the Assessment of teachers is also an important aspect of the education system that ensures teachers are providing high-quality instruction to students. The assessment process can be used to provide feedback and support for professional development, to inform decisions about teacher retention or promotion, or to evaluate teacher effectiveness for accountability purposes.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar KanvariaMain Java[All of the Base Concepts}.docx
This is part 1 of my Java Learning Journey. This Contains Custom methods, classes, constructors, packages, multithreading , try- catch block, finally block and more.
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
Introduction to AI for Nonprofits with Tapp Network
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Recently uploaded (20)
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Film vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movie
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Assessment and Planning in Educational technology.pptx
Assessment and Planning in Educational technology.pptx
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
Security Modelling in ArchiMate
- 2. • What do we mean by ‘model’ and what are the benefits of modelling? • Security Models – what are these? • Evaluation of ArchiMate as a security modelling notation - capabilities, limitations & tool support • Modelling in Practice: - practical steps - examples • Future Directions Agenda 2
- 3. What is a Model? • a simplified representation of a real-world system … • … that focusses on the aspects that matter A B D C 3 3 3 5 3
- 4. • Earlier, faster, cheaper, safer & more agile interaction than with real system • Produces better architecture: • Defers the selection of Solution Building Blocks • Efficiencies: 27% cost, 30% time* (40% cost, 50% time if testing included) The Benefits of Model-Driven Engineering 4* Benefits of Model-based Development of Embedded Software Systems in Automobiles: Broy, Kirstan TU Munich
- 5. What is a Security Model? 5 • Attack Trees • Threat Models • Privacy Flow Diagrams • Architectural Risk Diagrams • Assets to be protected • Entry and egress routes • Data and control flows • Attackers & their goals • Placement of Controls Various techniques currently in use
- 6. What do we require of a Security Model? • Support all the tasks that Security Analysts perform; • Generate Artefacts from a single underlying model • Interactive Models 6
- 7. The Holy Grail: a “universal” Security Model • Modelling Language • Modelling Tools Limited scope Technical focus No architectural layering Informal notation Constructive ambiguity Just an annotated diagram not machine readable Nevertheless useful: For common understanding Focus for discussion Any documentation is better than nothing! 7
- 8. Could ArchiMate provide a solution? • Concise but expressive, semi-formal notation; • Layered core architecture; • Capable of expressing intent - Motivation & Strategy • Standardised (TOG) • Extensive tool support • Extensible (within limits) • Mature (v3.0 in 2017) • Machine readable • Widely adopted by other architects! 8
- 9. SABSA TOGAF ArchiMate Only one MAJOR problem …. 9 ESA EA PRACTICETHEORY ? ?
- 10. SABSA - ArchiMate Alignment SABSA Business Strategy Application Technology Physical ArchiMate 3.0 Security Motivation 10
- 11. Modelling SABSA in ArchiMate ArchiMate extensibility via: • stereotyping of elements • user-defined properties • overloading relationships • fewer constraints on relationships in v3.0 Obstacles & limitations: • core language specification • features provided by tools Good news: It’s possible! 11 Details being prepared in a White Paper Planned launch for COSAC 2019
- 12. Modelling Assets 12 • Security is concerned with the protection of assets; • ArchiMate has no concept of asset; • 2018 SABSA Matrix shifts focus to Business Value & Value Chains; • ArchiMate has a Value Element ; AssetValue Asset AssetValue AssetStakeholder Value Asset AStakeholder 1 Asset BStakeholder 2 Stakeholder 3AssetValue AssetStakeholder
- 13. Principle ArchiMate 3.0 Specification Principle “represents a qualitative statement of intent that should be met by the architecture” “defines a general property that applies to any system in a certain context” We need to talk about Attributes ….. ArchiMate has no concept of SABSA Business Attributes 13
