Quality Assurance and IT Risk Management
|
|
- Madison Davis
- 6 years ago
- Views:
Transcription
1 Quality Assurance and IT Risk Deutsche Bank s QA and Testing Transformation Journey Michael Venditti Head of Enterprise Testing Services, Deutsche Bank
2 IT RISK - REGULATORY GOVERNANCE Major shifts in the role and functioning of Financial Institutions over the last few years have brought about a new way to regard risk. New banking products, increased government scrutiny and intense focus on operating efficiencies bring forth greater risks and a larger set of rules and regulations. A recent banking survey by the Economist Intelligence Unit shows that [30%] of all banks answer to 10 or more regulators [75%] of all banks report to four or more regulators [350+] potential regulatory reviews a year for a global bank
3 QA & TESTING TRANSFORMATION OVERVIEW Test Transformation Enterprise Testing Services The mission of Enterprise Testing Services is to define and validate that Testing Standards, Testing Tools and Solutions are implemented in a sound and sustainable way, maximizing focus on quality, risk reduction and stability. Challenges Intense Regulatory scrutiny focused on IT Testing Processes Inconsistencies in Testing Practices Need for enhanced Oversight for Testing Need for increased Production stability Minimum Testing Standards As a first step in transformation, Minimum Testing Standards (MTS) were defined in line with recommendations from External Regulatory Bodies (such as Monetary Authority of Singapore (MAS)) and the DB Internal Audit Group Successful MTS roll-out provided a repeatable and auditable approach laid the foundation for more robust Test Standards Test Standard Framework As a next step in transformation, Test Standard Framework was rolled out to create a foundation of a common set of Testing Standards unify the practice of Testing across the bank simplify test processes by integrating standards with tools Test Standards Governance A robust governance process was implemented to track adoption or compliance to Test Standard Framework by integrating test controls into SDLC Governance enabling all applications to demonstrate compliance to controls in a centralized tool automating verification of controls
4 Minimum Testing Standards DEFINE EDUCATE GOVERN Minimum Testing Standards (MTS) were developed and published. MTS requires evidence of standard test artifacts (following good engineering practices) that can be adapted for different types of releases. Standard requirements & related artefacts are: Test Risk Assessment, Test Approach, Test Cases & and Test Execution Results, Defects, Test Completion Report MTS introduced 3 levels of maturity Level 1, 2 and 3 Standards were designed to be methodology agnostic Comprehensive MTS orientation and training plan was published and all test professionals in the bank were mandated to attend MTS framework was published in a centralized repository and is accessible by all An e-learning module was developed with integrated certification mechanism Monthly training sessions were conducted and are on-going Special focus on strategic test vendors An independent Minimum Testing Standards Compliance (CM) team was constituted All application releases in scope were monitored through the change management system MTS CM team validates the artifacts provided against MTS requirements, reports any gaps Remediation of gaps was monitored through subsequent releases A Non-Compliance management process was rolled out Applications with two Non-Compliant releases were recommended for heightened change control process
5 TEST STANDARD FRAMEWORK DEFINE Collaborated with key testing stakeholders across various Business Units, Regions, Tech Centres etc., Developed Test Standard Framework, Key Operating Procedures, Templates, Tools Standardization EDUCATE GOVERN Test Standard Framework and associated artefacts were published in the Bank s policy portal Conducted Live Orientation sessions across the globe to cover over professionals and stakeholders A global webcast was delivered to ~ professionals Detailed How-To videos were created All training media was made available in a centralized Testing Standards Portal Periodic and on-demand training sessions were conducted (on-going) Q&A feature is enabled in the Testing Standards Portal to address queries Integrated Test related controls in SDLC Governance platform to enable independent verification of controls for random selection of releases Any gaps identified are either fixed in-flight, or risk accepted by Business Automated verification of controls is implemented for various test controls such as Test Environment compliance controls, test cases, defects etc.,
