Control design for data protection and privacy v01r1 draft

1,170 views
1,112 views

Published on

Control design for data protection and privacy

Published in: Business, Technology
4 Comments
5 Likes
Statistics
Notes
No Downloads
Views
Total views
1,170
On SlideShare
0
From Embeds
0
Number of Embeds
39
Actions
Shares
0
Downloads
79
Comments
4
Likes
5
Embeds 0
No embeds

No notes for slide

Control design for data protection and privacy v01r1 draft

  1. 1. Mark E.S. Bernard, CISSP, CISM, CRISC, CISA, CGEIT, CNASkype; Mark_E_S_BernardTwitter; @MESB_TechSecureLinkedIn; http://ca.linkedin.com/in/markesbernard*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  2. 2. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***The Assets at riskpotentially leading toa breach of DataProtection & loss ofConfidentialityinclude‘People’, ‘Information’, ‘Property/Facilities’, ’Software/Systems’, ‘Hardware’,‘Telecommunications’.
  3. 3. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***During the executionof a standard processor operationprocedure risks areexposed and with theproper control designmitigated toacceptable levelswithin the riskappetite. Identity &Access Managementis one example of acrucial process.
  4. 4. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***To achieve theeffective and efficientintegration betweenQuality Management& Risk Managementwhile addressingCompliance withLegal Obligationsduring the DesignControl process it willbe necessary toassess risk identifythreats and matchingvulnerabilities.
  5. 5. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***It is necessary to define thetesting scenarios to helpframe the evaluated threatsand vulnerabilities ensuringthe Control Design isachieving its intendedpurpose. Reiterating themitigation control andmapping it to the testingscenario is an important stepin validation controls andestablishing a tractabilitymatrix for the ControlDesign.
  6. 6. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***Leveraging proven bestpractices for Governance likethe RACI Chart is extremelyuseful to establishing who isaccountable, responsible orwho needs to be consultedad informed about theControl Design.
  7. 7. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***Taking the Control Design forData Protection and Privacyone step further byestablishing andcommunicating the securitycontrols to those on theRACI Chart that must beinformed is essential toelevating the Control designeffectiveness. Additionaltesting can be added to thetesting scenarios thatencompassed these securitytools and techniques.
  8. 8. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***A feedback loop canensure continuousimprovement as part ofthe Quality Managementintegration. The fishbonechart is extremely usefulto communicate, trackand update the essentialControl Design. This chartmay also facilitate Root-Cause Analysis, IncidentManagement andProblem Management.
  9. 9. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***Mark E.S. Bernard, CISSP, CISM, CRISC, CISA, CGEIT, CNASkype; Mark_E_S_BernardTwitter; @MESB_TechSecureLinkedIn; http://ca.linkedin.com/in/markesbernard

×