- 14. Modelling SABSA Attributes as Principles Goal PrincipleOutcome Requirement Constraint 14 Confidentiality Protection of Data at Rest Protection of Data in Transit Access Control Channel Encryption Confidentiality Protection of Data at Rest Protection of Data in Transit Access Control Channel Encryption Confidentiality A Protection of Data at Rest Protection of Data in Transit Access Control Channel Encryption Confidentiality B Adopt design convention: SBAs only participate by “influence” Limitation: Can’t be enforced inside the modelling tool Confidentiality Protection of Data at Rest Protection of Data in Transit Access Control Channel Encryption + ++
- 15. Attribute Hierarchies 15 A few attention points: • re-use of Attributes –metrics • Singletons –structure –universality
- 16. Goal Principle Motivational Element +influences associated with Outcome Requirement ConstraintDriver <<SABSA Business Attribute>> <<Impact>> <<Threat>> <<Vulnerability>> <<Risk>> Assessment <<Opportunity>> <<Control Objective>> <<Accept>> <<Mitigate>> <<Transfer>> <<Avoid>> <<Control>> <<Control>> Value <<Value Chain>>Meaning Stereotyping Core Elements ArchiMate has no “Security elements”: Threat, Vulnerability, Risk etc.: Limitation: << stereotype>> is just a naming convention! 16
- 17. Adding User-defined security properties Users are free to add properties to ArchiMate concepts: Limitations: • simple key-value pairs • no intrinsic support for data type, validation, defaults, optional vs. mandatory • Tool support varies • no standardisation Business Information 17
- 18. Overloading Relationships ArchiMate reuses relationship notations to mean different (but similar) things in different contexts: 18 Assignment Business Actor Business Role Application Component Application Function Device System Software Realisation Requirement Application Process Data Object Application Service Goal Artifact Business Information Flow Application Process A Application Process B data Business Actor A Business Actor B trust? Limitations: • Sometimes the preferred relationship is not legal • Compromises sometimes required in choice of element or relationship
- 19. ArchiMate 2 Business Actor Business Process Business Service Application Service Infrastructure Service Application Function Infrastructure Function Fewer Relationship Constraints ArchiMate relationships less constrained by layers and directionality: Limitations: • The preferred relationship is not always legal • Workarounds required in choice of element or relationship 19 ArchiMate 3 Business Actor Business Role Identity Access Rights <<Principal>> <<Authorisation>> Conceptual Logical <<Account>> Contextual <<Application Role>> Business Actor Business Role Identity Access Rights <<Principal>> <<Authorisation>> Conceptual Logical <<Account>> Contextual <<Application Role>>
- 20. Conclusions so far: • Possible to express security concepts in ArchiMate …. but work intensive! • Properties & stereotypes are ‘decoration’: – 2nd class aspect of the language – no schema – limited tool support – no standardisation • Good for generating documentation →No validation of completeness, consistency, validity etc …. Making Life Easier ArchiMate Security-Enhanced 20 But what about the ArchiMate Exchange Format? Exchange Format Transform Validate
- 21. The Way Ahead 21 ESA EA PRACTICETHEORY Security Properties & Stereotypes Properties & Stereotypes Properties & Stereotypes Properties & Stereotypes Business Strategy Logical Physical Component Motivation
- 22. Security Modelling: Future Directions What do these models have in common? 22
- 23. Q&A The SABSA Institute Further information • The SABSA Institute: • ArchiMate Security Overlay • SABSA Matrix Artefacts in ArchiMate • COSAC Ireland (Oct 2019): • Tools & Methodology Interest Group • Workshop: Security Modelling in ArchiMate • COSAC Melbourne (Dec 2019): • Have You Ever Considered Modelling?
- 24. ISO/IEC 27032 Training Courses • ISO/IEC 27032 Introduction 1 Day Course • ISO/IEC 27032 Foundation 2 Days Course • ISO/IEC 27032 Lead Cybersecurity Manager 5 Days Course Exam and certification fees are included in the training price. www.pecb.com/en/education-and-certification-for-individuals/iso-iec-27032 www.pecb.com/events