6 TEST STANDARD FRAMEWORK TEST PLANNING Test Standards Framework: Test Planning o Testing Risk Assessment (TRA) o Test Strategy o Test Plan Test Design o Test Cases Test Execution o Defect o Test Execution Results Test Closure o Test Evaluation Reporting Additional Standard Requirements o Test Data o Test Environment o Performance Engineering Test Planning is required for all releases and must detail what and how Testing is to be performed. Test Planning consists of several elements that may be captured in one or several documents Testing Risk Assessment (TRA) Created to determine the risk associated with release to production, and provide the types of Testing recommendations which are required to minimize that risk Test Strategy Test Plan Created to gain general Stakeholder agreement, ensure appropriate availability of resources for What Test Types are to be performed Provides details of How" each Test Type will be performed, and is updated for each release For applications releasing very frequently a Test Plan - Multi Release may be produced, instead of a Test Plan for each release Test Plan - Multi Release Vs Test Plan Release Frequency Test Planning Artifacts <= 3 weeks Test Plan - Multi Release > 3 weeks Test Plan
7 TEST STANDARD FRAMEWORK TEST DESIGN, EXECUTION & CLOSURE Test Standards Framework: Test Planning o Testing Risk Assessment (TRA) o Test Strategy o Test Plan Test Design o Test Cases Test Execution o Defect o Test Execution Results Test Closure o Test Evaluation Reporting Additional Standard Requirements o Test Data o Test Environment o Performance Engineering Test Design Test Cases Test Cases are used to verify that the Business and Technical requirements work as expected and validate that the functionality meets specified requirements Test Execution Defect A Defect Process defines how defects are recognized and resolved in all stages of SDLC. It involves recording Defects, ensuring repeatability, classification and prioritization, and reporting the resolution progress Test Execution Results Test execution results must include planned Test Cases executed with actual Test results and stored in a standard Test Tool. All failed Test Cases must be traceable to Defects Test Closure Test Evaluation Reporting A Test Summary Report at the end of each Test Type may be required. These may be collected at the end of the Test Closure Phase of the STLC. A Test Evaluation Report must be prepared to demonstrate successful completion of all Test Types at completion of the Test Closure Phase.
8 TEST STANDARD FRAMEWORK ADDITIONAL STANDARDS Test Standards Framework: Test Planning o Testing Risk Assessment (TRA) o Test Strategy o Test Plan Test Design o Test Cases Test Execution o Defect o Test Execution Results Test Closure o Test Evaluation Reporting Additional Standard Requirements o Test Data o Test Environment o Performance Engineering Test Data Testing must be conducted on synthetic Test data that is free from Client Identifying Data. Sensitive data must be anonymized in a controlled environment before moving to a Test Environment Production-like access controls must be in place when sensitive information needs to be used without masking in a Test Environment Test Environment Applications must have Test Environments that resemble production from a hardware, software and configuration point of view QA Test Environments must be logically separated from all other non-qa Environments All Test Environment changes must be implemented with strict access controls Test Environment changes must be performed in a controlled manner Any change to a Test Environment should be accompanied with an appropriate back out or recovery mechanism and be smoke Tested to confirm viability Performance Engineering Performance Testing is required whenever - Changes are made to any hardware, configuration or software components Components are moved to different data centers Usage volume increases A dedicated Performance Test Environment must be made available that resembles production
9 GOVERNANCE OVERVIEW A robust governance model is implemented in SDLC Governance tool for governing the development and delivery of planned application releases. It is a tool of record for compliance rather than an SDLC workflow orchestrator. There are 5 key elements of the model: 1. Policy and control levels mapping elements of policies and specific audit point solutions to a set of controls of appropriate level IT & Security Policy Test Standard Framework Audit issue solutions 3. Release characteristics determining which controls need to apply depending on release characteristics Mandatory Controls for each release 2. Control origins confirmations from tools and repositories in the strategic tools stack, or performed manually SDLC Chg. Mgt. Live 4. Generic lifecycle mapping the controls to appropriate generic phases and quality gates in the SDLC, independent of development method 5. Assurance assuring that controls are appropriately met, involving project and external stakeholders where needed, plus tight integration with Change as a precursor to production deployment
10 TEST CONTROLS IN SDLC GOVERNANCE Application/ Release Level Application Release Release Release Release Release Application Application Application Testing Risk Assessment Control Summary Test Plan for release created Test Cases for release created & traceability established Test Cases for release executed Defects (where appropriate) are captured and tracked for the release Test Evaluation report approved and completed Environment management plan for application in place UAT / OAT or pre-production staging environment for application operational and distinct from production environment UAT / OAT and Development application environments are defined in the centralized tool Control Description A Testing Risk Assessment (TRA) is an Excel based tool to profile an application to minimize risks and provide recommendations of various test types required. Single or reusable Multi Release Test Plans may be produced depending on the frequency and agility of application releases. Test cases for release are created, available and linked to the requirements. Ensure that all test cases have been executed and the evidence has been generated / documented. Defects must be captured in a defined repository. Documentation of the defect must provide sufficient details to understand the impact and to reproduce it. Test Evaluation Report prepared to demonstrate successful completion of all Test Types as per the Test Plan. Where applicable, references to tools can be provided for test report data. db-tec portal enables automatic verification of these controls for all applications that are on-boarded
11 TRANSFORMATION JOURNEY Basic Inconsistent Testing processes No standard STLC process. Production instability Progressive Organizational & Governance structures Implemented Global Test Standard Framework defined Test Standards, Processes and Templates rolled out globally Test Process Governance in place 2 Basic (Level 2) 3 Pockets of Best Practices, but Inconsistent Progressive (Level 3) 4 Mature (Level 4) Institutionalized Testing Processes & Standards Policy Driven Standards & Processes 5 Industry Leader (Level 5) Leading Organization 1 Start up (Level 1) Testing is Chaotic, When Performed The Levels defined here are based on Infosys Enterprise QA Transformation Model (EQATM) which provides a framework of 4 test dimensions and 20 process areas
12 TRANSFORMATION PROGRESS SNAPSHOT Continuing to Mature Test Requirements Gathering Knowledge 5 Test Strategizing Test Case & Test Data Testing Career Path Design 4 Training & Skill Test Tools & Development Test Measurement & 3 2 Automation Test Execution & Defect Reporting Test Requirements Gathering Knowledge 5 Test Strategizing Test Case & Test Data Testing Career Path Design 4 Training & Skill Development 3 Test Tools & Automation Test Measurement & 2 Test Execution & Defect Reporting Test Organizational Structure 1 Test Environment Test Organizational Structure 1 Test Environment Test Policy Test Estimation Test Policy Test Estimation Test Process Test Planning & Monitoring Test Process Test Planning & Monitoring Test Methodology Defect Organizational Risk Test Ware Test Communication Test Methodology Defect Organizational Risk Test Ware Test Communication
13 KEY ACCOMPLISHMENTS IT Professionals offered training through Global Webcast Test Professionals Trained through Live Orientation Sessions Test Professionals attended MTS Training elearning Certificates issued Applications assessed for MTS Compliance Random Spot Checks conducted Releases monitored for Compliance Potential savings by reducing production incidents
14 THANK YOU
BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.
BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationSix Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP
Six Weeks to Security Operations The AMP Story Mike Byrne Cyber Security AMP 1 Agenda Introductions The AMP Security Operations Story Lessons Learned 2 Speaker Introduction NAME: Mike Byrne TITLE: Consultant
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationCOURSE BROCHURE. COBIT5 FOUNDATION Training & Certification
COURSE BROCHURE COBIT5 FOUNDATION Training & Certification What is COBIT5? COBIT 5 (Control Objectives for Information and Related Technology) is an international open standard that defines requirements
More informationBetter together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com
Better together KPMG LLP s GRC Advisory Services for IBM OpenPages implementations kpmg.com KPMG A leader in GRC services KPMG LLP (KPMG) is the U.S. member firm of the KPMG global network of professional
More informationISO/ IEC (ITSM) Certification Roadmap
ISO/ IEC 20000 (ITSM) Certification Roadmap Rasheed Adegoke June 2013 Outline About First Bank Motivations Definitions ITIL, ISO/IEC 20000 & DIFFERENCES ISO/ IEC 20000 Certification Roadmap First Bank
More informationAdaptive & Unified Approach to Risk Management and Compliance via CCF
SESSION ID: SOP-W08 Adaptive & Unified Approach to Risk Management and Compliance via CCF Vishal Kalro Manager, Risk Advisory & Assurance Services (RAAS) Adobe @awish11 Disclaimer All the views presented
More informationRisk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23
Risk: Security s New Compliance Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Agenda Market Dynamics Organizational Challenges Risk: Security s New Compliance
More informationContinuous auditing certification
State of the Art in cloud service certification Cloud computing has emerged as the de-facto-standard when it comes to IT delivery. It comes with many benefits, such as flexibility, cost-efficiency and
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationCISA Training.
CISA Training www.austech.edu.au WHAT IS CISA TRAINING? The CISA, Certified Information Systems Auditor, is a professional designation which provides great benefits and increased influence for an individual
More informationVendor: The Open Group. Exam Code: OG Exam Name: TOGAF 9 Part 1. Version: Demo
Vendor: The Open Group Exam Code: OG0-091 Exam Name: TOGAF 9 Part 1 Version: Demo QUESTION 1 According to TOGAF, Which of the following are the architecture domains that are commonly accepted subsets of
More informationPREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.
PREPARE FOR TAKE OFF Accelerate your organisation s journey to the Cloud. cloud. Contents Introduction Program & Governance BJSS Cloud Readiness Assessment: Intro Platforms & Development BJSS Cloud Readiness
More informationTHE JOURNEY OVERVIEW THREE PHASES TO A SUCCESSFUL MIGRATION ADOPTION ACCENTURE IS 80% IN THE CLOUD
OVERVIEW Accenture is in the process of transforming itself into a digital-first enterprise. Today, Accenture is 80 percent in a public cloud. As the journey continues, Accenture shares its key learnings
More informationDrive digital transformation with an enterprise-grade Managed Private Cloud
Singtel Business Product Factsheet Brochure Managed Private Defense Cloud Services Drive digital transformation with an enterprise-grade Managed Private Cloud Singtel Managed Private Cloud enables enterprises
More informationSDLC Maturity Models
www.pwc.com SDLC Maturity Models SecAppDev 2017 Bart De Win Bart De Win? 20 years of Information Security Experience Ph.D. in Computer Science - Application Security Author of >60 scientific publications
More informationAchieving effective risk management and continuous compliance with Deloitte and SAP
Achieving effective risk management and continuous compliance with Deloitte and SAP 2 Deloitte and SAP: collaborating to make GRC work for you Meeting Governance, Risk and Compliance (GRC) requirements
More informationCOURSE BROCHURE CISA TRAINING
COURSE BROCHURE CISA TRAINING What is CISA? The CISA, Certified Information Systems Auditor, is a professional designation which provides great benefits and increased influence for an individual within
More informationDefining the Challenges and Solutions. Resiliency Model. A Holistic Approach to Risk Management. Discussion Outline
Resiliency Model A Holistic Approach to Risk Management Discussion Outline Defining the Challenges and Solutions The Underlying Concepts of Our Approach Outlining the Resiliency Model (RM) Next Steps The
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationSymantec Data Center Transformation
Symantec Data Center Transformation A holistic framework for IT evolution As enterprises become increasingly dependent on information technology, the complexity, cost, and performance of IT environments
More informationRSA Solution Brief. The RSA Solution for Cloud Security and Compliance
The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their
More information11/14/2018. Istanbul Governance, risk, and compliance (GRC)
11/14/2018 Governance, risk, and compliance (GRC) Contents Contents... 4 Policy and Compliance Management...5 Activate Policy and Compliance Management... 6 Dependency modeling and mapping...13 Compliance...
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : OG0-091 Title : TOGAF 9 Part 1 Vendors : The Open Group Version : DEMO Get
More informationSECURITY TRAINING SECURITY TRAINING
SECURITY TRAINING SECURITY TRAINING Addressing software security effectively means applying a framework of focused activities throughout the software lifecycle in addition to implementing sundry security
More informationOG0-091 Q&As TOGAF 9 Part 1
CertBus.com OG0-091 Q&As TOGAF 9 Part 1 Pass The Open Group OG0-091 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: 100% Passing Guarantee 100% Money Back Assurance
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationHPE ALM Standardization as a Precursor for Data Warehousing March 7, 2017
HPE ALM Standardization as a Precursor for Data Warehousing March 7, 2017 Brought to you by the Vivit Business Intelligence Special Interest Group led by Oded Tankus Hosted By Oded Tankus Project Manager
More informationData Protection. Plugging the gap. Gary Comiskey 26 February 2010
Data Protection. Plugging the gap Gary Comiskey 26 February 2010 Data Protection Trends in Financial Services Financial services firms are deploying data protection solutions across their enterprise at
More information2 The IBM Data Governance Unified Process
2 The IBM Data Governance Unified Process The benefits of a commitment to a comprehensive enterprise Data Governance initiative are many and varied, and so are the challenges to achieving strong Data Governance.
More informationGetting Hybrid IT Right. A Softchoice Guide to Hybrid Cloud Adoption
Getting Hybrid IT Right A Softchoice Guide to Hybrid Cloud Adoption Your Path to an Effective Hybrid Cloud The hybrid cloud is on the radar for business and IT leaders everywhere. IDC estimates 1 that
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program
More informationLEADING WITH GRC. Approaching Integrated GRC. Knute Ohman, VP, GRC Program Manager. GRC Summit 2017 All Rights Reserved
LEADING WITH GRC Approaching Integrated GRC Knute Ohman, VP, GRC Program Manager Agenda 1. Organization Overview: Vision, Key Facts and Needs 2. GRC Program Governance, Challenges and Community 3. Implementation
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationfor TOGAF Practitioners Hands-on training to deliver an Architecture Project using the TOGAF Architecture Development Method
Course Syllabus for 3 days Expert led Enterprise Architect hands-on training "An Architect, in the subtlest application of the word, describes one able to engage and arrange all elements of an environment
More informationIT Audit Process. Prof. Mike Romeu. January 30, IT Audit Process. Prof. Mike Romeu
January 30, 2017 1 Corporate Structures Shareholders Governance Level: Board of Directors External Director CFO CEO Legal Counsel External Director Responsible for: Evaluate Direct Monitor Internal Directors
More informationEnterprise GRC Implementation
Enterprise GRC Implementation Our journey so far implementation observations and learning points Derek Walker Corporate Risk Manager National Grid 1 Introduction to National Grid One of the world s largest
More informationTransformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018
Transformation in Technology Barbara Duck Chief Information Officer Investor Day 2018 Key Takeaways 1Transformation in Technology driving out cost, supporting a more technologyenabled business Our new
More informationExam Questions
Exam Questions 70-498 Delivering Continuous Value with Visual Studio 2012 Application Lifecycle Management https://www.2passeasy.com/dumps/70-498/ 1. You are the application architect on your team. You
More informationTesting in the Agile World
Testing in the Agile World John Fodeh Solution Architect, Global Testing Practice 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Outline
More informationKillTest *KIJGT 3WCNKV[ $GVVGT 5GTXKEG Q&A NZZV ]]] QORRZKYZ IUS =K ULLKX LXKK [VJGZK YKX\OIK LUX UTK _KGX
KillTest Q&A Exam : OG0-091 Title : TOGAF 9 Part 1 Version : Demo 1 / 5 1.According to TOGAF, Which of the following are the architecture domains that are commonly accepted subsets of an overall enterprise
More informationUniversity of British Columbia Library. Persistent Digital Collections Implementation Plan. Final project report Summary version
University of British Columbia Library Persistent Digital Collections Implementation Plan Final project report Summary version May 16, 2012 Prepared by 1. Introduction In 2011 Artefactual Systems Inc.
More informationSparta Systems TrackWise Digital Solution
Systems TrackWise Digital Solution 21 CFR Part 11 and Annex 11 Assessment February 2018 Systems TrackWise Digital Solution Introduction The purpose of this document is to outline the roles and responsibilities
More informationBusiness Continuity Management Standards A Side-by-Side Comparison
Business Continuity Standards A Side-by-Side Comparison By Brian Zawada (CBCP) & Jared Schwartz (CBCP) Whether your organization has begun a grassroots initiative to develop a business continuity plan
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationPECB Change Log Form
GENERAL INFORMATION Owner / Department* Approver / Department * Training Development Department Quality Assurance Department Date of Approval* 2019-01-09 Course name: Language: New Version: Previous Version:
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard
Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing
More informationTools & Techniques I: New Internal Auditor
About This Course Tools & Techniques I: New Internal Auditor Course Description Learn the basics of auditing at the new internal auditor level. This course provides an overview of the life cycle of an
More informationPosition Description IT Auditor
Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership
More informationHCPC's Risk Assurance Part 1
HCPC's Risk Assurance Part 1 ISO & Assurance Audit Committee 14 June 2017 AUD 39/17 1 Summary HCPC QA effort Three pronged approach BSI / NAO / Commercial Internal Audit Departmental controls, in dept
More informationMNsure Privacy Program Strategic Plan FY
MNsure Privacy Program Strategic Plan FY 2018-2019 July 2018 Table of Contents Introduction... 3 Privacy Program Mission... 4 Strategic Goals of the Privacy Office... 4 Short-Term Goals... 4 Long-Term
More informationIT Consulting and Implementation Services
PORTFOLIO OVERVIEW IT Consulting and Implementation Services Helping IT Transform the Way Business Innovates and Operates 1 2 PORTFOLIO OVERVIEW IT Consulting and Implementation Services IT is moving from
More informationImproving Data Governance in Your Organization. Faire Co Regional Manger, Information Management Software, ASEAN
Improving Data Governance in Your Organization Faire Co Regional Manger, Information Management Software, ASEAN Topics The Innovation Imperative and Innovating with Information What Is Data Governance?
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationWipro s Endur Test Automation Framework (W-ETAF) Reduces time and effort for the implementation and maintenance of an automated test solution.
Wipro s Endur Test Automation Framework (W-ETAF) Reduces time and effort for the implementation and maintenance of an automated test solution. Introduction: Commodity trading, transaction and risk a changing
More informationTest Automation Strategies in Continuous Delivery. Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions
Test Automation Strategies in Continuous Delivery Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions The world of application is going through a monumental shift.. Evolving
More informationAppScan Deployment APPLICATION SECURITY SERVICES. Colin Bell. Applications Security Senior Practice Manager
APPLICATION SECURITY SERVICES AppScan Deployment Colin Bell Applications Security Senior Practice Manager Copyright 2017 HCL Products & Platforms www.hcltech.com The Evolution of Devops 2001 - Continuous
More informationEC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1
EC-Council Certified Incident Handler v2 Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1 THE CRITICAL NATURE OF INCIDENT HANDLING READINESS An organized and
More informationEuropean Commission. Immigration Portal Development Case. Date: 08/06/2007 Version: 1.0 Authors: Revised by: Approved by: Public: Reference Number:
EUROPEAN COMMISSION DIRECTORATE-GENERAL INFORMATICS Information systems Directorate European Commission Immigration Portal Development Case Date: 08/06/2007 Version: 1.0 Authors: Revised by: Approved by:
More informationIT123: SABSA Foundation Training
IT123: SABSA Foundation Training IT123 Rev.002 CMCT COURSE OUTLINE Page 1 of 8 Training Description: SABSA is the world s leading open security architecture framework and methodology. SABSA is a top-tobottom
More informationDemystifying GRC. Abstract
White Paper Demystifying GRC Abstract Executives globally are highly focused on initiatives around Governance, Risk and Compliance (GRC), to improve upon risk management and regulatory compliances. Over
More informationDiploma in Software Testing 2.0 (HP)
SEED Infotech Ltd. : ' Panchasheel', 42/16, Erandawana`, SEED Infotech Lane, Off Karve Road Pune - 411004. India www.seedinfotech.com Course Name : Duration : Class room: 108 Hrs. Diploma in Software Testing
More informationImplementing ITIL v3 Service Lifecycle
Implementing ITIL v3 Lifecycle WHITE PAPER introduction GSS INFOTECH IT services have become an integral means for conducting business for all sizes of businesses, private and public organizations, educational
More informationIT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive
IT Governance ISO/IEC 27001:2013 ISMS Implementation Service description Protect Comply Thrive 100% guaranteed ISO 27001 certification with the global experts With the IT Governance ISO 27001 Implementation
More informationThreat and Vulnerability Assessment Tool
TABLE OF CONTENTS Threat & Vulnerability Assessment Process... 3 Purpose... 4 Components of a Threat & Vulnerability Assessment... 4 Administrative Safeguards... 4 Logical Safeguards... 4 Physical Safeguards...
More informationWHO SHOULD ATTEND? ITIL Foundation is suitable for anyone working in IT services requiring more information about the ITIL best practice framework.
Learning Objectives and Course Descriptions: FOUNDATION IN IT SERVICE MANAGEMENT This official ITIL Foundation certification course provides you with a general overview of the IT Service Management Lifecycle
More informationTSC Business Continuity & Disaster Recovery Session
TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationBusiness Architecture Implementation Workshop
Delivering a Business Architecture Transformation Project using the Business Architecture Guild BIZBOK Hands-on Workshop In this turbulent and competitive global economy, and the rapid pace of change in
More informationUpdate: IQ Certification Program UALR/IAIDQ
Update: IQ Certification Program UALR/IAIDQ BIOGRAPHY John R. Talburt Professor of Information Science Acxiom Chair of Information Quality University of Arkansas at Little Rock Dr. John R. Talburt is Professor
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationProfessional (CBAP) version 3
Certified Business Analysis Professional (CBAP) version 3 Amman Jordan July 29 th August 5 th, 2017 Instructor Mr. Tareq Al Nashawati Certified CBAP, PMP Table of Content 1 PROGRAM VALUE... 3 2 TARGET
More informationSolutions Technology, Inc. (STI) Corporate Capability Brief
Solutions Technology, Inc. (STI) Corporate Capability Brief STI CORPORATE OVERVIEW Located in the metropolitan area of Washington, District of Columbia (D.C.), Solutions Technology Inc. (STI), women owned
More informationTDWI Data Governance Fundamentals: Managing Data as an Asset
TDWI Data Governance Fundamentals: Managing Data as an Asset Training Details Training Time : 1 Day Capacity : 10 Prerequisites : There are no prerequisites for this course. About Training About Training
More informationALM120 Application Lifecycle Management 12.0 Essentials Gold Package
Course Data Sheet ALM120 Application Lifecycle Management 12.0 Essentials Gold Package Course No: ALM120-120 For software version(s): Software version used in the labs: 12.0 Delivery formats: Instructor
More informationPublic Safety Canada. Audit of the Business Continuity Planning Program
Public Safety Canada Audit of the Business Continuity Planning Program October 2016 Her Majesty the Queen in Right of Canada, 2016 Cat: PS4-208/2016E-PDF ISBN: 978-0-660-06766-7 This material may be freely
More informationKENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)
KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT) 1. DIRECTOR, LEARNING & DEVELOPMENT - LOWER KABETE Reporting to the Director General, Campus Directors will be responsible for
More informationRealizing the Value of Standardized and Automated Database Management SOLUTION WHITE PAPER
Realizing the Value of Standardized and Automated Database Management SOLUTION WHITE PAPER Table of Contents The Challenge of Managing Today s Databases 1 automating Your Database Operations 1 lather,
More informationREPORT 2015/149 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/149 Audit of the information and communications technology operations in the Investment Management Division of the United Nations Joint Staff Pension Fund Overall results
More informationData Governance Quick Start
Service Offering Data Governance Quick Start Congratulations! You ve been named the Data Governance Leader Now What? Benefits Accelerate the initiation of your Data Governance program with an industry
More informationVMware BCDR Accelerator Service
AT A GLANCE The rapidly deploys a business continuity and disaster recovery (BCDR) solution with a limited, pre-defined scope in a non-production environment. The goal of this service is to prove the solution
More informationWhite Paper. View cyber and mission-critical data in one dashboard
View cyber and mission-critical data in one dashboard Table of contents Rising cyber events 2 Mitigating threats 2 Heighten awareness 3 Evolving the solution 5 One of the direct benefits of the Homeland
More informationEUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE
EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE Overview all ICT Profile changes in title, summary, mission and from version 1 to version 2 Versions Version 1 Version 2 Role Profile
More informationOVERVIEW OF DATA GOVERNANCE NICHOLAS TAN
OVERVIEW OF DATA GOVERNANCE NICHOLAS TAN 4 Apr 2018 Agenda What is Data Governance? Data Governance Framework Good Practices Conclusion Overview of Data Governance 2018 National University of Singapore.
More informationCRITERIA FOR CERTIFICATION BODY ACCREDITATION IN THE FIELD OF RISK BASED INSPECTION MANAGEMENT SYSTEMS
CRITERIA FOR CERTIFICATION BODY ACCREDITATION IN THE FIELD OF RISK BASED INSPECTION MANAGEMENT SYSTEMS Approved By: Executive: Accreditation: Mpho Phaloane Revised By: RBI STC Working Group Members Date
More informationUFT120 Unified Functional Testing 12.0 Essentials Instructor-Led Training For version 12.0
UFT120 Unified Functional Testing 12.0 Essentials Instructor-Led Training For version 12.0 Overview This course provides a comprehensive understanding of how to use the Unified Functional Testing (UFT)
More informationAdopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security
Adopting Modern Practices for Improved Cloud Security Cox Automotive - Enterprise Risk & Security 1 About Cox Automotive Cox Automotive is a leading provider of products and services that span the automotive
More informationWhy organizations need MDR system to manage clinical metadata?
PharmaSUG 2018 - Paper SS-17 Why organizations need MDR system to manage clinical metadata? Abhinav Jain, Ephicacy Consulting Group Inc. ABSTRACT In the last decade, CDISC standards undoubtedly have transformed
More informationTHE ART OF SECURING 100 PRODUCTS. Nir
THE ART OF SECURING 100 PRODUCTS Nir Valtman @ValtmaNir I work for as the Application Security 1st time speaking publicly, except at Mmmm OH, AND Neither of my previous startups succeeded!
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationOregon State Police. Information Technology. Honor Loyalty. Pride Dedication
Oregon State Police Information Technology Pride Dedication Honor Loyalty Presented by: David Alamein, CIO & Tom M. Worthy, Captain Presentation Date: March 31, 2015 OSP I.T. Mission and Strategy Modernize
More informationRISK MANAGEMENT Education and Certification
RISK MANAGEMENT Education and Certification aba.com/risked 1-800-BANKERS A new type of risk management professional is now in demand one that can demonstrate a thorough understanding of the complexities
More informationDemystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow
Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases Gen Fields Senior Solution Consultant, Federal Government ServiceNow 1 Agenda The Current State of Governance, Risk, and Compliance
More informationConvergence of BCM and Information Security at Direct Energy
Convergence of BCM and Information Security at Direct Energy Karen Kemp Direct Energy Session ID: GRC-403 Session Classification: Advanced About Direct Energy Direct Energy was acquired by Centrica Plc
More information